################################################################ # abuse.ch URLhaus IDS ruleset (Snort / Suricata) # # Last updated: 2025-10-08 09:54:07 (UTC) # # # # Terms Of Use: https://urlhaus.abuse.ch/api/ # # For questions please contact urlhaus [at] abuse.ch # ################################################################ # # url alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664907)"; flow:established,from_client; content:"GET"; http_method; content:"/h2ypxnqe8t.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"la.dvn4i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664907/; classtype:trojan-activity;sid:84528007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664905)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.73.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664905/; classtype:trojan-activity;sid:84528005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664904)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.140.143.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664904/; classtype:trojan-activity;sid:84528004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664903)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.170.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664903/; classtype:trojan-activity;sid:84528003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664902)"; flow:established,from_client; content:"GET"; http_method; content:"/2gjymwcw8t.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"aa9.p-99o.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664902/; classtype:trojan-activity;sid:84528002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664900)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.88.5.4"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664900/; classtype:trojan-activity;sid:84528000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664898)"; flow:established,from_client; content:"GET"; http_method; content:"/c2k4duke6x.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"la.dvn4i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664898/; classtype:trojan-activity;sid:84527998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664897)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.100.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664897/; classtype:trojan-activity;sid:84527997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664896)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.100.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664896/; classtype:trojan-activity;sid:84527996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664895)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.179.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664895/; classtype:trojan-activity;sid:84527995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664894)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.196.78.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664894/; classtype:trojan-activity;sid:84527994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664893)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.161.47.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664893/; classtype:trojan-activity;sid:84527993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664892)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.161.47.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664892/; classtype:trojan-activity;sid:84527992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664891)"; flow:established,from_client; content:"GET"; http_method; content:"/6ruoo379jd.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"xq0.p-99o.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664891/; classtype:trojan-activity;sid:84527991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664889)"; flow:established,from_client; content:"GET"; http_method; content:"/stpsci4aaj.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"la.dvn4i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664889/; classtype:trojan-activity;sid:84527989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664887)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.102.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664887/; classtype:trojan-activity;sid:84527987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664886)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.32.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664886/; classtype:trojan-activity;sid:84527986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664885)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"120.79.192.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664885/; classtype:trojan-activity;sid:84527985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664883)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.20.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664883/; classtype:trojan-activity;sid:84527983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664884)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.87.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664884/; classtype:trojan-activity;sid:84527984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664882)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.248.162.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664882/; classtype:trojan-activity;sid:84527982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664881)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"72.204.240.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664881/; classtype:trojan-activity;sid:84527981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664880)"; flow:established,from_client; content:"GET"; http_method; content:"/public/photo.scr"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"194.122.191.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664880/; classtype:trojan-activity;sid:84527980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664879)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.99.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664879/; classtype:trojan-activity;sid:84527979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664878)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.53.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664878/; classtype:trojan-activity;sid:84527978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664877)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.189.236.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664877/; classtype:trojan-activity;sid:84527977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664876)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.196.78.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664876/; classtype:trojan-activity;sid:84527976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664875)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.238.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664875/; classtype:trojan-activity;sid:84527975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664874)"; flow:established,from_client; content:"GET"; http_method; content:"/xs1j2kbb9g.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"l.p-99o.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664874/; classtype:trojan-activity;sid:84527974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664872)"; flow:established,from_client; content:"GET"; http_method; content:"/c4wda1tt7p.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"la.dvn4i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664872/; classtype:trojan-activity;sid:84527972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664870)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.179.46.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664870/; classtype:trojan-activity;sid:84527970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664869)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.32.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664869/; classtype:trojan-activity;sid:84527969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664868)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.181.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664868/; classtype:trojan-activity;sid:84527968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664867)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.7.221.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664867/; classtype:trojan-activity;sid:84527967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664866)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8052963817/jy45wqr.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664866/; classtype:trojan-activity;sid:84527966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664864)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.88.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664864/; classtype:trojan-activity;sid:84527964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664862)"; flow:established,from_client; content:"GET"; http_method; content:"/p991ua9vkv.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"la.dvn4i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664862/; classtype:trojan-activity;sid:84527962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664861)"; flow:established,from_client; content:"GET"; http_method; content:"/zwanleu5m3.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"aa.m-77u.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664861/; classtype:trojan-activity;sid:84527961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664860)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.88.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664860/; classtype:trojan-activity;sid:84527960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664858)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.127.242.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664858/; classtype:trojan-activity;sid:84527958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664857)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.221.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664857/; classtype:trojan-activity;sid:84527957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664856)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.127.242.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664856/; classtype:trojan-activity;sid:84527956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664855)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.39.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664855/; classtype:trojan-activity;sid:84527955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664854)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.78.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664854/; classtype:trojan-activity;sid:84527954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664853)"; flow:established,from_client; content:"GET"; http_method; content:"/j79vkyf1tv.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"la.dvn4i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664853/; classtype:trojan-activity;sid:84527953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664851)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.126.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664851/; classtype:trojan-activity;sid:84527951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664850)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.5.229.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664850/; classtype:trojan-activity;sid:84527950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664849)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.202.88.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664849/; classtype:trojan-activity;sid:84527949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664847)"; flow:established,from_client; content:"GET"; http_method; content:"/azl4tj0w9e.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"h1.m-77u.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664847/; classtype:trojan-activity;sid:84527947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664846)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.78.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664846/; classtype:trojan-activity;sid:84527946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664844)"; flow:established,from_client; content:"GET"; http_method; content:"/4ocz4v6w13.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"la.dvn4i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664844/; classtype:trojan-activity;sid:84527944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664843)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.252.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664843/; classtype:trojan-activity;sid:84527943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664841)"; flow:established,from_client; content:"GET"; http_method; content:"/4g2pb93zrf.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pz8.m-77u.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664841/; classtype:trojan-activity;sid:84527941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664840)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"139.59.241.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664840/; classtype:trojan-activity;sid:84527940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664839)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"139.59.241.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664839/; classtype:trojan-activity;sid:84527939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664835)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"139.59.241.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664835/; classtype:trojan-activity;sid:84527935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664836)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"139.59.241.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664836/; classtype:trojan-activity;sid:84527936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664837)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"139.59.241.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664837/; classtype:trojan-activity;sid:84527937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664838)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"139.59.241.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664838/; classtype:trojan-activity;sid:84527938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664834)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"139.59.241.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664834/; classtype:trojan-activity;sid:84527934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664831)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"139.59.241.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664831/; classtype:trojan-activity;sid:84527931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664832)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"139.59.241.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664832/; classtype:trojan-activity;sid:84527932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664830)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.229.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664830/; classtype:trojan-activity;sid:84527930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664829)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251005172419.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"weidafreight.rf.gd"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664829/; classtype:trojan-activity;sid:84527929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664828)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.120.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664828/; classtype:trojan-activity;sid:84527928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664827)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.173.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664827/; classtype:trojan-activity;sid:84527927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664826)"; flow:established,from_client; content:"GET"; http_method; content:"/el2oie5ob9.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"w4.m-77u.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664826/; classtype:trojan-activity;sid:84527926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664824)"; flow:established,from_client; content:"GET"; http_method; content:"/ddjpyzb4w8.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"la.dvn4i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664824/; classtype:trojan-activity;sid:84527924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664822)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.252.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664822/; classtype:trojan-activity;sid:84527922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664821)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/viewer.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"wellbeingdr.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664821/; classtype:trojan-activity;sid:84527921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664820)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/screenconnect.clientsetup.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"wellbeingdr.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664820/; classtype:trojan-activity;sid:84527920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664819)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2026/po-51202509.ps1"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"mzgold.ir"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664819/; classtype:trojan-activity;sid:84527919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664818)"; flow:established,from_client; content:"GET"; http_method; content:"/cjizie.ps1"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664818/; classtype:trojan-activity;sid:84527918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664817)"; flow:established,from_client; content:"GET"; http_method; content:"/images/wealthybillionaires.txt"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"inchiriaza-imprimante.ro"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664817/; classtype:trojan-activity;sid:84527917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664816)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.157.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664816/; classtype:trojan-activity;sid:84527916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664815)"; flow:established,from_client; content:"GET"; http_method; content:"/zmgfe87fce.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"la.dvn4i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664815/; classtype:trojan-activity;sid:84527915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664812)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1_wlaeffxisdg1xksbnyqln5zsowcu7dy"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664812/; classtype:trojan-activity;sid:84527912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664813)"; flow:established,from_client; content:"GET"; http_method; content:"/28/items/msi-pro-with-b-64_20251007_2240/msi_pro_with_b64.png"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"ia601009.us.archive.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664813/; classtype:trojan-activity;sid:84527913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664810)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1kcuo2ijo3pre_2nozeuw4klh801ppf-v"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664810/; classtype:trojan-activity;sid:84527910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664808)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=12eiceosfpkupli2yu0ceeqo07zwxxrx-"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664808/; classtype:trojan-activity;sid:84527908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664809)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=14j3-fhpa949hxoyolvemaypwf838ysb1"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664809/; classtype:trojan-activity;sid:84527909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664807)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=123t1vxzphacsn3fntyhxjb11niwz_yvx"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664807/; classtype:trojan-activity;sid:84527907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664803)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.216.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664803/; classtype:trojan-activity;sid:84527903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664801)"; flow:established,from_client; content:"GET"; http_method; content:"/5fxo1f0apt.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"d.m-77u.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664801/; classtype:trojan-activity;sid:84527901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664802)"; flow:established,from_client; content:"GET"; http_method; content:"/126/iiwei8eru348ew9weri3w8reu32uewdsf8dfj32we89df932wer338werudsf32sfd38ffs8ff.hta"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"84.38.133.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664802/; classtype:trojan-activity;sid:84527902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664800)"; flow:established,from_client; content:"GET"; http_method; content:"/l93yorpszx.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"la.dvn4i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664800/; classtype:trojan-activity;sid:84527900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664797)"; flow:established,from_client; content:"GET"; http_method; content:"/w/stein.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"196.251.117.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664797/; classtype:trojan-activity;sid:84527897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664794)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.116.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664794/; classtype:trojan-activity;sid:84527894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664793)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.197.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664793/; classtype:trojan-activity;sid:84527893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664792)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.17.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664792/; classtype:trojan-activity;sid:84527892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664791)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.120.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664791/; classtype:trojan-activity;sid:84527891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664790)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.190.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664790/; classtype:trojan-activity;sid:84527890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664789)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.92.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664789/; classtype:trojan-activity;sid:84527889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664786)"; flow:established,from_client; content:"GET"; http_method; content:"/jsz4ztsmil.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"la.dvn4i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664786/; classtype:trojan-activity;sid:84527886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664784)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.176.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664784/; classtype:trojan-activity;sid:84527884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664783)"; flow:established,from_client; content:"GET"; http_method; content:"/m/opt.ps1"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.44.167.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664783/; classtype:trojan-activity;sid:84527883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664782)"; flow:established,from_client; content:"GET"; http_method; content:"/m/try.pif"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.44.167.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664782/; classtype:trojan-activity;sid:84527882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664780)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.216.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664780/; classtype:trojan-activity;sid:84527880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664779)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.107.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664779/; classtype:trojan-activity;sid:84527879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664777)"; flow:established,from_client; content:"GET"; http_method; content:"/m/ram.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.44.167.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664777/; classtype:trojan-activity;sid:84527877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664778)"; flow:established,from_client; content:"GET"; http_method; content:"/m/lop.bat"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.44.167.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664778/; classtype:trojan-activity;sid:84527878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664774)"; flow:established,from_client; content:"GET"; http_method; content:"/m/x.scr"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"64.44.167.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664774/; classtype:trojan-activity;sid:84527874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664775)"; flow:established,from_client; content:"GET"; http_method; content:"/m/temp.pif"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"64.44.167.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664775/; classtype:trojan-activity;sid:84527875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664771)"; flow:established,from_client; content:"GET"; http_method; content:"/m/p.ps1.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"64.44.167.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664771/; classtype:trojan-activity;sid:84527871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664772)"; flow:established,from_client; content:"GET"; http_method; content:"/m/d.ps1"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"64.44.167.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664772/; classtype:trojan-activity;sid:84527872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664773)"; flow:established,from_client; content:"GET"; http_method; content:"/m/f.ps1"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"64.44.167.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664773/; classtype:trojan-activity;sid:84527873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664770)"; flow:established,from_client; content:"GET"; http_method; content:"/m/win.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.44.167.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664770/; classtype:trojan-activity;sid:84527870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664767)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.197.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664767/; classtype:trojan-activity;sid:84527867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664768)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.176.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664768/; classtype:trojan-activity;sid:84527868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664766)"; flow:established,from_client; content:"GET"; http_method; content:"/runds.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"cutstudiospr.online"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664766/; classtype:trojan-activity;sid:84527866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664762)"; flow:established,from_client; content:"GET"; http_method; content:"/9si4ceq7yz.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m6.b-9lyb.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664762/; classtype:trojan-activity;sid:84527862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664763)"; flow:established,from_client; content:"GET"; http_method; content:"/xgqaby9ecv.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qz9.k-72o.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664763/; classtype:trojan-activity;sid:84527863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664764)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/bookings.mp4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"wellbeingdr.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664764/; classtype:trojan-activity;sid:84527864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664760)"; flow:established,from_client; content:"GET"; http_method; content:"/files/thumbh/random.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664760/; classtype:trojan-activity;sid:84527860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664759)"; flow:established,from_client; content:"GET"; http_method; content:"/ut2s794gi6.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ho.xkx0o.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664759/; classtype:trojan-activity;sid:84527859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664757)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"101.109.81.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664757/; classtype:trojan-activity;sid:84527857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664758)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.88.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664758/; classtype:trojan-activity;sid:84527858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664756)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.99.233.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664756/; classtype:trojan-activity;sid:84527856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664752)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.93.200.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664752/; classtype:trojan-activity;sid:84527852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664753)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.93.200.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664753/; classtype:trojan-activity;sid:84527853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664751)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.244.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664751/; classtype:trojan-activity;sid:84527851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664748)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.191.229.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664748/; classtype:trojan-activity;sid:84527848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664749)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.142.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664749/; classtype:trojan-activity;sid:84527849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664750)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.51.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664750/; classtype:trojan-activity;sid:84527850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664745)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.187.202.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664745/; classtype:trojan-activity;sid:84527845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664746)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.109.81.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664746/; classtype:trojan-activity;sid:84527846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664747)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.142.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664747/; classtype:trojan-activity;sid:84527847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664741)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.84.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664741/; classtype:trojan-activity;sid:84527841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664742)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.243.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664742/; classtype:trojan-activity;sid:84527842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664743)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.248.74.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664743/; classtype:trojan-activity;sid:84527843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664744)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.243.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664744/; classtype:trojan-activity;sid:84527844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664739)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.191.229.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664739/; classtype:trojan-activity;sid:84527839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664738)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.51.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664738/; classtype:trojan-activity;sid:84527838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664726)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.148.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664726/; classtype:trojan-activity;sid:84527826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664728)"; flow:established,from_client; content:"GET"; http_method; content:"/files/alger.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"137.184.120.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664728/; classtype:trojan-activity;sid:84527828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664729)"; flow:established,from_client; content:"GET"; http_method; content:"/co3g6tg49e.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"la.dvn4i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664729/; classtype:trojan-activity;sid:84527829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664730)"; flow:established,from_client; content:"GET"; http_method; content:"/vtc9ghot9a.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"la.dvn4i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664730/; classtype:trojan-activity;sid:84527830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664731)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.217.184.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664731/; classtype:trojan-activity;sid:84527831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664732)"; flow:established,from_client; content:"GET"; http_method; content:"/microsoftedgeupdate.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"cutstudiospr.online"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664732/; classtype:trojan-activity;sid:84527832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664733)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7547858198/1k8zoz7.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664733/; classtype:trojan-activity;sid:84527833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664735)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.36.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664735/; classtype:trojan-activity;sid:84527835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664722)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.13.232.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664722/; classtype:trojan-activity;sid:84527822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664723)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.36.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664723/; classtype:trojan-activity;sid:84527823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664724)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.94.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664724/; classtype:trojan-activity;sid:84527824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664725)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.31.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664725/; classtype:trojan-activity;sid:84527825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664716)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.27.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664716/; classtype:trojan-activity;sid:84527816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664717)"; flow:established,from_client; content:"GET"; http_method; content:"/0oyt4djd1f.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"la.dvn4i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664717/; classtype:trojan-activity;sid:84527817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664718)"; flow:established,from_client; content:"GET"; http_method; content:"/lr5dtupw9i.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t1.b-9lyb.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664718/; classtype:trojan-activity;sid:84527818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664719)"; flow:established,from_client; content:"GET"; http_method; content:"/v9gd8knqat.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"la.dvn4i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664719/; classtype:trojan-activity;sid:84527819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664720)"; flow:established,from_client; content:"GET"; http_method; content:"/41p2ic79m6.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"la.dvn4i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664720/; classtype:trojan-activity;sid:84527820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664715)"; flow:established,from_client; content:"GET"; http_method; content:"/30kqfoffg1.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m6.b-9lyb.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664715/; classtype:trojan-activity;sid:84527815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664695)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.25.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664695/; classtype:trojan-activity;sid:84527795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664694)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.204.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664694/; classtype:trojan-activity;sid:84527794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664692)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.109.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664692/; classtype:trojan-activity;sid:84527792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664693)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.71.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664693/; classtype:trojan-activity;sid:84527793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664688)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.30.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664688/; classtype:trojan-activity;sid:84527788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664689)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.179.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664689/; classtype:trojan-activity;sid:84527789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664657)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.85.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664657/; classtype:trojan-activity;sid:84527757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664655)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.102.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664655/; classtype:trojan-activity;sid:84527755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664650)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.211.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664650/; classtype:trojan-activity;sid:84527750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664633)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.19.247.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664633/; classtype:trojan-activity;sid:84527733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664632)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664632/; classtype:trojan-activity;sid:84527732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664618)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"139.59.241.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664618/; classtype:trojan-activity;sid:84527718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664614)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6849343518/3xnkgkr.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664614/; classtype:trojan-activity;sid:84527714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664615)"; flow:established,from_client; content:"GET"; http_method; content:"/build.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"cutstudiospr.online"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664615/; classtype:trojan-activity;sid:84527715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664602)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664602/; classtype:trojan-activity;sid:84527702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664595)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.73.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664595/; classtype:trojan-activity;sid:84527695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664597)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.32.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664597/; classtype:trojan-activity;sid:84527697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664582)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.63.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664582/; classtype:trojan-activity;sid:84527682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664574)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.105.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664574/; classtype:trojan-activity;sid:84527674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664552)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.105.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664552/; classtype:trojan-activity;sid:84527652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664542)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.179.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664542/; classtype:trojan-activity;sid:84527642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664528)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.99.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664528/; classtype:trojan-activity;sid:84527628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664526)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.87.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664526/; classtype:trojan-activity;sid:84527626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664522)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.71.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664522/; classtype:trojan-activity;sid:84527622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664520)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664520/; classtype:trojan-activity;sid:84527620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664521)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.85.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664521/; classtype:trojan-activity;sid:84527621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664464)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.184.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664464/; classtype:trojan-activity;sid:84527564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664446)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.31.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664446/; classtype:trojan-activity;sid:84527546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664439)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.97.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664439/; classtype:trojan-activity;sid:84527539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664437)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"139.59.241.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664437/; classtype:trojan-activity;sid:84527537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664433)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.93.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664433/; classtype:trojan-activity;sid:84527533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664427)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.124.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664427/; classtype:trojan-activity;sid:84527527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664403)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.234.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664403/; classtype:trojan-activity;sid:84527503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664400)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.30.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664400/; classtype:trojan-activity;sid:84527500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664394)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664394/; classtype:trojan-activity;sid:84527494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664387)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.84.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664387/; classtype:trojan-activity;sid:84527487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664368)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.88.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664368/; classtype:trojan-activity;sid:84527468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664356)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.175.126.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664356/; classtype:trojan-activity;sid:84527456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664348)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.105.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664348/; classtype:trojan-activity;sid:84527448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664311)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.67.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664311/; classtype:trojan-activity;sid:84527411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664288)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.7.81.69"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664288/; classtype:trojan-activity;sid:84527388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664280)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.124.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664280/; classtype:trojan-activity;sid:84527380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664278)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.244.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664278/; classtype:trojan-activity;sid:84527378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664276)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.58.184.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664276/; classtype:trojan-activity;sid:84527376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664253)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.175.126.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664253/; classtype:trojan-activity;sid:84527353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664246)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.179.230.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664246/; classtype:trojan-activity;sid:84527346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664155)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.189.171.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664155/; classtype:trojan-activity;sid:84527255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664136)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.60.225.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664136/; classtype:trojan-activity;sid:84527236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664095)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.85.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664095/; classtype:trojan-activity;sid:84527195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664092)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.67.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664092/; classtype:trojan-activity;sid:84527192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664044)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.112.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664044/; classtype:trojan-activity;sid:84527144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3663982)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3663982/; classtype:trojan-activity;sid:84527082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3663977)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.155.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3663977/; classtype:trojan-activity;sid:84527077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3663978)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.109.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3663978/; classtype:trojan-activity;sid:84527078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3663812)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.232.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3663812/; classtype:trojan-activity;sid:84526912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3663747)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.155.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3663747/; classtype:trojan-activity;sid:84526847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3663739)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.173.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3663739/; classtype:trojan-activity;sid:84526839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3663665)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.60.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3663665/; classtype:trojan-activity;sid:84526765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3663567)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.173.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3663567/; classtype:trojan-activity;sid:84526667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3663057)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.105.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3663057/; classtype:trojan-activity;sid:84526157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3663056)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.230.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3663056/; classtype:trojan-activity;sid:84526156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3663055)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.231.100.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3663055/; classtype:trojan-activity;sid:84526155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3663054)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.215.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3663054/; classtype:trojan-activity;sid:84526154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3663053)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.92.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3663053/; classtype:trojan-activity;sid:84526153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3663052)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.118.50.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3663052/; classtype:trojan-activity;sid:84526152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3663050)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.231.100.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3663050/; classtype:trojan-activity;sid:84526150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3663051)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.203.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3663051/; classtype:trojan-activity;sid:84526151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3663049)"; flow:established,from_client; content:"GET"; http_method; content:"/zrcipgvws8.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"b1.x-6kox.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3663049/; classtype:trojan-activity;sid:84526149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3663048)"; flow:established,from_client; content:"GET"; http_method; content:"/d7m.check|3f|t=29s01zb5"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"0zq.w5j7z0.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3663048/; classtype:trojan-activity;sid:84526148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3663047)"; flow:established,from_client; content:"GET"; http_method; content:"/py8nhizolt.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"aw.xkx0o.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3663047/; classtype:trojan-activity;sid:84526147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3663046)"; flow:established,from_client; content:"GET"; http_method; content:"/d7m.check|3f|t=vktuo3dv"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"0zq.w5j7z0.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3663046/; classtype:trojan-activity;sid:84526146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3663045)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.101.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3663045/; classtype:trojan-activity;sid:84526145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3663031)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.90.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3663031/; classtype:trojan-activity;sid:84526131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3663000)"; flow:established,from_client; content:"GET"; http_method; content:"/dufzmc22wb.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ax.xkx0o.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3663000/; classtype:trojan-activity;sid:84526100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662999)"; flow:established,from_client; content:"GET"; http_method; content:"/l2.google|3f|t=77xal5bc"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"v3.w5j7z0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662999/; classtype:trojan-activity;sid:84526099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662998)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.90.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662998/; classtype:trojan-activity;sid:84526098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662997)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.130.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662997/; classtype:trojan-activity;sid:84526097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662996)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.153.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662996/; classtype:trojan-activity;sid:84526096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662995)"; flow:established,from_client; content:"GET"; http_method; content:"/wf7t3h1w0f.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"g4.x-6kox.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662995/; classtype:trojan-activity;sid:84526095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662994)"; flow:established,from_client; content:"GET"; http_method; content:"/l2.google|3f|t=ckapm2wg"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"v3.w5j7z0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662994/; classtype:trojan-activity;sid:84526094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662992)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.92.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662992/; classtype:trojan-activity;sid:84526092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662993)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.175.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662993/; classtype:trojan-activity;sid:84526093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662990)"; flow:established,from_client; content:"GET"; http_method; content:"/l2.google|3f|t=78ezzoiu"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"v3.w5j7z0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662990/; classtype:trojan-activity;sid:84526090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662991)"; flow:established,from_client; content:"GET"; http_method; content:"/64ri43tu8x.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ax.xkx0o.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662991/; classtype:trojan-activity;sid:84526091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662989)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.143.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662989/; classtype:trojan-activity;sid:84526089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662988)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.92.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662988/; classtype:trojan-activity;sid:84526088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662987)"; flow:established,from_client; content:"GET"; http_method; content:"/9fa.check|3f|t=bqnvr427"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"h1.w5j7z0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662987/; classtype:trojan-activity;sid:84526087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662986)"; flow:established,from_client; content:"GET"; http_method; content:"/ma1qpb7cly.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pm7.x-6kox.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662986/; classtype:trojan-activity;sid:84526086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662985)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.175.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662985/; classtype:trojan-activity;sid:84526085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662984)"; flow:established,from_client; content:"GET"; http_method; content:"/yextnxlsnf.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"am.xkx0o.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662984/; classtype:trojan-activity;sid:84526084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662983)"; flow:established,from_client; content:"GET"; http_method; content:"/9fa.check|3f|t=jdbin4im"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"h1.w5j7z0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662983/; classtype:trojan-activity;sid:84526083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662982)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.180.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662982/; classtype:trojan-activity;sid:84526082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662980)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.86.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662980/; classtype:trojan-activity;sid:84526080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662981)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.34.109.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662981/; classtype:trojan-activity;sid:84526081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662979)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.134.173.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662979/; classtype:trojan-activity;sid:84526079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662978)"; flow:established,from_client; content:"GET"; http_method; content:"/6h8n.js"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amgi1.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662978/; classtype:trojan-activity;sid:84526078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662977)"; flow:established,from_client; content:"GET"; http_method; content:"/js.php"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"amgi1.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662977/; classtype:trojan-activity;sid:84526077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662975)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.247.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662975/; classtype:trojan-activity;sid:84526075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662976)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.51.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662976/; classtype:trojan-activity;sid:84526076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662974)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.247.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662974/; classtype:trojan-activity;sid:84526074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662973)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.16.164.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662973/; classtype:trojan-activity;sid:84526073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662972)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.47.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662972/; classtype:trojan-activity;sid:84526072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662971)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"170.84.134.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662971/; classtype:trojan-activity;sid:84526071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662970)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.58.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662970/; classtype:trojan-activity;sid:84526070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662964)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.234.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662964/; classtype:trojan-activity;sid:84526064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662965)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.70.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662965/; classtype:trojan-activity;sid:84526065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662966)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.121.130.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662966/; classtype:trojan-activity;sid:84526066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662967)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.30.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662967/; classtype:trojan-activity;sid:84526067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662968)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.194.215.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662968/; classtype:trojan-activity;sid:84526068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662969)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.251.20.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662969/; classtype:trojan-activity;sid:84526069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662963)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.243.135.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662963/; classtype:trojan-activity;sid:84526063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662962)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.52.153.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662962/; classtype:trojan-activity;sid:84526062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662961)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.178.189.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662961/; classtype:trojan-activity;sid:84526061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662960)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.190.242.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662960/; classtype:trojan-activity;sid:84526060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662959)"; flow:established,from_client; content:"GET"; http_method; content:"/yk.google|3f|t=ob2zl8vp"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"s.w5j7z0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662959/; classtype:trojan-activity;sid:84526059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662958)"; flow:established,from_client; content:"GET"; http_method; content:"/93t8fr0irg.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k4.x-6kox.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662958/; classtype:trojan-activity;sid:84526058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662957)"; flow:established,from_client; content:"GET"; http_method; content:"/uvrlmm4nq6.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"am.xkx0o.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662957/; classtype:trojan-activity;sid:84526057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662956)"; flow:established,from_client; content:"GET"; http_method; content:"/yk.google|3f|t=pv6xosbt"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"s.w5j7z0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662956/; classtype:trojan-activity;sid:84526056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662955)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"103.77.241.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662955/; classtype:trojan-activity;sid:84526055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662954)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.ppc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"103.77.241.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662954/; classtype:trojan-activity;sid:84526054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662952)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.77.241.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662952/; classtype:trojan-activity;sid:84526052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662953)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"103.77.241.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662953/; classtype:trojan-activity;sid:84526053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662945)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm5"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.77.241.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662945/; classtype:trojan-activity;sid:84526045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662946)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.mipsl"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"103.77.241.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662946/; classtype:trojan-activity;sid:84526046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662947)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.x86_64"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"103.77.241.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662947/; classtype:trojan-activity;sid:84526047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662948)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"103.77.241.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662948/; classtype:trojan-activity;sid:84526048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662949)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.i486"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.77.241.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662949/; classtype:trojan-activity;sid:84526049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662950)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.77.241.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662950/; classtype:trojan-activity;sid:84526050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662951)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.i686"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.77.241.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662951/; classtype:trojan-activity;sid:84526051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662944)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.x86_32"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"103.77.241.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662944/; classtype:trojan-activity;sid:84526044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662941)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm7"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.77.241.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662941/; classtype:trojan-activity;sid:84526041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662942)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"103.77.241.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662942/; classtype:trojan-activity;sid:84526042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662943)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.ppc440"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"103.77.241.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662943/; classtype:trojan-activity;sid:84526043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662940)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm6"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.77.241.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662940/; classtype:trojan-activity;sid:84526040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662939)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.148.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662939/; classtype:trojan-activity;sid:84526039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662938)"; flow:established,from_client; content:"GET"; http_method; content:"/dcwil62hpy.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"y.x-6kox.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662938/; classtype:trojan-activity;sid:84526038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662937)"; flow:established,from_client; content:"GET"; http_method; content:"/k240.google|3f|t=3phpopbt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"t1n.w9k6m9.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662937/; classtype:trojan-activity;sid:84526037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662935)"; flow:established,from_client; content:"GET"; http_method; content:"/k240.google|3f|t=br93gdp2"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"t1n.w9k6m9.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662935/; classtype:trojan-activity;sid:84526035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662936)"; flow:established,from_client; content:"GET"; http_method; content:"/jy7se3m7hd.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"oh.cpc8u.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662936/; classtype:trojan-activity;sid:84526036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662934)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.180.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662934/; classtype:trojan-activity;sid:84526034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662933)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.81.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662933/; classtype:trojan-activity;sid:84526033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662932)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.20.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662932/; classtype:trojan-activity;sid:84526032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662931)"; flow:established,from_client; content:"GET"; http_method; content:"/emkj9xt8xu.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"y.x-6kox.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662931/; classtype:trojan-activity;sid:84526031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662930)"; flow:established,from_client; content:"GET"; http_method; content:"/zm.check|3f|t=2r3h36bh"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"r9.w9k6m9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662930/; classtype:trojan-activity;sid:84526030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662929)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.151.103.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662929/; classtype:trojan-activity;sid:84526029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662928)"; flow:established,from_client; content:"GET"; http_method; content:"/nz6zq7l9cj.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ah.cpc8u.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662928/; classtype:trojan-activity;sid:84526028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662927)"; flow:established,from_client; content:"GET"; http_method; content:"/zm.check|3f|t=xy08drr2"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"r9.w9k6m9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662927/; classtype:trojan-activity;sid:84526027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662926)"; flow:established,from_client; content:"GET"; http_method; content:"/1c.google|3f|t=djgssx7x"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"bq.w9k6m9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662926/; classtype:trojan-activity;sid:84526026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662925)"; flow:established,from_client; content:"GET"; http_method; content:"/ci1jw6kja2.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ah.cpc8u.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662925/; classtype:trojan-activity;sid:84526025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662924)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.167.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662924/; classtype:trojan-activity;sid:84526024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662923)"; flow:established,from_client; content:"GET"; http_method; content:"/ab3.check|3f|t=q0pzk98y"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"x2j.w9k6m9.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662923/; classtype:trojan-activity;sid:84526023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662922)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.20.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662922/; classtype:trojan-activity;sid:84526022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662921)"; flow:established,from_client; content:"GET"; http_method; content:"/qdhln3x7rd.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ah.cpc8u.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662921/; classtype:trojan-activity;sid:84526021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662920)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.151.103.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662920/; classtype:trojan-activity;sid:84526020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662919)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.88.188"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662919/; classtype:trojan-activity;sid:84526019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662918)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.55.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662918/; classtype:trojan-activity;sid:84526018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662915)"; flow:established,from_client; content:"GET"; http_method; content:"/mmm.mp4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"heradyy.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662915/; classtype:trojan-activity;sid:84526015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662916)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/bookingconfirmation.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"213.176.19.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662916/; classtype:trojan-activity;sid:84526016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662917)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/doc1.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"81.90.31.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662917/; classtype:trojan-activity;sid:84526017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662913)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/doc2.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"81.90.31.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662913/; classtype:trojan-activity;sid:84526013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662914)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/aaaa.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"81.90.31.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662914/; classtype:trojan-activity;sid:84526014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662912)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/bookingconfirmation.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"213.176.19.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662912/; classtype:trojan-activity;sid:84526012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662911)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/bookingconf.pdf.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"213.176.19.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662911/; classtype:trojan-activity;sid:84526011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662910)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"189.131.65.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662910/; classtype:trojan-activity;sid:84526010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662909)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"115.190.127.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662909/; classtype:trojan-activity;sid:84526009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662908)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"143.92.43.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662908/; classtype:trojan-activity;sid:84526008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662907)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.92.78.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662907/; classtype:trojan-activity;sid:84526007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662905)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.111.148.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662905/; classtype:trojan-activity;sid:84526005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662906)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.213.237.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662906/; classtype:trojan-activity;sid:84526006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662903)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"75.204.130.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662903/; classtype:trojan-activity;sid:84526003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662904)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"75.204.130.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662904/; classtype:trojan-activity;sid:84526004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662901)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.180.219.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662901/; classtype:trojan-activity;sid:84526001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662902)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"120.157.135.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662902/; classtype:trojan-activity;sid:84526002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662892)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.80.99.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662892/; classtype:trojan-activity;sid:84525992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662893)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"153.169.4.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662893/; classtype:trojan-activity;sid:84525993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662894)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.23.54.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662894/; classtype:trojan-activity;sid:84525994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662895)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.50.133.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662895/; classtype:trojan-activity;sid:84525995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662896)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.40.119.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662896/; classtype:trojan-activity;sid:84525996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662897)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.50.133.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662897/; classtype:trojan-activity;sid:84525997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662898)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.167.78.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662898/; classtype:trojan-activity;sid:84525998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662899)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"171.235.233.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662899/; classtype:trojan-activity;sid:84525999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662900)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"120.157.135.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662900/; classtype:trojan-activity;sid:84526000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662883)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"92.19.150.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662883/; classtype:trojan-activity;sid:84525983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662884)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.70.79.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662884/; classtype:trojan-activity;sid:84525984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662885)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.126.52.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662885/; classtype:trojan-activity;sid:84525985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662886)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.151.191.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662886/; classtype:trojan-activity;sid:84525986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662887)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.151.191.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662887/; classtype:trojan-activity;sid:84525987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662888)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.151.191.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662888/; classtype:trojan-activity;sid:84525988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662889)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.145.129.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662889/; classtype:trojan-activity;sid:84525989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662890)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.145.129.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662890/; classtype:trojan-activity;sid:84525990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662891)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.80.168.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662891/; classtype:trojan-activity;sid:84525991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662879)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.160.26.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662879/; classtype:trojan-activity;sid:84525979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662880)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.39.72.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662880/; classtype:trojan-activity;sid:84525980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662881)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.75.128.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662881/; classtype:trojan-activity;sid:84525981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662882)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.80.158.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662882/; classtype:trojan-activity;sid:84525982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662878)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.178.234.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662878/; classtype:trojan-activity;sid:84525978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662876)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.179.234.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662876/; classtype:trojan-activity;sid:84525976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662877)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.212.53.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662877/; classtype:trojan-activity;sid:84525977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662871)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.120.91.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662871/; classtype:trojan-activity;sid:84525971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662872)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.10.25.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662872/; classtype:trojan-activity;sid:84525972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662873)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.51.228.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662873/; classtype:trojan-activity;sid:84525973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662874)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"189.156.189.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662874/; classtype:trojan-activity;sid:84525974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662875)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"151.238.210.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662875/; classtype:trojan-activity;sid:84525975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662870)"; flow:established,from_client; content:"GET"; http_method; content:"/uh11a10tmr.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ok.cpc8u.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662870/; classtype:trojan-activity;sid:84525970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662869)"; flow:established,from_client; content:"GET"; http_method; content:"/0w4n.google|3f|t=w0f8u6g3"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"pc.w9k6m9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662869/; classtype:trojan-activity;sid:84525969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662868)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.130.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662868/; classtype:trojan-activity;sid:84525968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662867)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.88.188"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662867/; classtype:trojan-activity;sid:84525967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662865)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.102.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662865/; classtype:trojan-activity;sid:84525965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662866)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.116.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662866/; classtype:trojan-activity;sid:84525966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662864)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.55.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662864/; classtype:trojan-activity;sid:84525964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662863)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"194.26.192.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662863/; classtype:trojan-activity;sid:84525963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662859)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/w.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.98.10.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662859/; classtype:trojan-activity;sid:84525959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662860)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/c.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.98.10.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662860/; classtype:trojan-activity;sid:84525960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662861)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/o.xml"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"141.98.10.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662861/; classtype:trojan-activity;sid:84525961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662862)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.98.10.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662862/; classtype:trojan-activity;sid:84525962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662858)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/debug"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"194.26.192.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662858/; classtype:trojan-activity;sid:84525958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662857)"; flow:established,from_client; content:"GET"; http_method; content:"/ehzmlljvxj.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k4.c-3dax.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662857/; classtype:trojan-activity;sid:84525957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662856)"; flow:established,from_client; content:"GET"; http_method; content:"/q3k.check|3f|t=mu7417oj"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"m8.w9k6m9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662856/; classtype:trojan-activity;sid:84525956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662855)"; flow:established,from_client; content:"GET"; http_method; content:"/9muhjb73jv.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"hi.cpc8u.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662855/; classtype:trojan-activity;sid:84525955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662854)"; flow:established,from_client; content:"GET"; http_method; content:"/q3k.check|3f|t=scoxh6qt"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"m8.w9k6m9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662854/; classtype:trojan-activity;sid:84525954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662853)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.165.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662853/; classtype:trojan-activity;sid:84525953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662852)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.172.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662852/; classtype:trojan-activity;sid:84525952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662851)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.116.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662851/; classtype:trojan-activity;sid:84525951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662850)"; flow:established,from_client; content:"GET"; http_method; content:"/afkzspyf66vlcjs.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.92.240.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662850/; classtype:trojan-activity;sid:84525950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662849)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.102.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662849/; classtype:trojan-activity;sid:84525949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662848)"; flow:established,from_client; content:"GET"; http_method; content:"/hmskzgr1vlc14nt.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.92.240.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662848/; classtype:trojan-activity;sid:84525948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662847)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=16ttixo_36w6lifmh6i2o1mc60nvoj2nm"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662847/; classtype:trojan-activity;sid:84525947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662839)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ivn13hky9sblws9ycawzywea8xv0zyu2"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662839/; classtype:trojan-activity;sid:84525939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662840)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1cd6ddyemf5oaqpdqbvuvsxsk2xy1zqxu"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662840/; classtype:trojan-activity;sid:84525940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662841)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=15b7yoygmqs-dhyxjpzx7wjj3w4fs6kfz"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662841/; classtype:trojan-activity;sid:84525941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662842)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1bgtvgbzknre9tw-vq-puviyt0zi7154h"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662842/; classtype:trojan-activity;sid:84525942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662843)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1udbkazv46xp85hxxqn6xnrcui551oanh"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662843/; classtype:trojan-activity;sid:84525943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662844)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1tunr8potjeowmpxbljhvotfzd4k1iaj_"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662844/; classtype:trojan-activity;sid:84525944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662845)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=14wgyukmb9urqv79ygfscqdjypls24buv"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662845/; classtype:trojan-activity;sid:84525945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662846)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1h2g9v3pxyrbg0uyuobhhtn8cthmu5uw7"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662846/; classtype:trojan-activity;sid:84525946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662837)"; flow:established,from_client; content:"GET"; http_method; content:"/7okosemvnt.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"z3.c-3dax.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662837/; classtype:trojan-activity;sid:84525937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662838)"; flow:established,from_client; content:"GET"; http_method; content:"/a8crs/raw"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"dpaste.org"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662838/; classtype:trojan-activity;sid:84525938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662836)"; flow:established,from_client; content:"GET"; http_method; content:"/zwfmx5hdyd.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"so.cpc8u.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662836/; classtype:trojan-activity;sid:84525936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662834)"; flow:established,from_client; content:"GET"; http_method; content:"/7t.google|3f|t=v790xgtg"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"a.w9k6m9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662834/; classtype:trojan-activity;sid:84525934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662835)"; flow:established,from_client; content:"GET"; http_method; content:"/7t.google|3f|t=gdqz4xjx"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"a.w9k6m9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662835/; classtype:trojan-activity;sid:84525935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662832)"; flow:established,from_client; content:"GET"; http_method; content:"/2asxx/raw"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"dpaste.org"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662832/; classtype:trojan-activity;sid:84525932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662833)"; flow:established,from_client; content:"GET"; http_method; content:"/ahwlv/raw"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"dpaste.org"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662833/; classtype:trojan-activity;sid:84525933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662831)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7354298053/xhl5pz8.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662831/; classtype:trojan-activity;sid:84525931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662830)"; flow:established,from_client; content:"GET"; http_method; content:"/lol.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"eternity-hacks.su"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662830/; classtype:trojan-activity;sid:84525930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662829)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6915129246/hes0tkg.bat"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662829/; classtype:trojan-activity;sid:84525929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662828)"; flow:established,from_client; content:"GET"; http_method; content:"/xe0gr7om6d.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"to.vzj1o.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662828/; classtype:trojan-activity;sid:84525928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662827)"; flow:established,from_client; content:"GET"; http_method; content:"/zz7.google|3f|t=o7ezy411"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"h2.c2x0b1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662827/; classtype:trojan-activity;sid:84525927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662824)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.255.46.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662824/; classtype:trojan-activity;sid:84525924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662825)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.255.46.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662825/; classtype:trojan-activity;sid:84525925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662826)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.172.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662826/; classtype:trojan-activity;sid:84525926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662823)"; flow:established,from_client; content:"GET"; http_method; content:"/zz7.google|3f|t=ne1m6gq3"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"h2.c2x0b1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662823/; classtype:trojan-activity;sid:84525923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662822)"; flow:established,from_client; content:"GET"; http_method; content:"/5r9phjtnm1.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"z3.c-3dax.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662822/; classtype:trojan-activity;sid:84525922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662821)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.33.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662821/; classtype:trojan-activity;sid:84525921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662820)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7949948106/x3relff.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662820/; classtype:trojan-activity;sid:84525920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662819)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.87.151.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662819/; classtype:trojan-activity;sid:84525919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662818)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.163.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662818/; classtype:trojan-activity;sid:84525918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662816)"; flow:established,from_client; content:"GET"; http_method; content:"/b1n/edu.mpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"78.153.140.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662816/; classtype:trojan-activity;sid:84525916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662817)"; flow:established,from_client; content:"GET"; http_method; content:"/b1n/edu.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"78.153.140.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662817/; classtype:trojan-activity;sid:84525917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662812)"; flow:established,from_client; content:"GET"; http_method; content:"/b1n/edu.erm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"78.153.140.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662812/; classtype:trojan-activity;sid:84525912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662813)"; flow:established,from_client; content:"GET"; http_method; content:"/b1n/edu.erm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"78.153.140.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662813/; classtype:trojan-activity;sid:84525913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662814)"; flow:established,from_client; content:"GET"; http_method; content:"/b1n/edu.erm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"78.153.140.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662814/; classtype:trojan-activity;sid:84525914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662815)"; flow:established,from_client; content:"GET"; http_method; content:"/b1n/edu.erm5n"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"78.153.140.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662815/; classtype:trojan-activity;sid:84525915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662811)"; flow:established,from_client; content:"GET"; http_method; content:"/1za.check|3f|t=lrs2ngd0"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"q.c2x0b1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662811/; classtype:trojan-activity;sid:84525911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662810)"; flow:established,from_client; content:"GET"; http_method; content:"/0cbq19wrw4.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qm9.c-3dax.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662810/; classtype:trojan-activity;sid:84525910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662809)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.39.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662809/; classtype:trojan-activity;sid:84525909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662808)"; flow:established,from_client; content:"GET"; http_method; content:"/x8absz9v31.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"to.vzj1o.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662808/; classtype:trojan-activity;sid:84525908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662807)"; flow:established,from_client; content:"GET"; http_method; content:"/1za.check|3f|t=pxfi9ml2"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"q.c2x0b1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662807/; classtype:trojan-activity;sid:84525907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662806)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.127.49.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662806/; classtype:trojan-activity;sid:84525906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662804)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7782139129/0xkmcfk.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662804/; classtype:trojan-activity;sid:84525904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662805)"; flow:established,from_client; content:"GET"; http_method; content:"/asmroyal/cd4/releases/download/cd4/cd4.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662805/; classtype:trojan-activity;sid:84525905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662802)"; flow:established,from_client; content:"GET"; http_method; content:"/8088da70c9d74b18aaa9c25e7334b986_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662802/; classtype:trojan-activity;sid:84525902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662803)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5089917904/fc7zg1f.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662803/; classtype:trojan-activity;sid:84525903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662801)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/qu43negabvp1oczdiknrz/or-amento.exe|3f|rlkey=srsawc5flioqtwzsrffddvxdw|7c|26|7c|st=uc0m8x9p|7c|26|7c|dl=1"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662801/; classtype:trojan-activity;sid:84525901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662799)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6849343518/fhywavc.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662799/; classtype:trojan-activity;sid:84525899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662800)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6849343518/k2nlwip.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662800/; classtype:trojan-activity;sid:84525900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662798)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.163.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662798/; classtype:trojan-activity;sid:84525898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662797)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.45.56"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662797/; classtype:trojan-activity;sid:84525897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662796)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.25.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662796/; classtype:trojan-activity;sid:84525896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662794)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.64.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662794/; classtype:trojan-activity;sid:84525894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.201.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662795/; classtype:trojan-activity;sid:84525895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662793)"; flow:established,from_client; content:"GET"; http_method; content:"/uhmg18e6le.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"u1.c-3dax.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662793/; classtype:trojan-activity;sid:84525893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662792)"; flow:established,from_client; content:"GET"; http_method; content:"/v8.google|3f|t=epeeroo3"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"xt.c2x0b1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662792/; classtype:trojan-activity;sid:84525892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662791)"; flow:established,from_client; content:"GET"; http_method; content:"/xelyju46kd.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"or.vzj1o.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662791/; classtype:trojan-activity;sid:84525891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662790)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.81.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662790/; classtype:trojan-activity;sid:84525890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662789)"; flow:established,from_client; content:"GET"; http_method; content:"/0am.check|3f|t=am1a11wg"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"n5.c2x0b1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662789/; classtype:trojan-activity;sid:84525889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662788)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.2.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662788/; classtype:trojan-activity;sid:84525888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662787)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.201.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662787/; classtype:trojan-activity;sid:84525887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662786)"; flow:established,from_client; content:"GET"; http_method; content:"/0am.check|3f|t=r4zvqdmc"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"n5.c2x0b1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662786/; classtype:trojan-activity;sid:84525886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662785)"; flow:established,from_client; content:"GET"; http_method; content:"/l3btoderl5.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"h.c-3dax.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662785/; classtype:trojan-activity;sid:84525885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662784)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.81.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662784/; classtype:trojan-activity;sid:84525884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662783)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.176.196.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662783/; classtype:trojan-activity;sid:84525883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662782)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.2.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662782/; classtype:trojan-activity;sid:84525882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662781)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.188.75.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662781/; classtype:trojan-activity;sid:84525881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662780)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.179.235.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662780/; classtype:trojan-activity;sid:84525880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662779)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.217.184.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662779/; classtype:trojan-activity;sid:84525879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662778)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.188.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662778/; classtype:trojan-activity;sid:84525878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662777)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.81.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662777/; classtype:trojan-activity;sid:84525877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662776)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.188.75.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662776/; classtype:trojan-activity;sid:84525876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662775)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.162.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662775/; classtype:trojan-activity;sid:84525875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662774)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.177.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662774/; classtype:trojan-activity;sid:84525874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662773)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.177.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662773/; classtype:trojan-activity;sid:84525873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662772)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.216.0.249"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662772/; classtype:trojan-activity;sid:84525872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662771)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.176.196.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662771/; classtype:trojan-activity;sid:84525871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662763)"; flow:established,from_client; content:"GET"; http_method; content:"/ra0.check|3f|t=g2x8t46x"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"h9m.s4m7v4.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662763/; classtype:trojan-activity;sid:84525863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662762)"; flow:established,from_client; content:"GET"; http_method; content:"/22u5ikbc5t.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"zd.z-0xug.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662762/; classtype:trojan-activity;sid:84525862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662761)"; flow:established,from_client; content:"GET"; http_method; content:"/ra0.check|3f|t=dg9er52i"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"h9m.s4m7v4.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662761/; classtype:trojan-activity;sid:84525861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662760)"; flow:established,from_client; content:"GET"; http_method; content:"/75sx90590j.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"or.vzj1o.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662760/; classtype:trojan-activity;sid:84525860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662759)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.211.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662759/; classtype:trojan-activity;sid:84525859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662758)"; flow:established,from_client; content:"GET"; http_method; content:"/ztvj3fg43i.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"or.vzj1o.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662758/; classtype:trojan-activity;sid:84525858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662755)"; flow:established,from_client; content:"GET"; http_method; content:"/0v9.google|3f|t=g7fhc3hs"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"tq.s4m7v4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662755/; classtype:trojan-activity;sid:84525855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662756)"; flow:established,from_client; content:"GET"; http_method; content:"/0v9.google|3f|t=exryjpf6"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"tq.s4m7v4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662756/; classtype:trojan-activity;sid:84525856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662757)"; flow:established,from_client; content:"GET"; http_method; content:"/an38j5d1fw.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r2.z-0xug.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662757/; classtype:trojan-activity;sid:84525857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662754)"; flow:established,from_client; content:"GET"; http_method; content:"/pk2.check|3f|t=4e7p32tf"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"z1.s4m7v4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662754/; classtype:trojan-activity;sid:84525854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662753)"; flow:established,from_client; content:"GET"; http_method; content:"/jynbm9ixev.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"or.vzj1o.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662753/; classtype:trojan-activity;sid:84525853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662752)"; flow:established,from_client; content:"GET"; http_method; content:"/ude3xdevt0.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r2.z-0xug.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662752/; classtype:trojan-activity;sid:84525852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662751)"; flow:established,from_client; content:"GET"; http_method; content:"/pk2.check|3f|t=wq06107r"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"z1.s4m7v4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662751/; classtype:trojan-activity;sid:84525851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662750)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.99.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662750/; classtype:trojan-activity;sid:84525850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662747)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.46.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662747/; classtype:trojan-activity;sid:84525847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662748)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.60.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662748/; classtype:trojan-activity;sid:84525848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662749)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.53.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662749/; classtype:trojan-activity;sid:84525849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662746)"; flow:established,from_client; content:"GET"; http_method; content:"/9z5qegzmz0.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"wq9.z-0xug.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662746/; classtype:trojan-activity;sid:84525846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662744)"; flow:established,from_client; content:"GET"; http_method; content:"/znos1u3bad.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"on.vzj1o.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662744/; classtype:trojan-activity;sid:84525844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662745)"; flow:established,from_client; content:"GET"; http_method; content:"/4ta.check|3f|t=jzj7lnhh"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"q7.s4m7v4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662745/; classtype:trojan-activity;sid:84525845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662743)"; flow:established,from_client; content:"GET"; http_method; content:"/m3.google|3f|t=q5krx5cx"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"bd.s4m7v4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662743/; classtype:trojan-activity;sid:84525843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662741)"; flow:established,from_client; content:"GET"; http_method; content:"/hkwsqvu6ym.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"wq9.z-0xug.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662741/; classtype:trojan-activity;sid:84525841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662742)"; flow:established,from_client; content:"GET"; http_method; content:"/byswunbdcy.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"on.vzj1o.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662742/; classtype:trojan-activity;sid:84525842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662736)"; flow:established,from_client; content:"GET"; http_method; content:"/m3.google|3f|t=60xezf28"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"bd.s4m7v4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662736/; classtype:trojan-activity;sid:84525836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662737)"; flow:established,from_client; content:"GET"; http_method; content:"/4ta.check|3f|t=v0uts8js"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"q7.s4m7v4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662737/; classtype:trojan-activity;sid:84525837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662717)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.85.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662717/; classtype:trojan-activity;sid:84525817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662701)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.151.117.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662701/; classtype:trojan-activity;sid:84525801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662689)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.155.233.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662689/; classtype:trojan-activity;sid:84525789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662661)"; flow:established,from_client; content:"GET"; http_method; content:"/mocen"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.17.62.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662661/; classtype:trojan-activity;sid:84525761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662659)"; flow:established,from_client; content:"GET"; http_method; content:"/rkr/anesthesiology.ps1"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"5.8.18.46"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662659/; classtype:trojan-activity;sid:84525759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662643)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.245.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662643/; classtype:trojan-activity;sid:84525743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662640)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.238.23.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662640/; classtype:trojan-activity;sid:84525740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662641)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.163.13.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662641/; classtype:trojan-activity;sid:84525741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662615)"; flow:established,from_client; content:"GET"; http_method; content:"/yn.google|3f|t=umdnh9j9"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"g.s4m7v4.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662615/; classtype:trojan-activity;sid:84525715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662606)"; flow:established,from_client; content:"GET"; http_method; content:"/233/er4r5iriid8get349gedfgfdg943rjeth34erhj9fdgdfk49e4ertjhddgd9dfg7dgf4jjg.hta"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"209.54.102.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662606/; classtype:trojan-activity;sid:84525706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662571)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.163.13.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662571/; classtype:trojan-activity;sid:84525671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662555)"; flow:established,from_client; content:"GET"; http_method; content:"/99/ws22bd335e94be53168%25252525252525252523gga1dx3rxsr2ny5zilc2ojnzgyea8uuh7yy6t6.hta"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"23.95.103.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662555/; classtype:trojan-activity;sid:84525655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662552)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.125.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662552/; classtype:trojan-activity;sid:84525652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662532)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.88.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662532/; classtype:trojan-activity;sid:84525632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662527)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.212.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662527/; classtype:trojan-activity;sid:84525627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662501)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"174.105.154.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662501/; classtype:trojan-activity;sid:84525601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662448)"; flow:established,from_client; content:"GET"; http_method; content:"/7bsckq6nn4.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c7.z-0xug.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662448/; classtype:trojan-activity;sid:84525548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662370)"; flow:established,from_client; content:"GET"; http_method; content:"/233/ws22bd335e94be53168%252525252525252523gga1dx3rxsr2ny5zilc2ojnzgyea8uuh7yy6t65.hta"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"107.174.33.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662370/; classtype:trojan-activity;sid:84525470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661642)"; flow:established,from_client; content:"GET"; http_method; content:"/188/22bd335e94be53168%2525252525252525252523gga1dx3rxsr2ny5zilc2ojnzgyea8uuh7yy6.hta"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"185.29.9.98"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661642/; classtype:trojan-activity;sid:84524742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661440)"; flow:established,from_client; content:"GET"; http_method; content:"/58/cws22bd335e94be53168%25252525252523gga1dx3rxsr2ny5zilc2ojnzgyea8uuh7yy6t65thhjj9.hta"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"96.44.159.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661440/; classtype:trojan-activity;sid:84524540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661439)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.216.0.249"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661439/; classtype:trojan-activity;sid:84524539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661438)"; flow:established,from_client; content:"GET"; http_method; content:"/fcpgnrwkcjpeojh.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.92.240.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661438/; classtype:trojan-activity;sid:84524538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661437)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.202.20.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661437/; classtype:trojan-activity;sid:84524537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661436)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1btmaaeagzshrljz98uubpzfkvk1n7_jm"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661436/; classtype:trojan-activity;sid:84524536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661434)"; flow:established,from_client; content:"GET"; http_method; content:"/u7ani04arc.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.frl0i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661434/; classtype:trojan-activity;sid:84524534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661435)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1afutsiefohaia02gkfjdbgn-kk91hksb"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661435/; classtype:trojan-activity;sid:84524535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661433)"; flow:established,from_client; content:"GET"; http_method; content:"/w1m3.google|3f|t=i7xi3m5y"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"xq9.b5k6f4.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661433/; classtype:trojan-activity;sid:84524533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661432)"; flow:established,from_client; content:"GET"; http_method; content:"/w1m3.google|3f|t=jvepbfef"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"xq9.b5k6f4.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661432/; classtype:trojan-activity;sid:84524532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661431)"; flow:established,from_client; content:"GET"; http_method; content:"/bxnyosowk2.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"n.z-0xug.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661431/; classtype:trojan-activity;sid:84524531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661430)"; flow:established,from_client; content:"GET"; http_method; content:"/nwosu.txt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"pub-37f3a615586d47f4996e932bf6df7670.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661430/; classtype:trojan-activity;sid:84524530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661429)"; flow:established,from_client; content:"GET"; http_method; content:"/ucuy17.ps1"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661429/; classtype:trojan-activity;sid:84524529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661428)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.130.190.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661428/; classtype:trojan-activity;sid:84524528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661427)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251007002711.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"wemustwin2025.kesug.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661427/; classtype:trojan-activity;sid:84524527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661426)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.85.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661426/; classtype:trojan-activity;sid:84524526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661425)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.228.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661425/; classtype:trojan-activity;sid:84524525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661424)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.60.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661424/; classtype:trojan-activity;sid:84524524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661423)"; flow:established,from_client; content:"GET"; http_method; content:"/effc16a562b273f0bb5c3e1e41a06a77"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"cfb8.ba5eq.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661423/; classtype:trojan-activity;sid:84524523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661422)"; flow:established,from_client; content:"GET"; http_method; content:"/9gx92ln3he.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.frl0i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661422/; classtype:trojan-activity;sid:84524522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661421)"; flow:established,from_client; content:"GET"; http_method; content:"/t39.check|3f|t=kntsy61x"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"h7.b5k6f4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661421/; classtype:trojan-activity;sid:84524521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661419)"; flow:established,from_client; content:"GET"; http_method; content:"/6lc29htts4.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k9.n-7sol.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661419/; classtype:trojan-activity;sid:84524519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661420)"; flow:established,from_client; content:"GET"; http_method; content:"/t39.check|3f|t=3hww5rjk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"h7.b5k6f4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661420/; classtype:trojan-activity;sid:84524520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661417)"; flow:established,from_client; content:"GET"; http_method; content:"/221/ws22bd335e94be53168%25252525252523gga1dx3rxsr2ny5zilc2ojnzgyea8uuh7yy6t65thh3e.txt"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"96.44.159.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661417/; classtype:trojan-activity;sid:84524517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661418)"; flow:established,from_client; content:"GET"; http_method; content:"/221/ws22bd335e94be53168%25252525252523gga1dx3rxsr2ny5zilc2ojnzgyea8uuh7yy6t65thh3e.hta"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"96.44.159.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661418/; classtype:trojan-activity;sid:84524518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661414)"; flow:established,from_client; content:"GET"; http_method; content:"/166/2bd335e94be53168%2525252523gga1dx3rxsr2ny5zilc2ojnzgyearrw2rgu9yyrnfhasde3.txt"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"185.29.9.98"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661414/; classtype:trojan-activity;sid:84524514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661415)"; flow:established,from_client; content:"GET"; http_method; content:"/188/22bd335e94be53168%25252525252525252523gga1dx3rxsr2ny5zilc2ojnzgyea8uuh7yy6.txt"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"185.29.9.98"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661415/; classtype:trojan-activity;sid:84524515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661416)"; flow:established,from_client; content:"GET"; http_method; content:"/188/22bd335e94be53168%25252525252525252523gga1dx3rxsr2ny5zilc2ojnzgyea8uuh7yy6.hta"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"185.29.9.98"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661416/; classtype:trojan-activity;sid:84524516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661413)"; flow:established,from_client; content:"GET"; http_method; content:"/6zgtzn4cw2.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k9.n-7sol.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661413/; classtype:trojan-activity;sid:84524513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661412)"; flow:established,from_client; content:"GET"; http_method; content:"/0xq.google|3f|t=0ruzbsyr"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"pv.b5k6f4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661412/; classtype:trojan-activity;sid:84524512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661411)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1415984330/mfce9am.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661411/; classtype:trojan-activity;sid:84524511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661410)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7044575709/wmecana.bat"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661410/; classtype:trojan-activity;sid:84524510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661409)"; flow:established,from_client; content:"GET"; http_method; content:"/a6v3op1mdt.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.frl0i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661409/; classtype:trojan-activity;sid:84524509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661408)"; flow:established,from_client; content:"GET"; http_method; content:"/m4d.check|3f|t=o8he8on0"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"a1.b5k6f4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661408/; classtype:trojan-activity;sid:84524508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661407)"; flow:established,from_client; content:"GET"; http_method; content:"/m4d.check|3f|t=o6zc9qtd"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"a1.b5k6f4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661407/; classtype:trojan-activity;sid:84524507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661406)"; flow:established,from_client; content:"GET"; http_method; content:"/elpgeya7tc.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m7.n-7sol.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661406/; classtype:trojan-activity;sid:84524506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661405)"; flow:established,from_client; content:"GET"; http_method; content:"/1r.google|3f|t=ztg32i69"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"zt.b5k6f4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661405/; classtype:trojan-activity;sid:84524505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661404)"; flow:established,from_client; content:"GET"; http_method; content:"/n3r8iocni4.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m7.n-7sol.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661404/; classtype:trojan-activity;sid:84524504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661403)"; flow:established,from_client; content:"GET"; http_method; content:"/cfzdrowyo4.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"n0.n-4daw.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661403/; classtype:trojan-activity;sid:84524503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661402)"; flow:established,from_client; content:"GET"; http_method; content:"/q7p.check|3f|t=n5jxn2ff"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"n3.b5k6f4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661402/; classtype:trojan-activity;sid:84524502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661401)"; flow:established,from_client; content:"GET"; http_method; content:"/2dachlqsb8.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.frl0i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661401/; classtype:trojan-activity;sid:84524501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661400)"; flow:established,from_client; content:"GET"; http_method; content:"/q7p.check|3f|t=buccqnm9"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"n3.b5k6f4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661400/; classtype:trojan-activity;sid:84524500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661399)"; flow:established,from_client; content:"GET"; http_method; content:"/ztmz0ozmr0.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"tq1.n-7sol.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661399/; classtype:trojan-activity;sid:84524499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661398)"; flow:established,from_client; content:"GET"; http_method; content:"/u8.google|3f|t=slrlng7w"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"e.b5k6f4.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661398/; classtype:trojan-activity;sid:84524498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661397)"; flow:established,from_client; content:"GET"; http_method; content:"/84gwgmxgth.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.frl0i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661397/; classtype:trojan-activity;sid:84524497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661396)"; flow:established,from_client; content:"GET"; http_method; content:"/u8.google|3f|t=w51g6uv5"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"e.b5k6f4.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661396/; classtype:trojan-activity;sid:84524496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661395)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.215.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661395/; classtype:trojan-activity;sid:84524495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661394)"; flow:established,from_client; content:"GET"; http_method; content:"/ya03.google|3f|t=ymd6apie"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"z9m.v9r3g1.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661394/; classtype:trojan-activity;sid:84524494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661393)"; flow:established,from_client; content:"GET"; http_method; content:"/zlitr3svhw.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.frl0i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661393/; classtype:trojan-activity;sid:84524493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661391)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.101.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661391/; classtype:trojan-activity;sid:84524491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661392)"; flow:established,from_client; content:"GET"; http_method; content:"/priktpcj7d.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"tq1.n-7sol.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661392/; classtype:trojan-activity;sid:84524492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661390)"; flow:established,from_client; content:"GET"; http_method; content:"/ya03.google|3f|t=3o1fjd8p"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"z9m.v9r3g1.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661390/; classtype:trojan-activity;sid:84524490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661389)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.77.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661389/; classtype:trojan-activity;sid:84524489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661388)"; flow:established,from_client; content:"GET"; http_method; content:"/y5wai6rc42.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"b2.n-7sol.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661388/; classtype:trojan-activity;sid:84524488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661387)"; flow:established,from_client; content:"GET"; http_method; content:"/1n7.check|3f|t=353fjnyr"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"qb.v9r3g1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661387/; classtype:trojan-activity;sid:84524487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661386)"; flow:established,from_client; content:"GET"; http_method; content:"/k5zo1gtgr4.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.frl0i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661386/; classtype:trojan-activity;sid:84524486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661385)"; flow:established,from_client; content:"GET"; http_method; content:"/1n7.check|3f|t=bgn6i0be"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"qb.v9r3g1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661385/; classtype:trojan-activity;sid:84524485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661384)"; flow:established,from_client; content:"GET"; http_method; content:"/files/mulwith337/random.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661384/; classtype:trojan-activity;sid:84524484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661383)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7044575709/wmecana.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661383/; classtype:trojan-activity;sid:84524483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661382)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.76.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661382/; classtype:trojan-activity;sid:84524482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661381)"; flow:established,from_client; content:"GET"; http_method; content:"/sm2mtb89va.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"b2.n-7sol.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661381/; classtype:trojan-activity;sid:84524481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661380)"; flow:established,from_client; content:"GET"; http_method; content:"/4q.google|3f|t=d375ttih"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"m2.v9r3g1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661380/; classtype:trojan-activity;sid:84524480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661379)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.77.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661379/; classtype:trojan-activity;sid:84524479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661378)"; flow:established,from_client; content:"GET"; http_method; content:"/4q.google|3f|t=ldhx2yvt"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"m2.v9r3g1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661378/; classtype:trojan-activity;sid:84524478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661377)"; flow:established,from_client; content:"GET"; http_method; content:"/xmpt51eq9g.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.frl0i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661377/; classtype:trojan-activity;sid:84524477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661376)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.215.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661376/; classtype:trojan-activity;sid:84524476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661375)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.167.160.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661375/; classtype:trojan-activity;sid:84524475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661374)"; flow:established,from_client; content:"GET"; http_method; content:"/tm2.check|3f|t=wm2opfok"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"x.v9r3g1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661374/; classtype:trojan-activity;sid:84524474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661373)"; flow:established,from_client; content:"GET"; http_method; content:"/ufvx0ltivd.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"x.n-7sol.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661373/; classtype:trojan-activity;sid:84524473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661372)"; flow:established,from_client; content:"GET"; http_method; content:"/vxh8tuxhq8.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"no.frl0i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661372/; classtype:trojan-activity;sid:84524472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661371)"; flow:established,from_client; content:"GET"; http_method; content:"/tm2.check|3f|t=otm5upul"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"x.v9r3g1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661371/; classtype:trojan-activity;sid:84524471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661370)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7103746036/bqm9la7.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661370/; classtype:trojan-activity;sid:84524470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661367)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8233900432/3nvhynj.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661367/; classtype:trojan-activity;sid:84524467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661368)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8476495206/gu8tbuq.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661368/; classtype:trojan-activity;sid:84524468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661369)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/index-di6jmfml.js"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"calendly.boggi-hr.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661369/; classtype:trojan-activity;sid:84524469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661366)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.242.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661366/; classtype:trojan-activity;sid:84524466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661365)"; flow:established,from_client; content:"GET"; http_method; content:"/b30e1c3cw9.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"my.frl0i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661365/; classtype:trojan-activity;sid:84524465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661364)"; flow:established,from_client; content:"GET"; http_method; content:"/0a7.google|3f|t=xo4lhsfo"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"pl.v9r3g1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661364/; classtype:trojan-activity;sid:84524464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661363)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.113.247.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661363/; classtype:trojan-activity;sid:84524463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661362)"; flow:established,from_client; content:"GET"; http_method; content:"/7sp8xs81rp.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"e1.n-4daw.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661362/; classtype:trojan-activity;sid:84524462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661361)"; flow:established,from_client; content:"GET"; http_method; content:"/0a7.google|3f|t=9t02fuqu"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"pl.v9r3g1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661361/; classtype:trojan-activity;sid:84524461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661360)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.7.220.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661360/; classtype:trojan-activity;sid:84524460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661359)"; flow:established,from_client; content:"GET"; http_method; content:"/9rz.check|3f|t=6sj4t98t"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"h3.v9r3g1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661359/; classtype:trojan-activity;sid:84524459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661356)"; flow:established,from_client; content:"GET"; http_method; content:"/9rz.check|3f|t=gih5dk88"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"h3.v9r3g1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661356/; classtype:trojan-activity;sid:84524456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661357)"; flow:established,from_client; content:"GET"; http_method; content:"/odhr4knr1c.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"my.frl0i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661357/; classtype:trojan-activity;sid:84524457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661358)"; flow:established,from_client; content:"GET"; http_method; content:"/0vbc5maqxe.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"e1.n-4daw.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661358/; classtype:trojan-activity;sid:84524458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661355)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.141.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661355/; classtype:trojan-activity;sid:84524455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661354)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.242.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661354/; classtype:trojan-activity;sid:84524454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661353)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661353/; classtype:trojan-activity;sid:84524453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661352)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.220.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661352/; classtype:trojan-activity;sid:84524452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661351)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.203.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661351/; classtype:trojan-activity;sid:84524451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661350)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.152.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661350/; classtype:trojan-activity;sid:84524450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661349)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.179.46.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661349/; classtype:trojan-activity;sid:84524449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661348)"; flow:established,from_client; content:"GET"; http_method; content:"/5siqtx4hx7.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"me.frl0i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661348/; classtype:trojan-activity;sid:84524448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661347)"; flow:established,from_client; content:"GET"; http_method; content:"/f1.google|3f|t=n9bvwzht"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"s.v9r3g1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661347/; classtype:trojan-activity;sid:84524447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661346)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.246.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661346/; classtype:trojan-activity;sid:84524446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661345)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.185.242.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661345/; classtype:trojan-activity;sid:84524445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661342)"; flow:established,from_client; content:"GET"; http_method; content:"/f1.google|3f|t=4gbs355l"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"s.v9r3g1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661342/; classtype:trojan-activity;sid:84524442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661341)"; flow:established,from_client; content:"GET"; http_method; content:"/z2yd82691p.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qk2.n-4daw.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661341/; classtype:trojan-activity;sid:84524441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661340)"; flow:established,from_client; content:"GET"; http_method; content:"/files/multi/owen.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661340/; classtype:trojan-activity;sid:84524440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661339)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5917492177/7h4ape4.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661339/; classtype:trojan-activity;sid:84524439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661338)"; flow:established,from_client; content:"GET"; http_method; content:"/files/hell/host.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661338/; classtype:trojan-activity;sid:84524438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661337)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7269512085/abmmgv5.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661337/; classtype:trojan-activity;sid:84524437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661336)"; flow:established,from_client; content:"GET"; http_method; content:"/auxiliarnfe96903259783610183.zip"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"126.75.70.216.host.secureserver.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661336/; classtype:trojan-activity;sid:84524436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661335)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.138.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661335/; classtype:trojan-activity;sid:84524435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661334)"; flow:established,from_client; content:"GET"; http_method; content:"/a8tun8n0p2.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qk2.n-4daw.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661334/; classtype:trojan-activity;sid:84524434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661333)"; flow:established,from_client; content:"GET"; http_method; content:"/2a09.google|3f|t=mqoq5u7v"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"x8n.w9v5r4.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661333/; classtype:trojan-activity;sid:84524433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661332)"; flow:established,from_client; content:"GET"; http_method; content:"/7vb.check|3f|t=lum9iack"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"h9.w9v5r4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661332/; classtype:trojan-activity;sid:84524432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661331)"; flow:established,from_client; content:"GET"; http_method; content:"/bf6zuggdni.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"u5.n-4daw.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661331/; classtype:trojan-activity;sid:84524431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661330)"; flow:established,from_client; content:"GET"; http_method; content:"/42s6nvnyx5.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"it.frl0i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661330/; classtype:trojan-activity;sid:84524430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661329)"; flow:established,from_client; content:"GET"; http_method; content:"/7vb.check|3f|t=l9odzu8a"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"h9.w9v5r4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661329/; classtype:trojan-activity;sid:84524429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661328)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.246.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661328/; classtype:trojan-activity;sid:84524428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661327)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.82.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661327/; classtype:trojan-activity;sid:84524427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661326)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.41.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661326/; classtype:trojan-activity;sid:84524426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661325)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.185.242.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661325/; classtype:trojan-activity;sid:84524425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661324)"; flow:established,from_client; content:"GET"; http_method; content:"/356gd3i5x9.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"u5.n-4daw.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661324/; classtype:trojan-activity;sid:84524424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661323)"; flow:established,from_client; content:"GET"; http_method; content:"/m0q.google|3f|t=7ssyfwkq"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"tq.w9v5r4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661323/; classtype:trojan-activity;sid:84524423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661322)"; flow:established,from_client; content:"GET"; http_method; content:"/jchbq1kwbr.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"it.frl0i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661322/; classtype:trojan-activity;sid:84524422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661321)"; flow:established,from_client; content:"GET"; http_method; content:"/m0q.google|3f|t=smlmmnxp"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"tq.w9v5r4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661321/; classtype:trojan-activity;sid:84524421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661320)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.138.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661320/; classtype:trojan-activity;sid:84524420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661318)"; flow:established,from_client; content:"GET"; http_method; content:"/ks.check|3f|t=jw2gl1no"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"z1.w9v5r4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661318/; classtype:trojan-activity;sid:84524418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661319)"; flow:established,from_client; content:"GET"; http_method; content:"/hh5q24rolz.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r.n-4daw.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661319/; classtype:trojan-activity;sid:84524419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661317)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.137.153.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661317/; classtype:trojan-activity;sid:84524417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661316)"; flow:established,from_client; content:"GET"; http_method; content:"/mw7nlzqhhi.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"it.frl0i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661316/; classtype:trojan-activity;sid:84524416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661315)"; flow:established,from_client; content:"GET"; http_method; content:"/0l4.google|3f|t=crjc0gpf"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"bd.w9v5r4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661315/; classtype:trojan-activity;sid:84524415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661314)"; flow:established,from_client; content:"GET"; http_method; content:"/0l4.google|3f|t=pvd3py5f"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"bd.w9v5r4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661314/; classtype:trojan-activity;sid:84524414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661313)"; flow:established,from_client; content:"GET"; http_method; content:"/wzouqgxx58.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r.n-4daw.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661313/; classtype:trojan-activity;sid:84524413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661312)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.190.202.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661312/; classtype:trojan-activity;sid:84524412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661311)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.152.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661311/; classtype:trojan-activity;sid:84524411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661310)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.190.202.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661310/; classtype:trojan-activity;sid:84524410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661309)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.25.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661309/; classtype:trojan-activity;sid:84524409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661308)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.113.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661308/; classtype:trojan-activity;sid:84524408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661307)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pspc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.98.10.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661307/; classtype:trojan-activity;sid:84524407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661305)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.11.167.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661305/; classtype:trojan-activity;sid:84524405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661306)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pm68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"141.98.10.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661306/; classtype:trojan-activity;sid:84524406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661294)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pmips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"141.98.10.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661294/; classtype:trojan-activity;sid:84524394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661295)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pmpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"141.98.10.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661295/; classtype:trojan-activity;sid:84524395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661296)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"141.98.10.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661296/; classtype:trojan-activity;sid:84524396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661297)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"141.98.10.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661297/; classtype:trojan-activity;sid:84524397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661298)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"141.11.167.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661298/; classtype:trojan-activity;sid:84524398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661299)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"141.11.167.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661299/; classtype:trojan-activity;sid:84524399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661300)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.11.167.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661300/; classtype:trojan-activity;sid:84524400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661301)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/psh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.98.10.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661301/; classtype:trojan-activity;sid:84524401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661302)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.11.167.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661302/; classtype:trojan-activity;sid:84524402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661303)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.11.167.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661303/; classtype:trojan-activity;sid:84524403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661304)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/px86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.98.10.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661304/; classtype:trojan-activity;sid:84524404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661286)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.11.167.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661286/; classtype:trojan-activity;sid:84524386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661287)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.11.167.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661287/; classtype:trojan-activity;sid:84524387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661288)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"141.11.167.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661288/; classtype:trojan-activity;sid:84524388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661289)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"141.11.167.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661289/; classtype:trojan-activity;sid:84524389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661290)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"141.11.167.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661290/; classtype:trojan-activity;sid:84524390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661291)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.98.10.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661291/; classtype:trojan-activity;sid:84524391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661292)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"147.93.182.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661292/; classtype:trojan-activity;sid:84524392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661293)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"141.98.10.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661293/; classtype:trojan-activity;sid:84524393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661285)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.228.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661285/; classtype:trojan-activity;sid:84524385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661284)"; flow:established,from_client; content:"GET"; http_method; content:"/chzjjm211d.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"it.frl0i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661284/; classtype:trojan-activity;sid:84524384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661283)"; flow:established,from_client; content:"GET"; http_method; content:"/7w2.google|3f|t=tc8pff0d"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"p9.x7f4g2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661283/; classtype:trojan-activity;sid:84524383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661281)"; flow:established,from_client; content:"GET"; http_method; content:"/7w2.google|3f|t=f9u4aszt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"p9.x7f4g2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661281/; classtype:trojan-activity;sid:84524381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661282)"; flow:established,from_client; content:"GET"; http_method; content:"/wlepsnbto6.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r3.q-5ket.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661282/; classtype:trojan-activity;sid:84524382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661280)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.162.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661280/; classtype:trojan-activity;sid:84524380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661278)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.152.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661278/; classtype:trojan-activity;sid:84524378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661277)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.183.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661277/; classtype:trojan-activity;sid:84524377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661276)"; flow:established,from_client; content:"GET"; http_method; content:"/kd.check|3f|t=ohiknxzs"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"h7m.x7f4g2.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661276/; classtype:trojan-activity;sid:84524376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661275)"; flow:established,from_client; content:"GET"; http_method; content:"/nfqlb4jc9l.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k7.q-5ket.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661275/; classtype:trojan-activity;sid:84524375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661274)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.231.236.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661274/; classtype:trojan-activity;sid:84524374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661273)"; flow:established,from_client; content:"GET"; http_method; content:"/wzyi836bl4.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"it.frl0i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661273/; classtype:trojan-activity;sid:84524373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661272)"; flow:established,from_client; content:"GET"; http_method; content:"/kd.check|3f|t=6ps44egl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"h7m.x7f4g2.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661272/; classtype:trojan-activity;sid:84524372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661271)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.194.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661271/; classtype:trojan-activity;sid:84524371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661270)"; flow:established,from_client; content:"GET"; http_method; content:"/xso9j2226i.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"it.frl0i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661270/; classtype:trojan-activity;sid:84524370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661269)"; flow:established,from_client; content:"GET"; http_method; content:"/ab03.google|3f|t=7f5hnpki"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"x.x7f4g2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661269/; classtype:trojan-activity;sid:84524369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661268)"; flow:established,from_client; content:"GET"; http_method; content:"/c028eiin7j.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k7.q-5ket.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661268/; classtype:trojan-activity;sid:84524368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661267)"; flow:established,from_client; content:"GET"; http_method; content:"/rv9.check|3f|t=ep6v0bpq"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"t1.x7f4g2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661267/; classtype:trojan-activity;sid:84524367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661266)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.82.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661266/; classtype:trojan-activity;sid:84524366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661265)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.2.69"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661265/; classtype:trojan-activity;sid:84524365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661262)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.179.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661262/; classtype:trojan-activity;sid:84524362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661263)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.101.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661263/; classtype:trojan-activity;sid:84524363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661264)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.70.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661264/; classtype:trojan-activity;sid:84524364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661261)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.222.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661261/; classtype:trojan-activity;sid:84524361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661256)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.210.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661256/; classtype:trojan-activity;sid:84524356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661257)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.254.7.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661257/; classtype:trojan-activity;sid:84524357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661258)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.28.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661258/; classtype:trojan-activity;sid:84524358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661259)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.213.1.236"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661259/; classtype:trojan-activity;sid:84524359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661260)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.46.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661260/; classtype:trojan-activity;sid:84524360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661254)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.163.13.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661254/; classtype:trojan-activity;sid:84524354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661255)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.33.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661255/; classtype:trojan-activity;sid:84524355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661253)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.214.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661253/; classtype:trojan-activity;sid:84524353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661252)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.231.236.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661252/; classtype:trojan-activity;sid:84524352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661251)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.113.106.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661251/; classtype:trojan-activity;sid:84524351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661250)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.99.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661250/; classtype:trojan-activity;sid:84524350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661249)"; flow:established,from_client; content:"GET"; http_method; content:"/djar00rfxr.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"it.frl0i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661249/; classtype:trojan-activity;sid:84524349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661248)"; flow:established,from_client; content:"GET"; http_method; content:"/lpwck92ssc.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"aa9.q-5ket.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661248/; classtype:trojan-activity;sid:84524348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661246)"; flow:established,from_client; content:"GET"; http_method; content:"/0q.google|3f|t=vz4odtfl"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"zc.x7f4g2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661246/; classtype:trojan-activity;sid:84524346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661247)"; flow:established,from_client; content:"GET"; http_method; content:"/0q.google|3f|t=z1uj3k52"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"zc.x7f4g2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661247/; classtype:trojan-activity;sid:84524347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661245)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.76.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661245/; classtype:trojan-activity;sid:84524345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661244)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.202.20.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661244/; classtype:trojan-activity;sid:84524344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661243)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.208.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661243/; classtype:trojan-activity;sid:84524343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661242)"; flow:established,from_client; content:"GET"; http_method; content:"/0inbk5wfxz.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2.q-5ket.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661242/; classtype:trojan-activity;sid:84524342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661241)"; flow:established,from_client; content:"GET"; http_method; content:"/2m1.check|3f|t=m1gm6785"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"n3.x7f4g2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661241/; classtype:trojan-activity;sid:84524341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661240)"; flow:established,from_client; content:"GET"; http_method; content:"/t13bwzk6vq.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"it.frl0i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661240/; classtype:trojan-activity;sid:84524340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661239)"; flow:established,from_client; content:"GET"; http_method; content:"/2m1.check|3f|t=86k7wex6"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"n3.x7f4g2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661239/; classtype:trojan-activity;sid:84524339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661238)"; flow:established,from_client; content:"GET"; http_method; content:"/effc16a562b273f0bb5c3e1e41a06a77"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"pdfs.ba5eq.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661238/; classtype:trojan-activity;sid:84524338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661237)"; flow:established,from_client; content:"GET"; http_method; content:"/ox5rd04y6w.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"it.frl0i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661237/; classtype:trojan-activity;sid:84524337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661236)"; flow:established,from_client; content:"GET"; http_method; content:"/yk.google|3f|t=o8h0fcix"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"a.x7f4g2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661236/; classtype:trojan-activity;sid:84524336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661234)"; flow:established,from_client; content:"GET"; http_method; content:"/yk.google|3f|t=npbcke22"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"a.x7f4g2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661234/; classtype:trojan-activity;sid:84524334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661235)"; flow:established,from_client; content:"GET"; http_method; content:"/nus5q6pp0o.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"g.q-5ket.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661235/; classtype:trojan-activity;sid:84524335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661233)"; flow:established,from_client; content:"GET"; http_method; content:"/l8xvgrnfk9.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"it.frl0i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661233/; classtype:trojan-activity;sid:84524333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661232)"; flow:established,from_client; content:"GET"; http_method; content:"/w3a.google|3f|t=pdru7dkn"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"q1n.p3t9b3.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661232/; classtype:trojan-activity;sid:84524332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661231)"; flow:established,from_client; content:"GET"; http_method; content:"/rw9xv4sxop.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"it.frl0i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661231/; classtype:trojan-activity;sid:84524331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661230)"; flow:established,from_client; content:"GET"; http_method; content:"/w3a.google|3f|t=ic9l0meo"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"q1n.p3t9b3.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661230/; classtype:trojan-activity;sid:84524330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661229)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.69.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661229/; classtype:trojan-activity;sid:84524329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661228)"; flow:established,from_client; content:"GET"; http_method; content:"/5pqwq9a5ts.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m2.j-9fuw.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661228/; classtype:trojan-activity;sid:84524328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661227)"; flow:established,from_client; content:"GET"; http_method; content:"/w3a.google|3f|t=wx591woi"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"q1n.p3t9b3.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661227/; classtype:trojan-activity;sid:84524327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661226)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.135.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661226/; classtype:trojan-activity;sid:84524326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661225)"; flow:established,from_client; content:"GET"; http_method; content:"/files/760120513/kmkbped.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661225/; classtype:trojan-activity;sid:84524325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661224)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.73.160.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661224/; classtype:trojan-activity;sid:84524324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661222)"; flow:established,from_client; content:"GET"; http_method; content:"/zp14.check|3f|t=r4er3g3h"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"b.p3t9b3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661222/; classtype:trojan-activity;sid:84524322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661223)"; flow:established,from_client; content:"GET"; http_method; content:"/hx3h6kggjs.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"it.frl0i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661223/; classtype:trojan-activity;sid:84524323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661221)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.162.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661221/; classtype:trojan-activity;sid:84524321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661220)"; flow:established,from_client; content:"GET"; http_method; content:"/dzbhamab5p.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m2.j-9fuw.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661220/; classtype:trojan-activity;sid:84524320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661219)"; flow:established,from_client; content:"GET"; http_method; content:"/zp14.check|3f|t=d28u12h3"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"b.p3t9b3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661219/; classtype:trojan-activity;sid:84524319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661218)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.26.225.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661218/; classtype:trojan-activity;sid:84524318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661217)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.73.160.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661217/; classtype:trojan-activity;sid:84524317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661216)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661216/; classtype:trojan-activity;sid:84524316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661215)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.125.48.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661215/; classtype:trojan-activity;sid:84524315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661214)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.93.202.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661214/; classtype:trojan-activity;sid:84524314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661213)"; flow:established,from_client; content:"GET"; http_method; content:"/h3iw8lojxf.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"aa9.j-9fuw.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661213/; classtype:trojan-activity;sid:84524313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661212)"; flow:established,from_client; content:"GET"; http_method; content:"/m0.google|3f|t=gn6amqwr"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"r7.p3t9b3.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661212/; classtype:trojan-activity;sid:84524312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661211)"; flow:established,from_client; content:"GET"; http_method; content:"/m0.google|3f|t=xw8m1pjw"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"r7.p3t9b3.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661211/; classtype:trojan-activity;sid:84524311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661210)"; flow:established,from_client; content:"GET"; http_method; content:"/xijdfar353.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"it.frl0i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661210/; classtype:trojan-activity;sid:84524310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661209)"; flow:established,from_client; content:"GET"; http_method; content:"/221/ws22bd335e94be53168%2525252525252523gga1dx3rxsr2ny5zilc2ojnzgyea8uuh7yy6t65thh3e.hta"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"96.44.159.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661209/; classtype:trojan-activity;sid:84524309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661208)"; flow:established,from_client; content:"GET"; http_method; content:"/ta9.check|3f|t=to1q082f"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"x.p3t9b3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661208/; classtype:trojan-activity;sid:84524308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661207)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1vop0fd4-m7d63zrgnddi1qvzahoybnuw"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661207/; classtype:trojan-activity;sid:84524307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661206)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ebvjvnehud0hbhlfx9x0ztoxsavnfawb"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661206/; classtype:trojan-activity;sid:84524306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661205)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1epzmbzpyzpwxbabigij8bnaj4h-m8qah"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661205/; classtype:trojan-activity;sid:84524305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661204)"; flow:established,from_client; content:"GET"; http_method; content:"/bg91h001jb.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"is.frl0i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661204/; classtype:trojan-activity;sid:84524304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661203)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1vvd3tkxez6tkshv2laqxhh_xxtziq-vu"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661203/; classtype:trojan-activity;sid:84524303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661202)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1nkv0i9vg5c2bdhsggfpby9o0la1sg2ta"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661202/; classtype:trojan-activity;sid:84524302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661201)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1jsbqiucma692uy2fjs3ttbohyegheqrz"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661201/; classtype:trojan-activity;sid:84524301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661198)"; flow:established,from_client; content:"GET"; http_method; content:"/d54rt39i72.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"xq0.j-9fuw.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661198/; classtype:trojan-activity;sid:84524298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661199)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1vsvn-sizw9rwmljabk4lpjldk9fwvayf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661199/; classtype:trojan-activity;sid:84524299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661200)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1zt31fsjivtzacxiuk6xgxroozzb7jk3a"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661200/; classtype:trojan-activity;sid:84524300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661197)"; flow:established,from_client; content:"GET"; http_method; content:"/ta9.check|3f|t=brq1gu3h"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"x.p3t9b3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661197/; classtype:trojan-activity;sid:84524297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661196)"; flow:established,from_client; content:"GET"; http_method; content:"/hfwfxntbt8.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"is.frl0i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661196/; classtype:trojan-activity;sid:84524296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661195)"; flow:established,from_client; content:"GET"; http_method; content:"/ta9.check|3f|t=gncgoyz2"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"x.p3t9b3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661195/; classtype:trojan-activity;sid:84524295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661194)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=13qh4lmsq_-7-gcwqnnyiihmhpkc9lxkf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661194/; classtype:trojan-activity;sid:84524294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661191)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1dln-yqgmlgfhorrkhqgb8beywq2sh3zg"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661191/; classtype:trojan-activity;sid:84524291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661192)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1shesniaansoafc6he5jttg1rjlkaoghz"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661192/; classtype:trojan-activity;sid:84524292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661193)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1w2ndpv98gn7dte9k-4knzuj5z3ictv6q"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661193/; classtype:trojan-activity;sid:84524293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661190)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1dm40hrckybf9yqtdvtu2jxputchmcpiz"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661190/; classtype:trojan-activity;sid:84524290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661189)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.221.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661189/; classtype:trojan-activity;sid:84524289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661188)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.202.219.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661188/; classtype:trojan-activity;sid:84524288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661187)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.150.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661187/; classtype:trojan-activity;sid:84524287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661185)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5089917904/mpf9r6d.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661185/; classtype:trojan-activity;sid:84524285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661186)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1671711641/vqiqy7m.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661186/; classtype:trojan-activity;sid:84524286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661184)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.254.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661184/; classtype:trojan-activity;sid:84524284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661183)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.158.74.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661183/; classtype:trojan-activity;sid:84524283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661182)"; flow:established,from_client; content:"GET"; http_method; content:"/2dab2p6suk.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"in.xzb6i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661182/; classtype:trojan-activity;sid:84524282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661181)"; flow:established,from_client; content:"GET"; http_method; content:"/1d2.google|3f|t=rscmplmu"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"vk.p3t9b3.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661181/; classtype:trojan-activity;sid:84524281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661180)"; flow:established,from_client; content:"GET"; http_method; content:"/1d2.google|3f|t=269sbfar"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"vk.p3t9b3.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661180/; classtype:trojan-activity;sid:84524280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661179)"; flow:established,from_client; content:"GET"; http_method; content:"/l8eja0zl9z.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c5.j-9fuw.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661179/; classtype:trojan-activity;sid:84524279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661178)"; flow:established,from_client; content:"GET"; http_method; content:"//nueva%20carpeta/wmieventlogs.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"hostphpwindowsdriversapps1.duckdns.org"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661178/; classtype:trojan-activity;sid:84524278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661177)"; flow:established,from_client; content:"GET"; http_method; content:"/67/2bd335e94be53168%252525252523gga1dx3rxsr2ny5zilc2ojnzgyea8uuh7yy6t65thhjj9h97667.hta"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"185.29.9.91"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661177/; classtype:trojan-activity;sid:84524277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661176)"; flow:established,from_client; content:"GET"; http_method; content:"/img/kmmi/2bd335e94be53168%2525252523gga1dx3rxsr2ny5zilc2ojnzgyea8uuh7yy6t65thhjj9hgvo09c.hta"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"185.29.9.98"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661176/; classtype:trojan-activity;sid:84524276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661174)"; flow:established,from_client; content:"GET"; http_method; content:"/57/ecws22bd335e94be53168%252525252523gga1dx3rxsr2ny5zilc2ojnzgyea8uuh7yy6t65thhjj9hgv.hta"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"96.44.159.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661174/; classtype:trojan-activity;sid:84524274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661175)"; flow:established,from_client; content:"GET"; http_method; content:"/5g9hu8t1f4.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"l.j-9fuw.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661175/; classtype:trojan-activity;sid:84524275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661173)"; flow:established,from_client; content:"GET"; http_method; content:"/0zr.check|3f|t=jxk7afgv"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"m8.p3t9b3.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661173/; classtype:trojan-activity;sid:84524273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661172)"; flow:established,from_client; content:"GET"; http_method; content:"/0zr.check|3f|t=qfa4dvqc"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"m8.p3t9b3.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661172/; classtype:trojan-activity;sid:84524272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661171)"; flow:established,from_client; content:"GET"; http_method; content:"/jy9jiubbpm.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"in.xzb6i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661171/; classtype:trojan-activity;sid:84524271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661170)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.125.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661170/; classtype:trojan-activity;sid:84524270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661169)"; flow:established,from_client; content:"GET"; http_method; content:"/qe.google|3f|t=2l3rediw"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"s.p3t9b3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661169/; classtype:trojan-activity;sid:84524269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661168)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.158.74.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661168/; classtype:trojan-activity;sid:84524268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661167)"; flow:established,from_client; content:"GET"; http_method; content:"/qe.google|3f|t=x7l91vfr"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"s.p3t9b3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661167/; classtype:trojan-activity;sid:84524267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661165)"; flow:established,from_client; content:"GET"; http_method; content:"/q3blc0dai9.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"in.xzb6i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661165/; classtype:trojan-activity;sid:84524265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661166)"; flow:established,from_client; content:"GET"; http_method; content:"/wbngtsn0rc.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"aa.n-4cas.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661166/; classtype:trojan-activity;sid:84524266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661164)"; flow:established,from_client; content:"GET"; http_method; content:"/n81dzcuiq0.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"h1.n-4cas.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661164/; classtype:trojan-activity;sid:84524264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661161)"; flow:established,from_client; content:"GET"; http_method; content:"/kp04.google|3f|t=dfzhyuaq"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"w1n.m4d8q9.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661161/; classtype:trojan-activity;sid:84524261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661162)"; flow:established,from_client; content:"GET"; http_method; content:"/kp04.google|3f|t=nsquks0q"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"w1n.m4d8q9.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661162/; classtype:trojan-activity;sid:84524262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661163)"; flow:established,from_client; content:"GET"; http_method; content:"/1w31nnjueh.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"in.xzb6i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661163/; classtype:trojan-activity;sid:84524263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661160)"; flow:established,from_client; content:"GET"; http_method; content:"/166/2bd335e94be53168%252525252523gga1dx3rxsr2ny5zilc2ojnzgyearrw2rgu9yyrnfhasde3.txt"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"185.29.9.98"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661160/; classtype:trojan-activity;sid:84524260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661159)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.15.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661159/; classtype:trojan-activity;sid:84524259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661158)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.spc"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"194.26.192.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661158/; classtype:trojan-activity;sid:84524258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661157)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.sparc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"162.245.188.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661157/; classtype:trojan-activity;sid:84524257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661153)"; flow:established,from_client; content:"GET"; http_method; content:"/myfuckingbins/i586"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.94.31.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661153/; classtype:trojan-activity;sid:84524253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661154)"; flow:established,from_client; content:"GET"; http_method; content:"/myfuckingbins/arc"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.94.31.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661154/; classtype:trojan-activity;sid:84524254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661155)"; flow:established,from_client; content:"GET"; http_method; content:"/dwrioej/neon.i468"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"176.65.132.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661155/; classtype:trojan-activity;sid:84524255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661156)"; flow:established,from_client; content:"GET"; http_method; content:"/myfuckingbins/mipsel"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"45.94.31.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661156/; classtype:trojan-activity;sid:84524256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661151)"; flow:established,from_client; content:"GET"; http_method; content:"/myfuckingbins/mips"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.94.31.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661151/; classtype:trojan-activity;sid:84524251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661152)"; flow:established,from_client; content:"GET"; http_method; content:"/myfuckingbins/i686"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.94.31.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661152/; classtype:trojan-activity;sid:84524252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661147)"; flow:established,from_client; content:"GET"; http_method; content:"/myfuckingbins/arm"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.94.31.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661147/; classtype:trojan-activity;sid:84524247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661148)"; flow:established,from_client; content:"GET"; http_method; content:"/myfuckingbins/sparc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.94.31.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661148/; classtype:trojan-activity;sid:84524248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661149)"; flow:established,from_client; content:"GET"; http_method; content:"/myfuckingbins/arm7"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.94.31.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661149/; classtype:trojan-activity;sid:84524249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661150)"; flow:established,from_client; content:"GET"; http_method; content:"/myfuckingbins/sh4"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.94.31.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661150/; classtype:trojan-activity;sid:84524250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661144)"; flow:established,from_client; content:"GET"; http_method; content:"/myfuckingbins/arm5"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.94.31.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661144/; classtype:trojan-activity;sid:84524244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661145)"; flow:established,from_client; content:"GET"; http_method; content:"/myfuckingbins/x86_64"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"45.94.31.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661145/; classtype:trojan-activity;sid:84524245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661146)"; flow:established,from_client; content:"GET"; http_method; content:"/myfuckingbins/arm6"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.94.31.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661146/; classtype:trojan-activity;sid:84524246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661143)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mips64"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"162.245.188.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661143/; classtype:trojan-activity;sid:84524243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661141)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.m68k"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"194.26.192.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661141/; classtype:trojan-activity;sid:84524241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661142)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.arm6"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"194.26.192.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661142/; classtype:trojan-activity;sid:84524242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661131)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.ppc"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"194.26.192.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661131/; classtype:trojan-activity;sid:84524231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661132)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.arm"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"194.26.192.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661132/; classtype:trojan-activity;sid:84524232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661133)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.x86_64"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"194.26.192.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661133/; classtype:trojan-activity;sid:84524233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661134)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.arc"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"194.26.192.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661134/; classtype:trojan-activity;sid:84524234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661135)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.i686"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"194.26.192.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661135/; classtype:trojan-activity;sid:84524235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661136)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.sh4"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"194.26.192.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661136/; classtype:trojan-activity;sid:84524236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661137)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.arm7"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"194.26.192.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661137/; classtype:trojan-activity;sid:84524237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661138)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.arm5"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"194.26.192.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661138/; classtype:trojan-activity;sid:84524238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661139)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.mpsl"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"194.26.192.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661139/; classtype:trojan-activity;sid:84524239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661140)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.x86"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"194.26.192.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661140/; classtype:trojan-activity;sid:84524240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661129)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"147.93.182.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661129/; classtype:trojan-activity;sid:84524229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661130)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"147.93.182.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661130/; classtype:trojan-activity;sid:84524230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661128)"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.ppc440fp"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"115.167.64.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661128/; classtype:trojan-activity;sid:84524228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661127)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.mips"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"194.26.192.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661127/; classtype:trojan-activity;sid:84524227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661126)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.i468"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"194.26.192.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661126/; classtype:trojan-activity;sid:84524226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661125)"; flow:established,from_client; content:"GET"; http_method; content:"/7m2.check|3f|t=4fqks2j4"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"h.m4d8q9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661125/; classtype:trojan-activity;sid:84524225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661122)"; flow:established,from_client; content:"GET"; http_method; content:"/7m2.check|3f|t=kuxby3k7"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"h.m4d8q9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661122/; classtype:trojan-activity;sid:84524222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661123)"; flow:established,from_client; content:"GET"; http_method; content:"/je5xg6p2eb.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"in.xzb6i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661123/; classtype:trojan-activity;sid:84524223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661124)"; flow:established,from_client; content:"GET"; http_method; content:"/1q6xcptpj3.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pz8.n-4cas.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661124/; classtype:trojan-activity;sid:84524224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661121)"; flow:established,from_client; content:"GET"; http_method; content:"/mix2pgycdbf4pdnytz.ps1"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.120.219.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661121/; classtype:trojan-activity;sid:84524221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661119)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.126.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661119/; classtype:trojan-activity;sid:84524219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661120)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.15.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661120/; classtype:trojan-activity;sid:84524220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661118)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.68.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661118/; classtype:trojan-activity;sid:84524218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661117)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.187.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661117/; classtype:trojan-activity;sid:84524217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661115)"; flow:established,from_client; content:"GET"; http_method; content:"/yc.google|3f|t=pzgf8tnl"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"q9.m4d8q9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661115/; classtype:trojan-activity;sid:84524215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661116)"; flow:established,from_client; content:"GET"; http_method; content:"/4kvy80xo7o.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"in.xzb6i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661116/; classtype:trojan-activity;sid:84524216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661114)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.187.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661114/; classtype:trojan-activity;sid:84524214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661113)"; flow:established,from_client; content:"GET"; http_method; content:"/yc.google|3f|t=o0tbb6q1"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"q9.m4d8q9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661113/; classtype:trojan-activity;sid:84524213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661112)"; flow:established,from_client; content:"GET"; http_method; content:"/czqo57gp91.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"w4.n-4cas.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661112/; classtype:trojan-activity;sid:84524212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661111)"; flow:established,from_client; content:"GET"; http_method; content:"/f3egm92vn5.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"in.xzb6i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661111/; classtype:trojan-activity;sid:84524211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661110)"; flow:established,from_client; content:"GET"; http_method; content:"/yc.google|3f|t=fyviwat7"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"q9.m4d8q9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661110/; classtype:trojan-activity;sid:84524210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661109)"; flow:established,from_client; content:"GET"; http_method; content:"/file/l54.pdf"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"shkb-info.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661109/; classtype:trojan-activity;sid:84524209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661108)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.86.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661108/; classtype:trojan-activity;sid:84524208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661107)"; flow:established,from_client; content:"GET"; http_method; content:"/b9t3.check|3f|t=rsuihdt4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"x.m4d8q9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661107/; classtype:trojan-activity;sid:84524207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661106)"; flow:established,from_client; content:"GET"; http_method; content:"/b9t3.check|3f|t=cer2m9as"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"x.m4d8q9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661106/; classtype:trojan-activity;sid:84524206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661104)"; flow:established,from_client; content:"GET"; http_method; content:"/un8bnph796.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"in.xzb6i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661104/; classtype:trojan-activity;sid:84524204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661105)"; flow:established,from_client; content:"GET"; http_method; content:"/9yqmx2icw7.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"d.n-4cas.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661105/; classtype:trojan-activity;sid:84524205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661103)"; flow:established,from_client; content:"GET"; http_method; content:"/9sbwurq2i6.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"d.n-4cas.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661103/; classtype:trojan-activity;sid:84524203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661102)"; flow:established,from_client; content:"GET"; http_method; content:"/0m.google|3f|t=x3smj5j4"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"pt.m4d8q9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661102/; classtype:trojan-activity;sid:84524202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661101)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"vmi2740578.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661101/; classtype:trojan-activity;sid:84524201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661100)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"vmi2740578.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661100/; classtype:trojan-activity;sid:84524200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661086)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"147.93.182.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661086/; classtype:trojan-activity;sid:84524186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661087)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"147.93.182.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661087/; classtype:trojan-activity;sid:84524187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661088)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"vmi2740578.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661088/; classtype:trojan-activity;sid:84524188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661089)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"147.93.182.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661089/; classtype:trojan-activity;sid:84524189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661090)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"vmi2740578.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661090/; classtype:trojan-activity;sid:84524190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661091)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"147.93.182.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661091/; classtype:trojan-activity;sid:84524191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661092)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"147.93.182.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661092/; classtype:trojan-activity;sid:84524192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661093)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"vmi2740578.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661093/; classtype:trojan-activity;sid:84524193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661094)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"vmi2740578.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661094/; classtype:trojan-activity;sid:84524194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661095)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"vmi2740578.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661095/; classtype:trojan-activity;sid:84524195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661096)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"vmi2740578.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661096/; classtype:trojan-activity;sid:84524196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661097)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"vmi2740578.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661097/; classtype:trojan-activity;sid:84524197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661098)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"vmi2740578.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661098/; classtype:trojan-activity;sid:84524198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661099)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"vmi2740578.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661099/; classtype:trojan-activity;sid:84524199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661085)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"147.93.182.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661085/; classtype:trojan-activity;sid:84524185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661084)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"147.93.182.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661084/; classtype:trojan-activity;sid:84524184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661080)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"vmi2740578.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661080/; classtype:trojan-activity;sid:84524180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661081)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"vmi2740578.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661081/; classtype:trojan-activity;sid:84524181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661082)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"151.242.30.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661082/; classtype:trojan-activity;sid:84524182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661083)"; flow:established,from_client; content:"GET"; http_method; content:"/bebc91fb1cc0431f965b38927c28ce04_build.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661083/; classtype:trojan-activity;sid:84524183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661067)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"151.242.30.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661067/; classtype:trojan-activity;sid:84524167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661068)"; flow:established,from_client; content:"GET"; http_method; content:"/cheatclients/javawe.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"193.233.175.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661068/; classtype:trojan-activity;sid:84524168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661069)"; flow:established,from_client; content:"GET"; http_method; content:"/cheatclients/rate.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"193.233.175.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661069/; classtype:trojan-activity;sid:84524169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661070)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"151.242.30.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661070/; classtype:trojan-activity;sid:84524170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661071)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"151.242.30.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661071/; classtype:trojan-activity;sid:84524171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661072)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"151.242.30.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661072/; classtype:trojan-activity;sid:84524172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661073)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"151.242.30.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661073/; classtype:trojan-activity;sid:84524173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661074)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"147.93.182.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661074/; classtype:trojan-activity;sid:84524174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661075)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"147.93.182.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661075/; classtype:trojan-activity;sid:84524175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661076)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"151.242.30.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661076/; classtype:trojan-activity;sid:84524176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661077)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"147.93.182.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661077/; classtype:trojan-activity;sid:84524177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661078)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"151.242.30.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661078/; classtype:trojan-activity;sid:84524178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661079)"; flow:established,from_client; content:"GET"; http_method; content:"/cheatclients/arce.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"193.233.175.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661079/; classtype:trojan-activity;sid:84524179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661066)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"151.242.30.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661066/; classtype:trojan-activity;sid:84524166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661065)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"151.242.30.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661065/; classtype:trojan-activity;sid:84524165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661063)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"151.242.30.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661063/; classtype:trojan-activity;sid:84524163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661064)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"151.242.30.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661064/; classtype:trojan-activity;sid:84524164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661062)"; flow:established,from_client; content:"GET"; http_method; content:"/cheatclients/runtimebroker.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"89.39.121.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661062/; classtype:trojan-activity;sid:84524162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661060)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5089917904/ee2zp51.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661060/; classtype:trojan-activity;sid:84524160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661061)"; flow:established,from_client; content:"GET"; http_method; content:"/cheatclients/runtimebroker.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"95.181.212.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661061/; classtype:trojan-activity;sid:84524161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661058)"; flow:established,from_client; content:"GET"; http_method; content:"/cheatclients/runtimebroker.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"193.233.175.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661058/; classtype:trojan-activity;sid:84524158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661059)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1443502088/yhobcud.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661059/; classtype:trojan-activity;sid:84524159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.79.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661057/; classtype:trojan-activity;sid:84524157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661056)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.79.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661056/; classtype:trojan-activity;sid:84524156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661055)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.68.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661055/; classtype:trojan-activity;sid:84524155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661054)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661054/; classtype:trojan-activity;sid:84524154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661053)"; flow:established,from_client; content:"GET"; http_method; content:"/enkpn2f9gd.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"in.xzb6i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661053/; classtype:trojan-activity;sid:84524153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661052)"; flow:established,from_client; content:"GET"; http_method; content:"/1xq.check|3f|t=hwnsuonx"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"z2.m4d8q9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661052/; classtype:trojan-activity;sid:84524152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661051)"; flow:established,from_client; content:"GET"; http_method; content:"/9i0lm190z6.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"hm.x-7daf.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661051/; classtype:trojan-activity;sid:84524151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661050)"; flow:established,from_client; content:"GET"; http_method; content:"/1xq.check|3f|t=4m84xrjw"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"z2.m4d8q9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661050/; classtype:trojan-activity;sid:84524150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661049)"; flow:established,from_client; content:"GET"; http_method; content:"/kegugkzxe0.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"hm.x-7daf.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661049/; classtype:trojan-activity;sid:84524149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661048)"; flow:established,from_client; content:"GET"; http_method; content:"/a7.google|3f|t=klvql5pc"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"k.m4d8q9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661048/; classtype:trojan-activity;sid:84524148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661047)"; flow:established,from_client; content:"GET"; http_method; content:"/b90tuah21k.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"in.xzb6i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661047/; classtype:trojan-activity;sid:84524147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661046)"; flow:established,from_client; content:"GET"; http_method; content:"/a7.google|3f|t=buntny4o"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"k.m4d8q9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661046/; classtype:trojan-activity;sid:84524146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661045)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.52.251.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661045/; classtype:trojan-activity;sid:84524145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661044)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.100.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661044/; classtype:trojan-activity;sid:84524144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661043)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.54.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661043/; classtype:trojan-activity;sid:84524143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661042)"; flow:established,from_client; content:"GET"; http_method; content:"/files/30d698bf267594dc.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"catgirl.lt"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661042/; classtype:trojan-activity;sid:84524142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661041)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7103746036/e2zgybz.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661041/; classtype:trojan-activity;sid:84524141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661040)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6869227589/wni6idp.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661040/; classtype:trojan-activity;sid:84524140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661039)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6869227589/59uskrb.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661039/; classtype:trojan-activity;sid:84524139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661038)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.201.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661038/; classtype:trojan-activity;sid:84524138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661037)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.100.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661037/; classtype:trojan-activity;sid:84524137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661036)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.182.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661036/; classtype:trojan-activity;sid:84524136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661034)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.214.149.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661034/; classtype:trojan-activity;sid:84524134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661035)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.215.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661035/; classtype:trojan-activity;sid:84524135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661033)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.52.251.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661033/; classtype:trojan-activity;sid:84524133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661032)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.201.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661032/; classtype:trojan-activity;sid:84524132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661031)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.182.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661031/; classtype:trojan-activity;sid:84524131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661030)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.46.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661030/; classtype:trojan-activity;sid:84524130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661029)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.214.149.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661029/; classtype:trojan-activity;sid:84524129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661028)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.105.76.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661028/; classtype:trojan-activity;sid:84524128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661027)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.172.252.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661027/; classtype:trojan-activity;sid:84524127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661025)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.239.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661025/; classtype:trojan-activity;sid:84524125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661026)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.49.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661026/; classtype:trojan-activity;sid:84524126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661024)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.41.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661024/; classtype:trojan-activity;sid:84524124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661021)"; flow:established,from_client; content:"GET"; http_method; content:"/payloads/bot_mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"176.65.148.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661021/; classtype:trojan-activity;sid:84524121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661022)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.244.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661022/; classtype:trojan-activity;sid:84524122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661023)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.164.213.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661023/; classtype:trojan-activity;sid:84524123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661018)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"147.93.182.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661018/; classtype:trojan-activity;sid:84524118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661019)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"147.93.182.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661019/; classtype:trojan-activity;sid:84524119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661020)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"147.93.182.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661020/; classtype:trojan-activity;sid:84524120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661017)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.221.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661017/; classtype:trojan-activity;sid:84524117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661016)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.35.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661016/; classtype:trojan-activity;sid:84524116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661015)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.126.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661015/; classtype:trojan-activity;sid:84524115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661014)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.82.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661014/; classtype:trojan-activity;sid:84524114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661013)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.244.203.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661013/; classtype:trojan-activity;sid:84524113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661012)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.35.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661012/; classtype:trojan-activity;sid:84524112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661011)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.244.203.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661011/; classtype:trojan-activity;sid:84524111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661010)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.254.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661010/; classtype:trojan-activity;sid:84524110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661009)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.179.235.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661009/; classtype:trojan-activity;sid:84524109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661008)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.95.170"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661008/; classtype:trojan-activity;sid:84524108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661007)"; flow:established,from_client; content:"GET"; http_method; content:"/oi3gola4ib.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t1.x-7daf.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661007/; classtype:trojan-activity;sid:84524107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661006)"; flow:established,from_client; content:"GET"; http_method; content:"/fk91.google|3f|t=le0f7j34"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"cm.qoruva.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661006/; classtype:trojan-activity;sid:84524106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661005)"; flow:established,from_client; content:"GET"; http_method; content:"/cgdgs321rd.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"if.xzb6i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661005/; classtype:trojan-activity;sid:84524105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661004)"; flow:established,from_client; content:"GET"; http_method; content:"/fk91.google|3f|t=7w18kr3h"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"cm.qoruva.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661004/; classtype:trojan-activity;sid:84524104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661003)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.214.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661003/; classtype:trojan-activity;sid:84524103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661002)"; flow:established,from_client; content:"GET"; http_method; content:"/nf8f2gyclo.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"if.xzb6i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661002/; classtype:trojan-activity;sid:84524102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661001)"; flow:established,from_client; content:"GET"; http_method; content:"/fk91.google|3f|t=zcdxz15m"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"cm.qoruva.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661001/; classtype:trojan-activity;sid:84524101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661000)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.254.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661000/; classtype:trojan-activity;sid:84524100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660999)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.15.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3660999/; classtype:trojan-activity;sid:84524099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660998)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.5.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3660998/; classtype:trojan-activity;sid:84524098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660997)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.198.186.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3660997/; classtype:trojan-activity;sid:84524097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660996)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.247.88.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3660996/; classtype:trojan-activity;sid:84524096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660995)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.237.43.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3660995/; classtype:trojan-activity;sid:84524095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660994)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.237.43.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3660994/; classtype:trojan-activity;sid:84524094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660993)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.5.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3660993/; classtype:trojan-activity;sid:84524093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660992)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.247.88.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3660992/; classtype:trojan-activity;sid:84524092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660991)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.122.206.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3660991/; classtype:trojan-activity;sid:84524091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660990)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.39.48"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3660990/; classtype:trojan-activity;sid:84524090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660989)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.119.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3660989/; classtype:trojan-activity;sid:84524089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660988)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.63.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3660988/; classtype:trojan-activity;sid:84524088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660987)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.234.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3660987/; classtype:trojan-activity;sid:84524087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.201.177.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3660986/; classtype:trojan-activity;sid:84524086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660985)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.119.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3660985/; classtype:trojan-activity;sid:84524085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660984)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.222.192.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3660984/; classtype:trojan-activity;sid:84524084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660983)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.27.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3660983/; classtype:trojan-activity;sid:84524083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660982)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"211.158.209.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3660982/; classtype:trojan-activity;sid:84524082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660981)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.233.8.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3660981/; classtype:trojan-activity;sid:84524081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660980)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.19.220.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3660980/; classtype:trojan-activity;sid:84524080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660979)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.177.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3660979/; classtype:trojan-activity;sid:84524079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660978)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.233.8.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3660978/; classtype:trojan-activity;sid:84524078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660977)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.27.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660977/; classtype:trojan-activity;sid:84524077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660976)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.64.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660976/; classtype:trojan-activity;sid:84524076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660975)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.194.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660975/; classtype:trojan-activity;sid:84524075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660974)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.189.212.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660974/; classtype:trojan-activity;sid:84524074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660973)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"222.246.109.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660973/; classtype:trojan-activity;sid:84524073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660972)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.24.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660972/; classtype:trojan-activity;sid:84524072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660970)"; flow:established,from_client; content:"GET"; http_method; content:"/c65iu7pznp.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qz9.x-7daf.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660970/; classtype:trojan-activity;sid:84524070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660971)"; flow:established,from_client; content:"GET"; http_method; content:"/5umu9p8nlt.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"he.xzb6i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660971/; classtype:trojan-activity;sid:84524071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660968)"; flow:established,from_client; content:"GET"; http_method; content:"/az4.check|3f|t=mji57e2q"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"y7.qoruva.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660968/; classtype:trojan-activity;sid:84524068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660969)"; flow:established,from_client; content:"GET"; http_method; content:"/az4.check|3f|t=x6n327ii"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"y7.qoruva.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660969/; classtype:trojan-activity;sid:84524069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660967)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.189.212.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660967/; classtype:trojan-activity;sid:84524067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660966)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.153.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660966/; classtype:trojan-activity;sid:84524066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660965)"; flow:established,from_client; content:"GET"; http_method; content:"/0ywt6h9joq.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"go.xzb6i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660965/; classtype:trojan-activity;sid:84524065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660964)"; flow:established,from_client; content:"GET"; http_method; content:"/0nq.google|3f|t=k321mgse"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"u.qoruva.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660964/; classtype:trojan-activity;sid:84524064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660963)"; flow:established,from_client; content:"GET"; http_method; content:"/obep6mjyqj.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2.x-7daf.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660963/; classtype:trojan-activity;sid:84524063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660962)"; flow:established,from_client; content:"GET"; http_method; content:"/0nq.google|3f|t=rxhipk5x"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"u.qoruva.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660962/; classtype:trojan-activity;sid:84524062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660961)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.24.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660961/; classtype:trojan-activity;sid:84524061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660960)"; flow:established,from_client; content:"GET"; http_method; content:"/vrl07cnzbd.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"go.xzb6i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660960/; classtype:trojan-activity;sid:84524060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660959)"; flow:established,from_client; content:"GET"; http_method; content:"/tb0.check|3f|t=5citsz5f"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"r3.qoruva.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660959/; classtype:trojan-activity;sid:84524059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660958)"; flow:established,from_client; content:"GET"; http_method; content:"/ssqav1z71j.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2.x-7daf.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660958/; classtype:trojan-activity;sid:84524058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660957)"; flow:established,from_client; content:"GET"; http_method; content:"/tb0.check|3f|t=z3aryyi2"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"r3.qoruva.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660957/; classtype:trojan-activity;sid:84524057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660956)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.78.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660956/; classtype:trojan-activity;sid:84524056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660955)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"209.207.87.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660955/; classtype:trojan-activity;sid:84524055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660954)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.238.158.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660954/; classtype:trojan-activity;sid:84524054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660953)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.153.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660953/; classtype:trojan-activity;sid:84524053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660952)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.148.154.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660952/; classtype:trojan-activity;sid:84524052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660951)"; flow:established,from_client; content:"GET"; http_method; content:"/0euoo5z4wy.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k.x-7daf.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660951/; classtype:trojan-activity;sid:84524051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660950)"; flow:established,from_client; content:"GET"; http_method; content:"/m2.google|3f|t=qq3kfzfo"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"be.qoruva.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660950/; classtype:trojan-activity;sid:84524050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660949)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.242.66.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660949/; classtype:trojan-activity;sid:84524049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660948)"; flow:established,from_client; content:"GET"; http_method; content:"/cjpn0hmfql.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"do.xzb6i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660948/; classtype:trojan-activity;sid:84524048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660947)"; flow:established,from_client; content:"GET"; http_method; content:"/m2.google|3f|t=iz1zw3lg"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"be.qoruva.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660947/; classtype:trojan-activity;sid:84524047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660945)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.232.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660945/; classtype:trojan-activity;sid:84524045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660946)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.245.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660946/; classtype:trojan-activity;sid:84524046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660944)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.193.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660944/; classtype:trojan-activity;sid:84524044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660943)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.230.141.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660943/; classtype:trojan-activity;sid:84524043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660942)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.54.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660942/; classtype:trojan-activity;sid:84524042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660941)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.94.31.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660941/; classtype:trojan-activity;sid:84524041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660940)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.123.19.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660940/; classtype:trojan-activity;sid:84524040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660939)"; flow:established,from_client; content:"GET"; http_method; content:"/l9z9gedi0w.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m6.d-76u.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660939/; classtype:trojan-activity;sid:84524039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660938)"; flow:established,from_client; content:"GET"; http_method; content:"/1v3.check|3f|t=jnjks5vv"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"q4.qoruva.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660938/; classtype:trojan-activity;sid:84524038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660937)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.245.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660937/; classtype:trojan-activity;sid:84524037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660936)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.242.66.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660936/; classtype:trojan-activity;sid:84524036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660935)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.12.204.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660935/; classtype:trojan-activity;sid:84524035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660934)"; flow:established,from_client; content:"GET"; http_method; content:"/1v3.check|3f|t=yjyqhhk8"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"q4.qoruva.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660934/; classtype:trojan-activity;sid:84524034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660933)"; flow:established,from_client; content:"GET"; http_method; content:"/x0bgecboj5.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"by.xzb6i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660933/; classtype:trojan-activity;sid:84524033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660932)"; flow:established,from_client; content:"GET"; http_method; content:"/e9.google|3f|t=5wk91o7b"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"g.qoruva.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660932/; classtype:trojan-activity;sid:84524032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660931)"; flow:established,from_client; content:"GET"; http_method; content:"/r74say4qj3.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m6.d-76u.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660931/; classtype:trojan-activity;sid:84524031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660930)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.230.141.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660930/; classtype:trojan-activity;sid:84524030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660929)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.54.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660929/; classtype:trojan-activity;sid:84524029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660928)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.123.19.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660928/; classtype:trojan-activity;sid:84524028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660927)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.28.169"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660927/; classtype:trojan-activity;sid:84524027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660926)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.12.204.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660926/; classtype:trojan-activity;sid:84524026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660925)"; flow:established,from_client; content:"GET"; http_method; content:"/cwi8za5oz2.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t1.d-76u.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660925/; classtype:trojan-activity;sid:84524025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660924)"; flow:established,from_client; content:"GET"; http_method; content:"/kq7.check|3f|t=dqr4iskc"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"x.henyta.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660924/; classtype:trojan-activity;sid:84524024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660923)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.16.164.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660923/; classtype:trojan-activity;sid:84524023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660922)"; flow:established,from_client; content:"GET"; http_method; content:"/sxo9dgmith.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t1.d-76u.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660922/; classtype:trojan-activity;sid:84524022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660921)"; flow:established,from_client; content:"GET"; http_method; content:"/1n.google|3f|t=vtw8iawo"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"vv.henyta.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660921/; classtype:trojan-activity;sid:84524021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660920)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.180.32.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660920/; classtype:trojan-activity;sid:84524020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660919)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.238.158.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660919/; classtype:trojan-activity;sid:84524019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660913)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.83.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660913/; classtype:trojan-activity;sid:84524013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660914)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.244.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660914/; classtype:trojan-activity;sid:84524014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660915)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660915/; classtype:trojan-activity;sid:84524015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660916)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.202.219.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660916/; classtype:trojan-activity;sid:84524016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660917)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.90.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660917/; classtype:trojan-activity;sid:84524017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660918)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.167.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660918/; classtype:trojan-activity;sid:84524018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660912)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.146.224.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660912/; classtype:trojan-activity;sid:84524012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660911)"; flow:established,from_client; content:"GET"; http_method; content:"/js.php"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"viadigm.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660911/; classtype:trojan-activity;sid:84524011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660910)"; flow:established,from_client; content:"GET"; http_method; content:"/9m8n.js"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"viadigm.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660910/; classtype:trojan-activity;sid:84524010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660909)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.27.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660909/; classtype:trojan-activity;sid:84524009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660908)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.187.126.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660908/; classtype:trojan-activity;sid:84524008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660907)"; flow:established,from_client; content:"GET"; http_method; content:"/x3zea9sj5n.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qz9.d-76u.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660907/; classtype:trojan-activity;sid:84524007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660906)"; flow:established,from_client; content:"GET"; http_method; content:"/0xm.check|3f|t=tugle45r"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"a9.henyta.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660906/; classtype:trojan-activity;sid:84524006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660905)"; flow:established,from_client; content:"GET"; http_method; content:"/cadstark.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"outlok-hotmail.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660905/; classtype:trojan-activity;sid:84524005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660904)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.21.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660904/; classtype:trojan-activity;sid:84524004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660902)"; flow:established,from_client; content:"GET"; http_method; content:"/0xm.check|3f|t=q4skx3hc"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"a9.henyta.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660902/; classtype:trojan-activity;sid:84524002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660903)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.180.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660903/; classtype:trojan-activity;sid:84524003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660901)"; flow:established,from_client; content:"GET"; http_method; content:"/v9d1cq3mnr.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"be.tqh2e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660901/; classtype:trojan-activity;sid:84524001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660900)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.6.167.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660900/; classtype:trojan-activity;sid:84524000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660899)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.187.126.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660899/; classtype:trojan-activity;sid:84523999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660898)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.159.173.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660898/; classtype:trojan-activity;sid:84523998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660897)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.7.245.203"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660897/; classtype:trojan-activity;sid:84523997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660896)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.173.159.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660896/; classtype:trojan-activity;sid:84523996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660893)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.177.111.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660893/; classtype:trojan-activity;sid:84523993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660894)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.173.159.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660894/; classtype:trojan-activity;sid:84523994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660895)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.204.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660895/; classtype:trojan-activity;sid:84523995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660892)"; flow:established,from_client; content:"GET"; http_method; content:"/dr5rqawzw3.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"at.tqh2e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660892/; classtype:trojan-activity;sid:84523992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660891)"; flow:established,from_client; content:"GET"; http_method; content:"/d5.google|3f|t=x7bcu19h"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"p.henyta.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660891/; classtype:trojan-activity;sid:84523991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660890)"; flow:established,from_client; content:"GET"; http_method; content:"/jbkvp2gaya.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2.d-76u.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660890/; classtype:trojan-activity;sid:84523990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660889)"; flow:established,from_client; content:"GET"; http_method; content:"/d5.google|3f|t=bhpfpbmy"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"p.henyta.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660889/; classtype:trojan-activity;sid:84523989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660888)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.21.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660888/; classtype:trojan-activity;sid:84523988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660886)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.85.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660886/; classtype:trojan-activity;sid:84523986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660887)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.180.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660887/; classtype:trojan-activity;sid:84523987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660885)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.7.245.203"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660885/; classtype:trojan-activity;sid:84523985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660884)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.191.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660884/; classtype:trojan-activity;sid:84523984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660882)"; flow:established,from_client; content:"GET"; http_method; content:"/7quax0rv6l.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k.d-76u.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660882/; classtype:trojan-activity;sid:84523982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660883)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.59.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660883/; classtype:trojan-activity;sid:84523983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660881)"; flow:established,from_client; content:"GET"; http_method; content:"/7m04.google|3f|t=3egbgk0i"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"t1v.nykeju.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660881/; classtype:trojan-activity;sid:84523981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660880)"; flow:established,from_client; content:"GET"; http_method; content:"/q58amges48.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"at.tqh2e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660880/; classtype:trojan-activity;sid:84523980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660879)"; flow:established,from_client; content:"GET"; http_method; content:"/7m04.google|3f|t=1pr4ywq8"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"t1v.nykeju.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660879/; classtype:trojan-activity;sid:84523979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660878)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.85.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660878/; classtype:trojan-activity;sid:84523978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660877)"; flow:established,from_client; content:"GET"; http_method; content:"/vb.check|3f|t=r6dleasb"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"k0.nykeju.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660877/; classtype:trojan-activity;sid:84523977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660876)"; flow:established,from_client; content:"GET"; http_method; content:"/u33mu7bpn3.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"at.tqh2e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660876/; classtype:trojan-activity;sid:84523976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660874)"; flow:established,from_client; content:"GET"; http_method; content:"/vb.check|3f|t=avegh7be"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"k0.nykeju.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660874/; classtype:trojan-activity;sid:84523974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660875)"; flow:established,from_client; content:"GET"; http_method; content:"/ksedvvud10.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"b1.w-45u.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660875/; classtype:trojan-activity;sid:84523975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660873)"; flow:established,from_client; content:"GET"; http_method; content:"/2vrwzqmtw0.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"b1.w-45u.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660873/; classtype:trojan-activity;sid:84523973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660872)"; flow:established,from_client; content:"GET"; http_method; content:"/9q1.google|3f|t=m5pdpb64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"hx.nykeju.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660872/; classtype:trojan-activity;sid:84523972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660871)"; flow:established,from_client; content:"GET"; http_method; content:"/dwrioej/neon.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"176.65.132.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660871/; classtype:trojan-activity;sid:84523971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660870)"; flow:established,from_client; content:"GET"; http_method; content:"/dwrioej/neon.ppc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"176.65.132.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660870/; classtype:trojan-activity;sid:84523970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660868)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.204.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660868/; classtype:trojan-activity;sid:84523968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.27.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660869/; classtype:trojan-activity;sid:84523969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660867)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.46.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660867/; classtype:trojan-activity;sid:84523967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660865)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"162.245.188.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660865/; classtype:trojan-activity;sid:84523965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660866)"; flow:established,from_client; content:"GET"; http_method; content:"/2.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"app-digital-loginch.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660866/; classtype:trojan-activity;sid:84523966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660864)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.232.63.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660864/; classtype:trojan-activity;sid:84523964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660862)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.spc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"datapulse.run.place"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660862/; classtype:trojan-activity;sid:84523962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660863)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.spc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"162.245.188.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660863/; classtype:trojan-activity;sid:84523963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660861)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.250.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660861/; classtype:trojan-activity;sid:84523961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660859)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm5"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"162.245.188.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660859/; classtype:trojan-activity;sid:84523959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660860)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.i686"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"datapulse.run.place"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660860/; classtype:trojan-activity;sid:84523960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660856)"; flow:established,from_client; content:"GET"; http_method; content:"/dwrioej/neon.arm5"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"176.65.132.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660856/; classtype:trojan-activity;sid:84523956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660857)"; flow:established,from_client; content:"GET"; http_method; content:"/link/shkb-support.pdf.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"195.66.25.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660857/; classtype:trojan-activity;sid:84523957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660858)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.132.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660858/; classtype:trojan-activity;sid:84523958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660840)"; flow:established,from_client; content:"GET"; http_method; content:"/myfuckingbins/labello.arc"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"cloudmessageservice-phone.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660840/; classtype:trojan-activity;sid:84523940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660841)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.m68k"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"162.245.188.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660841/; classtype:trojan-activity;sid:84523941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660842)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"jbvipnetwork.cc"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660842/; classtype:trojan-activity;sid:84523942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660843)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cloudmessageservice-phone.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660843/; classtype:trojan-activity;sid:84523943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660844)"; flow:established,from_client; content:"GET"; http_method; content:"/myfuckingbins/labello.sh4"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"cloudmessageservice-phone.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660844/; classtype:trojan-activity;sid:84523944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660845)"; flow:established,from_client; content:"GET"; http_method; content:"/dwrioej/neon.x86"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"176.65.132.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660845/; classtype:trojan-activity;sid:84523945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660846)"; flow:established,from_client; content:"GET"; http_method; content:"/myfuckingbins/labello.sh4"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"jbvipnetwork.cc"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660846/; classtype:trojan-activity;sid:84523946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660847)"; flow:established,from_client; content:"GET"; http_method; content:"/myfuckingbins/labello.i686"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"jbvipnetwork.cc"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660847/; classtype:trojan-activity;sid:84523947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660848)"; flow:established,from_client; content:"GET"; http_method; content:"/dwrioej/neon.arm6"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"176.65.132.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660848/; classtype:trojan-activity;sid:84523948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660849)"; flow:established,from_client; content:"GET"; http_method; content:"/myfuckingbins/labello.ppc"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"cloudmessageservice-phone.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660849/; classtype:trojan-activity;sid:84523949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660850)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm7"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"datapulse.run.place"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660850/; classtype:trojan-activity;sid:84523950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660851)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mpsl"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"162.245.188.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660851/; classtype:trojan-activity;sid:84523951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660852)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86_64"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"datapulse.run.place"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660852/; classtype:trojan-activity;sid:84523952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660853)"; flow:established,from_client; content:"GET"; http_method; content:"/myfuckingbins/labello.ppc"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"jbvipnetwork.cc"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660853/; classtype:trojan-activity;sid:84523953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660854)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.sh4"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"datapulse.run.place"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660854/; classtype:trojan-activity;sid:84523954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660855)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.203.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660855/; classtype:trojan-activity;sid:84523955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660836)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cloudmessageservice-phone.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660836/; classtype:trojan-activity;sid:84523936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660837)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.116.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660837/; classtype:trojan-activity;sid:84523937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660838)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"datapulse.run.place"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660838/; classtype:trojan-activity;sid:84523938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660839)"; flow:established,from_client; content:"GET"; http_method; content:"/myfuckingbins/labello.x86"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"cloudmessageservice-phone.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660839/; classtype:trojan-activity;sid:84523939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660835)"; flow:established,from_client; content:"GET"; http_method; content:"/myfuckingbins/labello.mpsl"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"jbvipnetwork.cc"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660835/; classtype:trojan-activity;sid:84523935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660834)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"jbvipnetwork.cc"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660834/; classtype:trojan-activity;sid:84523934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660825)"; flow:established,from_client; content:"GET"; http_method; content:"/myfuckingbins/labello.arm"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"cloudmessageservice-phone.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660825/; classtype:trojan-activity;sid:84523925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660826)"; flow:established,from_client; content:"GET"; http_method; content:"/dwrioej/neon.arm7"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"176.65.132.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660826/; classtype:trojan-activity;sid:84523926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660827)"; flow:established,from_client; content:"GET"; http_method; content:"/myfuckingbins/labello.arm6"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"cloudmessageservice-phone.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660827/; classtype:trojan-activity;sid:84523927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660828)"; flow:established,from_client; content:"GET"; http_method; content:"/myfuckingbins/labello.arm5"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"cloudmessageservice-phone.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660828/; classtype:trojan-activity;sid:84523928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660829)"; flow:established,from_client; content:"GET"; http_method; content:"/myfuckingbins/labello.mips"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"jbvipnetwork.cc"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660829/; classtype:trojan-activity;sid:84523929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660830)"; flow:established,from_client; content:"GET"; http_method; content:"/c8c7011c8d8dce568489e4983fd4606e"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"pdfs.vototao9.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660830/; classtype:trojan-activity;sid:84523930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660831)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"datapulse.run.place"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660831/; classtype:trojan-activity;sid:84523931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660832)"; flow:established,from_client; content:"GET"; http_method; content:"/q0fw32ca3n.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"an.tqh2e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660832/; classtype:trojan-activity;sid:84523932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660833)"; flow:established,from_client; content:"GET"; http_method; content:"/dwrioej/debug"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.65.132.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660833/; classtype:trojan-activity;sid:84523933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660811)"; flow:established,from_client; content:"GET"; http_method; content:"/myfuckingbins/labello.arc"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"jbvipnetwork.cc"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660811/; classtype:trojan-activity;sid:84523911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660812)"; flow:established,from_client; content:"GET"; http_method; content:"/myfuckingbins/labello.m68k"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"jbvipnetwork.cc"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660812/; classtype:trojan-activity;sid:84523912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660813)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.sh4"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"162.245.188.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660813/; classtype:trojan-activity;sid:84523913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660814)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86_64"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"162.245.188.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660814/; classtype:trojan-activity;sid:84523914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660815)"; flow:established,from_client; content:"GET"; http_method; content:"/dwrioej/neon.i686"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"176.65.132.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660815/; classtype:trojan-activity;sid:84523915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660816)"; flow:established,from_client; content:"GET"; http_method; content:"/dwrioej/neon.x86_64"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"176.65.132.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660816/; classtype:trojan-activity;sid:84523916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660817)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"162.245.188.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660817/; classtype:trojan-activity;sid:84523917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660818)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pmips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"test.talfaza.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660818/; classtype:trojan-activity;sid:84523918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660819)"; flow:established,from_client; content:"GET"; http_method; content:"/dwrioej/neon.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"176.65.132.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660819/; classtype:trojan-activity;sid:84523919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660820)"; flow:established,from_client; content:"GET"; http_method; content:"/dwrioej/neon.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"176.65.132.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660820/; classtype:trojan-activity;sid:84523920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660821)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"jbvipnetwork.cc"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660821/; classtype:trojan-activity;sid:84523921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660822)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cloudmessageservice-phone.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660822/; classtype:trojan-activity;sid:84523922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660823)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"datapulse.run.place"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660823/; classtype:trojan-activity;sid:84523923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660824)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"162.245.188.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660824/; classtype:trojan-activity;sid:84523924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660805)"; flow:established,from_client; content:"GET"; http_method; content:"/myfuckingbins/labello.arm7"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"jbvipnetwork.cc"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660805/; classtype:trojan-activity;sid:84523905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660806)"; flow:established,from_client; content:"GET"; http_method; content:"/myfuckingbins/labello.arm6"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"jbvipnetwork.cc"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660806/; classtype:trojan-activity;sid:84523906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660807)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm6"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"162.245.188.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660807/; classtype:trojan-activity;sid:84523907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660808)"; flow:established,from_client; content:"GET"; http_method; content:"/myfuckingbins/labello.x86"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"jbvipnetwork.cc"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660808/; classtype:trojan-activity;sid:84523908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660809)"; flow:established,from_client; content:"GET"; http_method; content:"/myfuckingbins/labello.spc"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"jbvipnetwork.cc"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660809/; classtype:trojan-activity;sid:84523909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660810)"; flow:established,from_client; content:"GET"; http_method; content:"/myfuckingbins/debug"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"jbvipnetwork.cc"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660810/; classtype:trojan-activity;sid:84523910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660804)"; flow:established,from_client; content:"GET"; http_method; content:"/renji/debug"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"wrxcnc.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660804/; classtype:trojan-activity;sid:84523904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660803)"; flow:established,from_client; content:"GET"; http_method; content:"/tn.check|3f|t=l70nrsvg"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"z7.nykeju.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660803/; classtype:trojan-activity;sid:84523903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660794)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"datapulse.run.place"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660794/; classtype:trojan-activity;sid:84523894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660795)"; flow:established,from_client; content:"GET"; http_method; content:"/myfuckingbins/labello.spc"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"cloudmessageservice-phone.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660795/; classtype:trojan-activity;sid:84523895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660796)"; flow:established,from_client; content:"GET"; http_method; content:"/a4g383o4fd.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"g4.w-45u.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660796/; classtype:trojan-activity;sid:84523896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660797)"; flow:established,from_client; content:"GET"; http_method; content:"/myfuckingbins/labello.arm"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"jbvipnetwork.cc"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660797/; classtype:trojan-activity;sid:84523897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660798)"; flow:established,from_client; content:"GET"; http_method; content:"/myfuckingbins/labello.mpsl"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"cloudmessageservice-phone.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660798/; classtype:trojan-activity;sid:84523898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660799)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.ppc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"datapulse.run.place"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660799/; classtype:trojan-activity;sid:84523899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660800)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mips"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"datapulse.run.place"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660800/; classtype:trojan-activity;sid:84523900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660801)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.132.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660801/; classtype:trojan-activity;sid:84523901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660802)"; flow:established,from_client; content:"GET"; http_method; content:"/dwrioej/neon.arc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"176.65.132.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660802/; classtype:trojan-activity;sid:84523902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660779)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.94.31.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660779/; classtype:trojan-activity;sid:84523879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660780)"; flow:established,from_client; content:"GET"; http_method; content:"/renji/debug"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"196.251.116.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660780/; classtype:trojan-activity;sid:84523880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660781)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.94.31.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660781/; classtype:trojan-activity;sid:84523881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660782)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.ppc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"162.245.188.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660782/; classtype:trojan-activity;sid:84523882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660783)"; flow:established,from_client; content:"GET"; http_method; content:"/dwrioej/neon.mpsl"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"176.65.132.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660783/; classtype:trojan-activity;sid:84523883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660784)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.i686"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"162.245.188.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660784/; classtype:trojan-activity;sid:84523884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660785)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm7"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"162.245.188.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660785/; classtype:trojan-activity;sid:84523885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660786)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"162.245.188.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660786/; classtype:trojan-activity;sid:84523886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660787)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mips"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"162.245.188.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660787/; classtype:trojan-activity;sid:84523887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660788)"; flow:established,from_client; content:"GET"; http_method; content:"/dwrioej/neon.arm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"176.65.132.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660788/; classtype:trojan-activity;sid:84523888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660789)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm5"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"datapulse.run.place"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660789/; classtype:trojan-activity;sid:84523889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660790)"; flow:established,from_client; content:"GET"; http_method; content:"/dwrioej/neon.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"176.65.132.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660790/; classtype:trojan-activity;sid:84523890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660791)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.m68k"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"datapulse.run.place"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660791/; classtype:trojan-activity;sid:84523891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660792)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm6"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"datapulse.run.place"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660792/; classtype:trojan-activity;sid:84523892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660793)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mpsl"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"datapulse.run.place"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660793/; classtype:trojan-activity;sid:84523893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660771)"; flow:established,from_client; content:"GET"; http_method; content:"/myfuckingbins/labello.i686"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"cloudmessageservice-phone.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660771/; classtype:trojan-activity;sid:84523871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660772)"; flow:established,from_client; content:"GET"; http_method; content:"/myfuckingbins/labello.arm5"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"jbvipnetwork.cc"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660772/; classtype:trojan-activity;sid:84523872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660773)"; flow:established,from_client; content:"GET"; http_method; content:"/myfuckingbins/labello.mips"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"cloudmessageservice-phone.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660773/; classtype:trojan-activity;sid:84523873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660774)"; flow:established,from_client; content:"GET"; http_method; content:"/myfuckingbins/labello.arm7"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"cloudmessageservice-phone.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660774/; classtype:trojan-activity;sid:84523874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660775)"; flow:established,from_client; content:"GET"; http_method; content:"/myfuckingbins/labello.x86_64"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"cloudmessageservice-phone.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660775/; classtype:trojan-activity;sid:84523875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660776)"; flow:established,from_client; content:"GET"; http_method; content:"/myfuckingbins/debug"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cloudmessageservice-phone.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660776/; classtype:trojan-activity;sid:84523876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660777)"; flow:established,from_client; content:"GET"; http_method; content:"/myfuckingbins/labello.m68k"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"cloudmessageservice-phone.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660777/; classtype:trojan-activity;sid:84523877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660778)"; flow:established,from_client; content:"GET"; http_method; content:"/myfuckingbins/labello.x86_64"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"jbvipnetwork.cc"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660778/; classtype:trojan-activity;sid:84523878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660770)"; flow:established,from_client; content:"GET"; http_method; content:"/tn.check|3f|t=uk1fmpfi"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"z7.nykeju.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660770/; classtype:trojan-activity;sid:84523870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660769)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.84.210.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660769/; classtype:trojan-activity;sid:84523869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660768)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"app-digital-loginch.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660768/; classtype:trojan-activity;sid:84523868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660767)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.203.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660767/; classtype:trojan-activity;sid:84523867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660759)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/psh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"app-digital-loginch.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660759/; classtype:trojan-activity;sid:84523859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660760)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"app-digital-loginch.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660760/; classtype:trojan-activity;sid:84523860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660761)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pspc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"test.talfaza.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660761/; classtype:trojan-activity;sid:84523861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660762)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.157.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660762/; classtype:trojan-activity;sid:84523862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660763)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"app-digital-loginch.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660763/; classtype:trojan-activity;sid:84523863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660764)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"app-digital-loginch.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660764/; classtype:trojan-activity;sid:84523864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660765)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pmpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"app-digital-loginch.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660765/; classtype:trojan-activity;sid:84523865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660766)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.234.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660766/; classtype:trojan-activity;sid:84523866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660751)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pspc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"app-digital-loginch.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660751/; classtype:trojan-activity;sid:84523851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660752)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"test.talfaza.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660752/; classtype:trojan-activity;sid:84523852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660753)"; flow:established,from_client; content:"GET"; http_method; content:"/3lndtutiyb.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"an.tqh2e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660753/; classtype:trojan-activity;sid:84523853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660754)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"app-digital-loginch.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660754/; classtype:trojan-activity;sid:84523854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660755)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pmips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"app-digital-loginch.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660755/; classtype:trojan-activity;sid:84523855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660756)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pmpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"test.talfaza.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660756/; classtype:trojan-activity;sid:84523856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660757)"; flow:established,from_client; content:"GET"; http_method; content:"/2.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"test.talfaza.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660757/; classtype:trojan-activity;sid:84523857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660758)"; flow:established,from_client; content:"GET"; http_method; content:"/0d4.google|3f|t=dxjip91n"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"qa.nykeju.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660758/; classtype:trojan-activity;sid:84523858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660741)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/px86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"app-digital-loginch.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660741/; classtype:trojan-activity;sid:84523841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660742)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pm68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"app-digital-loginch.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660742/; classtype:trojan-activity;sid:84523842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660743)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pm68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"test.talfaza.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660743/; classtype:trojan-activity;sid:84523843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660744)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"test.talfaza.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660744/; classtype:trojan-activity;sid:84523844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660745)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"test.talfaza.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660745/; classtype:trojan-activity;sid:84523845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660746)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"test.talfaza.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660746/; classtype:trojan-activity;sid:84523846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660747)"; flow:established,from_client; content:"GET"; http_method; content:"/yqqeh0xuj6.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pm7.w-45u.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660747/; classtype:trojan-activity;sid:84523847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660748)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/px86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"test.talfaza.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660748/; classtype:trojan-activity;sid:84523848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660749)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"test.talfaza.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660749/; classtype:trojan-activity;sid:84523849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660750)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/psh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"test.talfaza.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660750/; classtype:trojan-activity;sid:84523850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660740)"; flow:established,from_client; content:"GET"; http_method; content:"/0d4.google|3f|t=fwgljufu"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"qa.nykeju.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660740/; classtype:trojan-activity;sid:84523840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660739)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.183.144.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660739/; classtype:trojan-activity;sid:84523839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660738)"; flow:established,from_client; content:"GET"; http_method; content:"/20250302/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660738/; classtype:trojan-activity;sid:84523838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660737)"; flow:established,from_client; content:"GET"; http_method; content:"/penis.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.116.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660737/; classtype:trojan-activity;sid:84523837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660732)"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"115.167.64.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660732/; classtype:trojan-activity;sid:84523832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660733)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mynode.armv5l"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"196.251.116.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660733/; classtype:trojan-activity;sid:84523833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660734)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mynode.i686"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"196.251.116.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660734/; classtype:trojan-activity;sid:84523834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660735)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mynode.m68k"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"196.251.116.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660735/; classtype:trojan-activity;sid:84523835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660736)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mynode.armv6l"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"196.251.116.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660736/; classtype:trojan-activity;sid:84523836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660728)"; flow:established,from_client; content:"GET"; http_method; content:"/nu5fbx26b6.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"an.tqh2e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660728/; classtype:trojan-activity;sid:84523828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660729)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mynode.powerpc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"196.251.116.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660729/; classtype:trojan-activity;sid:84523829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660730)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mynode.arc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.116.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660730/; classtype:trojan-activity;sid:84523830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660731)"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.sparc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"115.167.64.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660731/; classtype:trojan-activity;sid:84523831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660708)"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"115.167.64.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660708/; classtype:trojan-activity;sid:84523808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660709)"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.i586"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"115.167.64.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660709/; classtype:trojan-activity;sid:84523809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660710)"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"115.167.64.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660710/; classtype:trojan-activity;sid:84523810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660711)"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"115.167.64.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660711/; classtype:trojan-activity;sid:84523811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660712)"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"115.167.64.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660712/; classtype:trojan-activity;sid:84523812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660713)"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"115.167.64.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660713/; classtype:trojan-activity;sid:84523813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660714)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"115.167.64.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660714/; classtype:trojan-activity;sid:84523814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660715)"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.arm4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"115.167.64.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660715/; classtype:trojan-activity;sid:84523815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660716)"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"115.167.64.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660716/; classtype:trojan-activity;sid:84523816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660717)"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"115.167.64.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660717/; classtype:trojan-activity;sid:84523817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660718)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mynode.i586"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"196.251.116.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660718/; classtype:trojan-activity;sid:84523818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660719)"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"115.167.64.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660719/; classtype:trojan-activity;sid:84523819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660720)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mynode.mips"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"196.251.116.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660720/; classtype:trojan-activity;sid:84523820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660721)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mynode.mipsel"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"196.251.116.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660721/; classtype:trojan-activity;sid:84523821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660722)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mynode.x86_64"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"196.251.116.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660722/; classtype:trojan-activity;sid:84523822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660723)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mynode.powerpc-440fp"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"196.251.116.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660723/; classtype:trojan-activity;sid:84523823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660724)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mynode.sh4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.116.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660724/; classtype:trojan-activity;sid:84523824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660725)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mynode.armv4l"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"196.251.116.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660725/; classtype:trojan-activity;sid:84523825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660726)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mynode.armv7l"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"196.251.116.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660726/; classtype:trojan-activity;sid:84523826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660727)"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"115.167.64.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660727/; classtype:trojan-activity;sid:84523827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660707)"; flow:established,from_client; content:"GET"; http_method; content:"/9r2etw1z7u.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pm7.w-45u.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660707/; classtype:trojan-activity;sid:84523807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660706)"; flow:established,from_client; content:"GET"; http_method; content:"/1kz.check|3f|t=r9qrsxxx"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"m2.nykeju.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660706/; classtype:trojan-activity;sid:84523806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660705)"; flow:established,from_client; content:"GET"; http_method; content:"/1kz.check|3f|t=8ueegomn"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"m2.nykeju.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660705/; classtype:trojan-activity;sid:84523805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660704)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.143.115.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660704/; classtype:trojan-activity;sid:84523804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660701)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/lang-data/av.scr"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"182.143.115.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660701/; classtype:trojan-activity;sid:84523801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660702)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/fonts/av.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"182.143.115.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660702/; classtype:trojan-activity;sid:84523802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660703)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"182.143.115.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660703/; classtype:trojan-activity;sid:84523803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660700)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/photo.scr"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"182.143.115.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660700/; classtype:trojan-activity;sid:84523800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660699)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"182.143.115.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660699/; classtype:trojan-activity;sid:84523799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660698)"; flow:established,from_client; content:"GET"; http_method; content:"/modules/video.scr"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"182.143.115.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660698/; classtype:trojan-activity;sid:84523798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660697)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/video.scr"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"182.143.115.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660697/; classtype:trojan-activity;sid:84523797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660696)"; flow:established,from_client; content:"GET"; http_method; content:"/20250708/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660696/; classtype:trojan-activity;sid:84523796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660695)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/av.scr"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"182.143.115.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660695/; classtype:trojan-activity;sid:84523795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660694)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/photo.scr"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"182.143.115.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660694/; classtype:trojan-activity;sid:84523794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660693)"; flow:established,from_client; content:"GET"; http_method; content:"/images/photo.scr"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"182.143.115.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660693/; classtype:trojan-activity;sid:84523793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660692)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/video.scr"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"182.143.115.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660692/; classtype:trojan-activity;sid:84523792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660691)"; flow:established,from_client; content:"GET"; http_method; content:"/modules/photo.scr"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"182.143.115.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660691/; classtype:trojan-activity;sid:84523791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660690)"; flow:established,from_client; content:"GET"; http_method; content:"/20250408/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660690/; classtype:trojan-activity;sid:84523790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660689)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/lang-data/video.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"182.143.115.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660689/; classtype:trojan-activity;sid:84523789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660688)"; flow:established,from_client; content:"GET"; http_method; content:"/20250724/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660688/; classtype:trojan-activity;sid:84523788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660687)"; flow:established,from_client; content:"GET"; http_method; content:"/images/av.scr"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"182.143.115.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660687/; classtype:trojan-activity;sid:84523787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660685)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/forge/photo.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.143.115.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660685/; classtype:trojan-activity;sid:84523785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660686)"; flow:established,from_client; content:"GET"; http_method; content:"/modules/av.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"182.143.115.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660686/; classtype:trojan-activity;sid:84523786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660684)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/forge/av.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"182.143.115.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660684/; classtype:trojan-activity;sid:84523784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660683)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/fonts/photo.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.143.115.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660683/; classtype:trojan-activity;sid:84523783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660682)"; flow:established,from_client; content:"GET"; http_method; content:"/images/video.scr"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"182.143.115.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660682/; classtype:trojan-activity;sid:84523782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660681)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/fonts/video.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.143.115.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660681/; classtype:trojan-activity;sid:84523781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660680)"; flow:established,from_client; content:"GET"; http_method; content:"/20221020/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660680/; classtype:trojan-activity;sid:84523780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660679)"; flow:established,from_client; content:"GET"; http_method; content:"/20250408/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660679/; classtype:trojan-activity;sid:84523779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660678)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/forge/video.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.143.115.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660678/; classtype:trojan-activity;sid:84523778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660677)"; flow:established,from_client; content:"GET"; http_method; content:"/20250302/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660677/; classtype:trojan-activity;sid:84523777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660676)"; flow:established,from_client; content:"GET"; http_method; content:"/20250408/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660676/; classtype:trojan-activity;sid:84523776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660675)"; flow:established,from_client; content:"GET"; http_method; content:"/19000101/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660675/; classtype:trojan-activity;sid:84523775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660673)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/lang-data/photo.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"182.143.115.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660673/; classtype:trojan-activity;sid:84523773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660674)"; flow:established,from_client; content:"GET"; http_method; content:"/20250721/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660674/; classtype:trojan-activity;sid:84523774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660672)"; flow:established,from_client; content:"GET"; http_method; content:"/20250302/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660672/; classtype:trojan-activity;sid:84523772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660671)"; flow:established,from_client; content:"GET"; http_method; content:"/20250724/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660671/; classtype:trojan-activity;sid:84523771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660670)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660670/; classtype:trojan-activity;sid:84523770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660668)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660668/; classtype:trojan-activity;sid:84523768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660669)"; flow:established,from_client; content:"GET"; http_method; content:"/20250721/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660669/; classtype:trojan-activity;sid:84523769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660667)"; flow:established,from_client; content:"GET"; http_method; content:"/modules/video.lnk"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"182.143.115.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660667/; classtype:trojan-activity;sid:84523767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660665)"; flow:established,from_client; content:"GET"; http_method; content:"/20250621/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660665/; classtype:trojan-activity;sid:84523765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660666)"; flow:established,from_client; content:"GET"; http_method; content:"/20210118/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660666/; classtype:trojan-activity;sid:84523766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660663)"; flow:established,from_client; content:"GET"; http_method; content:"/20250726/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660663/; classtype:trojan-activity;sid:84523763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660664)"; flow:established,from_client; content:"GET"; http_method; content:"/20250703/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660664/; classtype:trojan-activity;sid:84523764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660662)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/photo.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"182.143.115.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660662/; classtype:trojan-activity;sid:84523762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660661)"; flow:established,from_client; content:"GET"; http_method; content:"/images/video.lnk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"182.143.115.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660661/; classtype:trojan-activity;sid:84523761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660660)"; flow:established,from_client; content:"GET"; http_method; content:"/20250708/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660660/; classtype:trojan-activity;sid:84523760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660659)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660659/; classtype:trojan-activity;sid:84523759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660657)"; flow:established,from_client; content:"GET"; http_method; content:"/20250713/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660657/; classtype:trojan-activity;sid:84523757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660658)"; flow:established,from_client; content:"GET"; http_method; content:"/20250621/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660658/; classtype:trojan-activity;sid:84523758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660655)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660655/; classtype:trojan-activity;sid:84523755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660656)"; flow:established,from_client; content:"GET"; http_method; content:"/20250726/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660656/; classtype:trojan-activity;sid:84523756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660654)"; flow:established,from_client; content:"GET"; http_method; content:"/20250713/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660654/; classtype:trojan-activity;sid:84523754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660652)"; flow:established,from_client; content:"GET"; http_method; content:"/20220801/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660652/; classtype:trojan-activity;sid:84523752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660653)"; flow:established,from_client; content:"GET"; http_method; content:"/20250708/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660653/; classtype:trojan-activity;sid:84523753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660651)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/video.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"182.143.115.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660651/; classtype:trojan-activity;sid:84523751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660650)"; flow:established,from_client; content:"GET"; http_method; content:"/modules/photo.lnk"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"182.143.115.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660650/; classtype:trojan-activity;sid:84523750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660647)"; flow:established,from_client; content:"GET"; http_method; content:"/20250302/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660647/; classtype:trojan-activity;sid:84523747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660648)"; flow:established,from_client; content:"GET"; http_method; content:"/20250726/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660648/; classtype:trojan-activity;sid:84523748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660649)"; flow:established,from_client; content:"GET"; http_method; content:"/20250621/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660649/; classtype:trojan-activity;sid:84523749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660646)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/lang-data/photo.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"182.143.115.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660646/; classtype:trojan-activity;sid:84523746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660644)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/av.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660644/; classtype:trojan-activity;sid:84523744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660645)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/forge/video.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.143.115.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660645/; classtype:trojan-activity;sid:84523745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660642)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/photo.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660642/; classtype:trojan-activity;sid:84523742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660643)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/lang-data/video.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"182.143.115.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660643/; classtype:trojan-activity;sid:84523743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660641)"; flow:established,from_client; content:"GET"; http_method; content:"/20220801/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660641/; classtype:trojan-activity;sid:84523741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660640)"; flow:established,from_client; content:"GET"; http_method; content:"/20250703/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660640/; classtype:trojan-activity;sid:84523740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660639)"; flow:established,from_client; content:"GET"; http_method; content:"/20220801/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660639/; classtype:trojan-activity;sid:84523739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660638)"; flow:established,from_client; content:"GET"; http_method; content:"/20220801/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660638/; classtype:trojan-activity;sid:84523738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660637)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660637/; classtype:trojan-activity;sid:84523737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660636)"; flow:established,from_client; content:"GET"; http_method; content:"/20220801/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660636/; classtype:trojan-activity;sid:84523736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660635)"; flow:established,from_client; content:"GET"; http_method; content:"/20250722/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660635/; classtype:trojan-activity;sid:84523735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660634)"; flow:established,from_client; content:"GET"; http_method; content:"/20250703/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660634/; classtype:trojan-activity;sid:84523734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660633)"; flow:established,from_client; content:"GET"; http_method; content:"/20250615/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660633/; classtype:trojan-activity;sid:84523733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660632)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/video.lnk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"182.143.115.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660632/; classtype:trojan-activity;sid:84523732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660631)"; flow:established,from_client; content:"GET"; http_method; content:"/20250708/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660631/; classtype:trojan-activity;sid:84523731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660630)"; flow:established,from_client; content:"GET"; http_method; content:"/20250615/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660630/; classtype:trojan-activity;sid:84523730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660629)"; flow:established,from_client; content:"GET"; http_method; content:"/20250302/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660629/; classtype:trojan-activity;sid:84523729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660628)"; flow:established,from_client; content:"GET"; http_method; content:"/images/photo.lnk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"182.143.115.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660628/; classtype:trojan-activity;sid:84523728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660627)"; flow:established,from_client; content:"GET"; http_method; content:"/20230507/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660627/; classtype:trojan-activity;sid:84523727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660626)"; flow:established,from_client; content:"GET"; http_method; content:"/20230507/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660626/; classtype:trojan-activity;sid:84523726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660625)"; flow:established,from_client; content:"GET"; http_method; content:"/20210118/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660625/; classtype:trojan-activity;sid:84523725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660624)"; flow:established,from_client; content:"GET"; http_method; content:"/20250724/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660624/; classtype:trojan-activity;sid:84523724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660622)"; flow:established,from_client; content:"GET"; http_method; content:"/20230507/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660622/; classtype:trojan-activity;sid:84523722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660623)"; flow:established,from_client; content:"GET"; http_method; content:"/20250722/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660623/; classtype:trojan-activity;sid:84523723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660621)"; flow:established,from_client; content:"GET"; http_method; content:"/20250703/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660621/; classtype:trojan-activity;sid:84523721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660620)"; flow:established,from_client; content:"GET"; http_method; content:"/20250721/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660620/; classtype:trojan-activity;sid:84523720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660619)"; flow:established,from_client; content:"GET"; http_method; content:"/20250615/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660619/; classtype:trojan-activity;sid:84523719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660618)"; flow:established,from_client; content:"GET"; http_method; content:"/20250408/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660618/; classtype:trojan-activity;sid:84523718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660617)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/av.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"182.143.115.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660617/; classtype:trojan-activity;sid:84523717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660615)"; flow:established,from_client; content:"GET"; http_method; content:"/20250621/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660615/; classtype:trojan-activity;sid:84523715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660616)"; flow:established,from_client; content:"GET"; http_method; content:"/20250724/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660616/; classtype:trojan-activity;sid:84523716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660614)"; flow:established,from_client; content:"GET"; http_method; content:"/20250713/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660614/; classtype:trojan-activity;sid:84523714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660612)"; flow:established,from_client; content:"GET"; http_method; content:"/20250721/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660612/; classtype:trojan-activity;sid:84523712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660613)"; flow:established,from_client; content:"GET"; http_method; content:"/20250722/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660613/; classtype:trojan-activity;sid:84523713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660611)"; flow:established,from_client; content:"GET"; http_method; content:"/20250725/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660611/; classtype:trojan-activity;sid:84523711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660610)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"182.143.115.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660610/; classtype:trojan-activity;sid:84523710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660608)"; flow:established,from_client; content:"GET"; http_method; content:"/20221020/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660608/; classtype:trojan-activity;sid:84523708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660609)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/fonts/av.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"182.143.115.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660609/; classtype:trojan-activity;sid:84523709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660606)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/forge/photo.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.143.115.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660606/; classtype:trojan-activity;sid:84523706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660607)"; flow:established,from_client; content:"GET"; http_method; content:"/20250725/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660607/; classtype:trojan-activity;sid:84523707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660605)"; flow:established,from_client; content:"GET"; http_method; content:"/20250708/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660605/; classtype:trojan-activity;sid:84523705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660603)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660603/; classtype:trojan-activity;sid:84523703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660604)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/av.scr"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"182.143.115.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660604/; classtype:trojan-activity;sid:84523704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660601)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/av.lnk"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"182.143.115.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660601/; classtype:trojan-activity;sid:84523701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660602)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/fonts/video.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.143.115.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660602/; classtype:trojan-activity;sid:84523702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660600)"; flow:established,from_client; content:"GET"; http_method; content:"/20250725/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660600/; classtype:trojan-activity;sid:84523700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660599)"; flow:established,from_client; content:"GET"; http_method; content:"/20250302/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660599/; classtype:trojan-activity;sid:84523699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660598)"; flow:established,from_client; content:"GET"; http_method; content:"/20220801/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660598/; classtype:trojan-activity;sid:84523698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660597)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.143.115.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660597/; classtype:trojan-activity;sid:84523697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660596)"; flow:established,from_client; content:"GET"; http_method; content:"/20250615/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660596/; classtype:trojan-activity;sid:84523696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660595)"; flow:established,from_client; content:"GET"; http_method; content:"/20210118/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660595/; classtype:trojan-activity;sid:84523695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660594)"; flow:established,from_client; content:"GET"; http_method; content:"/20210118/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660594/; classtype:trojan-activity;sid:84523694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660592)"; flow:established,from_client; content:"GET"; http_method; content:"/20250621/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660592/; classtype:trojan-activity;sid:84523692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660593)"; flow:established,from_client; content:"GET"; http_method; content:"/20250726/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660593/; classtype:trojan-activity;sid:84523693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660590)"; flow:established,from_client; content:"GET"; http_method; content:"/20221020/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660590/; classtype:trojan-activity;sid:84523690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660591)"; flow:established,from_client; content:"GET"; http_method; content:"/20230507/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660591/; classtype:trojan-activity;sid:84523691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660587)"; flow:established,from_client; content:"GET"; http_method; content:"/20250703/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660587/; classtype:trojan-activity;sid:84523687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660588)"; flow:established,from_client; content:"GET"; http_method; content:"/20250615/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660588/; classtype:trojan-activity;sid:84523688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660589)"; flow:established,from_client; content:"GET"; http_method; content:"/20250408/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660589/; classtype:trojan-activity;sid:84523689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660585)"; flow:established,from_client; content:"GET"; http_method; content:"/20250713/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660585/; classtype:trojan-activity;sid:84523685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660586)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/fonts/photo.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.143.115.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660586/; classtype:trojan-activity;sid:84523686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660583)"; flow:established,from_client; content:"GET"; http_method; content:"/20250725/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660583/; classtype:trojan-activity;sid:84523683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660584)"; flow:established,from_client; content:"GET"; http_method; content:"/20250726/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660584/; classtype:trojan-activity;sid:84523684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660581)"; flow:established,from_client; content:"GET"; http_method; content:"/20250726/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660581/; classtype:trojan-activity;sid:84523681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660582)"; flow:established,from_client; content:"GET"; http_method; content:"/20221020/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660582/; classtype:trojan-activity;sid:84523682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660579)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/video.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660579/; classtype:trojan-activity;sid:84523679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660580)"; flow:established,from_client; content:"GET"; http_method; content:"/20221020/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660580/; classtype:trojan-activity;sid:84523680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660577)"; flow:established,from_client; content:"GET"; http_method; content:"/20210118/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660577/; classtype:trojan-activity;sid:84523677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660578)"; flow:established,from_client; content:"GET"; http_method; content:"/modules/av.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"182.143.115.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660578/; classtype:trojan-activity;sid:84523678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660575)"; flow:established,from_client; content:"GET"; http_method; content:"/20250703/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660575/; classtype:trojan-activity;sid:84523675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660576)"; flow:established,from_client; content:"GET"; http_method; content:"/20210118/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660576/; classtype:trojan-activity;sid:84523676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660573)"; flow:established,from_client; content:"GET"; http_method; content:"/20250724/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660573/; classtype:trojan-activity;sid:84523673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660574)"; flow:established,from_client; content:"GET"; http_method; content:"/20250724/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660574/; classtype:trojan-activity;sid:84523674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660571)"; flow:established,from_client; content:"GET"; http_method; content:"/20250615/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660571/; classtype:trojan-activity;sid:84523671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660572)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"182.143.115.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660572/; classtype:trojan-activity;sid:84523672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660569)"; flow:established,from_client; content:"GET"; http_method; content:"/20250725/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660569/; classtype:trojan-activity;sid:84523669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660570)"; flow:established,from_client; content:"GET"; http_method; content:"/20250621/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660570/; classtype:trojan-activity;sid:84523670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660568)"; flow:established,from_client; content:"GET"; http_method; content:"/20250725/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660568/; classtype:trojan-activity;sid:84523668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660563)"; flow:established,from_client; content:"GET"; http_method; content:"/20230507/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660563/; classtype:trojan-activity;sid:84523663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660564)"; flow:established,from_client; content:"GET"; http_method; content:"/20250721/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660564/; classtype:trojan-activity;sid:84523664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660565)"; flow:established,from_client; content:"GET"; http_method; content:"/images/av.lnk"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"182.143.115.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660565/; classtype:trojan-activity;sid:84523665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660566)"; flow:established,from_client; content:"GET"; http_method; content:"/20221020/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660566/; classtype:trojan-activity;sid:84523666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660567)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/photo.lnk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"182.143.115.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660567/; classtype:trojan-activity;sid:84523667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660559)"; flow:established,from_client; content:"GET"; http_method; content:"/20250713/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660559/; classtype:trojan-activity;sid:84523659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660560)"; flow:established,from_client; content:"GET"; http_method; content:"/20250721/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660560/; classtype:trojan-activity;sid:84523660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660561)"; flow:established,from_client; content:"GET"; http_method; content:"/20250708/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660561/; classtype:trojan-activity;sid:84523661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660562)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/forge/av.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"182.143.115.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660562/; classtype:trojan-activity;sid:84523662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660557)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/lang-data/av.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"182.143.115.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660557/; classtype:trojan-activity;sid:84523657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660558)"; flow:established,from_client; content:"GET"; http_method; content:"/20230507/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660558/; classtype:trojan-activity;sid:84523658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660552)"; flow:established,from_client; content:"GET"; http_method; content:"/20250722/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660552/; classtype:trojan-activity;sid:84523652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660553)"; flow:established,from_client; content:"GET"; http_method; content:"/20250722/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660553/; classtype:trojan-activity;sid:84523653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660554)"; flow:established,from_client; content:"GET"; http_method; content:"/20250713/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660554/; classtype:trojan-activity;sid:84523654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660555)"; flow:established,from_client; content:"GET"; http_method; content:"/20250722/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660555/; classtype:trojan-activity;sid:84523655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660556)"; flow:established,from_client; content:"GET"; http_method; content:"/20250408/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660556/; classtype:trojan-activity;sid:84523656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660551)"; flow:established,from_client; content:"GET"; http_method; content:"/0m5lpopnr5.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"an.tqh2e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660551/; classtype:trojan-activity;sid:84523651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660550)"; flow:established,from_client; content:"GET"; http_method; content:"/r8.google|3f|t=6yzpmelv"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"e.nykeju.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660550/; classtype:trojan-activity;sid:84523650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660549)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.9.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660549/; classtype:trojan-activity;sid:84523649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660547)"; flow:established,from_client; content:"GET"; http_method; content:"/j10q2ovzwc.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k4.w-45u.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660547/; classtype:trojan-activity;sid:84523647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660548)"; flow:established,from_client; content:"GET"; http_method; content:"/r8.google|3f|t=tlpjfg5k"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"e.nykeju.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660548/; classtype:trojan-activity;sid:84523648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660546)"; flow:established,from_client; content:"GET"; http_method; content:"/jtqcejbx48.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k4.w-45u.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660546/; classtype:trojan-activity;sid:84523646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660545)"; flow:established,from_client; content:"GET"; http_method; content:"/2h.google|3f|t=4noftcp4"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"1m.ryzuka.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660545/; classtype:trojan-activity;sid:84523645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660544)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.37.188.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660544/; classtype:trojan-activity;sid:84523644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660543)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.55.93.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660543/; classtype:trojan-activity;sid:84523643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660542)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.55.93.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660542/; classtype:trojan-activity;sid:84523642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660541)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.50.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660541/; classtype:trojan-activity;sid:84523641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660540)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.247.211.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660540/; classtype:trojan-activity;sid:84523640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660539)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.237.22.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660539/; classtype:trojan-activity;sid:84523639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660536)"; flow:established,from_client; content:"GET"; http_method; content:"/pathdata/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"113.57.8.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660536/; classtype:trojan-activity;sid:84523636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660537)"; flow:established,from_client; content:"GET"; http_method; content:"/sxs/info.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"110.227.197.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660537/; classtype:trojan-activity;sid:84523637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660538)"; flow:established,from_client; content:"GET"; http_method; content:"/user/info.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"113.57.8.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660538/; classtype:trojan-activity;sid:84523638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660535)"; flow:established,from_client; content:"GET"; http_method; content:"/dpn010qbxt.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"y.w-45u.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660535/; classtype:trojan-activity;sid:84523635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660534)"; flow:established,from_client; content:"GET"; http_method; content:"/w1n.check|3f|t=qggrskyj"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"c8.ryzuka.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660534/; classtype:trojan-activity;sid:84523634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660533)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.221.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660533/; classtype:trojan-activity;sid:84523633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660532)"; flow:established,from_client; content:"GET"; http_method; content:"/w1n.check|3f|t=f8dum7si"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"c8.ryzuka.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660532/; classtype:trojan-activity;sid:84523632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660531)"; flow:established,from_client; content:"GET"; http_method; content:"/i5qn8o7hux.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"an.tqh2e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660531/; classtype:trojan-activity;sid:84523631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660530)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.94.31.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660530/; classtype:trojan-activity;sid:84523630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660529)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.211.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660529/; classtype:trojan-activity;sid:84523629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660528)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.37.188.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660528/; classtype:trojan-activity;sid:84523628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660527)"; flow:established,from_client; content:"GET"; http_method; content:"/e4.google|3f|t=s8oxskaq"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"p0.ryzuka.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660527/; classtype:trojan-activity;sid:84523627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660526)"; flow:established,from_client; content:"GET"; http_method; content:"/wp456vg22y.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k4.v-36u.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660526/; classtype:trojan-activity;sid:84523626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660525)"; flow:established,from_client; content:"GET"; http_method; content:"/ncy3ragufs.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"an.tqh2e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660525/; classtype:trojan-activity;sid:84523625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660524)"; flow:established,from_client; content:"GET"; http_method; content:"/e4.google|3f|t=23ejuh65"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"p0.ryzuka.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660524/; classtype:trojan-activity;sid:84523624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660523)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.13.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660523/; classtype:trojan-activity;sid:84523623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660522)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"176.65.132.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660522/; classtype:trojan-activity;sid:84523622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660521)"; flow:established,from_client; content:"GET"; http_method; content:"/8ksay42glm.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"an.tqh2e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660521/; classtype:trojan-activity;sid:84523621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660520)"; flow:established,from_client; content:"GET"; http_method; content:"/d7m.check|3f|t=sshkx01l"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"0zq.ryzuka.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660520/; classtype:trojan-activity;sid:84523620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660519)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.221.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660519/; classtype:trojan-activity;sid:84523619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660518)"; flow:established,from_client; content:"GET"; http_method; content:"/ouw5182044.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k4.v-36u.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660518/; classtype:trojan-activity;sid:84523618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660517)"; flow:established,from_client; content:"GET"; http_method; content:"/d7m.check|3f|t=jb2b1as7"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"0zq.ryzuka.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660517/; classtype:trojan-activity;sid:84523617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660516)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.167.252.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660516/; classtype:trojan-activity;sid:84523616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660515)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"119.29.177.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660515/; classtype:trojan-activity;sid:84523615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660509)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"152.136.159.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660509/; classtype:trojan-activity;sid:84523609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660510)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.220.48.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660510/; classtype:trojan-activity;sid:84523610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660511)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.204.216.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660511/; classtype:trojan-activity;sid:84523611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660512)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.106.132.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660512/; classtype:trojan-activity;sid:84523612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660513)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"143.92.43.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660513/; classtype:trojan-activity;sid:84523613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660514)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.222.32.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660514/; classtype:trojan-activity;sid:84523614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660507)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"85.208.84.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660507/; classtype:trojan-activity;sid:84523607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660508)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"85.208.84.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660508/; classtype:trojan-activity;sid:84523608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660506)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"194.180.49.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660506/; classtype:trojan-activity;sid:84523606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660505)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.95.124.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660505/; classtype:trojan-activity;sid:84523605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660503)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.116.88.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660503/; classtype:trojan-activity;sid:84523603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660504)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.50.171.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660504/; classtype:trojan-activity;sid:84523604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660500)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.210.101.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660500/; classtype:trojan-activity;sid:84523600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660501)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.81.45.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660501/; classtype:trojan-activity;sid:84523601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660502)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.19.233.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660502/; classtype:trojan-activity;sid:84523602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660499)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.44.152.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660499/; classtype:trojan-activity;sid:84523599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660498)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"42.119.154.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660498/; classtype:trojan-activity;sid:84523598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660497)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"113.22.144.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660497/; classtype:trojan-activity;sid:84523597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660496)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.46.111.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660496/; classtype:trojan-activity;sid:84523596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660492)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.235.240.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660492/; classtype:trojan-activity;sid:84523592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660493)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"120.61.240.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660493/; classtype:trojan-activity;sid:84523593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660494)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"59.88.232.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660494/; classtype:trojan-activity;sid:84523594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660495)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"171.226.214.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660495/; classtype:trojan-activity;sid:84523595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660484)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.53.26.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660484/; classtype:trojan-activity;sid:84523584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660485)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"27.74.82.130"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660485/; classtype:trojan-activity;sid:84523585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660486)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.15.159.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660486/; classtype:trojan-activity;sid:84523586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660487)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.246.178.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660487/; classtype:trojan-activity;sid:84523587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660488)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.201.144.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660488/; classtype:trojan-activity;sid:84523588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660489)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"105.184.116.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660489/; classtype:trojan-activity;sid:84523589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660490)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.143.226.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660490/; classtype:trojan-activity;sid:84523590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660491)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"189.129.22.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660491/; classtype:trojan-activity;sid:84523591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660483)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"149.210.35.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660483/; classtype:trojan-activity;sid:84523583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660482)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.115.85.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660482/; classtype:trojan-activity;sid:84523582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660470)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.67.25.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660470/; classtype:trojan-activity;sid:84523570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660471)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.181.83.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660471/; classtype:trojan-activity;sid:84523571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660472)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"65.20.166.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660472/; classtype:trojan-activity;sid:84523572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660473)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"92.255.169.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660473/; classtype:trojan-activity;sid:84523573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660474)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.14.123.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660474/; classtype:trojan-activity;sid:84523574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660475)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.28.10.93"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660475/; classtype:trojan-activity;sid:84523575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660476)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.23.54.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660476/; classtype:trojan-activity;sid:84523576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660477)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"27.74.82.130"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660477/; classtype:trojan-activity;sid:84523577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660478)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"113.174.196.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660478/; classtype:trojan-activity;sid:84523578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660479)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.39.95.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660479/; classtype:trojan-activity;sid:84523579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660480)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"151.235.243.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660480/; classtype:trojan-activity;sid:84523580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660481)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"75.204.130.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660481/; classtype:trojan-activity;sid:84523581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660462)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.221.77.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660462/; classtype:trojan-activity;sid:84523562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660463)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.224.166.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660463/; classtype:trojan-activity;sid:84523563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660464)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.56.107.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660464/; classtype:trojan-activity;sid:84523564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660465)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.118.101.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660465/; classtype:trojan-activity;sid:84523565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660466)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.18.158.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660466/; classtype:trojan-activity;sid:84523566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660467)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.75.128.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660467/; classtype:trojan-activity;sid:84523567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660468)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.221.24.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660468/; classtype:trojan-activity;sid:84523568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660469)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.96.206"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660469/; classtype:trojan-activity;sid:84523569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660460)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.151.191.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660460/; classtype:trojan-activity;sid:84523560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660461)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.103.203.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660461/; classtype:trojan-activity;sid:84523561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660459)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"191.36.152.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660459/; classtype:trojan-activity;sid:84523559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660458)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.135.249.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660458/; classtype:trojan-activity;sid:84523558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660457)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.13.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660457/; classtype:trojan-activity;sid:84523557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660456)"; flow:established,from_client; content:"GET"; http_method; content:"/wcl5atugqn.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"z3.v-36u.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660456/; classtype:trojan-activity;sid:84523556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660455)"; flow:established,from_client; content:"GET"; http_method; content:"/l2.google|3f|t=7oy7zyxz"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"v3.ryzuka.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660455/; classtype:trojan-activity;sid:84523555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660454)"; flow:established,from_client; content:"GET"; http_method; content:"/ybc7m13ewa.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"an.tqh2e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660454/; classtype:trojan-activity;sid:84523554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660453)"; flow:established,from_client; content:"GET"; http_method; content:"/l2.google|3f|t=1vd84970"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"v3.ryzuka.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660453/; classtype:trojan-activity;sid:84523553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660452)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.123.44.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660452/; classtype:trojan-activity;sid:84523552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660451)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660451/; classtype:trojan-activity;sid:84523551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660450)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.135.249.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660450/; classtype:trojan-activity;sid:84523550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660449)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.254.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660449/; classtype:trojan-activity;sid:84523549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660448)"; flow:established,from_client; content:"GET"; http_method; content:"/sg9m1nwap2.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"z3.v-36u.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660448/; classtype:trojan-activity;sid:84523548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660447)"; flow:established,from_client; content:"GET"; http_method; content:"/9fa.check|3f|t=6egd501u"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"h1.ryzuka.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660447/; classtype:trojan-activity;sid:84523547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660446)"; flow:established,from_client; content:"GET"; http_method; content:"/20o7tpy7cr.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"an.tqh2e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660446/; classtype:trojan-activity;sid:84523546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660445)"; flow:established,from_client; content:"GET"; http_method; content:"/9fa.check|3f|t=g70943gs"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"h1.ryzuka.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660445/; classtype:trojan-activity;sid:84523545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660444)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.15.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660444/; classtype:trojan-activity;sid:84523544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660443)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.31.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660443/; classtype:trojan-activity;sid:84523543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660442)"; flow:established,from_client; content:"GET"; http_method; content:"/eo2kii1rvj.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"an.tqh2e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660442/; classtype:trojan-activity;sid:84523542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660441)"; flow:established,from_client; content:"GET"; http_method; content:"/yk.google|3f|t=x457984r"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"s.ryzuka.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660441/; classtype:trojan-activity;sid:84523541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660440)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.123.44.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660440/; classtype:trojan-activity;sid:84523540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660439)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.65.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660439/; classtype:trojan-activity;sid:84523539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660437)"; flow:established,from_client; content:"GET"; http_method; content:"/yk.google|3f|t=lb8dj2m8"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"s.ryzuka.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660437/; classtype:trojan-activity;sid:84523537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660438)"; flow:established,from_client; content:"GET"; http_method; content:"/59a4vr5pha.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qm9.v-36u.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660438/; classtype:trojan-activity;sid:84523538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660436)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.176.250.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660436/; classtype:trojan-activity;sid:84523536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660435)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.195.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660435/; classtype:trojan-activity;sid:84523535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660434)"; flow:established,from_client; content:"GET"; http_method; content:"/t59sr1asok.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qm9.v-36u.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660434/; classtype:trojan-activity;sid:84523534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660433)"; flow:established,from_client; content:"GET"; http_method; content:"/k240.google|3f|t=i9dsmrpz"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"t1n.kyhely.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660433/; classtype:trojan-activity;sid:84523533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660432)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.95.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660432/; classtype:trojan-activity;sid:84523532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660431)"; flow:established,from_client; content:"GET"; http_method; content:"/0yo925a81v.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"u1.v-36u.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660431/; classtype:trojan-activity;sid:84523531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660430)"; flow:established,from_client; content:"GET"; http_method; content:"/1c.google|3f|t=sbb1e9xh"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"bq.kyhely.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660430/; classtype:trojan-activity;sid:84523530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660429)"; flow:established,from_client; content:"GET"; http_method; content:"/6e3w69tox4.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"an.tqh2e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660429/; classtype:trojan-activity;sid:84523529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660428)"; flow:established,from_client; content:"GET"; http_method; content:"/1c.google|3f|t=u52oa94d"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"bq.kyhely.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660428/; classtype:trojan-activity;sid:84523528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660427)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.176.250.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660427/; classtype:trojan-activity;sid:84523527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660426)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.29.39.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660426/; classtype:trojan-activity;sid:84523526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660425)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.70.51.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660425/; classtype:trojan-activity;sid:84523525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660424)"; flow:established,from_client; content:"GET"; http_method; content:"/ab3.check|3f|t=hvam1xdc"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"x2j.kyhely.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660424/; classtype:trojan-activity;sid:84523524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660423)"; flow:established,from_client; content:"GET"; http_method; content:"/474romix4z.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"u1.v-36u.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660423/; classtype:trojan-activity;sid:84523523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660422)"; flow:established,from_client; content:"GET"; http_method; content:"/hkwi214s5r.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"an.tqh2e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660422/; classtype:trojan-activity;sid:84523522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660421)"; flow:established,from_client; content:"GET"; http_method; content:"/ab3.check|3f|t=szl19btn"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"x2j.kyhely.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660421/; classtype:trojan-activity;sid:84523521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660420)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.104.220.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660420/; classtype:trojan-activity;sid:84523520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660419)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.65.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660419/; classtype:trojan-activity;sid:84523519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660418)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.238.23.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660418/; classtype:trojan-activity;sid:84523518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660417)"; flow:established,from_client; content:"GET"; http_method; content:"/c8zidq3tqx.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"an.tqh2e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660417/; classtype:trojan-activity;sid:84523517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660416)"; flow:established,from_client; content:"GET"; http_method; content:"/0w4n.google|3f|t=j0twphfl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"pc.kyhely.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660416/; classtype:trojan-activity;sid:84523516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660415)"; flow:established,from_client; content:"GET"; http_method; content:"/5gdot6dasl.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"h.v-36u.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660415/; classtype:trojan-activity;sid:84523515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660414)"; flow:established,from_client; content:"GET"; http_method; content:"/0w4n.google|3f|t=ohzyoamh"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"pc.kyhely.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660414/; classtype:trojan-activity;sid:84523514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660413)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.29.39.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660413/; classtype:trojan-activity;sid:84523513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660412)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.35.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660412/; classtype:trojan-activity;sid:84523512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660411)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.183.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660411/; classtype:trojan-activity;sid:84523511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660410)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.70.51.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660410/; classtype:trojan-activity;sid:84523510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660409)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.217.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660409/; classtype:trojan-activity;sid:84523509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660408)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.250.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660408/; classtype:trojan-activity;sid:84523508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660407)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.181.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660407/; classtype:trojan-activity;sid:84523507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660406)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.238.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660406/; classtype:trojan-activity;sid:84523506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660405)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.115.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660405/; classtype:trojan-activity;sid:84523505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660404)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.32.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660404/; classtype:trojan-activity;sid:84523504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660403)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"46.62.201.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660403/; classtype:trojan-activity;sid:84523503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660401)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.46.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660401/; classtype:trojan-activity;sid:84523501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660402)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.119.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660402/; classtype:trojan-activity;sid:84523502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660394)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"101.99.233.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660394/; classtype:trojan-activity;sid:84523494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660395)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.85.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660395/; classtype:trojan-activity;sid:84523495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660396)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.102.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660396/; classtype:trojan-activity;sid:84523496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660397)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"46.62.201.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660397/; classtype:trojan-activity;sid:84523497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660398)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"46.62.201.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660398/; classtype:trojan-activity;sid:84523498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660399)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.231.145.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660399/; classtype:trojan-activity;sid:84523499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660400)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.120.171.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660400/; classtype:trojan-activity;sid:84523500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660392)"; flow:established,from_client; content:"GET"; http_method; content:"/q3k.check|3f|t=usdg6dkf"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"m8.kyhely.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660392/; classtype:trojan-activity;sid:84523492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660393)"; flow:established,from_client; content:"GET"; http_method; content:"/pxwz07u78u.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"an.tqh2e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660393/; classtype:trojan-activity;sid:84523493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660391)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.238.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660391/; classtype:trojan-activity;sid:84523491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660390)"; flow:established,from_client; content:"GET"; http_method; content:"/hi1wfm9epa.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"zd.p-94u.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660390/; classtype:trojan-activity;sid:84523490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660389)"; flow:established,from_client; content:"GET"; http_method; content:"/q3k.check|3f|t=v5xkz4u6"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"m8.kyhely.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660389/; classtype:trojan-activity;sid:84523489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660388)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.225.74.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660388/; classtype:trojan-activity;sid:84523488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660387)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"106.40.241.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660387/; classtype:trojan-activity;sid:84523487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660386)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.39.48"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660386/; classtype:trojan-activity;sid:84523486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660385)"; flow:established,from_client; content:"GET"; http_method; content:"/7t.google|3f|t=v432o9b2"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"a.kyhely.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660385/; classtype:trojan-activity;sid:84523485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660384)"; flow:established,from_client; content:"GET"; http_method; content:"/t1fva0kty3.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"an.tqh2e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660384/; classtype:trojan-activity;sid:84523484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660383)"; flow:established,from_client; content:"GET"; http_method; content:"/g5eps3bggi.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"zd.p-94u.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660383/; classtype:trojan-activity;sid:84523483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660382)"; flow:established,from_client; content:"GET"; http_method; content:"/7t.google|3f|t=oixsjqhl"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"a.kyhely.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660382/; classtype:trojan-activity;sid:84523482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660381)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.177.244.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660381/; classtype:trojan-activity;sid:84523481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660380)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.181.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660380/; classtype:trojan-activity;sid:84523480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660379)"; flow:established,from_client; content:"GET"; http_method; content:"/gx7spdxu13.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r2.p-94u.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660379/; classtype:trojan-activity;sid:84523479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660378)"; flow:established,from_client; content:"GET"; http_method; content:"/pq14.google|3f|t=g2tykjn4"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"k0n.bupuva.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660378/; classtype:trojan-activity;sid:84523478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660377)"; flow:established,from_client; content:"GET"; http_method; content:"/2z68pejcss.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"an.tqh2e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660377/; classtype:trojan-activity;sid:84523477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660376)"; flow:established,from_client; content:"GET"; http_method; content:"/pq14.google|3f|t=uq7t1x3r"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"k0n.bupuva.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660376/; classtype:trojan-activity;sid:84523476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660375)"; flow:established,from_client; content:"GET"; http_method; content:"/xrmschluz3.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r2.p-94u.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660375/; classtype:trojan-activity;sid:84523475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660374)"; flow:established,from_client; content:"GET"; http_method; content:"/3r.check|3f|t=f44ycux6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"wz.bupuva.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660374/; classtype:trojan-activity;sid:84523474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660373)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.10.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660373/; classtype:trojan-activity;sid:84523473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660371)"; flow:established,from_client; content:"GET"; http_method; content:"/3r.check|3f|t=fkukesvg"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"wz.bupuva.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660371/; classtype:trojan-activity;sid:84523471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660372)"; flow:established,from_client; content:"GET"; http_method; content:"/ydt25aos0d.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"an.tqh2e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660372/; classtype:trojan-activity;sid:84523472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660370)"; flow:established,from_client; content:"GET"; http_method; content:"/x0tlbhz96x.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c7.p-94u.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660370/; classtype:trojan-activity;sid:84523470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660369)"; flow:established,from_client; content:"GET"; http_method; content:"/zz7.google|3f|t=e4gtaxdl"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"h2.bupuva.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660369/; classtype:trojan-activity;sid:84523469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660368)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.210.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660368/; classtype:trojan-activity;sid:84523468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660367)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.178.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660367/; classtype:trojan-activity;sid:84523467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660366)"; flow:established,from_client; content:"GET"; http_method; content:"/hcxtecr1cy.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c7.p-94u.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660366/; classtype:trojan-activity;sid:84523466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660365)"; flow:established,from_client; content:"GET"; http_method; content:"/1za.check|3f|t=5n4quu66"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"q.bupuva.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660365/; classtype:trojan-activity;sid:84523465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660364)"; flow:established,from_client; content:"GET"; http_method; content:"/qz3cyrwdnu.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"an.tqh2e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660364/; classtype:trojan-activity;sid:84523464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660363)"; flow:established,from_client; content:"GET"; http_method; content:"/1za.check|3f|t=z7f99icp"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"q.bupuva.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660363/; classtype:trojan-activity;sid:84523463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660362)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.119.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660362/; classtype:trojan-activity;sid:84523462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660361)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.175.13.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660361/; classtype:trojan-activity;sid:84523461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660360)"; flow:established,from_client; content:"GET"; http_method; content:"/xiodgzceys.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"an.tqh2e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660360/; classtype:trojan-activity;sid:84523460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660359)"; flow:established,from_client; content:"GET"; http_method; content:"/v8.google|3f|t=fe0xz2vm"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"xt.bupuva.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660359/; classtype:trojan-activity;sid:84523459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660357)"; flow:established,from_client; content:"GET"; http_method; content:"/v8.google|3f|t=m7466wc4"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"xt.bupuva.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660357/; classtype:trojan-activity;sid:84523457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660358)"; flow:established,from_client; content:"GET"; http_method; content:"/pqhp22eslu.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"n.p-94u.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660358/; classtype:trojan-activity;sid:84523458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660356)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.216.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660356/; classtype:trojan-activity;sid:84523456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660355)"; flow:established,from_client; content:"GET"; http_method; content:"/a3o8rf2c0l.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"an.tqh2e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660355/; classtype:trojan-activity;sid:84523455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660354)"; flow:established,from_client; content:"GET"; http_method; content:"/0am.check|3f|t=sbyzjm1v"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"n5.bupuva.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660354/; classtype:trojan-activity;sid:84523454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660353)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.60.225.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660353/; classtype:trojan-activity;sid:84523453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660352)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.37.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660352/; classtype:trojan-activity;sid:84523452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660350)"; flow:established,from_client; content:"GET"; http_method; content:"/0am.check|3f|t=3edun6n9"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"n5.bupuva.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660350/; classtype:trojan-activity;sid:84523450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660351)"; flow:established,from_client; content:"GET"; http_method; content:"/3fe8wgqfba.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k9.w-78i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660351/; classtype:trojan-activity;sid:84523451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660349)"; flow:established,from_client; content:"GET"; http_method; content:"/dutywc2b0k.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"an.tqh2e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660349/; classtype:trojan-activity;sid:84523449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660348)"; flow:established,from_client; content:"GET"; http_method; content:"/q6.google|3f|t=bwrvybm1"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"b.bupuva.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660348/; classtype:trojan-activity;sid:84523448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660347)"; flow:established,from_client; content:"GET"; http_method; content:"/ijyikr3wt7.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k9.w-78i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660347/; classtype:trojan-activity;sid:84523447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660346)"; flow:established,from_client; content:"GET"; http_method; content:"/q6.google|3f|t=8ncvh42w"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"b.bupuva.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660346/; classtype:trojan-activity;sid:84523446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660345)"; flow:established,from_client; content:"GET"; http_method; content:"/3.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"120.48.12.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660345/; classtype:trojan-activity;sid:84523445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660343)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"120.48.12.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660343/; classtype:trojan-activity;sid:84523443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660344)"; flow:established,from_client; content:"GET"; http_method; content:"/quasar.v1.4.1/quasar%20v1.4.1/quasar.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"120.48.12.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660344/; classtype:trojan-activity;sid:84523444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660342)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.132.167.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660342/; classtype:trojan-activity;sid:84523442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660341)"; flow:established,from_client; content:"GET"; http_method; content:"/rfmds20t1m.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m7.w-78i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660341/; classtype:trojan-activity;sid:84523441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660340)"; flow:established,from_client; content:"GET"; http_method; content:"/w2n.google|3f|t=51rx9nmi"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"x.favezi.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660340/; classtype:trojan-activity;sid:84523440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660339)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.54.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660339/; classtype:trojan-activity;sid:84523439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660338)"; flow:established,from_client; content:"GET"; http_method; content:"/ah.zip"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.92.241.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660338/; classtype:trojan-activity;sid:84523438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660337)"; flow:established,from_client; content:"GET"; http_method; content:"/ftpstudio.py"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660337/; classtype:trojan-activity;sid:84523437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660336)"; flow:established,from_client; content:"GET"; http_method; content:"/%e6%93%8d%e4%bd%9c%e6%89%8b%e5%86%8c%2b%e6%8f%92%e4%bb%b6.rar"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"139.155.146.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660336/; classtype:trojan-activity;sid:84523436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660335)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%ae%89%e5%85%a8%e6%94%af%e4%bb%98%e6%8f%92%e4%bb%b6.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"139.155.146.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660335/; classtype:trojan-activity;sid:84523435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660334)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.24.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660334/; classtype:trojan-activity;sid:84523434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660333)"; flow:established,from_client; content:"GET"; http_method; content:"/lxkgpfhufd.zip"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"104.154.66.148.host.secureserver.net"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660333/; classtype:trojan-activity;sid:84523433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660332)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660332/; classtype:trojan-activity;sid:84523432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660331)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660331/; classtype:trojan-activity;sid:84523431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660329)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660329/; classtype:trojan-activity;sid:84523429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660330)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660330/; classtype:trojan-activity;sid:84523430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660328)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660328/; classtype:trojan-activity;sid:84523428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660327)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660327/; classtype:trojan-activity;sid:84523427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660321)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm5"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"161.35.47.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660321/; classtype:trojan-activity;sid:84523421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660322)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"161.35.47.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660322/; classtype:trojan-activity;sid:84523422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660323)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm7"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"161.35.47.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660323/; classtype:trojan-activity;sid:84523423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660324)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.mips"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"161.35.47.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660324/; classtype:trojan-activity;sid:84523424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660325)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.sparc"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"161.35.47.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660325/; classtype:trojan-activity;sid:84523425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660326)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.ppc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"161.35.47.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660326/; classtype:trojan-activity;sid:84523426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660319)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.sh"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"161.35.47.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660319/; classtype:trojan-activity;sid:84523419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660320)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.x86"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"161.35.47.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660320/; classtype:trojan-activity;sid:84523420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660318)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.arm6"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"161.35.47.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660318/; classtype:trojan-activity;sid:84523418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660317)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckjewishpeople.mpsl"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"161.35.47.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660317/; classtype:trojan-activity;sid:84523417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660316)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.25.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660316/; classtype:trojan-activity;sid:84523416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660315)"; flow:established,from_client; content:"GET"; http_method; content:"/proceso.vbs"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"158.94.209.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660315/; classtype:trojan-activity;sid:84523415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660314)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.vbs"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"158.94.209.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660314/; classtype:trojan-activity;sid:84523414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660313)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1jdec_a4qkfhx2rjot5uhu4bk_h311vcf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660313/; classtype:trojan-activity;sid:84523413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660311)"; flow:established,from_client; content:"GET"; http_method; content:"/nxghnnjmpd.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"tq1.w-78i.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660311/; classtype:trojan-activity;sid:84523411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660312)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=13gq2re_depey-awgfczkhcobho6ryyld"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660312/; classtype:trojan-activity;sid:84523412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660308)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ltzrbyibsgitaakygytoabmm9eilojdo"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660308/; classtype:trojan-activity;sid:84523408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660309)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1t86ath59j_vvss4emo5obxrd0tas1xa3"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660309/; classtype:trojan-activity;sid:84523409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660310)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1qh_qnptin3vpmjicuaxqte47us9tubt_"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660310/; classtype:trojan-activity;sid:84523410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660306)"; flow:established,from_client; content:"GET"; http_method; content:"/ra0.check|3f|t=774pmy2z"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"h9m.favezi.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660306/; classtype:trojan-activity;sid:84523406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660307)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1wi_ao1db9aen9howuvyocwspm1expxjy"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660307/; classtype:trojan-activity;sid:84523407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660303)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1sdifvc-iupeuu3gkjnhixasxvrlilqhr"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660303/; classtype:trojan-activity;sid:84523403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660304)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ulut4vbnhkbco8aaea61qiin1jbczrrq"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660304/; classtype:trojan-activity;sid:84523404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660305)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1wffmj8zdm1gcs51njbsrahfpzewnniex"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660305/; classtype:trojan-activity;sid:84523405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660302)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"csk.vietnamddns.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660302/; classtype:trojan-activity;sid:84523402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660300)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"csk.vietnamddns.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660300/; classtype:trojan-activity;sid:84523400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660301)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"csk.vietnamddns.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660301/; classtype:trojan-activity;sid:84523401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660299)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"csk.vietnamddns.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660299/; classtype:trojan-activity;sid:84523399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660298)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.219.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660298/; classtype:trojan-activity;sid:84523398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660296)"; flow:established,from_client; content:"GET"; http_method; content:"/eyb3fobukx.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"an.tqh2e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660296/; classtype:trojan-activity;sid:84523396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660297)"; flow:established,from_client; content:"GET"; http_method; content:"/ra0.check|3f|t=dmvatcsa"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"h9m.favezi.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660297/; classtype:trojan-activity;sid:84523397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660294)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.174.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660294/; classtype:trojan-activity;sid:84523394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660295)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.93.42.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660295/; classtype:trojan-activity;sid:84523395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660293)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=10qb7iiyd84tcla9px4yw3gv2_zrkgikr"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660293/; classtype:trojan-activity;sid:84523393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660292)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251005173026.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"hrpil6.xo.je"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660292/; classtype:trojan-activity;sid:84523392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660291)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1p-rpxapndegm_s2iieadenrqjouds8li"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660291/; classtype:trojan-activity;sid:84523391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660290)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660290/; classtype:trojan-activity;sid:84523390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660285)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660285/; classtype:trojan-activity;sid:84523385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660286)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660286/; classtype:trojan-activity;sid:84523386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660287)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660287/; classtype:trojan-activity;sid:84523387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660288)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660288/; classtype:trojan-activity;sid:84523388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660289)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660289/; classtype:trojan-activity;sid:84523389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660284)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660284/; classtype:trojan-activity;sid:84523384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660276)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660276/; classtype:trojan-activity;sid:84523376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660277)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660277/; classtype:trojan-activity;sid:84523377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660278)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.i686"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660278/; classtype:trojan-activity;sid:84523378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660279)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660279/; classtype:trojan-activity;sid:84523379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660280)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660280/; classtype:trojan-activity;sid:84523380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660281)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660281/; classtype:trojan-activity;sid:84523381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660282)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660282/; classtype:trojan-activity;sid:84523382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660283)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660283/; classtype:trojan-activity;sid:84523383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660274)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.201.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660274/; classtype:trojan-activity;sid:84523374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660275)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.54.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660275/; classtype:trojan-activity;sid:84523375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660273)"; flow:established,from_client; content:"GET"; http_method; content:"/nueva%20carpeta/copi.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"hostphpwindowsdriversapps1.duckdns.org"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660273/; classtype:trojan-activity;sid:84523373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660272)"; flow:established,from_client; content:"GET"; http_method; content:"/plank/puzlw136.bin"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"olgamostova.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660272/; classtype:trojan-activity;sid:84523372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660270)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.25.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660270/; classtype:trojan-activity;sid:84523370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660271)"; flow:established,from_client; content:"GET"; http_method; content:"/yarn"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mangotruff.redirectme.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660271/; classtype:trojan-activity;sid:84523371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660268)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mangotruff.redirectme.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660268/; classtype:trojan-activity;sid:84523368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660269)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mangotruff.redirectme.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660269/; classtype:trojan-activity;sid:84523369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660263)"; flow:established,from_client; content:"GET"; http_method; content:"/sora.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mangotruff.redirectme.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660263/; classtype:trojan-activity;sid:84523363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660264)"; flow:established,from_client; content:"GET"; http_method; content:"/bin"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mangotruff.redirectme.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660264/; classtype:trojan-activity;sid:84523364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660265)"; flow:established,from_client; content:"GET"; http_method; content:"/pay"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mangotruff.redirectme.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660265/; classtype:trojan-activity;sid:84523365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660266)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mangotruff.redirectme.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660266/; classtype:trojan-activity;sid:84523366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660267)"; flow:established,from_client; content:"GET"; http_method; content:"/o.xml"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"mangotruff.redirectme.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660267/; classtype:trojan-activity;sid:84523367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660262)"; flow:established,from_client; content:"GET"; http_method; content:"/fire/situp.txt"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"178.16.54.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660262/; classtype:trojan-activity;sid:84523362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660261)"; flow:established,from_client; content:"GET"; http_method; content:"/plank/signifik.snp"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"olgamostova.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660261/; classtype:trojan-activity;sid:84523361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660260)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/asasa-84500.firebasestorage.app/o/272727.txt|3f|alt=media|7c|26|7c|token=57f3e282-a78f-4c1d-800e-f4d9abfc904b"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660260/; classtype:trojan-activity;sid:84523360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660255)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"mangotruff.redirectme.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660255/; classtype:trojan-activity;sid:84523355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660256)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"mangotruff.redirectme.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660256/; classtype:trojan-activity;sid:84523356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660257)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"mangotruff.redirectme.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660257/; classtype:trojan-activity;sid:84523357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660258)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"mangotruff.redirectme.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660258/; classtype:trojan-activity;sid:84523358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660259)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"mangotruff.redirectme.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660259/; classtype:trojan-activity;sid:84523359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660254)"; flow:established,from_client; content:"GET"; http_method; content:"/nueva%20carpeta/vmdocumenots.txt"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"hostphpwindowsdriversapps1.duckdns.org"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660254/; classtype:trojan-activity;sid:84523354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660247)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"mangotruff.redirectme.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660247/; classtype:trojan-activity;sid:84523347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660248)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"mangotruff.redirectme.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660248/; classtype:trojan-activity;sid:84523348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660249)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"mangotruff.redirectme.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660249/; classtype:trojan-activity;sid:84523349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660250)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"mangotruff.redirectme.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660250/; classtype:trojan-activity;sid:84523350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660251)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"mangotruff.redirectme.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660251/; classtype:trojan-activity;sid:84523351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660252)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"mangotruff.redirectme.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660252/; classtype:trojan-activity;sid:84523352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660253)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"mangotruff.redirectme.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660253/; classtype:trojan-activity;sid:84523353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660246)"; flow:established,from_client; content:"GET"; http_method; content:"/8u5gpck8et.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"x.w-78i.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660246/; classtype:trojan-activity;sid:84523346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660245)"; flow:established,from_client; content:"GET"; http_method; content:"/0v9.google|3f|t=utrxivg5"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"tq.favezi.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660245/; classtype:trojan-activity;sid:84523345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660244)"; flow:established,from_client; content:"GET"; http_method; content:"/nervin.xsn"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"endecon.top"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660244/; classtype:trojan-activity;sid:84523344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660242)"; flow:established,from_client; content:"GET"; http_method; content:"/18nljei30e.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"an.tqh2e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660242/; classtype:trojan-activity;sid:84523342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660241)"; flow:established,from_client; content:"GET"; http_method; content:"/0v9.google|3f|t=v3i1zn94"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"tq.favezi.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660241/; classtype:trojan-activity;sid:84523341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660240)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.162.195.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660240/; classtype:trojan-activity;sid:84523340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660238)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.174.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660238/; classtype:trojan-activity;sid:84523338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660239)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.22.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660239/; classtype:trojan-activity;sid:84523339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660224)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.231.70.72"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660224/; classtype:trojan-activity;sid:84523324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660225)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i686"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"176.65.132.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660225/; classtype:trojan-activity;sid:84523325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660226)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"176.65.132.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660226/; classtype:trojan-activity;sid:84523326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660227)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/debug"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"176.65.132.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660227/; classtype:trojan-activity;sid:84523327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660228)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"176.65.132.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660228/; classtype:trojan-activity;sid:84523328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660229)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"176.65.132.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660229/; classtype:trojan-activity;sid:84523329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660230)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"176.65.132.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660230/; classtype:trojan-activity;sid:84523330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660231)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.127.76.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660231/; classtype:trojan-activity;sid:84523331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660232)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"176.65.132.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660232/; classtype:trojan-activity;sid:84523332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660233)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86_64"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"176.65.132.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660233/; classtype:trojan-activity;sid:84523333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660234)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"176.65.132.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660234/; classtype:trojan-activity;sid:84523334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660235)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"176.65.132.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660235/; classtype:trojan-activity;sid:84523335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660236)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"176.65.132.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660236/; classtype:trojan-activity;sid:84523336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660237)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.95.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660237/; classtype:trojan-activity;sid:84523337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660222)"; flow:established,from_client; content:"GET"; http_method; content:"/lol/sparc.nn"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.46.152.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660222/; classtype:trojan-activity;sid:84523322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660223)"; flow:established,from_client; content:"GET"; http_method; content:"/lol/mips64.nn"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.46.152.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660223/; classtype:trojan-activity;sid:84523323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660221)"; flow:established,from_client; content:"GET"; http_method; content:"/lol/arm5.nn"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.46.152.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660221/; classtype:trojan-activity;sid:84523321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660219)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"176.65.132.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660219/; classtype:trojan-activity;sid:84523319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660220)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.126.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660220/; classtype:trojan-activity;sid:84523320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660217)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"176.65.132.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660217/; classtype:trojan-activity;sid:84523317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660218)"; flow:established,from_client; content:"GET"; http_method; content:"/tkr"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"109.205.213.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660218/; classtype:trojan-activity;sid:84523318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660215)"; flow:established,from_client; content:"GET"; http_method; content:"/uo5ll75cql.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"an.tqh2e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660215/; classtype:trojan-activity;sid:84523315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660216)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm5"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"beesoft.vn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660216/; classtype:trojan-activity;sid:84523316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660213)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.sh4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"176.65.132.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660213/; classtype:trojan-activity;sid:84523313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660214)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/1.sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"beesoft.vn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660214/; classtype:trojan-activity;sid:84523314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660211)"; flow:established,from_client; content:"GET"; http_method; content:"/jyns3c4rbn.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"x.w-78i.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660211/; classtype:trojan-activity;sid:84523311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660212)"; flow:established,from_client; content:"GET"; http_method; content:"/tqb25up08o.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"x.w-78i.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660212/; classtype:trojan-activity;sid:84523312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660209)"; flow:established,from_client; content:"GET"; http_method; content:"/m3.google|3f|t=s6m9sp9p"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"bd.favezi.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660209/; classtype:trojan-activity;sid:84523309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660210)"; flow:established,from_client; content:"GET"; http_method; content:"/pk2.check|3f|t=708on581"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"z1.favezi.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660210/; classtype:trojan-activity;sid:84523310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660208)"; flow:established,from_client; content:"GET"; http_method; content:"/pk2.check|3f|t=osqg7kze"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"z1.favezi.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660208/; classtype:trojan-activity;sid:84523308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660206)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.162.195.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660206/; classtype:trojan-activity;sid:84523306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660207)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86_64"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"beesoft.vn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660207/; classtype:trojan-activity;sid:84523307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660205)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.219.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660205/; classtype:trojan-activity;sid:84523305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660204)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.32.50.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660204/; classtype:trojan-activity;sid:84523304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660203)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"www.beesoft.vn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660203/; classtype:trojan-activity;sid:84523303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660199)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.i686"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"beesoft.vn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660199/; classtype:trojan-activity;sid:84523299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660200)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.ppc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"beesoft.vn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660200/; classtype:trojan-activity;sid:84523300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660201)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.sh4"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"beesoft.vn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660201/; classtype:trojan-activity;sid:84523301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660202)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm6"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"beesoft.vn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660202/; classtype:trojan-activity;sid:84523302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660197)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cms.hoangddt.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660197/; classtype:trojan-activity;sid:84523297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660198)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.m68k"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"beesoft.vn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660198/; classtype:trojan-activity;sid:84523298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660187)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.39.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660187/; classtype:trojan-activity;sid:84523287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660188)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm7"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"beesoft.vn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660188/; classtype:trojan-activity;sid:84523288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660189)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm7"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.beesoft.vn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660189/; classtype:trojan-activity;sid:84523289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660190)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"www.beesoft.id.vn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660190/; classtype:trojan-activity;sid:84523290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660191)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mpsl"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"beesoft.vn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660191/; classtype:trojan-activity;sid:84523291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660192)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"beesoft.vn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660192/; classtype:trojan-activity;sid:84523292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660193)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"beesoft.vn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660193/; classtype:trojan-activity;sid:84523293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660194)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mips"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"beesoft.vn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660194/; classtype:trojan-activity;sid:84523294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660195)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"beesoft.vn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660195/; classtype:trojan-activity;sid:84523295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660196)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.spc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"beesoft.vn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660196/; classtype:trojan-activity;sid:84523296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660185)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"beesoft.id.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660185/; classtype:trojan-activity;sid:84523285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660186)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.112.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660186/; classtype:trojan-activity;sid:84523286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660180)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"www.beesoft.id.vn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660180/; classtype:trojan-activity;sid:84523280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660181)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.spc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"www.beesoft.vn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660181/; classtype:trojan-activity;sid:84523281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660182)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.m68k"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.beesoft.id.vn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660182/; classtype:trojan-activity;sid:84523282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660183)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cms.hoangddt.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660183/; classtype:trojan-activity;sid:84523283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660184)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86_64"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.beesoft.vn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660184/; classtype:trojan-activity;sid:84523284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660179)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.i686"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.beesoft.vn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660179/; classtype:trojan-activity;sid:84523279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660178)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm6"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.beesoft.vn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660178/; classtype:trojan-activity;sid:84523278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660177)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mpsl"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"beesoft.id.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660177/; classtype:trojan-activity;sid:84523277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660176)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.ppc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"www.beesoft.vn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660176/; classtype:trojan-activity;sid:84523276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660167)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.spc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"beesoft.id.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660167/; classtype:trojan-activity;sid:84523267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660168)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"beesoft.id.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660168/; classtype:trojan-activity;sid:84523268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660169)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm6"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"beesoft.id.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660169/; classtype:trojan-activity;sid:84523269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660170)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"beesoft.id.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660170/; classtype:trojan-activity;sid:84523270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660171)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.ppc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cms.hoangddt.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660171/; classtype:trojan-activity;sid:84523271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660172)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mips"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.beesoft.vn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660172/; classtype:trojan-activity;sid:84523272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660173)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cms.hoangddt.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660173/; classtype:trojan-activity;sid:84523273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660174)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.m68k"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.beesoft.vn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660174/; classtype:trojan-activity;sid:84523274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660175)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mpsl"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.beesoft.vn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660175/; classtype:trojan-activity;sid:84523275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660164)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.sh4"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"www.beesoft.id.vn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660164/; classtype:trojan-activity;sid:84523264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660165)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.ppc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"beesoft.id.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660165/; classtype:trojan-activity;sid:84523265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660166)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"www.beesoft.id.vn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660166/; classtype:trojan-activity;sid:84523266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660163)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm5"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.beesoft.vn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660163/; classtype:trojan-activity;sid:84523263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660161)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.spc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"www.beesoft.id.vn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660161/; classtype:trojan-activity;sid:84523261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660162)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.i686"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.beesoft.id.vn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660162/; classtype:trojan-activity;sid:84523262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660160)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mips"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.beesoft.id.vn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660160/; classtype:trojan-activity;sid:84523260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660142)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86_64"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"beesoft.id.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660142/; classtype:trojan-activity;sid:84523242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660143)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm5"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"beesoft.id.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660143/; classtype:trojan-activity;sid:84523243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660144)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.sh4"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cms.hoangddt.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660144/; classtype:trojan-activity;sid:84523244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660145)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm5"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.beesoft.id.vn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660145/; classtype:trojan-activity;sid:84523245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660146)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.sh4"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"beesoft.id.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660146/; classtype:trojan-activity;sid:84523246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660147)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.ppc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"www.beesoft.id.vn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660147/; classtype:trojan-activity;sid:84523247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660148)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86_64"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.beesoft.id.vn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660148/; classtype:trojan-activity;sid:84523248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660149)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.m68k"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"beesoft.id.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660149/; classtype:trojan-activity;sid:84523249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660150)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm7"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"beesoft.id.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660150/; classtype:trojan-activity;sid:84523250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660151)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mpsl"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.beesoft.id.vn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660151/; classtype:trojan-activity;sid:84523251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660152)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mips"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"beesoft.id.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660152/; classtype:trojan-activity;sid:84523252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660153)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.i686"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"beesoft.id.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660153/; classtype:trojan-activity;sid:84523253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660154)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"www.beesoft.id.vn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660154/; classtype:trojan-activity;sid:84523254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660155)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm7"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.beesoft.id.vn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660155/; classtype:trojan-activity;sid:84523255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660156)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"beesoft.id.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660156/; classtype:trojan-activity;sid:84523256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660157)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.sh4"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"www.beesoft.vn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660157/; classtype:trojan-activity;sid:84523257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660158)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"www.beesoft.vn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660158/; classtype:trojan-activity;sid:84523258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660159)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm6"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.beesoft.id.vn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660159/; classtype:trojan-activity;sid:84523259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660131)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mpsl"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"cms.hoangddt.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660131/; classtype:trojan-activity;sid:84523231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660132)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mips"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"cms.hoangddt.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660132/; classtype:trojan-activity;sid:84523232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660133)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.spc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cms.hoangddt.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660133/; classtype:trojan-activity;sid:84523233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660134)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.i686"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"cms.hoangddt.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660134/; classtype:trojan-activity;sid:84523234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660135)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86_64"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"cms.hoangddt.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660135/; classtype:trojan-activity;sid:84523235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660136)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.m68k"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"cms.hoangddt.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660136/; classtype:trojan-activity;sid:84523236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660137)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm5"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"cms.hoangddt.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660137/; classtype:trojan-activity;sid:84523237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660138)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm7"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"cms.hoangddt.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660138/; classtype:trojan-activity;sid:84523238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660139)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm6"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"cms.hoangddt.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660139/; classtype:trojan-activity;sid:84523239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660140)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cms.hoangddt.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660140/; classtype:trojan-activity;sid:84523240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660141)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"www.beesoft.vn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660141/; classtype:trojan-activity;sid:84523241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660130)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"www.beesoft.vn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660130/; classtype:trojan-activity;sid:84523230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660129)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.11.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660129/; classtype:trojan-activity;sid:84523229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660128)"; flow:established,from_client; content:"GET"; http_method; content:"/tp.bat"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tiger-checkout-draws-basketball.trycloudflare.com"; http_host; depth:49; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660128/; classtype:trojan-activity;sid:84523228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660127)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.217.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660127/; classtype:trojan-activity;sid:84523227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660125)"; flow:established,from_client; content:"GET"; http_method; content:"/4ta.check|3f|t=207y15vn"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"q7.favezi.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660125/; classtype:trojan-activity;sid:84523225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660126)"; flow:established,from_client; content:"GET"; http_method; content:"/zzgj70qhpf.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"as.tqh2e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660126/; classtype:trojan-activity;sid:84523226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660124)"; flow:established,from_client; content:"GET"; http_method; content:"/0/items/msi-pro-with-b-64_20251002/msi_pro_with_b64.png"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"dn721900.ca.archive.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660124/; classtype:trojan-activity;sid:84523224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660123)"; flow:established,from_client; content:"GET"; http_method; content:"/tmb/wealthyblessedman.txt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"aerconditionat-arges.ro"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660123/; classtype:trojan-activity;sid:84523223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660122)"; flow:established,from_client; content:"GET"; http_method; content:"/166/2bd335e94be53168%252525252523gga1dx3rxsr2ny5zilc2ojnzgyearrw2rgu9yyrnfhasde3.hta"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"185.29.9.98"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660122/; classtype:trojan-activity;sid:84523222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660121)"; flow:established,from_client; content:"GET"; http_method; content:"/fop461fem3.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"as.tqh2e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660121/; classtype:trojan-activity;sid:84523221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660120)"; flow:established,from_client; content:"GET"; http_method; content:"/yn.google|3f|t=dhsafnti"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"g.favezi.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660120/; classtype:trojan-activity;sid:84523220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660119)"; flow:established,from_client; content:"GET"; http_method; content:"/img/kkbc/2bd335e94be53168%2525252523gga1dx3rxsr2ny5zilc2ojnzgyearrw2rgu9yyrnfhasde3edc.hta"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"185.29.9.98"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660119/; classtype:trojan-activity;sid:84523219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660118)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.155.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660118/; classtype:trojan-activity;sid:84523218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660117)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.41.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660117/; classtype:trojan-activity;sid:84523217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660116)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/loloer3434.firebasestorage.app/o/ab23%2fdllskyyyyyyyyyyyyyyy.txt|3f|alt=media|7c|26|7c|token=ba6fc66c-551c-42b7-934c-808e6e48e247"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660116/; classtype:trojan-activity;sid:84523216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660115)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.28.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660115/; classtype:trojan-activity;sid:84523215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660114)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.112.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660114/; classtype:trojan-activity;sid:84523214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660113)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.198.130.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660113/; classtype:trojan-activity;sid:84523213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660112)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.151.26.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660112/; classtype:trojan-activity;sid:84523212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660111)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.69.61.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660111/; classtype:trojan-activity;sid:84523211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660110)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.69.61.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660110/; classtype:trojan-activity;sid:84523210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660109)"; flow:established,from_client; content:"GET"; http_method; content:"/c8c7011c8d8dce568489e4983fd4606e"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"sm4.vototao9.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660109/; classtype:trojan-activity;sid:84523209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660108)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.113.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660108/; classtype:trojan-activity;sid:84523208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660107)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.113.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660107/; classtype:trojan-activity;sid:84523207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660106)"; flow:established,from_client; content:"GET"; http_method; content:"/6bc5mzayzh.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"as.tqh2e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660106/; classtype:trojan-activity;sid:84523206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660104)"; flow:established,from_client; content:"GET"; http_method; content:"/mkshellcode.py"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"193.235.146.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660104/; classtype:trojan-activity;sid:84523204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660105)"; flow:established,from_client; content:"GET"; http_method; content:"/cve-2023-3519.py"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"193.235.146.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660105/; classtype:trojan-activity;sid:84523205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660103)"; flow:established,from_client; content:"GET"; http_method; content:"/w1m3.google|3f|t=qq7pwhvt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"xq9.pisora.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660103/; classtype:trojan-activity;sid:84523203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660102)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.155.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660102/; classtype:trojan-activity;sid:84523202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660100)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.151.26.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660100/; classtype:trojan-activity;sid:84523200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660101)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.177.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660101/; classtype:trojan-activity;sid:84523201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660099)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.7.155.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660099/; classtype:trojan-activity;sid:84523199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660098)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.123.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660098/; classtype:trojan-activity;sid:84523198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660097)"; flow:established,from_client; content:"GET"; http_method; content:"/6vdpr5w2a0.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"as.tqh2e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660097/; classtype:trojan-activity;sid:84523197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660096)"; flow:established,from_client; content:"GET"; http_method; content:"/t39.check|3f|t=34hh6xog"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"h7.pisora.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660096/; classtype:trojan-activity;sid:84523196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660095)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.198.130.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660095/; classtype:trojan-activity;sid:84523195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660094)"; flow:established,from_client; content:"GET"; http_method; content:"/123456.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"95.216.26.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660094/; classtype:trojan-activity;sid:84523194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660093)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.28.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660093/; classtype:trojan-activity;sid:84523193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660092)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.7.155.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660092/; classtype:trojan-activity;sid:84523192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660091)"; flow:established,from_client; content:"GET"; http_method; content:"/0xq.google|3f|t=8gp4eavg"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"pv.pisora.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660091/; classtype:trojan-activity;sid:84523191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660090)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.59.115.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660090/; classtype:trojan-activity;sid:84523190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660089)"; flow:established,from_client; content:"GET"; http_method; content:"/bgxhi2p6lc.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"as.tqh2e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660089/; classtype:trojan-activity;sid:84523189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660088)"; flow:established,from_client; content:"GET"; http_method; content:"/m4d.check|3f|t=6qvacy4n"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"a1.pisora.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660088/; classtype:trojan-activity;sid:84523188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660087)"; flow:established,from_client; content:"GET"; http_method; content:"/4r38hftsxa.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"b2.w-78i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660087/; classtype:trojan-activity;sid:84523187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660086)"; flow:established,from_client; content:"GET"; http_method; content:"/m4d.check|3f|t=hfizd58q"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"a1.pisora.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660086/; classtype:trojan-activity;sid:84523186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660085)"; flow:established,from_client; content:"GET"; http_method; content:"/dgnzatb7i8.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"as.tqh2e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660085/; classtype:trojan-activity;sid:84523185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660084)"; flow:established,from_client; content:"GET"; http_method; content:"/tu6ppqav34.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"as.tqh2e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660084/; classtype:trojan-activity;sid:84523184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660083)"; flow:established,from_client; content:"GET"; http_method; content:"/1r.google|3f|t=ai8da0ce"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"zx.pisora.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660083/; classtype:trojan-activity;sid:84523183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660082)"; flow:established,from_client; content:"GET"; http_method; content:"/1r.google|3f|t=gf2qrmpo"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"zx.pisora.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660082/; classtype:trojan-activity;sid:84523182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660081)"; flow:established,from_client; content:"GET"; http_method; content:"/janmmv7w5p.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"b2.w-78i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660081/; classtype:trojan-activity;sid:84523181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660080)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.191.49.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660080/; classtype:trojan-activity;sid:84523180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660078)"; flow:established,from_client; content:"GET"; http_method; content:"/05xhe5tenn.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"n0.h-23u.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660078/; classtype:trojan-activity;sid:84523178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660079)"; flow:established,from_client; content:"GET"; http_method; content:"/0exb156g2d.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"as.tqh2e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660079/; classtype:trojan-activity;sid:84523179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660076)"; flow:established,from_client; content:"GET"; http_method; content:"/q7p.check|3f|t=7np39zjv"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"n3.pisora.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660076/; classtype:trojan-activity;sid:84523176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660077)"; flow:established,from_client; content:"GET"; http_method; content:"/q7p.check|3f|t=uz9boqsg"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"n3.pisora.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660077/; classtype:trojan-activity;sid:84523177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660075)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.233.249.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660075/; classtype:trojan-activity;sid:84523175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660074)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.115.165.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660074/; classtype:trojan-activity;sid:84523174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660073)"; flow:established,from_client; content:"GET"; http_method; content:"/8djgte164y.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"as.tqh2e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660073/; classtype:trojan-activity;sid:84523173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660072)"; flow:established,from_client; content:"GET"; http_method; content:"/u8.google|3f|t=yhheeq5l"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"d.pisora.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660072/; classtype:trojan-activity;sid:84523172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660071)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.191.49.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660071/; classtype:trojan-activity;sid:84523171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660070)"; flow:established,from_client; content:"GET"; http_method; content:"/u8.google|3f|t=k47946jy"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"d.pisora.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660070/; classtype:trojan-activity;sid:84523170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660069)"; flow:established,from_client; content:"GET"; http_method; content:"/ldgstoxckr.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"e1.h-23u.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660069/; classtype:trojan-activity;sid:84523169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660068)"; flow:established,from_client; content:"GET"; http_method; content:"/d217zm98sr.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"as.tqh2e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660068/; classtype:trojan-activity;sid:84523168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660067)"; flow:established,from_client; content:"GET"; http_method; content:"/ya03.google|3f|t=a5mwwk2y"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"z9m.vamuwe.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660067/; classtype:trojan-activity;sid:84523167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660066)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.158.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660066/; classtype:trojan-activity;sid:84523166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660065)"; flow:established,from_client; content:"GET"; http_method; content:"/14kmidg6yz.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qk2.h-23u.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660065/; classtype:trojan-activity;sid:84523165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660064)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.54.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660064/; classtype:trojan-activity;sid:84523164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660063)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.166.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660063/; classtype:trojan-activity;sid:84523163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660061)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.167.160.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660061/; classtype:trojan-activity;sid:84523161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660062)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.140.173.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660062/; classtype:trojan-activity;sid:84523162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660060)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660060/; classtype:trojan-activity;sid:84523160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660059)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.182.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660059/; classtype:trojan-activity;sid:84523159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660055)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.3.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660055/; classtype:trojan-activity;sid:84523155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660056)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.183.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660056/; classtype:trojan-activity;sid:84523156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.76.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660057/; classtype:trojan-activity;sid:84523157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660058)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.231.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660058/; classtype:trojan-activity;sid:84523158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660054)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.236.69.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660054/; classtype:trojan-activity;sid:84523154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660053)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.132.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660053/; classtype:trojan-activity;sid:84523153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660052)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.169.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660052/; classtype:trojan-activity;sid:84523152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660051)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.182.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660051/; classtype:trojan-activity;sid:84523151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660050)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.147.247.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660050/; classtype:trojan-activity;sid:84523150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660049)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.116.196.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660049/; classtype:trojan-activity;sid:84523149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660048)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.146.201.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660048/; classtype:trojan-activity;sid:84523148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660047)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.54.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660047/; classtype:trojan-activity;sid:84523147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660046)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.191.32.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660046/; classtype:trojan-activity;sid:84523146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660045)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.191.138.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660045/; classtype:trojan-activity;sid:84523145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660044)"; flow:established,from_client; content:"GET"; http_method; content:"/c9u1alxwa0.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"as.tqh2e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660044/; classtype:trojan-activity;sid:84523144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660043)"; flow:established,from_client; content:"GET"; http_method; content:"/1n7.check|3f|t=pu9p57a9"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"qb.vamuwe.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660043/; classtype:trojan-activity;sid:84523143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660042)"; flow:established,from_client; content:"GET"; http_method; content:"/6tz22js09d.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"u5.h-23u.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660042/; classtype:trojan-activity;sid:84523142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660041)"; flow:established,from_client; content:"GET"; http_method; content:"/1n7.check|3f|t=2c5nedl6"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"qb.vamuwe.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660041/; classtype:trojan-activity;sid:84523141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660040)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.162.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660040/; classtype:trojan-activity;sid:84523140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660039)"; flow:established,from_client; content:"GET"; http_method; content:"/1n7.check|3f|t=hbg7yl6p"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"qb.vamuwe.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660039/; classtype:trojan-activity;sid:84523139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660038)"; flow:established,from_client; content:"GET"; http_method; content:"/dyl7zpnpx5.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"as.tqh2e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660038/; classtype:trojan-activity;sid:84523138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660037)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.147.247.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660037/; classtype:trojan-activity;sid:84523137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660036)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.191.32.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660036/; classtype:trojan-activity;sid:84523136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660035)"; flow:established,from_client; content:"GET"; http_method; content:"/4q.google|3f|t=x03skw9h"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"m2.vamuwe.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660035/; classtype:trojan-activity;sid:84523135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660034)"; flow:established,from_client; content:"GET"; http_method; content:"/sys1k46znl.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"as.tqh2e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660034/; classtype:trojan-activity;sid:84523134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660033)"; flow:established,from_client; content:"GET"; http_method; content:"/qkeyzj228i.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r.h-23u.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660033/; classtype:trojan-activity;sid:84523133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660032)"; flow:established,from_client; content:"GET"; http_method; content:"/4q.google|3f|t=4rm4efd3"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"m2.vamuwe.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660032/; classtype:trojan-activity;sid:84523132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660029)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.33.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660029/; classtype:trojan-activity;sid:84523129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660030)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.238.156.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660030/; classtype:trojan-activity;sid:84523130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660031)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.162.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660031/; classtype:trojan-activity;sid:84523131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660028)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.179.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660028/; classtype:trojan-activity;sid:84523128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660027)"; flow:established,from_client; content:"GET"; http_method; content:"/tm2.check|3f|t=wlj2t6je"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"x.vamuwe.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660027/; classtype:trojan-activity;sid:84523127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660026)"; flow:established,from_client; content:"GET"; http_method; content:"/2ke57xidzd.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"as.tqh2e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660026/; classtype:trojan-activity;sid:84523126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660025)"; flow:established,from_client; content:"GET"; http_method; content:"/6hjn0f89kw.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r3.x-57u.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660025/; classtype:trojan-activity;sid:84523125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660024)"; flow:established,from_client; content:"GET"; http_method; content:"/tm2.check|3f|t=de98yic6"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"x.vamuwe.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660024/; classtype:trojan-activity;sid:84523124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660023)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.180.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660023/; classtype:trojan-activity;sid:84523123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660022)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660022/; classtype:trojan-activity;sid:84523122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660021)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.10.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660021/; classtype:trojan-activity;sid:84523121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660020)"; flow:established,from_client; content:"GET"; http_method; content:"/0a7.google|3f|t=3w0inish"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"pl.vamuwe.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660020/; classtype:trojan-activity;sid:84523120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660019)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.101.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660019/; classtype:trojan-activity;sid:84523119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660018)"; flow:established,from_client; content:"GET"; http_method; content:"/wbi9ohv1eh.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k7.x-57u.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660018/; classtype:trojan-activity;sid:84523118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660017)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.93.202.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660017/; classtype:trojan-activity;sid:84523117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660016)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.188.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660016/; classtype:trojan-activity;sid:84523116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660015)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.179.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660015/; classtype:trojan-activity;sid:84523115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660014)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.238.156.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660014/; classtype:trojan-activity;sid:84523114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660013)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.191.138.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660013/; classtype:trojan-activity;sid:84523113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660012)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.237.24.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660012/; classtype:trojan-activity;sid:84523112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660011)"; flow:established,from_client; content:"GET"; http_method; content:"/9q.check|3f|t=jod9bc8l"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"h2.vamuwe.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660011/; classtype:trojan-activity;sid:84523111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660010)"; flow:established,from_client; content:"GET"; http_method; content:"/ku7iyuiq74.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"aa9.x-57u.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660010/; classtype:trojan-activity;sid:84523110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660009)"; flow:established,from_client; content:"GET"; http_method; content:"/olyzr6s26t.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"an.tqh2e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660009/; classtype:trojan-activity;sid:84523109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660008)"; flow:established,from_client; content:"GET"; http_method; content:"/9q.check|3f|t=5e25c4x3"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"h2.vamuwe.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660008/; classtype:trojan-activity;sid:84523108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660007)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.179.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660007/; classtype:trojan-activity;sid:84523107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660006)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.222.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660006/; classtype:trojan-activity;sid:84523106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660005)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.84.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660005/; classtype:trojan-activity;sid:84523105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660004)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.84.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660004/; classtype:trojan-activity;sid:84523104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660003)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.237.24.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660003/; classtype:trojan-activity;sid:84523103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660002)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.188.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660002/; classtype:trojan-activity;sid:84523102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660001)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.11.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660001/; classtype:trojan-activity;sid:84523101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660000)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.84.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660000/; classtype:trojan-activity;sid:84523100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659998)"; flow:established,from_client; content:"GET"; http_method; content:"/y4.google|3f|t=0pj79e72"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"s.vamuwe.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659998/; classtype:trojan-activity;sid:84523098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659999)"; flow:established,from_client; content:"GET"; http_method; content:"/s9isfo45vl.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2.x-57u.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659999/; classtype:trojan-activity;sid:84523099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659997)"; flow:established,from_client; content:"GET"; http_method; content:"/ax20mirn0c.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"an.tqh2e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659997/; classtype:trojan-activity;sid:84523097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659996)"; flow:established,from_client; content:"GET"; http_method; content:"/y4.google|3f|t=8cx3l4u2"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"s.vamuwe.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659996/; classtype:trojan-activity;sid:84523096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659995)"; flow:established,from_client; content:"GET"; http_method; content:"/c8c7011c8d8dce568489e4983fd4606e"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"ede3.vototao9.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659995/; classtype:trojan-activity;sid:84523095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659994)"; flow:established,from_client; content:"GET"; http_method; content:"/2t4lvazxcd.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"an.tqh2e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659994/; classtype:trojan-activity;sid:84523094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659993)"; flow:established,from_client; content:"GET"; http_method; content:"/fk04.check|3f|t=vjsflrjt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"cm.n726z.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659993/; classtype:trojan-activity;sid:84523093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659992)"; flow:established,from_client; content:"GET"; http_method; content:"/nv84hr179b.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"g.x-57u.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659992/; classtype:trojan-activity;sid:84523092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659991)"; flow:established,from_client; content:"GET"; http_method; content:"/fk04.check|3f|t=l9a4ihjy"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"cm.n726z.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659991/; classtype:trojan-activity;sid:84523091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659990)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.33.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659990/; classtype:trojan-activity;sid:84523090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659989)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.189.171.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659989/; classtype:trojan-activity;sid:84523089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659988)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.84.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659988/; classtype:trojan-activity;sid:84523088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659987)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.75.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659987/; classtype:trojan-activity;sid:84523087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.184.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659986/; classtype:trojan-activity;sid:84523086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659985)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.33.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659985/; classtype:trojan-activity;sid:84523085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659981)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.231.70.72"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659981/; classtype:trojan-activity;sid:84523081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659982)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.231.70.72"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659982/; classtype:trojan-activity;sid:84523082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659983)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.231.70.72"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659983/; classtype:trojan-activity;sid:84523083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659984)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.231.70.72"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659984/; classtype:trojan-activity;sid:84523084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659980)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.231.70.72"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659980/; classtype:trojan-activity;sid:84523080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659979)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.231.70.72"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659979/; classtype:trojan-activity;sid:84523079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659977)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.231.70.72"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659977/; classtype:trojan-activity;sid:84523077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659978)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.231.70.72"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659978/; classtype:trojan-activity;sid:84523078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659976)"; flow:established,from_client; content:"GET"; http_method; content:"/rv54tzjorg.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m2.f-07y.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659976/; classtype:trojan-activity;sid:84523076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659975)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.140.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659975/; classtype:trojan-activity;sid:84523075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659974)"; flow:established,from_client; content:"GET"; http_method; content:"/bz7uslgvw8.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"an.tqh2e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659974/; classtype:trojan-activity;sid:84523074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659972)"; flow:established,from_client; content:"GET"; http_method; content:"/az1.google|3f|t=x30as3yh"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"y7.n726z.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659972/; classtype:trojan-activity;sid:84523072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659973)"; flow:established,from_client; content:"GET"; http_method; content:"/az1.google|3f|t=e4kcvox1"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"y7.n726z.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659973/; classtype:trojan-activity;sid:84523073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659971)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.119.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659971/; classtype:trojan-activity;sid:84523071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659970)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.159.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659970/; classtype:trojan-activity;sid:84523070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659969)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.184.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659969/; classtype:trojan-activity;sid:84523069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659965)"; flow:established,from_client; content:"GET"; http_method; content:"/dwrioej/neon.arm6"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"176.65.141.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659965/; classtype:trojan-activity;sid:84523065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659966)"; flow:established,from_client; content:"GET"; http_method; content:"/dwrioej/neon.arm7"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"176.65.141.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659966/; classtype:trojan-activity;sid:84523066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659967)"; flow:established,from_client; content:"GET"; http_method; content:"/dwrioej/neon.ppc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"176.65.141.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659967/; classtype:trojan-activity;sid:84523067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659968)"; flow:established,from_client; content:"GET"; http_method; content:"/dwrioej/neon.mpsl"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"176.65.141.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659968/; classtype:trojan-activity;sid:84523068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659961)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"151.242.30.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659961/; classtype:trojan-activity;sid:84523061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659962)"; flow:established,from_client; content:"GET"; http_method; content:"/dwrioej/neon.arm5"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"176.65.141.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659962/; classtype:trojan-activity;sid:84523062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659963)"; flow:established,from_client; content:"GET"; http_method; content:"/dwrioej/neon.arm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"176.65.141.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659963/; classtype:trojan-activity;sid:84523063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659964)"; flow:established,from_client; content:"GET"; http_method; content:"/dwrioej/neon.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"176.65.141.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659964/; classtype:trojan-activity;sid:84523064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659959)"; flow:established,from_client; content:"GET"; http_method; content:"/dwrioej/neon.i468"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"176.65.141.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659959/; classtype:trojan-activity;sid:84523059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659960)"; flow:established,from_client; content:"GET"; http_method; content:"/dwrioej/neon.x86"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"176.65.141.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659960/; classtype:trojan-activity;sid:84523060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659958)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"151.242.30.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659958/; classtype:trojan-activity;sid:84523058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659957)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.43.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659957/; classtype:trojan-activity;sid:84523057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659956)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.229.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659956/; classtype:trojan-activity;sid:84523056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659955)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.62.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659955/; classtype:trojan-activity;sid:84523055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659954)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.3.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659954/; classtype:trojan-activity;sid:84523054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659953)"; flow:established,from_client; content:"GET"; http_method; content:"/node"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.46.152.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659953/; classtype:trojan-activity;sid:84523053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659950)"; flow:established,from_client; content:"GET"; http_method; content:"/o.xml"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"151.242.30.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659950/; classtype:trojan-activity;sid:84523050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659951)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"151.242.30.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659951/; classtype:trojan-activity;sid:84523051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659952)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"151.242.30.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659952/; classtype:trojan-activity;sid:84523052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659949)"; flow:established,from_client; content:"GET"; http_method; content:"/pay"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"151.242.30.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659949/; classtype:trojan-activity;sid:84523049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659948)"; flow:established,from_client; content:"GET"; http_method; content:"/lol/ppc.nn"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.46.152.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659948/; classtype:trojan-activity;sid:84523048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659934)"; flow:established,from_client; content:"GET"; http_method; content:"/lol/x86_64.nn"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.46.152.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659934/; classtype:trojan-activity;sid:84523034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659935)"; flow:established,from_client; content:"GET"; http_method; content:"/lol/mpsl.nn"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.46.152.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659935/; classtype:trojan-activity;sid:84523035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659936)"; flow:established,from_client; content:"GET"; http_method; content:"/lol/x86.nn"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.46.152.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659936/; classtype:trojan-activity;sid:84523036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659937)"; flow:established,from_client; content:"GET"; http_method; content:"/lol/arm6.nn"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.46.152.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659937/; classtype:trojan-activity;sid:84523037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659938)"; flow:established,from_client; content:"GET"; http_method; content:"/lol/arm.nn"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.46.152.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659938/; classtype:trojan-activity;sid:84523038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659939)"; flow:established,from_client; content:"GET"; http_method; content:"/lol/mips.nn"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.46.152.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659939/; classtype:trojan-activity;sid:84523039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659940)"; flow:established,from_client; content:"GET"; http_method; content:"/lol/i686.nn"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.46.152.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659940/; classtype:trojan-activity;sid:84523040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659941)"; flow:established,from_client; content:"GET"; http_method; content:"/lol/arm7.nn"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.46.152.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659941/; classtype:trojan-activity;sid:84523041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659942)"; flow:established,from_client; content:"GET"; http_method; content:"/lol/m68k.nn"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.46.152.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659942/; classtype:trojan-activity;sid:84523042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659943)"; flow:established,from_client; content:"GET"; http_method; content:"/lol/sh4.nn"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.46.152.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659943/; classtype:trojan-activity;sid:84523043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659944)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"tuxbot.cc"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659944/; classtype:trojan-activity;sid:84523044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659945)"; flow:established,from_client; content:"GET"; http_method; content:"/lol/arc.nn"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.46.152.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659945/; classtype:trojan-activity;sid:84523045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659946)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"115.187.17.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659946/; classtype:trojan-activity;sid:84523046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659947)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6869227589/aj35gwt.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659947/; classtype:trojan-activity;sid:84523047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659930)"; flow:established,from_client; content:"GET"; http_method; content:"/yarn"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"151.242.30.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659930/; classtype:trojan-activity;sid:84523030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659931)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"151.242.30.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659931/; classtype:trojan-activity;sid:84523031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659932)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"151.242.30.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659932/; classtype:trojan-activity;sid:84523032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659933)"; flow:established,from_client; content:"GET"; http_method; content:"/bin"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"151.242.30.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659933/; classtype:trojan-activity;sid:84523033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659929)"; flow:established,from_client; content:"GET"; http_method; content:"/pen.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.46.152.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659929/; classtype:trojan-activity;sid:84523029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659928)"; flow:established,from_client; content:"GET"; http_method; content:"/tpax.xml"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"115.187.17.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659928/; classtype:trojan-activity;sid:84523028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659927)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7665719804/nftcbhr.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659927/; classtype:trojan-activity;sid:84523027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659925)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.188.80.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659925/; classtype:trojan-activity;sid:84523025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659926)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.155.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659926/; classtype:trojan-activity;sid:84523026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659924)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.155.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659924/; classtype:trojan-activity;sid:84523024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659923)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.31.201.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659923/; classtype:trojan-activity;sid:84523023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659922)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.229.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659922/; classtype:trojan-activity;sid:84523022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659921)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.43.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659921/; classtype:trojan-activity;sid:84523021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659920)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.100.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659920/; classtype:trojan-activity;sid:84523020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659919)"; flow:established,from_client; content:"GET"; http_method; content:"/cw3eo9vucp.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"aa9.f-07y.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659919/; classtype:trojan-activity;sid:84523019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659918)"; flow:established,from_client; content:"GET"; http_method; content:"/0nq.check|3f|t=ao9ao8nd"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"u.n726z.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659918/; classtype:trojan-activity;sid:84523018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659917)"; flow:established,from_client; content:"GET"; http_method; content:"/0nq.check|3f|t=ss8g6bcz"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"u.n726z.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659917/; classtype:trojan-activity;sid:84523017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659916)"; flow:established,from_client; content:"GET"; http_method; content:"/1b0vtjr2g8.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"an.tqh2e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659916/; classtype:trojan-activity;sid:84523016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659915)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.188.80.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659915/; classtype:trojan-activity;sid:84523015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659914)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.31.201.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659914/; classtype:trojan-activity;sid:84523014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659913)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.204.195.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659913/; classtype:trojan-activity;sid:84523013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659912)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.100.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659912/; classtype:trojan-activity;sid:84523012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659911)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.157.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659911/; classtype:trojan-activity;sid:84523011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659910)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.186.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659910/; classtype:trojan-activity;sid:84523010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659909)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.37.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659909/; classtype:trojan-activity;sid:84523009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659908)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.42.184.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659908/; classtype:trojan-activity;sid:84523008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659907)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.181.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659907/; classtype:trojan-activity;sid:84523007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659906)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5876317150/5tijo15.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659906/; classtype:trojan-activity;sid:84523006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659905)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8434554557/ckhhvtd.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659905/; classtype:trojan-activity;sid:84523005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659904)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.186.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659904/; classtype:trojan-activity;sid:84523004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659903)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.54.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659903/; classtype:trojan-activity;sid:84523003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659902)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.181.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659902/; classtype:trojan-activity;sid:84523002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659901)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.42.184.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659901/; classtype:trojan-activity;sid:84523001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659900)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.54.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659900/; classtype:trojan-activity;sid:84523000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659899)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.181.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659899/; classtype:trojan-activity;sid:84522999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659898)"; flow:established,from_client; content:"GET"; http_method; content:"/cpa7drrotd.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"an.tqh2e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659898/; classtype:trojan-activity;sid:84522998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659897)"; flow:established,from_client; content:"GET"; http_method; content:"/tb2.google|3f|t=bo5oyvfs"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"r3.n726z.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659897/; classtype:trojan-activity;sid:84522997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659896)"; flow:established,from_client; content:"GET"; http_method; content:"/tb2.google|3f|t=mlldhw1q"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"r3.n726z.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659896/; classtype:trojan-activity;sid:84522996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659895)"; flow:established,from_client; content:"GET"; http_method; content:"/mtqbfgx843.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"xq0.f-07y.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659895/; classtype:trojan-activity;sid:84522995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659894)"; flow:established,from_client; content:"GET"; http_method; content:"/stqusbaqi5.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"xq0.f-07y.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659894/; classtype:trojan-activity;sid:84522994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659893)"; flow:established,from_client; content:"GET"; http_method; content:"/mx.check|3f|t=xfa354qa"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ve.n726z.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659893/; classtype:trojan-activity;sid:84522993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659891)"; flow:established,from_client; content:"GET"; http_method; content:"/mx.check|3f|t=ec5sgf9e"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ve.n726z.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659891/; classtype:trojan-activity;sid:84522991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659892)"; flow:established,from_client; content:"GET"; http_method; content:"/6d86wlo6j0.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"an.tqh2e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659892/; classtype:trojan-activity;sid:84522992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659890)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.201.145.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659890/; classtype:trojan-activity;sid:84522990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659889)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.181.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659889/; classtype:trojan-activity;sid:84522989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659888)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.132.167.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659888/; classtype:trojan-activity;sid:84522988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659887)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.12.229.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659887/; classtype:trojan-activity;sid:84522987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659886)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.85.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659886/; classtype:trojan-activity;sid:84522986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659885)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.201.145.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659885/; classtype:trojan-activity;sid:84522985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659884)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.12.229.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659884/; classtype:trojan-activity;sid:84522984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659883)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.198.255"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659883/; classtype:trojan-activity;sid:84522983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659882)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.73.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659882/; classtype:trojan-activity;sid:84522982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659881)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.230.38.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659881/; classtype:trojan-activity;sid:84522981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659880)"; flow:established,from_client; content:"GET"; http_method; content:"/6zhidfw01t.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c5.f-07y.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659880/; classtype:trojan-activity;sid:84522980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659879)"; flow:established,from_client; content:"GET"; http_method; content:"/1q3.google|3f|t=fbr77fsm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"k8.n726z.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659879/; classtype:trojan-activity;sid:84522979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659878)"; flow:established,from_client; content:"GET"; http_method; content:"/sora.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"151.242.30.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659878/; classtype:trojan-activity;sid:84522978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659877)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.73.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659877/; classtype:trojan-activity;sid:84522977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659876)"; flow:established,from_client; content:"GET"; http_method; content:"/1jxhaniwaw.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"an.tqh2e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659876/; classtype:trojan-activity;sid:84522976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659875)"; flow:established,from_client; content:"GET"; http_method; content:"/1q3.google|3f|t=g4rrvcdq"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"k8.n726z.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659875/; classtype:trojan-activity;sid:84522975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659873)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.253.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659873/; classtype:trojan-activity;sid:84522973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659874)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.163.13.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659874/; classtype:trojan-activity;sid:84522974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659870)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.163.187.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659870/; classtype:trojan-activity;sid:84522970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659871)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.180.67.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659871/; classtype:trojan-activity;sid:84522971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659872)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.163.13.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659872/; classtype:trojan-activity;sid:84522972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659869)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.163.13.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659869/; classtype:trojan-activity;sid:84522969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659868)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.62.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659868/; classtype:trojan-activity;sid:84522968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659867)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.9.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659867/; classtype:trojan-activity;sid:84522967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659866)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.167.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659866/; classtype:trojan-activity;sid:84522966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659865)"; flow:established,from_client; content:"GET"; http_method; content:"/vqmmrdjise.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"an.tqh2e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659865/; classtype:trojan-activity;sid:84522965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659864)"; flow:established,from_client; content:"GET"; http_method; content:"/dz.check|3f|t=nde9rnuu"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"p.n726z.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659864/; classtype:trojan-activity;sid:84522964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659863)"; flow:established,from_client; content:"GET"; http_method; content:"/3oix1fw8wn.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"l.f-07y.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659863/; classtype:trojan-activity;sid:84522963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659862)"; flow:established,from_client; content:"GET"; http_method; content:"/dz.check|3f|t=mmyjsemf"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"p.n726z.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659862/; classtype:trojan-activity;sid:84522962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659861)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.230.38.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659861/; classtype:trojan-activity;sid:84522961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659860)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.146.224.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659860/; classtype:trojan-activity;sid:84522960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659859)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.150.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659859/; classtype:trojan-activity;sid:84522959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659858)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"96.247.176.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659858/; classtype:trojan-activity;sid:84522958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659857)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.215.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659857/; classtype:trojan-activity;sid:84522957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659856)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.93.108.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659856/; classtype:trojan-activity;sid:84522956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659855)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.150.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659855/; classtype:trojan-activity;sid:84522955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659854)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.89.145.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659854/; classtype:trojan-activity;sid:84522954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659853)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.92.133"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659853/; classtype:trojan-activity;sid:84522953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659852)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.188.90.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659852/; classtype:trojan-activity;sid:84522952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659851)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.93.108.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659851/; classtype:trojan-activity;sid:84522951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659850)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659850/; classtype:trojan-activity;sid:84522950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659849)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.92.133"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659849/; classtype:trojan-activity;sid:84522949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659848)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.215.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659848/; classtype:trojan-activity;sid:84522948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659847)"; flow:established,from_client; content:"GET"; http_method; content:"/w2n.check|3f|t=2h4gghsa"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"x.t938q.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659847/; classtype:trojan-activity;sid:84522947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659846)"; flow:established,from_client; content:"GET"; http_method; content:"/6n32bk9tfg.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"aa.m-05o.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659846/; classtype:trojan-activity;sid:84522946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659845)"; flow:established,from_client; content:"GET"; http_method; content:"/chvqnn1xn7.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"an.tqh2e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659845/; classtype:trojan-activity;sid:84522945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659844)"; flow:established,from_client; content:"GET"; http_method; content:"/w2n.check|3f|t=3deaih58"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"x.t938q.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659844/; classtype:trojan-activity;sid:84522944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659843)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.77.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659843/; classtype:trojan-activity;sid:84522943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659842)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.232.229.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659842/; classtype:trojan-activity;sid:84522942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659841)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.200.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659841/; classtype:trojan-activity;sid:84522941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659840)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.7.222.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659840/; classtype:trojan-activity;sid:84522940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659839)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.232.229.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659839/; classtype:trojan-activity;sid:84522939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659838)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.200.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659838/; classtype:trojan-activity;sid:84522938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659836)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.77.52.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659836/; classtype:trojan-activity;sid:84522936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659837)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.198.240.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659837/; classtype:trojan-activity;sid:84522937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659835)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.77.51.179"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659835/; classtype:trojan-activity;sid:84522935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659834)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.77.52.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659834/; classtype:trojan-activity;sid:84522934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659833)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.77.52.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659833/; classtype:trojan-activity;sid:84522933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659832)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"223.198.240.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659832/; classtype:trojan-activity;sid:84522932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659831)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"191.54.163.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659831/; classtype:trojan-activity;sid:84522931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659830)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"138.188.35.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659830/; classtype:trojan-activity;sid:84522930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659829)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"191.54.163.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659829/; classtype:trojan-activity;sid:84522929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659828)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"106.122.174.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659828/; classtype:trojan-activity;sid:84522928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659827)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.198.240.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659827/; classtype:trojan-activity;sid:84522927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659826)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"177.116.222.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659826/; classtype:trojan-activity;sid:84522926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659825)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"191.54.163.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659825/; classtype:trojan-activity;sid:84522925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659824)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"191.54.163.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659824/; classtype:trojan-activity;sid:84522924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659822)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"138.188.35.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659822/; classtype:trojan-activity;sid:84522922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659823)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"106.122.174.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659823/; classtype:trojan-activity;sid:84522923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659820)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"184.105.33.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659820/; classtype:trojan-activity;sid:84522920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659821)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"223.198.240.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659821/; classtype:trojan-activity;sid:84522921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659818)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.122.174.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659818/; classtype:trojan-activity;sid:84522918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659819)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"177.116.222.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659819/; classtype:trojan-activity;sid:84522919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659815)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.95.50.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659815/; classtype:trojan-activity;sid:84522915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659816)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"106.122.174.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659816/; classtype:trojan-activity;sid:84522916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659817)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"218.95.50.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659817/; classtype:trojan-activity;sid:84522917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659814)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"184.105.33.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659814/; classtype:trojan-activity;sid:84522914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659813)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"218.95.50.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659813/; classtype:trojan-activity;sid:84522913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659808)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.77.51.179"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659808/; classtype:trojan-activity;sid:84522908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659809)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.95.50.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659809/; classtype:trojan-activity;sid:84522909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659810)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"223.198.240.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659810/; classtype:trojan-activity;sid:84522910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659811)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"223.198.240.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659811/; classtype:trojan-activity;sid:84522911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659812)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"218.95.50.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659812/; classtype:trojan-activity;sid:84522912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659807)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"184.105.33.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659807/; classtype:trojan-activity;sid:84522907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659806)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"184.105.33.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659806/; classtype:trojan-activity;sid:84522906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659805)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"202.104.139.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659805/; classtype:trojan-activity;sid:84522905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659804)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"106.122.174.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659804/; classtype:trojan-activity;sid:84522904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659799)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"184.105.33.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659799/; classtype:trojan-activity;sid:84522899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659800)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"218.95.50.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659800/; classtype:trojan-activity;sid:84522900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659801)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.77.51.179"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659801/; classtype:trojan-activity;sid:84522901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659802)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"104.187.164.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659802/; classtype:trojan-activity;sid:84522902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659803)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"202.104.139.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659803/; classtype:trojan-activity;sid:84522903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659795)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"191.54.163.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659795/; classtype:trojan-activity;sid:84522895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659796)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.82.169.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659796/; classtype:trojan-activity;sid:84522896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659797)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.82.169.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659797/; classtype:trojan-activity;sid:84522897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659798)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"42.113.173.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659798/; classtype:trojan-activity;sid:84522898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659794)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"42.113.173.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659794/; classtype:trojan-activity;sid:84522894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659787)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"184.105.33.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659787/; classtype:trojan-activity;sid:84522887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659788)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"42.113.173.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659788/; classtype:trojan-activity;sid:84522888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659789)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"202.104.139.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659789/; classtype:trojan-activity;sid:84522889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659790)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"42.113.173.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659790/; classtype:trojan-activity;sid:84522890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659791)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"106.122.174.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659791/; classtype:trojan-activity;sid:84522891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659792)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.104.139.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659792/; classtype:trojan-activity;sid:84522892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659793)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.248.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659793/; classtype:trojan-activity;sid:84522893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659786)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.122.174.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659786/; classtype:trojan-activity;sid:84522886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659777)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"202.104.139.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659777/; classtype:trojan-activity;sid:84522877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659778)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"42.113.173.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659778/; classtype:trojan-activity;sid:84522878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659779)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.77.52.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659779/; classtype:trojan-activity;sid:84522879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659780)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"184.105.33.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659780/; classtype:trojan-activity;sid:84522880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659781)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"138.188.35.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659781/; classtype:trojan-activity;sid:84522881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659782)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.77.52.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659782/; classtype:trojan-activity;sid:84522882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659783)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"223.198.240.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659783/; classtype:trojan-activity;sid:84522883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659784)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"191.54.163.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659784/; classtype:trojan-activity;sid:84522884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659785)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"191.54.163.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659785/; classtype:trojan-activity;sid:84522885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659774)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.41.107.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659774/; classtype:trojan-activity;sid:84522874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659775)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"121.41.107.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659775/; classtype:trojan-activity;sid:84522875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659776)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.104.139.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659776/; classtype:trojan-activity;sid:84522876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659773)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"202.104.139.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659773/; classtype:trojan-activity;sid:84522873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659771)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"121.41.107.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659771/; classtype:trojan-activity;sid:84522871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659772)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"121.41.107.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659772/; classtype:trojan-activity;sid:84522872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659770)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pb/conting%c3%aancia/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659770/; classtype:trojan-activity;sid:84522870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659769)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/18/09/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659769/; classtype:trojan-activity;sid:84522869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659768)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.222.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659768/; classtype:trojan-activity;sid:84522868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659763)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/sp/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659763/; classtype:trojan-activity;sid:84522863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659764)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000640/2020-07-23/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659764/; classtype:trojan-activity;sid:84522864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659765)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pa/conting%c3%aancia/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659765/; classtype:trojan-activity;sid:84522865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659766)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-12-16/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659766/; classtype:trojan-activity;sid:84522866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659767)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pe/conting%c3%aancia/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659767/; classtype:trojan-activity;sid:84522867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659761)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/sp/normal/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659761/; classtype:trojan-activity;sid:84522861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659762)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/ma/normal/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659762/; classtype:trojan-activity;sid:84522862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659752)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/ma/normal/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659752/; classtype:trojan-activity;sid:84522852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659753)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pb/conting%c3%aancia/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659753/; classtype:trojan-activity;sid:84522853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659754)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pa/conting%c3%aancia/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659754/; classtype:trojan-activity;sid:84522854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659755)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pe/normal/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659755/; classtype:trojan-activity;sid:84522855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659756)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000640/2020-05-11/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659756/; classtype:trojan-activity;sid:84522856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659757)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/ma/conting%c3%aancia/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659757/; classtype:trojan-activity;sid:84522857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659758)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pa/conting%c3%aancia/homologa%c3%a7%c3%a3o/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659758/; classtype:trojan-activity;sid:84522858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659759)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pe/normal/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659759/; classtype:trojan-activity;sid:84522859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659760)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/ma/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659760/; classtype:trojan-activity;sid:84522860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659746)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/ma/conting%c3%aancia/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659746/; classtype:trojan-activity;sid:84522846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659747)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/sp/conting%c3%aancia/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659747/; classtype:trojan-activity;sid:84522847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659748)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pe/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659748/; classtype:trojan-activity;sid:84522848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659749)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pa/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659749/; classtype:trojan-activity;sid:84522849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659750)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pe/conting%c3%aancia/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659750/; classtype:trojan-activity;sid:84522850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659751)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pb/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659751/; classtype:trojan-activity;sid:84522851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659745)"; flow:established,from_client; content:"GET"; http_method; content:"/givwgbvjyh.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"an.tqh2e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659745/; classtype:trojan-activity;sid:84522845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659744)"; flow:established,from_client; content:"GET"; http_method; content:"/ra0.google|3f|t=617wpgf1"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"h9m.t938q.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659744/; classtype:trojan-activity;sid:84522844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659743)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.222.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659743/; classtype:trojan-activity;sid:84522843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659742)"; flow:established,from_client; content:"GET"; http_method; content:"/bjqpyezbou.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"h1.m-05o.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659742/; classtype:trojan-activity;sid:84522842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659741)"; flow:established,from_client; content:"GET"; http_method; content:"/ra0.google|3f|t=p9qnqw37"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"h9m.t938q.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659741/; classtype:trojan-activity;sid:84522841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659740)"; flow:established,from_client; content:"GET"; http_method; content:"/0v9.check|3f|t=3u79pnve"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"tq.t938q.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659740/; classtype:trojan-activity;sid:84522840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659739)"; flow:established,from_client; content:"GET"; http_method; content:"/m3y1uxgiro.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"an.tqh2e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659739/; classtype:trojan-activity;sid:84522839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659738)"; flow:established,from_client; content:"GET"; http_method; content:"/pzjc2xb8pl.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pz8.m-05o.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659738/; classtype:trojan-activity;sid:84522838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659737)"; flow:established,from_client; content:"GET"; http_method; content:"/0v9.check|3f|t=4cceg7wy"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"tq.t938q.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659737/; classtype:trojan-activity;sid:84522837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659736)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.241.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659736/; classtype:trojan-activity;sid:84522836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659735)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.248.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659735/; classtype:trojan-activity;sid:84522835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659734)"; flow:established,from_client; content:"GET"; http_method; content:"/g1utv6ijqm.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pz8.m-05o.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659734/; classtype:trojan-activity;sid:84522834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659733)"; flow:established,from_client; content:"GET"; http_method; content:"/pk2.google|3f|t=j39buxyg"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"z1.t938q.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659733/; classtype:trojan-activity;sid:84522833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659732)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.62.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659732/; classtype:trojan-activity;sid:84522832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659730)"; flow:established,from_client; content:"GET"; http_method; content:"/twldca6gvd.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"an.tqh2e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659730/; classtype:trojan-activity;sid:84522830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659731)"; flow:established,from_client; content:"GET"; http_method; content:"/pk2.google|3f|t=wcz0yq4c"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"z1.t938q.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659731/; classtype:trojan-activity;sid:84522831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659729)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.222.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659729/; classtype:trojan-activity;sid:84522829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659728)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.111.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659728/; classtype:trojan-activity;sid:84522828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659727)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.9.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659727/; classtype:trojan-activity;sid:84522827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659726)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.157.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659726/; classtype:trojan-activity;sid:84522826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659725)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.179.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659725/; classtype:trojan-activity;sid:84522825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659724)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.145.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659724/; classtype:trojan-activity;sid:84522824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659723)"; flow:established,from_client; content:"GET"; http_method; content:"/scvhost.vbs"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"respaldo2.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659723/; classtype:trojan-activity;sid:84522823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659722)"; flow:established,from_client; content:"GET"; http_method; content:"/proceso.vbs"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"runds.duckdns.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659722/; classtype:trojan-activity;sid:84522822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659720)"; flow:established,from_client; content:"GET"; http_method; content:"/proceso.vbs"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"respaldo2.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659720/; classtype:trojan-activity;sid:84522820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659721)"; flow:established,from_client; content:"GET"; http_method; content:"/scvhost.vbs"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"runds.duckdns.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659721/; classtype:trojan-activity;sid:84522821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659719)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.196.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659719/; classtype:trojan-activity;sid:84522819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659718)"; flow:established,from_client; content:"GET"; http_method; content:"/7cnqnadyyr.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"d.m-05o.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659718/; classtype:trojan-activity;sid:84522818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659717)"; flow:established,from_client; content:"GET"; http_method; content:"/m3.check|3f|t=f3shytp8"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"bd.t938q.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659717/; classtype:trojan-activity;sid:84522817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659716)"; flow:established,from_client; content:"GET"; http_method; content:"/l7jc4860yx.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"an.tqh2e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659716/; classtype:trojan-activity;sid:84522816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659715)"; flow:established,from_client; content:"GET"; http_method; content:"/m3.check|3f|t=ux3vzxvg"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"bd.t938q.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659715/; classtype:trojan-activity;sid:84522815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659714)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.69.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659714/; classtype:trojan-activity;sid:84522814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659712)"; flow:established,from_client; content:"GET"; http_method; content:"/b03s6y08q3.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"d.m-05o.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659712/; classtype:trojan-activity;sid:84522812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659713)"; flow:established,from_client; content:"GET"; http_method; content:"/4ta.google|3f|t=hawv7d2y"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"q7.t938q.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659713/; classtype:trojan-activity;sid:84522813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659711)"; flow:established,from_client; content:"GET"; http_method; content:"/lnqvqdalcy.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"an.tqh2e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659711/; classtype:trojan-activity;sid:84522811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659710)"; flow:established,from_client; content:"GET"; http_method; content:"/4ta.google|3f|t=wuvd79au"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"q7.t938q.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659710/; classtype:trojan-activity;sid:84522810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659709)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.103.0.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659709/; classtype:trojan-activity;sid:84522809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659708)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.145.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659708/; classtype:trojan-activity;sid:84522808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659707)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.103.0.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659707/; classtype:trojan-activity;sid:84522807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659706)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.196.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659706/; classtype:trojan-activity;sid:84522806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659705)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.51.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659705/; classtype:trojan-activity;sid:84522805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659704)"; flow:established,from_client; content:"GET"; http_method; content:"/oqbrtege68.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"an.tqh2e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659704/; classtype:trojan-activity;sid:84522804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659703)"; flow:established,from_client; content:"GET"; http_method; content:"/yn.check|3f|t=tm7lderl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"a.t938q.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659703/; classtype:trojan-activity;sid:84522803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659702)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.173.166.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659702/; classtype:trojan-activity;sid:84522802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659701)"; flow:established,from_client; content:"GET"; http_method; content:"/k7voow5rhu.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"an.tqh2e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659701/; classtype:trojan-activity;sid:84522801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659700)"; flow:established,from_client; content:"GET"; http_method; content:"/fk91.google|3f|t=8xzg4jfv"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"cm.m935w.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659700/; classtype:trojan-activity;sid:84522800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659698)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.42.252.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659698/; classtype:trojan-activity;sid:84522798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659699)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.86.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659699/; classtype:trojan-activity;sid:84522799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659697)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.173.166.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659697/; classtype:trojan-activity;sid:84522797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659696)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659696/; classtype:trojan-activity;sid:84522796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659695)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.252.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659695/; classtype:trojan-activity;sid:84522795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659694)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.121.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659694/; classtype:trojan-activity;sid:84522794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659693)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.188.0.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659693/; classtype:trojan-activity;sid:84522793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659692)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.104.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659692/; classtype:trojan-activity;sid:84522792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659691)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.86.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659691/; classtype:trojan-activity;sid:84522791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659690)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.69.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659690/; classtype:trojan-activity;sid:84522790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659689)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.135.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659689/; classtype:trojan-activity;sid:84522789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659688)"; flow:established,from_client; content:"GET"; http_method; content:"/az4.check|3f|t=0364d4p8"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"y7.m935w.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659688/; classtype:trojan-activity;sid:84522788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659687)"; flow:established,from_client; content:"GET"; http_method; content:"/k8ejj3fpa0.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"an.tqh2e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659687/; classtype:trojan-activity;sid:84522787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659686)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659686/; classtype:trojan-activity;sid:84522786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659685)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.191.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659685/; classtype:trojan-activity;sid:84522785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659684)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.121.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659684/; classtype:trojan-activity;sid:84522784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659683)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.75.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659683/; classtype:trojan-activity;sid:84522783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659682)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.237.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659682/; classtype:trojan-activity;sid:84522782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659681)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.94.31.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659681/; classtype:trojan-activity;sid:84522781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659680)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.104.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659680/; classtype:trojan-activity;sid:84522780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659679)"; flow:established,from_client; content:"GET"; http_method; content:"/7mhgvievms.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"hm.h-29i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659679/; classtype:trojan-activity;sid:84522779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659678)"; flow:established,from_client; content:"GET"; http_method; content:"/0nq.google|3f|t=0f24tke1"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"u.m935w.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659678/; classtype:trojan-activity;sid:84522778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659677)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.188.0.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659677/; classtype:trojan-activity;sid:84522777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659676)"; flow:established,from_client; content:"GET"; http_method; content:"/lhjp0h3val.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"an.tqh2e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659676/; classtype:trojan-activity;sid:84522776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659675)"; flow:established,from_client; content:"GET"; http_method; content:"/0nq.google|3f|t=htym0qpq"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"u.m935w.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659675/; classtype:trojan-activity;sid:84522775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659674)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.58.227.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659674/; classtype:trojan-activity;sid:84522774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659673)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.156.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659673/; classtype:trojan-activity;sid:84522773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659672)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.237.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659672/; classtype:trojan-activity;sid:84522772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659671)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.191.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659671/; classtype:trojan-activity;sid:84522771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659670)"; flow:established,from_client; content:"GET"; http_method; content:"/sosten.vbs"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.remcos7770.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659670/; classtype:trojan-activity;sid:84522770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659669)"; flow:established,from_client; content:"GET"; http_method; content:"/sostener.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.remcos7770.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659669/; classtype:trojan-activity;sid:84522769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659668)"; flow:established,from_client; content:"GET"; http_method; content:"/proceso.vbs"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.remcos7770.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659668/; classtype:trojan-activity;sid:84522768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659667)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.50.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659667/; classtype:trojan-activity;sid:84522767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659666)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.105.76.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659666/; classtype:trojan-activity;sid:84522766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659665)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.176.252.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659665/; classtype:trojan-activity;sid:84522765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659664)"; flow:established,from_client; content:"GET"; http_method; content:"/tb0.check|3f|t=xwgoxgj6"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"r3.m935w.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659664/; classtype:trojan-activity;sid:84522764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659663)"; flow:established,from_client; content:"GET"; http_method; content:"/29eseym2lc.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"hm.h-29i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659663/; classtype:trojan-activity;sid:84522763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659662)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.188.67.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659662/; classtype:trojan-activity;sid:84522762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659659)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.20.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659659/; classtype:trojan-activity;sid:84522759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659660)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.251.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659660/; classtype:trojan-activity;sid:84522760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659661)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.75.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659661/; classtype:trojan-activity;sid:84522761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659658)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.164.202.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659658/; classtype:trojan-activity;sid:84522758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659656)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.140.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659656/; classtype:trojan-activity;sid:84522756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659657)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.41.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659657/; classtype:trojan-activity;sid:84522757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659655)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.39.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659655/; classtype:trojan-activity;sid:84522755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659654)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.98.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659654/; classtype:trojan-activity;sid:84522754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659653)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.99.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659653/; classtype:trojan-activity;sid:84522753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659652)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.208.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659652/; classtype:trojan-activity;sid:84522752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659651)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.156.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659651/; classtype:trojan-activity;sid:84522751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659650)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.248.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659650/; classtype:trojan-activity;sid:84522750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659649)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.126.86.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659649/; classtype:trojan-activity;sid:84522749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659648)"; flow:established,from_client; content:"GET"; http_method; content:"/phsbucz69p.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t1.h-29i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659648/; classtype:trojan-activity;sid:84522748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659647)"; flow:established,from_client; content:"GET"; http_method; content:"/m2.google|3f|t=pzc7bk5o"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ve.m935w.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659647/; classtype:trojan-activity;sid:84522747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659646)"; flow:established,from_client; content:"GET"; http_method; content:"/74wtqzdl1m.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"an.tqh2e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659646/; classtype:trojan-activity;sid:84522746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659645)"; flow:established,from_client; content:"GET"; http_method; content:"/m2.google|3f|t=oohvfoly"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ve.m935w.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659645/; classtype:trojan-activity;sid:84522745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659644)"; flow:established,from_client; content:"GET"; http_method; content:"/n84kqulvuu.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qz9.h-29i.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659644/; classtype:trojan-activity;sid:84522744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659643)"; flow:established,from_client; content:"GET"; http_method; content:"/1v3.check|3f|t=fften9qw"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"k8.m935w.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659643/; classtype:trojan-activity;sid:84522743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659642)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.141.29.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659642/; classtype:trojan-activity;sid:84522742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659641)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.53.140.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659641/; classtype:trojan-activity;sid:84522741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659639)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.99.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659639/; classtype:trojan-activity;sid:84522739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659640)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.247.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659640/; classtype:trojan-activity;sid:84522740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659638)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.197.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659638/; classtype:trojan-activity;sid:84522738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659635)"; flow:established,from_client; content:"GET"; http_method; content:"/qvj5ntmdf7.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"an.tqh2e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659635/; classtype:trojan-activity;sid:84522735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659636)"; flow:established,from_client; content:"GET"; http_method; content:"/cwyxphuzlc.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qz9.h-29i.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659636/; classtype:trojan-activity;sid:84522736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659637)"; flow:established,from_client; content:"GET"; http_method; content:"/d4.google|3f|t=xzjzt1ek"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"p.m935w.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659637/; classtype:trojan-activity;sid:84522737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659634)"; flow:established,from_client; content:"GET"; http_method; content:"/d4.google|3f|t=pz3in5n7"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"p.m935w.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659634/; classtype:trojan-activity;sid:84522734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659633)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.248.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659633/; classtype:trojan-activity;sid:84522733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659632)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.190.0.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659632/; classtype:trojan-activity;sid:84522732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659631)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.208.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659631/; classtype:trojan-activity;sid:84522731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659630)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.205.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659630/; classtype:trojan-activity;sid:84522730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659629)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.242.239.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659629/; classtype:trojan-activity;sid:84522729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659628)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.74.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659628/; classtype:trojan-activity;sid:84522728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659627)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.190.0.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659627/; classtype:trojan-activity;sid:84522727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659625)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.29.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659625/; classtype:trojan-activity;sid:84522725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659626)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.91.80.125"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659626/; classtype:trojan-activity;sid:84522726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659624)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.197.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659624/; classtype:trojan-activity;sid:84522724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659623)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.205.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659623/; classtype:trojan-activity;sid:84522723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659622)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.150.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659622/; classtype:trojan-activity;sid:84522722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659621)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.1.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659621/; classtype:trojan-activity;sid:84522721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659620)"; flow:established,from_client; content:"GET"; http_method; content:"/mpcqczi3x5.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2.h-29i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659620/; classtype:trojan-activity;sid:84522720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659619)"; flow:established,from_client; content:"GET"; http_method; content:"/pq04.google|3f|t=2efg57v8"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"c1m.w135v.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659619/; classtype:trojan-activity;sid:84522719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659618)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.87.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659618/; classtype:trojan-activity;sid:84522718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659616)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.91.80.125"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659616/; classtype:trojan-activity;sid:84522716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659617)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.87.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659617/; classtype:trojan-activity;sid:84522717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659615)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.83.163.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659615/; classtype:trojan-activity;sid:84522715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659613)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.150.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659613/; classtype:trojan-activity;sid:84522713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659614)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.169.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659614/; classtype:trojan-activity;sid:84522714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659611)"; flow:established,from_client; content:"GET"; http_method; content:"/1bc7bd5c7m.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"an.tqh2e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659611/; classtype:trojan-activity;sid:84522711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659612)"; flow:established,from_client; content:"GET"; http_method; content:"/pq04.google|3f|t=wo4gd7hc"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"c1m.w135v.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659612/; classtype:trojan-activity;sid:84522712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659610)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.84.104.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659610/; classtype:trojan-activity;sid:84522710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659609)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.82.78.169"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659609/; classtype:trojan-activity;sid:84522709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659608)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.51.199"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659608/; classtype:trojan-activity;sid:84522708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659607)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.82.1.228"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659607/; classtype:trojan-activity;sid:84522707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659606)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.84.110.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659606/; classtype:trojan-activity;sid:84522706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659605)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.248.217.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659605/; classtype:trojan-activity;sid:84522705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659603)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.82.40.11"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659603/; classtype:trojan-activity;sid:84522703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659604)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.83.27.210"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659604/; classtype:trojan-activity;sid:84522704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659602)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.251.83.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659602/; classtype:trojan-activity;sid:84522702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659601)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.83.5.230"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659601/; classtype:trojan-activity;sid:84522701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659600)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.164.92.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659600/; classtype:trojan-activity;sid:84522700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659599)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.84.56.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659599/; classtype:trojan-activity;sid:84522699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659598)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"145.249.186.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659598/; classtype:trojan-activity;sid:84522698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659597)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.248.217.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659597/; classtype:trojan-activity;sid:84522697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659596)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"183.130.253.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659596/; classtype:trojan-activity;sid:84522696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659593)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"14.107.43.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659593/; classtype:trojan-activity;sid:84522693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659594)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.102.226.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659594/; classtype:trojan-activity;sid:84522694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659595)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"184.105.33.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659595/; classtype:trojan-activity;sid:84522695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659592)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.48.27.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659592/; classtype:trojan-activity;sid:84522692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659591)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.84.169.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659591/; classtype:trojan-activity;sid:84522691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659589)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"201.223.240.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659589/; classtype:trojan-activity;sid:84522689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659590)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.107.43.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659590/; classtype:trojan-activity;sid:84522690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659587)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.251.83.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659587/; classtype:trojan-activity;sid:84522687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659588)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"60.189.32.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659588/; classtype:trojan-activity;sid:84522688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659585)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"183.130.253.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659585/; classtype:trojan-activity;sid:84522685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659586)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"184.105.33.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659586/; classtype:trojan-activity;sid:84522686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659584)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.225.220.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659584/; classtype:trojan-activity;sid:84522684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659581)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"218.102.226.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659581/; classtype:trojan-activity;sid:84522681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659582)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"1.164.92.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659582/; classtype:trojan-activity;sid:84522682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659583)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"42.112.147.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659583/; classtype:trojan-activity;sid:84522683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659579)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"42.112.147.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659579/; classtype:trojan-activity;sid:84522679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659580)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"42.112.147.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659580/; classtype:trojan-activity;sid:84522680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659573)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.130.253.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659573/; classtype:trojan-activity;sid:84522673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659574)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.130.253.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659574/; classtype:trojan-activity;sid:84522674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659575)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"116.48.27.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659575/; classtype:trojan-activity;sid:84522675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659576)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"42.112.147.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659576/; classtype:trojan-activity;sid:84522676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659577)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"1.164.92.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659577/; classtype:trojan-activity;sid:84522677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659578)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"121.145.107.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659578/; classtype:trojan-activity;sid:84522678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659569)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.225.220.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659569/; classtype:trojan-activity;sid:84522669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659570)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"184.105.33.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659570/; classtype:trojan-activity;sid:84522670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659571)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"60.189.32.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659571/; classtype:trojan-activity;sid:84522671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659572)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.223.240.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659572/; classtype:trojan-activity;sid:84522672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659568)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"1.164.92.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659568/; classtype:trojan-activity;sid:84522668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659565)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.226.135.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659565/; classtype:trojan-activity;sid:84522665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659566)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.251.83.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659566/; classtype:trojan-activity;sid:84522666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659567)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.225.220.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659567/; classtype:trojan-activity;sid:84522667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659564)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"181.1.214.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659564/; classtype:trojan-activity;sid:84522664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659562)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"201.223.240.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659562/; classtype:trojan-activity;sid:84522662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659563)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"60.189.32.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659563/; classtype:trojan-activity;sid:84522663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659560)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"1.164.92.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659560/; classtype:trojan-activity;sid:84522660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659561)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.48.27.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659561/; classtype:trojan-activity;sid:84522661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659558)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"113.248.217.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659558/; classtype:trojan-activity;sid:84522658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659559)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"218.102.226.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659559/; classtype:trojan-activity;sid:84522659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659553)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.248.217.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659553/; classtype:trojan-activity;sid:84522653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659554)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.251.83.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659554/; classtype:trojan-activity;sid:84522654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659555)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.48.27.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659555/; classtype:trojan-activity;sid:84522655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659556)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.248.217.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659556/; classtype:trojan-activity;sid:84522656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659557)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"113.251.83.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659557/; classtype:trojan-activity;sid:84522657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659551)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"201.223.240.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659551/; classtype:trojan-activity;sid:84522651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659552)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"187.225.220.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659552/; classtype:trojan-activity;sid:84522652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659549)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.189.32.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659549/; classtype:trojan-activity;sid:84522649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659550)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"14.107.43.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659550/; classtype:trojan-activity;sid:84522650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659548)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"117.84.56.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659548/; classtype:trojan-activity;sid:84522648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659547)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"183.130.253.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659547/; classtype:trojan-activity;sid:84522647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659546)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"184.105.33.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659546/; classtype:trojan-activity;sid:84522646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659545)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"184.105.33.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659545/; classtype:trojan-activity;sid:84522645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659542)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"201.223.240.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659542/; classtype:trojan-activity;sid:84522642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659543)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.251.69.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659543/; classtype:trojan-activity;sid:84522643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659544)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.107.43.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659544/; classtype:trojan-activity;sid:84522644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659538)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"42.112.147.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659538/; classtype:trojan-activity;sid:84522638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659539)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"218.102.226.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659539/; classtype:trojan-activity;sid:84522639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659540)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.189.32.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659540/; classtype:trojan-activity;sid:84522640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659541)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.115.212.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659541/; classtype:trojan-activity;sid:84522641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659537)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"14.107.43.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659537/; classtype:trojan-activity;sid:84522637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659535)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.48.27.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659535/; classtype:trojan-activity;sid:84522635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659536)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"184.105.33.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659536/; classtype:trojan-activity;sid:84522636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659534)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"1.164.92.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659534/; classtype:trojan-activity;sid:84522634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659532)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"218.102.226.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659532/; classtype:trojan-activity;sid:84522632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659533)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.225.220.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659533/; classtype:trojan-activity;sid:84522633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659526)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"201.223.240.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659526/; classtype:trojan-activity;sid:84522626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659527)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.225.220.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659527/; classtype:trojan-activity;sid:84522627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659528)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.251.83.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659528/; classtype:trojan-activity;sid:84522628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659529)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.251.83.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659529/; classtype:trojan-activity;sid:84522629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659530)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.251.69.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659530/; classtype:trojan-activity;sid:84522630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659531)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.112.147.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659531/; classtype:trojan-activity;sid:84522631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659523)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"14.107.43.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659523/; classtype:trojan-activity;sid:84522623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659524)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.112.147.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659524/; classtype:trojan-activity;sid:84522624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659525)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"60.189.32.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659525/; classtype:trojan-activity;sid:84522625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659512)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.84.56.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659512/; classtype:trojan-activity;sid:84522612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659513)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.164.92.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659513/; classtype:trojan-activity;sid:84522613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659514)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"183.130.253.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659514/; classtype:trojan-activity;sid:84522614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659515)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.48.27.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659515/; classtype:trojan-activity;sid:84522615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659516)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.223.240.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659516/; classtype:trojan-activity;sid:84522616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659517)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"183.130.253.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659517/; classtype:trojan-activity;sid:84522617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659518)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.48.27.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659518/; classtype:trojan-activity;sid:84522618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659519)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.102.226.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659519/; classtype:trojan-activity;sid:84522619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659520)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"218.102.226.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659520/; classtype:trojan-activity;sid:84522620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659521)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"60.189.32.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659521/; classtype:trojan-activity;sid:84522621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659522)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.225.220.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659522/; classtype:trojan-activity;sid:84522622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659508)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.248.217.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659508/; classtype:trojan-activity;sid:84522608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659509)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"14.107.43.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659509/; classtype:trojan-activity;sid:84522609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659510)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.248.217.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659510/; classtype:trojan-activity;sid:84522610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659511)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"184.105.33.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659511/; classtype:trojan-activity;sid:84522611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659507)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"113.251.69.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659507/; classtype:trojan-activity;sid:84522607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659506)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.169.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659506/; classtype:trojan-activity;sid:84522606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659505)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.35.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659505/; classtype:trojan-activity;sid:84522605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659504)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.87.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659504/; classtype:trojan-activity;sid:84522604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659503)"; flow:established,from_client; content:"GET"; http_method; content:"/1rm.check|3f|t=c6ll8dqq"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"wz.w135v.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659503/; classtype:trojan-activity;sid:84522603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659502)"; flow:established,from_client; content:"GET"; http_method; content:"/osgv1zy0ch.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"i.tqh2e.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659502/; classtype:trojan-activity;sid:84522602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659501)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.125.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659501/; classtype:trojan-activity;sid:84522601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659500)"; flow:established,from_client; content:"GET"; http_method; content:"/1rm.check|3f|t=xxvj6r93"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"wz.w135v.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659500/; classtype:trojan-activity;sid:84522600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659499)"; flow:established,from_client; content:"GET"; http_method; content:"/8dvooghxb1.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k.h-29i.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659499/; classtype:trojan-activity;sid:84522599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659498)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.227.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659498/; classtype:trojan-activity;sid:84522598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659497)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.53.202.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659497/; classtype:trojan-activity;sid:84522597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659496)"; flow:established,from_client; content:"GET"; http_method; content:"/o7rz5c6hem.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m6.4-z493.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659496/; classtype:trojan-activity;sid:84522596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659495)"; flow:established,from_client; content:"GET"; http_method; content:"/zz9.google|3f|t=jhltak5b"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"h2.w135v.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659495/; classtype:trojan-activity;sid:84522595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659493)"; flow:established,from_client; content:"GET"; http_method; content:"/zz9.google|3f|t=xarvh2tk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"h2.w135v.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659493/; classtype:trojan-activity;sid:84522593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659494)"; flow:established,from_client; content:"GET"; http_method; content:"/n16y8thrcw.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"i.tqh2e.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659494/; classtype:trojan-activity;sid:84522594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659489)"; flow:established,from_client; content:"GET"; http_method; content:"/csk_arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"180.93.42.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659489/; classtype:trojan-activity;sid:84522589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659490)"; flow:established,from_client; content:"GET"; http_method; content:"/csk_mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"180.93.42.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659490/; classtype:trojan-activity;sid:84522590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659491)"; flow:established,from_client; content:"GET"; http_method; content:"/csk_mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"180.93.42.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659491/; classtype:trojan-activity;sid:84522591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659492)"; flow:established,from_client; content:"GET"; http_method; content:"/csk_arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"180.93.42.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659492/; classtype:trojan-activity;sid:84522592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659482)"; flow:established,from_client; content:"GET"; http_method; content:"/csk_arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"180.93.42.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659482/; classtype:trojan-activity;sid:84522582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659483)"; flow:established,from_client; content:"GET"; http_method; content:"/csk_ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"180.93.42.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659483/; classtype:trojan-activity;sid:84522583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659484)"; flow:established,from_client; content:"GET"; http_method; content:"/csk_arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"180.93.42.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659484/; classtype:trojan-activity;sid:84522584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659485)"; flow:established,from_client; content:"GET"; http_method; content:"/csk_m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"180.93.42.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659485/; classtype:trojan-activity;sid:84522585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659486)"; flow:established,from_client; content:"GET"; http_method; content:"/csk_x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"180.93.42.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659486/; classtype:trojan-activity;sid:84522586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659487)"; flow:established,from_client; content:"GET"; http_method; content:"/csk_spc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"180.93.42.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659487/; classtype:trojan-activity;sid:84522587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659488)"; flow:established,from_client; content:"GET"; http_method; content:"/csk_x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"180.93.42.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659488/; classtype:trojan-activity;sid:84522588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659481)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.125.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659481/; classtype:trojan-activity;sid:84522581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659480)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.214.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659480/; classtype:trojan-activity;sid:84522580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659479)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.127.52.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659479/; classtype:trojan-activity;sid:84522579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659478)"; flow:established,from_client; content:"GET"; http_method; content:"/5a2s3v4wbm.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t1.4-z493.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659478/; classtype:trojan-activity;sid:84522578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659477)"; flow:established,from_client; content:"GET"; http_method; content:"/aa.check|3f|t=b2dqzkau"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"q.w135v.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659477/; classtype:trojan-activity;sid:84522577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659476)"; flow:established,from_client; content:"GET"; http_method; content:"/aa.check|3f|t=i51dmzvw"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"q.w135v.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659476/; classtype:trojan-activity;sid:84522576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659475)"; flow:established,from_client; content:"GET"; http_method; content:"/d4fo84dkmj.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"i.tqh2e.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659475/; classtype:trojan-activity;sid:84522575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659474)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.202.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659474/; classtype:trojan-activity;sid:84522574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659473)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.227.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659473/; classtype:trojan-activity;sid:84522573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659472)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.214.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659472/; classtype:trojan-activity;sid:84522572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659471)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"106.41.138.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659471/; classtype:trojan-activity;sid:84522571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659470)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-07-31/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659470/; classtype:trojan-activity;sid:84522570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659469)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659469/; classtype:trojan-activity;sid:84522569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659468)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-03-31/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659468/; classtype:trojan-activity;sid:84522568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659466)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-06-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659466/; classtype:trojan-activity;sid:84522566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659467)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659467/; classtype:trojan-activity;sid:84522567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659464)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-09-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659464/; classtype:trojan-activity;sid:84522564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659465)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-03-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659465/; classtype:trojan-activity;sid:84522565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659460)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-12-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659460/; classtype:trojan-activity;sid:84522560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659461)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-10-15/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659461/; classtype:trojan-activity;sid:84522561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659462)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-03-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659462/; classtype:trojan-activity;sid:84522562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659463)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-11-29/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659463/; classtype:trojan-activity;sid:84522563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659454)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-10-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659454/; classtype:trojan-activity;sid:84522554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659455)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-03-11/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659455/; classtype:trojan-activity;sid:84522555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659456)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659456/; classtype:trojan-activity;sid:84522556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659457)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-11-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659457/; classtype:trojan-activity;sid:84522557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659458)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-07-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659458/; classtype:trojan-activity;sid:84522558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659459)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-07-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659459/; classtype:trojan-activity;sid:84522559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659449)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-08-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659449/; classtype:trojan-activity;sid:84522549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659450)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-03-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659450/; classtype:trojan-activity;sid:84522550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659451)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-09-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659451/; classtype:trojan-activity;sid:84522551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659452)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-12-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659452/; classtype:trojan-activity;sid:84522552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659453)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-04-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659453/; classtype:trojan-activity;sid:84522553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659444)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-02-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659444/; classtype:trojan-activity;sid:84522544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659445)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-11-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659445/; classtype:trojan-activity;sid:84522545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659446)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-10-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659446/; classtype:trojan-activity;sid:84522546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659447)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-07-20/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659447/; classtype:trojan-activity;sid:84522547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659448)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-07-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659448/; classtype:trojan-activity;sid:84522548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659440)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-02-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659440/; classtype:trojan-activity;sid:84522540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659441)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-23/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659441/; classtype:trojan-activity;sid:84522541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659442)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-03-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659442/; classtype:trojan-activity;sid:84522542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659443)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-02-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659443/; classtype:trojan-activity;sid:84522543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659437)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-01-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659437/; classtype:trojan-activity;sid:84522537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659438)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-02-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659438/; classtype:trojan-activity;sid:84522538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659439)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-09-29/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659439/; classtype:trojan-activity;sid:84522539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659435)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-11-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659435/; classtype:trojan-activity;sid:84522535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659436)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-12-21/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659436/; classtype:trojan-activity;sid:84522536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659432)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-11-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659432/; classtype:trojan-activity;sid:84522532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659433)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-07-29/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659433/; classtype:trojan-activity;sid:84522533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659434)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659434/; classtype:trojan-activity;sid:84522534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659429)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-01-22/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659429/; classtype:trojan-activity;sid:84522529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659430)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-10-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659430/; classtype:trojan-activity;sid:84522530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659431)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-08-29/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659431/; classtype:trojan-activity;sid:84522531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659428)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-09-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659428/; classtype:trojan-activity;sid:84522528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659425)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-01-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659425/; classtype:trojan-activity;sid:84522525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659426)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-07-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659426/; classtype:trojan-activity;sid:84522526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659427)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659427/; classtype:trojan-activity;sid:84522527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659424)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-11-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659424/; classtype:trojan-activity;sid:84522524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659419)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-10-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659419/; classtype:trojan-activity;sid:84522519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659420)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-07-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659420/; classtype:trojan-activity;sid:84522520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659421)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-10-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659421/; classtype:trojan-activity;sid:84522521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659422)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-11-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659422/; classtype:trojan-activity;sid:84522522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659423)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659423/; classtype:trojan-activity;sid:84522523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659416)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-05-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659416/; classtype:trojan-activity;sid:84522516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659417)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-11-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659417/; classtype:trojan-activity;sid:84522517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659418)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659418/; classtype:trojan-activity;sid:84522518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659415)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-11-21/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659415/; classtype:trojan-activity;sid:84522515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659413)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-06-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659413/; classtype:trojan-activity;sid:84522513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659414)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-01-30/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659414/; classtype:trojan-activity;sid:84522514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659410)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-01-25/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659410/; classtype:trojan-activity;sid:84522510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659411)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-02-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659411/; classtype:trojan-activity;sid:84522511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659412)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-12-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659412/; classtype:trojan-activity;sid:84522512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659406)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-01-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659406/; classtype:trojan-activity;sid:84522506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659407)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659407/; classtype:trojan-activity;sid:84522507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659408)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-09-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659408/; classtype:trojan-activity;sid:84522508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659409)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-01-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659409/; classtype:trojan-activity;sid:84522509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659403)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-03-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659403/; classtype:trojan-activity;sid:84522503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659404)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-04-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659404/; classtype:trojan-activity;sid:84522504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659405)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-06-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659405/; classtype:trojan-activity;sid:84522505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659402)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-06-24/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659402/; classtype:trojan-activity;sid:84522502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659399)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659399/; classtype:trojan-activity;sid:84522499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659400)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-11-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659400/; classtype:trojan-activity;sid:84522500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659401)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-02-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659401/; classtype:trojan-activity;sid:84522501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659398)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000677/2024-11-02/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659398/; classtype:trojan-activity;sid:84522498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659393)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-06-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659393/; classtype:trojan-activity;sid:84522493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659394)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-08-02/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659394/; classtype:trojan-activity;sid:84522494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659395)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-10-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659395/; classtype:trojan-activity;sid:84522495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659396)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-04-07/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659396/; classtype:trojan-activity;sid:84522496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659397)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-10-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659397/; classtype:trojan-activity;sid:84522497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659391)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-08-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659391/; classtype:trojan-activity;sid:84522491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659392)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-01-22/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659392/; classtype:trojan-activity;sid:84522492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659389)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-03-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659389/; classtype:trojan-activity;sid:84522489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659390)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659390/; classtype:trojan-activity;sid:84522490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659388)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-12-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659388/; classtype:trojan-activity;sid:84522488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659384)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-10-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659384/; classtype:trojan-activity;sid:84522484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659385)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-01-15/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659385/; classtype:trojan-activity;sid:84522485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659386)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-12-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659386/; classtype:trojan-activity;sid:84522486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659387)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659387/; classtype:trojan-activity;sid:84522487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659376)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-11-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659376/; classtype:trojan-activity;sid:84522476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659377)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-07-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659377/; classtype:trojan-activity;sid:84522477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659378)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-12-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659378/; classtype:trojan-activity;sid:84522478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659379)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-10-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659379/; classtype:trojan-activity;sid:84522479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659380)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-11-17/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659380/; classtype:trojan-activity;sid:84522480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659381)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-01-29/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659381/; classtype:trojan-activity;sid:84522481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659382)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-02-28/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659382/; classtype:trojan-activity;sid:84522482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659383)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-03-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659383/; classtype:trojan-activity;sid:84522483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659369)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-07-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659369/; classtype:trojan-activity;sid:84522469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659370)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-10-20/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659370/; classtype:trojan-activity;sid:84522470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659371)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659371/; classtype:trojan-activity;sid:84522471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659372)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-01-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659372/; classtype:trojan-activity;sid:84522472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659373)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-08-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659373/; classtype:trojan-activity;sid:84522473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659374)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-01-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659374/; classtype:trojan-activity;sid:84522474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659375)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-09-29/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659375/; classtype:trojan-activity;sid:84522475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659366)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659366/; classtype:trojan-activity;sid:84522466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659367)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-01-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659367/; classtype:trojan-activity;sid:84522467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659368)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-12-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659368/; classtype:trojan-activity;sid:84522468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659365)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-07-12/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659365/; classtype:trojan-activity;sid:84522465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659363)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-09-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659363/; classtype:trojan-activity;sid:84522463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659364)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-11-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659364/; classtype:trojan-activity;sid:84522464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659362)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-11-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659362/; classtype:trojan-activity;sid:84522462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659361)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-06-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659361/; classtype:trojan-activity;sid:84522461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659360)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-05-18/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659360/; classtype:trojan-activity;sid:84522460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659358)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-01-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659358/; classtype:trojan-activity;sid:84522458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659359)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-11-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659359/; classtype:trojan-activity;sid:84522459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659355)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-04-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659355/; classtype:trojan-activity;sid:84522455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659356)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659356/; classtype:trojan-activity;sid:84522456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659357)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-08-21/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659357/; classtype:trojan-activity;sid:84522457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659354)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659354/; classtype:trojan-activity;sid:84522454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659353)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-12-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659353/; classtype:trojan-activity;sid:84522453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659347)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-01-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659347/; classtype:trojan-activity;sid:84522447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659348)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-08-15/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659348/; classtype:trojan-activity;sid:84522448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659349)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-01-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659349/; classtype:trojan-activity;sid:84522449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659350)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-05-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659350/; classtype:trojan-activity;sid:84522450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659351)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659351/; classtype:trojan-activity;sid:84522451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659352)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-04-14/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659352/; classtype:trojan-activity;sid:84522452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659341)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-08-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659341/; classtype:trojan-activity;sid:84522441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659342)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-08-25/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659342/; classtype:trojan-activity;sid:84522442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659343)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-03-24/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659343/; classtype:trojan-activity;sid:84522443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659344)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-12-28/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659344/; classtype:trojan-activity;sid:84522444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659345)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-05-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659345/; classtype:trojan-activity;sid:84522445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659346)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-01-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659346/; classtype:trojan-activity;sid:84522446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659340)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-11-18/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659340/; classtype:trojan-activity;sid:84522440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659339)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-08-01/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659339/; classtype:trojan-activity;sid:84522439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659337)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-12-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659337/; classtype:trojan-activity;sid:84522437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659338)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-03-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659338/; classtype:trojan-activity;sid:84522438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659329)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-08-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659329/; classtype:trojan-activity;sid:84522429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659330)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-11-12/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659330/; classtype:trojan-activity;sid:84522430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659331)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-03-21/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659331/; classtype:trojan-activity;sid:84522431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659332)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-02-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659332/; classtype:trojan-activity;sid:84522432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659333)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-02-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659333/; classtype:trojan-activity;sid:84522433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659334)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-10-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659334/; classtype:trojan-activity;sid:84522434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659335)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-09-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659335/; classtype:trojan-activity;sid:84522435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659336)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-10-28/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659336/; classtype:trojan-activity;sid:84522436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659326)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-05-12/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659326/; classtype:trojan-activity;sid:84522426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659327)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659327/; classtype:trojan-activity;sid:84522427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659328)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-01-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659328/; classtype:trojan-activity;sid:84522428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659324)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-07-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659324/; classtype:trojan-activity;sid:84522424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659325)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-11-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659325/; classtype:trojan-activity;sid:84522425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659321)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659321/; classtype:trojan-activity;sid:84522421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659322)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-03-18/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659322/; classtype:trojan-activity;sid:84522422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659323)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-07-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659323/; classtype:trojan-activity;sid:84522423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659319)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-09-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659319/; classtype:trojan-activity;sid:84522419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659320)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-09-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659320/; classtype:trojan-activity;sid:84522420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659317)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-09-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659317/; classtype:trojan-activity;sid:84522417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659318)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-03-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659318/; classtype:trojan-activity;sid:84522418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659310)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-11-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659310/; classtype:trojan-activity;sid:84522410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659311)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-12-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659311/; classtype:trojan-activity;sid:84522411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659312)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-03-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659312/; classtype:trojan-activity;sid:84522412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659313)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-08-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659313/; classtype:trojan-activity;sid:84522413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659314)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-07-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659314/; classtype:trojan-activity;sid:84522414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659315)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-02-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659315/; classtype:trojan-activity;sid:84522415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659316)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-09-29/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659316/; classtype:trojan-activity;sid:84522416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659308)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-02-17/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659308/; classtype:trojan-activity;sid:84522408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659309)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-01-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659309/; classtype:trojan-activity;sid:84522409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659305)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-03-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659305/; classtype:trojan-activity;sid:84522405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659306)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-02-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659306/; classtype:trojan-activity;sid:84522406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659307)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-03-22/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659307/; classtype:trojan-activity;sid:84522407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659302)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-04-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659302/; classtype:trojan-activity;sid:84522402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659303)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-04-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659303/; classtype:trojan-activity;sid:84522403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659304)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659304/; classtype:trojan-activity;sid:84522404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659301)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-12-29/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659301/; classtype:trojan-activity;sid:84522401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659300)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-05-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659300/; classtype:trojan-activity;sid:84522400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659297)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-01-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659297/; classtype:trojan-activity;sid:84522397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659298)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-02-24/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659298/; classtype:trojan-activity;sid:84522398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659299)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-03-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659299/; classtype:trojan-activity;sid:84522399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659292)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-03-29/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659292/; classtype:trojan-activity;sid:84522392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659293)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-02-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659293/; classtype:trojan-activity;sid:84522393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659294)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-12-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659294/; classtype:trojan-activity;sid:84522394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659295)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-01-21/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659295/; classtype:trojan-activity;sid:84522395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659296)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-12-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659296/; classtype:trojan-activity;sid:84522396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659291)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-09-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659291/; classtype:trojan-activity;sid:84522391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659283)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-01-20/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659283/; classtype:trojan-activity;sid:84522383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659284)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-10-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659284/; classtype:trojan-activity;sid:84522384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659285)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-09-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659285/; classtype:trojan-activity;sid:84522385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659286)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-12-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659286/; classtype:trojan-activity;sid:84522386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659287)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-09-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659287/; classtype:trojan-activity;sid:84522387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659288)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-06-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659288/; classtype:trojan-activity;sid:84522388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659289)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-12-01/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659289/; classtype:trojan-activity;sid:84522389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659290)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-03-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659290/; classtype:trojan-activity;sid:84522390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659279)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-09-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659279/; classtype:trojan-activity;sid:84522379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659280)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-11-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659280/; classtype:trojan-activity;sid:84522380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659281)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-03-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659281/; classtype:trojan-activity;sid:84522381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659282)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-10-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659282/; classtype:trojan-activity;sid:84522382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659275)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-03-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659275/; classtype:trojan-activity;sid:84522375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659276)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-09-17/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659276/; classtype:trojan-activity;sid:84522376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659277)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659277/; classtype:trojan-activity;sid:84522377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659278)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2021-04-20/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659278/; classtype:trojan-activity;sid:84522378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659274)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-05-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659274/; classtype:trojan-activity;sid:84522374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659270)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-12-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659270/; classtype:trojan-activity;sid:84522370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659271)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-07-07/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659271/; classtype:trojan-activity;sid:84522371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659272)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-07-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659272/; classtype:trojan-activity;sid:84522372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659273)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659273/; classtype:trojan-activity;sid:84522373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659265)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-09-15/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659265/; classtype:trojan-activity;sid:84522365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659266)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659266/; classtype:trojan-activity;sid:84522366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659267)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-07-22/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659267/; classtype:trojan-activity;sid:84522367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659268)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2022-01-04/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659268/; classtype:trojan-activity;sid:84522368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659269)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-08-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659269/; classtype:trojan-activity;sid:84522369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659262)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-04-29/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659262/; classtype:trojan-activity;sid:84522362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659263)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-11-19/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659263/; classtype:trojan-activity;sid:84522363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659264)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-08-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659264/; classtype:trojan-activity;sid:84522364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659260)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-03-20/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659260/; classtype:trojan-activity;sid:84522360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659261)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-02-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659261/; classtype:trojan-activity;sid:84522361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659259)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-02-12/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659259/; classtype:trojan-activity;sid:84522359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659258)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-11-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659258/; classtype:trojan-activity;sid:84522358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659256)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-02-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659256/; classtype:trojan-activity;sid:84522356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659257)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-05-20/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659257/; classtype:trojan-activity;sid:84522357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659254)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659254/; classtype:trojan-activity;sid:84522354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659255)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-02-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659255/; classtype:trojan-activity;sid:84522355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659248)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-03-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659248/; classtype:trojan-activity;sid:84522348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659249)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659249/; classtype:trojan-activity;sid:84522349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659250)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-01-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659250/; classtype:trojan-activity;sid:84522350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659251)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.127.52.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659251/; classtype:trojan-activity;sid:84522351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659252)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-09-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659252/; classtype:trojan-activity;sid:84522352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659253)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-04-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659253/; classtype:trojan-activity;sid:84522353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659246)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-08-19/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659246/; classtype:trojan-activity;sid:84522346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659247)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-12-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659247/; classtype:trojan-activity;sid:84522347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659243)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-11-24/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659243/; classtype:trojan-activity;sid:84522343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659244)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-07-28/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659244/; classtype:trojan-activity;sid:84522344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659245)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-01-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659245/; classtype:trojan-activity;sid:84522345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659242)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659242/; classtype:trojan-activity;sid:84522342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659240)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-06-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659240/; classtype:trojan-activity;sid:84522340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659241)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-03-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659241/; classtype:trojan-activity;sid:84522341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659238)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-11-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659238/; classtype:trojan-activity;sid:84522338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659239)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-11-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659239/; classtype:trojan-activity;sid:84522339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659235)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-11-17/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659235/; classtype:trojan-activity;sid:84522335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659236)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-08-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659236/; classtype:trojan-activity;sid:84522336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659237)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-03-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659237/; classtype:trojan-activity;sid:84522337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659233)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-03-31/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659233/; classtype:trojan-activity;sid:84522333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659234)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-11-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659234/; classtype:trojan-activity;sid:84522334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659227)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659227/; classtype:trojan-activity;sid:84522327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659228)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659228/; classtype:trojan-activity;sid:84522328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659229)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-05-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659229/; classtype:trojan-activity;sid:84522329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659230)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-06-21/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659230/; classtype:trojan-activity;sid:84522330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659231)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-07-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659231/; classtype:trojan-activity;sid:84522331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659232)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-12-21/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659232/; classtype:trojan-activity;sid:84522332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659226)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-08-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659226/; classtype:trojan-activity;sid:84522326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659225)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-10-25/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659225/; classtype:trojan-activity;sid:84522325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659223)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-11-21/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659223/; classtype:trojan-activity;sid:84522323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659224)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-11-25/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659224/; classtype:trojan-activity;sid:84522324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659221)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-07-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659221/; classtype:trojan-activity;sid:84522321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659222)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.41.138.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659222/; classtype:trojan-activity;sid:84522322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659219)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-03-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659219/; classtype:trojan-activity;sid:84522319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659220)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-06-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659220/; classtype:trojan-activity;sid:84522320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659216)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-10-17/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659216/; classtype:trojan-activity;sid:84522316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659217)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-01-29/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659217/; classtype:trojan-activity;sid:84522317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659218)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-01-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659218/; classtype:trojan-activity;sid:84522318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659212)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-12-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659212/; classtype:trojan-activity;sid:84522312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659213)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-11-08/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659213/; classtype:trojan-activity;sid:84522313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659214)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-08-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659214/; classtype:trojan-activity;sid:84522314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659215)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-11-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659215/; classtype:trojan-activity;sid:84522315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659207)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-01-18/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659207/; classtype:trojan-activity;sid:84522307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659208)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-06-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659208/; classtype:trojan-activity;sid:84522308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659209)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-04-15/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659209/; classtype:trojan-activity;sid:84522309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659210)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-02-22/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659210/; classtype:trojan-activity;sid:84522310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659211)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-08-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659211/; classtype:trojan-activity;sid:84522311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659205)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-01-17/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659205/; classtype:trojan-activity;sid:84522305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659206)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-04-22/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659206/; classtype:trojan-activity;sid:84522306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659203)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-05-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659203/; classtype:trojan-activity;sid:84522303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659204)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-11-20/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659204/; classtype:trojan-activity;sid:84522304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659202)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-07-17/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659202/; classtype:trojan-activity;sid:84522302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659200)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-01-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659200/; classtype:trojan-activity;sid:84522300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659201)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-12-12/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659201/; classtype:trojan-activity;sid:84522301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659198)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-07-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659198/; classtype:trojan-activity;sid:84522298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659199)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-12-31/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659199/; classtype:trojan-activity;sid:84522299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659194)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-10-01/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659194/; classtype:trojan-activity;sid:84522294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659195)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-08-17/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659195/; classtype:trojan-activity;sid:84522295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659196)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-07-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659196/; classtype:trojan-activity;sid:84522296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659197)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-05-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659197/; classtype:trojan-activity;sid:84522297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659191)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-07-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659191/; classtype:trojan-activity;sid:84522291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659192)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-10-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659192/; classtype:trojan-activity;sid:84522292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659193)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-05-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659193/; classtype:trojan-activity;sid:84522293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659190)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-06-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659190/; classtype:trojan-activity;sid:84522290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659189)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-01-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659189/; classtype:trojan-activity;sid:84522289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659180)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-10-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659180/; classtype:trojan-activity;sid:84522280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659181)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-03-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659181/; classtype:trojan-activity;sid:84522281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659182)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-11-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659182/; classtype:trojan-activity;sid:84522282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659183)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2023-10-17/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659183/; classtype:trojan-activity;sid:84522283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659184)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659184/; classtype:trojan-activity;sid:84522284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659185)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-10-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659185/; classtype:trojan-activity;sid:84522285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659186)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-07-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659186/; classtype:trojan-activity;sid:84522286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659187)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-06-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659187/; classtype:trojan-activity;sid:84522287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659188)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-07-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659188/; classtype:trojan-activity;sid:84522288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659178)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-11-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659178/; classtype:trojan-activity;sid:84522278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659179)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-12-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659179/; classtype:trojan-activity;sid:84522279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659177)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-05-31/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659177/; classtype:trojan-activity;sid:84522277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659176)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-01-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659176/; classtype:trojan-activity;sid:84522276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659172)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2023-04-24/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659172/; classtype:trojan-activity;sid:84522272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659173)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-12-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659173/; classtype:trojan-activity;sid:84522273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659174)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-01-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659174/; classtype:trojan-activity;sid:84522274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659175)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-02-01/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659175/; classtype:trojan-activity;sid:84522275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659171)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-10-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659171/; classtype:trojan-activity;sid:84522271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659170)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-10-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659170/; classtype:trojan-activity;sid:84522270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659169)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-01-21/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659169/; classtype:trojan-activity;sid:84522269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659168)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-01-21/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659168/; classtype:trojan-activity;sid:84522268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659167)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-06-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659167/; classtype:trojan-activity;sid:84522267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659164)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-02-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659164/; classtype:trojan-activity;sid:84522264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659165)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-01-18/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659165/; classtype:trojan-activity;sid:84522265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659166)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-01-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659166/; classtype:trojan-activity;sid:84522266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659159)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-04-17/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659159/; classtype:trojan-activity;sid:84522259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659160)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-09-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659160/; classtype:trojan-activity;sid:84522260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659161)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-04-24/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659161/; classtype:trojan-activity;sid:84522261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659162)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-10-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659162/; classtype:trojan-activity;sid:84522262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659163)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-03-17/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659163/; classtype:trojan-activity;sid:84522263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659156)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-01-20/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659156/; classtype:trojan-activity;sid:84522256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659157)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-11-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659157/; classtype:trojan-activity;sid:84522257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659158)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-01-31/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659158/; classtype:trojan-activity;sid:84522258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659153)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-05-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659153/; classtype:trojan-activity;sid:84522253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659154)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659154/; classtype:trojan-activity;sid:84522254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659155)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-12-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659155/; classtype:trojan-activity;sid:84522255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659150)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659150/; classtype:trojan-activity;sid:84522250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659151)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-11-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659151/; classtype:trojan-activity;sid:84522251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659152)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-10-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659152/; classtype:trojan-activity;sid:84522252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659145)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-09-22/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659145/; classtype:trojan-activity;sid:84522245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659146)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-07-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659146/; classtype:trojan-activity;sid:84522246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659147)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-11-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659147/; classtype:trojan-activity;sid:84522247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659148)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-07-05/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659148/; classtype:trojan-activity;sid:84522248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659149)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-04-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659149/; classtype:trojan-activity;sid:84522249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659141)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659141/; classtype:trojan-activity;sid:84522241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659142)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-02-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659142/; classtype:trojan-activity;sid:84522242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659143)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-02-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659143/; classtype:trojan-activity;sid:84522243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659144)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-04-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659144/; classtype:trojan-activity;sid:84522244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659138)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-09-02/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659138/; classtype:trojan-activity;sid:84522238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659139)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-06-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659139/; classtype:trojan-activity;sid:84522239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659140)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-09-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659140/; classtype:trojan-activity;sid:84522240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659137)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-10-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659137/; classtype:trojan-activity;sid:84522237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659134)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-08-30/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659134/; classtype:trojan-activity;sid:84522234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659135)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-12-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659135/; classtype:trojan-activity;sid:84522235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659136)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659136/; classtype:trojan-activity;sid:84522236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659133)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-05-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659133/; classtype:trojan-activity;sid:84522233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659131)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-11-12/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659131/; classtype:trojan-activity;sid:84522231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659132)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-06-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659132/; classtype:trojan-activity;sid:84522232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659130)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-07-06/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659130/; classtype:trojan-activity;sid:84522230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659126)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-05-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659126/; classtype:trojan-activity;sid:84522226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659127)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-11-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659127/; classtype:trojan-activity;sid:84522227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659128)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-11-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659128/; classtype:trojan-activity;sid:84522228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659129)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-11-01/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659129/; classtype:trojan-activity;sid:84522229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659124)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-03-28/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659124/; classtype:trojan-activity;sid:84522224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659125)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-06-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659125/; classtype:trojan-activity;sid:84522225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659121)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-11-30/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659121/; classtype:trojan-activity;sid:84522221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659122)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-07-01/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659122/; classtype:trojan-activity;sid:84522222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659123)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-10-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659123/; classtype:trojan-activity;sid:84522223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659118)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659118/; classtype:trojan-activity;sid:84522218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659119)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-23/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659119/; classtype:trojan-activity;sid:84522219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659120)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-01-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659120/; classtype:trojan-activity;sid:84522220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659117)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-08-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659117/; classtype:trojan-activity;sid:84522217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659115)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-08-12/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659115/; classtype:trojan-activity;sid:84522215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659116)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-05-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659116/; classtype:trojan-activity;sid:84522216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659114)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-06-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659114/; classtype:trojan-activity;sid:84522214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659111)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-07-28/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659111/; classtype:trojan-activity;sid:84522211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659112)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-11-12/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659112/; classtype:trojan-activity;sid:84522212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659113)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-01-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659113/; classtype:trojan-activity;sid:84522213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659107)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-11-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659107/; classtype:trojan-activity;sid:84522207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659108)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-12-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659108/; classtype:trojan-activity;sid:84522208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659109)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-07-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659109/; classtype:trojan-activity;sid:84522209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659110)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-12-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659110/; classtype:trojan-activity;sid:84522210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659105)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659105/; classtype:trojan-activity;sid:84522205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659106)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-11-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659106/; classtype:trojan-activity;sid:84522206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659103)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-11-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659103/; classtype:trojan-activity;sid:84522203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659104)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-02-20/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659104/; classtype:trojan-activity;sid:84522204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659102)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-04-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659102/; classtype:trojan-activity;sid:84522202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659101)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-06-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659101/; classtype:trojan-activity;sid:84522201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659099)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-07-29/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659099/; classtype:trojan-activity;sid:84522199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659100)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-04-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659100/; classtype:trojan-activity;sid:84522200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659097)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-12-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659097/; classtype:trojan-activity;sid:84522197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659098)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-03-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659098/; classtype:trojan-activity;sid:84522198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659087)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-07-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659087/; classtype:trojan-activity;sid:84522187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659088)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-01-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659088/; classtype:trojan-activity;sid:84522188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659089)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-09-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659089/; classtype:trojan-activity;sid:84522189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659090)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-12-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659090/; classtype:trojan-activity;sid:84522190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659091)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-11-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659091/; classtype:trojan-activity;sid:84522191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659092)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-05-20/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659092/; classtype:trojan-activity;sid:84522192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659093)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-07-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659093/; classtype:trojan-activity;sid:84522193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659094)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-10-30/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659094/; classtype:trojan-activity;sid:84522194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659095)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-09-26/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659095/; classtype:trojan-activity;sid:84522195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659096)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-07-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659096/; classtype:trojan-activity;sid:84522196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659084)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-02-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659084/; classtype:trojan-activity;sid:84522184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659085)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-10-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659085/; classtype:trojan-activity;sid:84522185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659086)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-05-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659086/; classtype:trojan-activity;sid:84522186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659082)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-07-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659082/; classtype:trojan-activity;sid:84522182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659083)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-09-20/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659083/; classtype:trojan-activity;sid:84522183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659077)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-03-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659077/; classtype:trojan-activity;sid:84522177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659078)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-11-18/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659078/; classtype:trojan-activity;sid:84522178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659079)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-05-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659079/; classtype:trojan-activity;sid:84522179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659080)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-05-27/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659080/; classtype:trojan-activity;sid:84522180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659081)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-11-18/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659081/; classtype:trojan-activity;sid:84522181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659076)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-03-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659076/; classtype:trojan-activity;sid:84522176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659075)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-09-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659075/; classtype:trojan-activity;sid:84522175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659073)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-02-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659073/; classtype:trojan-activity;sid:84522173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659074)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-01-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659074/; classtype:trojan-activity;sid:84522174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659069)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-11-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659069/; classtype:trojan-activity;sid:84522169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659070)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-10-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659070/; classtype:trojan-activity;sid:84522170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659071)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-01-12/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659071/; classtype:trojan-activity;sid:84522171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659072)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-03-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659072/; classtype:trojan-activity;sid:84522172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659068)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-04-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659068/; classtype:trojan-activity;sid:84522168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659067)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659067/; classtype:trojan-activity;sid:84522167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659062)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-04-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659062/; classtype:trojan-activity;sid:84522162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659063)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-03-24/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659063/; classtype:trojan-activity;sid:84522163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659064)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-08-22/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659064/; classtype:trojan-activity;sid:84522164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659065)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-07-06/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659065/; classtype:trojan-activity;sid:84522165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659066)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2022-02-25/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659066/; classtype:trojan-activity;sid:84522166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659056)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-09-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659056/; classtype:trojan-activity;sid:84522156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659057)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659057/; classtype:trojan-activity;sid:84522157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659058)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-12-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659058/; classtype:trojan-activity;sid:84522158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659059)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-03-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659059/; classtype:trojan-activity;sid:84522159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659060)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-02-24/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659060/; classtype:trojan-activity;sid:84522160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659061)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659061/; classtype:trojan-activity;sid:84522161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659049)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-01-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659049/; classtype:trojan-activity;sid:84522149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659050)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-09-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659050/; classtype:trojan-activity;sid:84522150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659051)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-07-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659051/; classtype:trojan-activity;sid:84522151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659052)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-04-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659052/; classtype:trojan-activity;sid:84522152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659053)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-12-22/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659053/; classtype:trojan-activity;sid:84522153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659054)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-12-17/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659054/; classtype:trojan-activity;sid:84522154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659055)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-05-28/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659055/; classtype:trojan-activity;sid:84522155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659047)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-10-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659047/; classtype:trojan-activity;sid:84522147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659048)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-01-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659048/; classtype:trojan-activity;sid:84522148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659043)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-01-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659043/; classtype:trojan-activity;sid:84522143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659044)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-12-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659044/; classtype:trojan-activity;sid:84522144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659045)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-07-24/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659045/; classtype:trojan-activity;sid:84522145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659046)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-06-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659046/; classtype:trojan-activity;sid:84522146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659040)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-08-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659040/; classtype:trojan-activity;sid:84522140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659041)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-07-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659041/; classtype:trojan-activity;sid:84522141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659042)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659042/; classtype:trojan-activity;sid:84522142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659038)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-07-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659038/; classtype:trojan-activity;sid:84522138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659039)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-11-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659039/; classtype:trojan-activity;sid:84522139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659037)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-07-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659037/; classtype:trojan-activity;sid:84522137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659036)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2022-12-13/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659036/; classtype:trojan-activity;sid:84522136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659035)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/02-2020/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659035/; classtype:trojan-activity;sid:84522135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659034)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/02102019084433/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659034/; classtype:trojan-activity;sid:84522134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659033)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/14092020084207/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659033/; classtype:trojan-activity;sid:84522133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659032)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/26112020085916/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659032/; classtype:trojan-activity;sid:84522132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659029)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/18102019111038/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659029/; classtype:trojan-activity;sid:84522129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659030)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/19122019073250/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659030/; classtype:trojan-activity;sid:84522130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659031)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15032020090651/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659031/; classtype:trojan-activity;sid:84522131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659027)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659027/; classtype:trojan-activity;sid:84522127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659028)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/25082019112646/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659028/; classtype:trojan-activity;sid:84522128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659025)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/04/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659025/; classtype:trojan-activity;sid:84522125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659026)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/09022020101638/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659026/; classtype:trojan-activity;sid:84522126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659024)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/16022020064629/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659024/; classtype:trojan-activity;sid:84522124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659023)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/02122019094630/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659023/; classtype:trojan-activity;sid:84522123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659022)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/02/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659022/; classtype:trojan-activity;sid:84522122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659020)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/25082019114000/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659020/; classtype:trojan-activity;sid:84522120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659021)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/08102020100008/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659021/; classtype:trojan-activity;sid:84522121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659019)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/10072020083751/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659019/; classtype:trojan-activity;sid:84522119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659017)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/06-2020/12/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659017/; classtype:trojan-activity;sid:84522117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659018)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/23092020092742/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659018/; classtype:trojan-activity;sid:84522118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659016)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/02022020073000/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659016/; classtype:trojan-activity;sid:84522116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659015)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/12012020104632/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659015/; classtype:trojan-activity;sid:84522115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659014)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/20022020082433/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659014/; classtype:trojan-activity;sid:84522114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659013)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-08-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659013/; classtype:trojan-activity;sid:84522113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659012)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/09112020092547/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659012/; classtype:trojan-activity;sid:84522112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659011)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/30102019072217/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659011/; classtype:trojan-activity;sid:84522111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659010)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/03-2020/01/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659010/; classtype:trojan-activity;sid:84522110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659009)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/06032020111840/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659009/; classtype:trojan-activity;sid:84522109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659008)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/27012020102618/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659008/; classtype:trojan-activity;sid:84522108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659007)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/24102019112253/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659007/; classtype:trojan-activity;sid:84522107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659006)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-07-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659006/; classtype:trojan-activity;sid:84522106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659005)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/13092019073440/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659005/; classtype:trojan-activity;sid:84522105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659004)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/02-2020/16/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659004/; classtype:trojan-activity;sid:84522104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658999)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-23/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658999/; classtype:trojan-activity;sid:84522099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659000)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-10-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659000/; classtype:trojan-activity;sid:84522100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659001)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/13092019111559/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659001/; classtype:trojan-activity;sid:84522101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659002)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/13022020111356/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659002/; classtype:trojan-activity;sid:84522102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659003)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-12-11/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659003/; classtype:trojan-activity;sid:84522103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658998)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/11-2020/25/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658998/; classtype:trojan-activity;sid:84522098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658996)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-12-19/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658996/; classtype:trojan-activity;sid:84522096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658997)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-06-13/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658997/; classtype:trojan-activity;sid:84522097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658994)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/11-2019/12/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658994/; classtype:trojan-activity;sid:84522094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658995)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/22052020090422/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658995/; classtype:trojan-activity;sid:84522095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658993)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/27112019140402/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658993/; classtype:trojan-activity;sid:84522093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658992)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-09-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658992/; classtype:trojan-activity;sid:84522092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658991)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000839/2022-11-26/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658991/; classtype:trojan-activity;sid:84522091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658990)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/12/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658990/; classtype:trojan-activity;sid:84522090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658989)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-07-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658989/; classtype:trojan-activity;sid:84522089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658988)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/02112019073947/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658988/; classtype:trojan-activity;sid:84522088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658987)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2020/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658987/; classtype:trojan-activity;sid:84522087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658984)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/19122019111433/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658984/; classtype:trojan-activity;sid:84522084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658985)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/17102019111450/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658985/; classtype:trojan-activity;sid:84522085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658986)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/12022020103210/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658986/; classtype:trojan-activity;sid:84522086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658983)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-06-04/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658983/; classtype:trojan-activity;sid:84522083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658981)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-04-14/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658981/; classtype:trojan-activity;sid:84522081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658982)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/14/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658982/; classtype:trojan-activity;sid:84522082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658980)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/31/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658980/; classtype:trojan-activity;sid:84522080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658979)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/16012020081006/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658979/; classtype:trojan-activity;sid:84522079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658978)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/02-2020/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658978/; classtype:trojan-activity;sid:84522078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658977)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2019-09-30/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658977/; classtype:trojan-activity;sid:84522077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658974)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/03-2020/09/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658974/; classtype:trojan-activity;sid:84522074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658975)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-04-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658975/; classtype:trojan-activity;sid:84522075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658976)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-08-17/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658976/; classtype:trojan-activity;sid:84522076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658973)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-11-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658973/; classtype:trojan-activity;sid:84522073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658971)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-10-01/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658971/; classtype:trojan-activity;sid:84522071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658972)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-08-31/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658972/; classtype:trojan-activity;sid:84522072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658970)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2025-01-09/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658970/; classtype:trojan-activity;sid:84522070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658968)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/30062020084236/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658968/; classtype:trojan-activity;sid:84522068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658969)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-11-25/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658969/; classtype:trojan-activity;sid:84522069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658966)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/21012020073716/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658966/; classtype:trojan-activity;sid:84522066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658967)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658967/; classtype:trojan-activity;sid:84522067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658963)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/03082019091209/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658963/; classtype:trojan-activity;sid:84522063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658964)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2020/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658964/; classtype:trojan-activity;sid:84522064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658965)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658965/; classtype:trojan-activity;sid:84522065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658962)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000721/2019-10-25/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658962/; classtype:trojan-activity;sid:84522062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658961)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-09-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658961/; classtype:trojan-activity;sid:84522061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658960)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-06-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658960/; classtype:trojan-activity;sid:84522060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658959)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-03-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658959/; classtype:trojan-activity;sid:84522059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658958)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/04-2020/25/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658958/; classtype:trojan-activity;sid:84522058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658957)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000721/2020-09-25/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658957/; classtype:trojan-activity;sid:84522057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658954)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2021-11-03/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658954/; classtype:trojan-activity;sid:84522054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658955)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/04012020075936/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658955/; classtype:trojan-activity;sid:84522055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658956)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2020-06-16/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658956/; classtype:trojan-activity;sid:84522056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658953)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/20122019090429/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658953/; classtype:trojan-activity;sid:84522053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658947)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2020/01/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658947/; classtype:trojan-activity;sid:84522047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658948)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-02-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658948/; classtype:trojan-activity;sid:84522048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658949)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/25012020103314/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658949/; classtype:trojan-activity;sid:84522049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658950)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/02-2020/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658950/; classtype:trojan-activity;sid:84522050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658951)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/25092019085125/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658951/; classtype:trojan-activity;sid:84522051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658952)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/11-2020/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658952/; classtype:trojan-activity;sid:84522052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658945)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-08-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658945/; classtype:trojan-activity;sid:84522045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658946)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-04-02/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658946/; classtype:trojan-activity;sid:84522046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658943)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658943/; classtype:trojan-activity;sid:84522043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658944)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658944/; classtype:trojan-activity;sid:84522044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658942)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/08022020102430/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658942/; classtype:trojan-activity;sid:84522042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658940)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-07-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658940/; classtype:trojan-activity;sid:84522040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658941)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/24112019093155/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658941/; classtype:trojan-activity;sid:84522041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658938)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-11-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658938/; classtype:trojan-activity;sid:84522038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658939)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/26082019085159/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658939/; classtype:trojan-activity;sid:84522039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658937)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/12-2019/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658937/; classtype:trojan-activity;sid:84522037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658933)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-01-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658933/; classtype:trojan-activity;sid:84522033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658934)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/20032020103652/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658934/; classtype:trojan-activity;sid:84522034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658935)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/01022020073820/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658935/; classtype:trojan-activity;sid:84522035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658936)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/05-2020/02/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658936/; classtype:trojan-activity;sid:84522036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658931)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/25062020092106/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658931/; classtype:trojan-activity;sid:84522031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658932)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658932/; classtype:trojan-activity;sid:84522032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658928)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-07-20/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658928/; classtype:trojan-activity;sid:84522028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658929)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/10082020083839/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658929/; classtype:trojan-activity;sid:84522029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658930)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000839/2023-01-06/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658930/; classtype:trojan-activity;sid:84522030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658927)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/25112019100904/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658927/; classtype:trojan-activity;sid:84522027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658923)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/01022020074721/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658923/; classtype:trojan-activity;sid:84522023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658924)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/03-2020/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658924/; classtype:trojan-activity;sid:84522024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658925)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-12-28/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658925/; classtype:trojan-activity;sid:84522025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658926)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2020/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658926/; classtype:trojan-activity;sid:84522026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658920)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-05-29/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658920/; classtype:trojan-activity;sid:84522020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658921)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/07-2020/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658921/; classtype:trojan-activity;sid:84522021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658922)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658922/; classtype:trojan-activity;sid:84522022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658918)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-07-29/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658918/; classtype:trojan-activity;sid:84522018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658919)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-01-28/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658919/; classtype:trojan-activity;sid:84522019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658915)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2020-08-16/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658915/; classtype:trojan-activity;sid:84522015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658916)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-06-15/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658916/; classtype:trojan-activity;sid:84522016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658917)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/20012020074152/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658917/; classtype:trojan-activity;sid:84522017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658913)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/07-2020/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658913/; classtype:trojan-activity;sid:84522013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658914)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/28102019124803/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658914/; classtype:trojan-activity;sid:84522014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658905)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/02-2020/25/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658905/; classtype:trojan-activity;sid:84522005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658906)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/07082019085049/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658906/; classtype:trojan-activity;sid:84522006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658907)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-04-20/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658907/; classtype:trojan-activity;sid:84522007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658908)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-03-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658908/; classtype:trojan-activity;sid:84522008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658909)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/18122019111713/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658909/; classtype:trojan-activity;sid:84522009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658910)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/30/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658910/; classtype:trojan-activity;sid:84522010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658911)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-22/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658911/; classtype:trojan-activity;sid:84522011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658912)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-06-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658912/; classtype:trojan-activity;sid:84522012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658903)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-07-30/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658903/; classtype:trojan-activity;sid:84522003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658904)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/05012020083458/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658904/; classtype:trojan-activity;sid:84522004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658902)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/07032020103438/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658902/; classtype:trojan-activity;sid:84522002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658898)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-01-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658898/; classtype:trojan-activity;sid:84521998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658899)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-08-03/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658899/; classtype:trojan-activity;sid:84521999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658900)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/22062020085933/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658900/; classtype:trojan-activity;sid:84522000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658901)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-10-18/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658901/; classtype:trojan-activity;sid:84522001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658895)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/14082019111536/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658895/; classtype:trojan-activity;sid:84521995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658896)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/12082019083210/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658896/; classtype:trojan-activity;sid:84521996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658897)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/29122019110754/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658897/; classtype:trojan-activity;sid:84521997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658891)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-06-18/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658891/; classtype:trojan-activity;sid:84521991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658892)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/31012020103024/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658892/; classtype:trojan-activity;sid:84521992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658893)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/30/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658893/; classtype:trojan-activity;sid:84521993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658894)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/09102019084351/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658894/; classtype:trojan-activity;sid:84521994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658890)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2021-03-05/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658890/; classtype:trojan-activity;sid:84521990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658889)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-05-22/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658889/; classtype:trojan-activity;sid:84521989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658884)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/24082020090253/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658884/; classtype:trojan-activity;sid:84521984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658885)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/02-2020/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658885/; classtype:trojan-activity;sid:84521985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658886)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-05-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658886/; classtype:trojan-activity;sid:84521986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658887)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/01/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658887/; classtype:trojan-activity;sid:84521987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658888)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-07-21/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658888/; classtype:trojan-activity;sid:84521988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658879)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658879/; classtype:trojan-activity;sid:84521979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658880)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/02-2020/16/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658880/; classtype:trojan-activity;sid:84521980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658881)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/02082019084250/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658881/; classtype:trojan-activity;sid:84521981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658882)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/30012020074634/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658882/; classtype:trojan-activity;sid:84521982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658883)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/22072020095444/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658883/; classtype:trojan-activity;sid:84521983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658878)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658878/; classtype:trojan-activity;sid:84521978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658874)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-01-29/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658874/; classtype:trojan-activity;sid:84521974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658875)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/07102020082312/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658875/; classtype:trojan-activity;sid:84521975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658876)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/02-2020/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658876/; classtype:trojan-activity;sid:84521976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658877)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/14/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658877/; classtype:trojan-activity;sid:84521977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658873)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/23012020103306/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658873/; classtype:trojan-activity;sid:84521973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658871)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-05-11/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658871/; classtype:trojan-activity;sid:84521971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658872)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/22012020083836/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658872/; classtype:trojan-activity;sid:84521972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658868)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/16092019081308/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658868/; classtype:trojan-activity;sid:84521968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658869)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-08-24/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658869/; classtype:trojan-activity;sid:84521969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658870)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658870/; classtype:trojan-activity;sid:84521970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658867)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000839/2023-01-22/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658867/; classtype:trojan-activity;sid:84521967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658866)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-03-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658866/; classtype:trojan-activity;sid:84521966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658862)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/06032020084705/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658862/; classtype:trojan-activity;sid:84521962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658863)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658863/; classtype:trojan-activity;sid:84521963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658864)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/08-2019/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658864/; classtype:trojan-activity;sid:84521964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658865)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/07-2020/07/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658865/; classtype:trojan-activity;sid:84521965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658861)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/03032020101713/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658861/; classtype:trojan-activity;sid:84521961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658860)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2023-02-08/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658860/; classtype:trojan-activity;sid:84521960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658859)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/12-2019/14/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658859/; classtype:trojan-activity;sid:84521959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658857)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/31012020141621/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658857/; classtype:trojan-activity;sid:84521957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658858)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-09-15/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658858/; classtype:trojan-activity;sid:84521958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658856)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/02-2020/05/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658856/; classtype:trojan-activity;sid:84521956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658854)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/09092020085515/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658854/; classtype:trojan-activity;sid:84521954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658855)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/22/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658855/; classtype:trojan-activity;sid:84521955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658853)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2021-12-20/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658853/; classtype:trojan-activity;sid:84521953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658852)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15122019103158/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658852/; classtype:trojan-activity;sid:84521952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658850)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-05-22/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658850/; classtype:trojan-activity;sid:84521950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658851)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/10-2019/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658851/; classtype:trojan-activity;sid:84521951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658849)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-11-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658849/; classtype:trojan-activity;sid:84521949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658848)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-22/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658848/; classtype:trojan-activity;sid:84521948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658847)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/19112020085207/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658847/; classtype:trojan-activity;sid:84521947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658846)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-09-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658846/; classtype:trojan-activity;sid:84521946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658844)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-03-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658844/; classtype:trojan-activity;sid:84521944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658845)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/15062020104329/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658845/; classtype:trojan-activity;sid:84521945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658842)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-08-31/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658842/; classtype:trojan-activity;sid:84521942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658843)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-07-15/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658843/; classtype:trojan-activity;sid:84521943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658837)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-07-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658837/; classtype:trojan-activity;sid:84521937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658838)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658838/; classtype:trojan-activity;sid:84521938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658839)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-12-18/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658839/; classtype:trojan-activity;sid:84521939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658840)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-11-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658840/; classtype:trojan-activity;sid:84521940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658841)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658841/; classtype:trojan-activity;sid:84521941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658836)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2020/14/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658836/; classtype:trojan-activity;sid:84521936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658831)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2022-06-01/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658831/; classtype:trojan-activity;sid:84521931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658832)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/12/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658832/; classtype:trojan-activity;sid:84521932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658833)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-08-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658833/; classtype:trojan-activity;sid:84521933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658834)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-01-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658834/; classtype:trojan-activity;sid:84521934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658835)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/30122019083201/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658835/; classtype:trojan-activity;sid:84521935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658830)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/9929/12032020153151/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658830/; classtype:trojan-activity;sid:84521930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658825)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/04-2020/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658825/; classtype:trojan-activity;sid:84521925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658826)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/27072020084358/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658826/; classtype:trojan-activity;sid:84521926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658827)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/9929/12032020133700/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658827/; classtype:trojan-activity;sid:84521927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658828)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/10-2019/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658828/; classtype:trojan-activity;sid:84521928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658829)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/10-2019/30/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658829/; classtype:trojan-activity;sid:84521929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658821)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/20052020090958/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658821/; classtype:trojan-activity;sid:84521921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658822)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-12-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658822/; classtype:trojan-activity;sid:84521922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658823)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-10-31/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658823/; classtype:trojan-activity;sid:84521923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658824)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/11022020102208/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658824/; classtype:trojan-activity;sid:84521924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658813)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/12/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658813/; classtype:trojan-activity;sid:84521913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658814)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/24012020083927/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658814/; classtype:trojan-activity;sid:84521914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658815)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-07-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658815/; classtype:trojan-activity;sid:84521915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658816)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658816/; classtype:trojan-activity;sid:84521916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658817)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/21072020093623/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658817/; classtype:trojan-activity;sid:84521917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658818)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-08-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658818/; classtype:trojan-activity;sid:84521918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658819)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2019/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658819/; classtype:trojan-activity;sid:84521919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658820)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-10-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658820/; classtype:trojan-activity;sid:84521920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658808)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2022-04-13/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658808/; classtype:trojan-activity;sid:84521908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658809)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-11-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658809/; classtype:trojan-activity;sid:84521909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658810)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/25122019075053/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658810/; classtype:trojan-activity;sid:84521910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658811)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/20102020083404/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658811/; classtype:trojan-activity;sid:84521911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658812)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-08-05/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658812/; classtype:trojan-activity;sid:84521912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658807)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/23092019082104/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658807/; classtype:trojan-activity;sid:84521907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658805)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/09-2020/04/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658805/; classtype:trojan-activity;sid:84521905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658806)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/23022020084448/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658806/; classtype:trojan-activity;sid:84521906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658803)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/02/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658803/; classtype:trojan-activity;sid:84521903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658804)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-07-30/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658804/; classtype:trojan-activity;sid:84521904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658801)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658801/; classtype:trojan-activity;sid:84521901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658802)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/11-2020/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658802/; classtype:trojan-activity;sid:84521902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658798)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/10-2019/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658798/; classtype:trojan-activity;sid:84521898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658799)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-06-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658799/; classtype:trojan-activity;sid:84521899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658800)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-08-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658800/; classtype:trojan-activity;sid:84521900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658796)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-05-29/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658796/; classtype:trojan-activity;sid:84521896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658797)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/9929/12032020113905/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658797/; classtype:trojan-activity;sid:84521897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658794)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-04-02/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658794/; classtype:trojan-activity;sid:84521894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658795)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-09-02/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658795/; classtype:trojan-activity;sid:84521895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658786)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-07-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658786/; classtype:trojan-activity;sid:84521886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658787)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-01-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658787/; classtype:trojan-activity;sid:84521887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658788)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-01-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658788/; classtype:trojan-activity;sid:84521888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658789)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/06-2020/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658789/; classtype:trojan-activity;sid:84521889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658790)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-06-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658790/; classtype:trojan-activity;sid:84521890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658791)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/25082019111905/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658791/; classtype:trojan-activity;sid:84521891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658792)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-11-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658792/; classtype:trojan-activity;sid:84521892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658793)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/21012020083050/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658793/; classtype:trojan-activity;sid:84521893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658784)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/10032020102753/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658784/; classtype:trojan-activity;sid:84521884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658785)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-02-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658785/; classtype:trojan-activity;sid:84521885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658783)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/11-2020/16/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658783/; classtype:trojan-activity;sid:84521883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658782)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000677/2024-05-27/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658782/; classtype:trojan-activity;sid:84521882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658778)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000640/2023-11-08/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658778/; classtype:trojan-activity;sid:84521878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658779)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-11-02/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658779/; classtype:trojan-activity;sid:84521879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658780)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-11-13/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658780/; classtype:trojan-activity;sid:84521880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658781)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/04305539000100/2020-07-06/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658781/; classtype:trojan-activity;sid:84521881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658770)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-06-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658770/; classtype:trojan-activity;sid:84521870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658771)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/09122019084056/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658771/; classtype:trojan-activity;sid:84521871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658772)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/14022020071643/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658772/; classtype:trojan-activity;sid:84521872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658773)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-08-18/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658773/; classtype:trojan-activity;sid:84521873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658774)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/03-2020/07/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658774/; classtype:trojan-activity;sid:84521874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658775)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/12-2019/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658775/; classtype:trojan-activity;sid:84521875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658776)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/20012020111030/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658776/; classtype:trojan-activity;sid:84521876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658777)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/19092019112515/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658777/; classtype:trojan-activity;sid:84521877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658769)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/10-2019/09/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658769/; classtype:trojan-activity;sid:84521869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658768)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/11-2019/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658768/; classtype:trojan-activity;sid:84521868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658767)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/04092020084339/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658767/; classtype:trojan-activity;sid:84521867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658763)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-09-17/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658763/; classtype:trojan-activity;sid:84521863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658764)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2020-01-03/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658764/; classtype:trojan-activity;sid:84521864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658765)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/28/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658765/; classtype:trojan-activity;sid:84521865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658766)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-06-18/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658766/; classtype:trojan-activity;sid:84521866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658761)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-11-23/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658761/; classtype:trojan-activity;sid:84521861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658762)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-04-29/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658762/; classtype:trojan-activity;sid:84521862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658759)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/07032020081614/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658759/; classtype:trojan-activity;sid:84521859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658760)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-04-16/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658760/; classtype:trojan-activity;sid:84521860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658757)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2019-10-06/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658757/; classtype:trojan-activity;sid:84521857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658758)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/11-2020/11/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658758/; classtype:trojan-activity;sid:84521858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658748)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658748/; classtype:trojan-activity;sid:84521848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658749)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/03-2020/12/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658749/; classtype:trojan-activity;sid:84521849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658750)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/24122019104849/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658750/; classtype:trojan-activity;sid:84521850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658751)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/22/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658751/; classtype:trojan-activity;sid:84521851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658752)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-10-14/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658752/; classtype:trojan-activity;sid:84521852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658753)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2019-11-04/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658753/; classtype:trojan-activity;sid:84521853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658754)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/05112019085201/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658754/; classtype:trojan-activity;sid:84521854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658755)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/06-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658755/; classtype:trojan-activity;sid:84521855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658756)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2022-10-07/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658756/; classtype:trojan-activity;sid:84521856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658746)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/22102020084229/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658746/; classtype:trojan-activity;sid:84521846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658747)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/05062020084755/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658747/; classtype:trojan-activity;sid:84521847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658745)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/02/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658745/; classtype:trojan-activity;sid:84521845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658744)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/01042020144319/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658744/; classtype:trojan-activity;sid:84521844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658740)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2021-02-28/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658740/; classtype:trojan-activity;sid:84521840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658741)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/08-2019/02/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658741/; classtype:trojan-activity;sid:84521841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658742)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-06-21/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658742/; classtype:trojan-activity;sid:84521842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658743)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/02-2020/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658743/; classtype:trojan-activity;sid:84521843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658739)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/14012020083431/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658739/; classtype:trojan-activity;sid:84521839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658735)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-11-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658735/; classtype:trojan-activity;sid:84521835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658736)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/27012020110730/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658736/; classtype:trojan-activity;sid:84521836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658737)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/30/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658737/; classtype:trojan-activity;sid:84521837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658738)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/27022020082832/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658738/; classtype:trojan-activity;sid:84521838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658733)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/21112019100237/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658733/; classtype:trojan-activity;sid:84521833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658734)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/02-2020/12/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658734/; classtype:trojan-activity;sid:84521834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658731)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/03112019070517/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658731/; classtype:trojan-activity;sid:84521831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658732)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/08032020071252/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658732/; classtype:trojan-activity;sid:84521832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658728)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/12-2019/22/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658728/; classtype:trojan-activity;sid:84521828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658729)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658729/; classtype:trojan-activity;sid:84521829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658730)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/22092019120500/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658730/; classtype:trojan-activity;sid:84521830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658726)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-03-28/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658726/; classtype:trojan-activity;sid:84521826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658727)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-07-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658727/; classtype:trojan-activity;sid:84521827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658725)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-05-02/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658725/; classtype:trojan-activity;sid:84521825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658724)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/18032020110859/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658724/; classtype:trojan-activity;sid:84521824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658723)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-01-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658723/; classtype:trojan-activity;sid:84521823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658721)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2021-10-04/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658721/; classtype:trojan-activity;sid:84521821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658722)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/03082020142629/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658722/; classtype:trojan-activity;sid:84521822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658720)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-10-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658720/; classtype:trojan-activity;sid:84521820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658718)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/27082019102541/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658718/; classtype:trojan-activity;sid:84521818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658719)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/03022020102826/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658719/; classtype:trojan-activity;sid:84521819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658716)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/14122019072107/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658716/; classtype:trojan-activity;sid:84521816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658717)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-01-12/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658717/; classtype:trojan-activity;sid:84521817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658713)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2024-07-03/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658713/; classtype:trojan-activity;sid:84521813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658714)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-10-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658714/; classtype:trojan-activity;sid:84521814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658715)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-06-22/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658715/; classtype:trojan-activity;sid:84521815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658712)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-09-01/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658712/; classtype:trojan-activity;sid:84521812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658711)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/16032020112426/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658711/; classtype:trojan-activity;sid:84521811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658709)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/19062020070009/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658709/; classtype:trojan-activity;sid:84521809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658710)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/14092020083259/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658710/; classtype:trojan-activity;sid:84521810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658706)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-10-17/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658706/; classtype:trojan-activity;sid:84521806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658707)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-12-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658707/; classtype:trojan-activity;sid:84521807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658708)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-03-20/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658708/; classtype:trojan-activity;sid:84521808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658705)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000839/2019-10-14/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658705/; classtype:trojan-activity;sid:84521805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658702)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/05112019071742/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658702/; classtype:trojan-activity;sid:84521802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658703)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658703/; classtype:trojan-activity;sid:84521803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658704)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000839/2021-05-11/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658704/; classtype:trojan-activity;sid:84521804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658696)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/14112019111430/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658696/; classtype:trojan-activity;sid:84521796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658697)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/10-2019/22/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658697/; classtype:trojan-activity;sid:84521797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658698)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/03082020090003/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658698/; classtype:trojan-activity;sid:84521798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658699)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-04-15/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658699/; classtype:trojan-activity;sid:84521799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658700)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/30102019110916/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658700/; classtype:trojan-activity;sid:84521800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658701)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-11-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658701/; classtype:trojan-activity;sid:84521801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658689)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2020-02-12/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658689/; classtype:trojan-activity;sid:84521789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658690)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2019/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658690/; classtype:trojan-activity;sid:84521790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658691)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/11012020084905/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658691/; classtype:trojan-activity;sid:84521791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658692)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-11-28/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658692/; classtype:trojan-activity;sid:84521792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658693)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/08-2019/09/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658693/; classtype:trojan-activity;sid:84521793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658694)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/08-2019/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658694/; classtype:trojan-activity;sid:84521794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658695)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-01-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658695/; classtype:trojan-activity;sid:84521795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658687)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658687/; classtype:trojan-activity;sid:84521787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658688)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/02122019130515/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658688/; classtype:trojan-activity;sid:84521788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658685)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-07-01/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658685/; classtype:trojan-activity;sid:84521785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658686)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-10-29/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658686/; classtype:trojan-activity;sid:84521786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658682)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/14042020090844/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658682/; classtype:trojan-activity;sid:84521782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658683)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/16/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658683/; classtype:trojan-activity;sid:84521783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658684)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/30072020090328/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658684/; classtype:trojan-activity;sid:84521784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658679)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/09012020073631/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658679/; classtype:trojan-activity;sid:84521779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658680)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-02-18/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658680/; classtype:trojan-activity;sid:84521780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658681)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/05022020103349/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658681/; classtype:trojan-activity;sid:84521781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658678)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/14012020101406/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658678/; classtype:trojan-activity;sid:84521778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658677)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658677/; classtype:trojan-activity;sid:84521777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658676)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-03-29/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658676/; classtype:trojan-activity;sid:84521776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658671)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/05092019101555/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658671/; classtype:trojan-activity;sid:84521771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658672)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/01032020102326/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658672/; classtype:trojan-activity;sid:84521772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658673)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-02-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658673/; classtype:trojan-activity;sid:84521773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658674)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/17012020111119/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658674/; classtype:trojan-activity;sid:84521774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658675)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/10-2019/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658675/; classtype:trojan-activity;sid:84521775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658670)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658670/; classtype:trojan-activity;sid:84521770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658666)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-12-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658666/; classtype:trojan-activity;sid:84521766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658667)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/11012020064019/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658667/; classtype:trojan-activity;sid:84521767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658668)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/02-2020/14/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658668/; classtype:trojan-activity;sid:84521768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658669)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-02-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658669/; classtype:trojan-activity;sid:84521769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658661)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/08-2019/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658661/; classtype:trojan-activity;sid:84521761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658662)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/14/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658662/; classtype:trojan-activity;sid:84521762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658663)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-03-08/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658663/; classtype:trojan-activity;sid:84521763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658664)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/23082019111824/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658664/; classtype:trojan-activity;sid:84521764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658665)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/04305539000100/2020-10-08/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658665/; classtype:trojan-activity;sid:84521765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658659)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/10092019102851/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658659/; classtype:trojan-activity;sid:84521759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658660)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/11-2019/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658660/; classtype:trojan-activity;sid:84521760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658657)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-07-10/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658657/; classtype:trojan-activity;sid:84521757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658658)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/04022020102754/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658658/; classtype:trojan-activity;sid:84521758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658655)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-10-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658655/; classtype:trojan-activity;sid:84521755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658656)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/11-2019/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658656/; classtype:trojan-activity;sid:84521756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658653)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/07-2020/28/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658653/; classtype:trojan-activity;sid:84521753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658654)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658654/; classtype:trojan-activity;sid:84521754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658650)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/05092019100003/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658650/; classtype:trojan-activity;sid:84521750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658651)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/14012020084424/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658651/; classtype:trojan-activity;sid:84521751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658652)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/10-2019/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658652/; classtype:trojan-activity;sid:84521752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658649)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/13082019110916/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658649/; classtype:trojan-activity;sid:84521749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658645)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2022-12-27/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658645/; classtype:trojan-activity;sid:84521745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658646)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/14012020073553/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658646/; classtype:trojan-activity;sid:84521746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658647)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/30092020084740/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658647/; classtype:trojan-activity;sid:84521747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658648)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/02-2020/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658648/; classtype:trojan-activity;sid:84521748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658643)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000489/2021-01-03/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658643/; classtype:trojan-activity;sid:84521743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658644)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658644/; classtype:trojan-activity;sid:84521744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658637)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/10122019082932/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658637/; classtype:trojan-activity;sid:84521737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658638)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/06032020142117/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658638/; classtype:trojan-activity;sid:84521738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658639)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/08-2019/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658639/; classtype:trojan-activity;sid:84521739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658640)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/19082019071713/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658640/; classtype:trojan-activity;sid:84521740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658641)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/23022020112139/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658641/; classtype:trojan-activity;sid:84521741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658642)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/02-2020/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658642/; classtype:trojan-activity;sid:84521742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658636)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/07-2020/28/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658636/; classtype:trojan-activity;sid:84521736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658632)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/10-2019/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658632/; classtype:trojan-activity;sid:84521732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658633)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/26022020101439/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658633/; classtype:trojan-activity;sid:84521733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658634)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-02-21/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658634/; classtype:trojan-activity;sid:84521734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658635)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/25092020085034/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658635/; classtype:trojan-activity;sid:84521735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658631)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-03-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658631/; classtype:trojan-activity;sid:84521731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658626)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/10082019090714/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658626/; classtype:trojan-activity;sid:84521726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658627)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/28102020084216/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658627/; classtype:trojan-activity;sid:84521727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658628)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-06-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658628/; classtype:trojan-activity;sid:84521728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658629)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-10-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658629/; classtype:trojan-activity;sid:84521729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658630)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/04032020083309/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658630/; classtype:trojan-activity;sid:84521730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658623)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/07-2020/25/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658623/; classtype:trojan-activity;sid:84521723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658624)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/09/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658624/; classtype:trojan-activity;sid:84521724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658625)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/28012020111221/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658625/; classtype:trojan-activity;sid:84521725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658622)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658622/; classtype:trojan-activity;sid:84521722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658619)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/04/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658619/; classtype:trojan-activity;sid:84521719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658620)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/21092019094026/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658620/; classtype:trojan-activity;sid:84521720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658621)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/02012020080457/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658621/; classtype:trojan-activity;sid:84521721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658617)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/08072020085529/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658617/; classtype:trojan-activity;sid:84521717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658618)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/14/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658618/; classtype:trojan-activity;sid:84521718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658616)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2020-04-22/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658616/; classtype:trojan-activity;sid:84521716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658611)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/07082019084803/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658611/; classtype:trojan-activity;sid:84521711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658612)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-01-10/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658612/; classtype:trojan-activity;sid:84521712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658613)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/29092020084341/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658613/; classtype:trojan-activity;sid:84521713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658614)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/13112020084116/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658614/; classtype:trojan-activity;sid:84521714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658615)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/05122019085753/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658615/; classtype:trojan-activity;sid:84521715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658609)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/05-2020/30/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658609/; classtype:trojan-activity;sid:84521709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658610)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-03-10/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658610/; classtype:trojan-activity;sid:84521710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658608)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658608/; classtype:trojan-activity;sid:84521708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658607)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/07-2020/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658607/; classtype:trojan-activity;sid:84521707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658606)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/20072020091125/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658606/; classtype:trojan-activity;sid:84521706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658604)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/19112019095338/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658604/; classtype:trojan-activity;sid:84521704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658605)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2021-06-26/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658605/; classtype:trojan-activity;sid:84521705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658598)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/09122019085634/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658598/; classtype:trojan-activity;sid:84521698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658599)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658599/; classtype:trojan-activity;sid:84521699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658600)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2021-06-03/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658600/; classtype:trojan-activity;sid:84521700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658601)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/03-2020/05/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658601/; classtype:trojan-activity;sid:84521701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658602)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/04305539000100/2020-07-06/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658602/; classtype:trojan-activity;sid:84521702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658603)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/29022020102453/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658603/; classtype:trojan-activity;sid:84521703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658595)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/01/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658595/; classtype:trojan-activity;sid:84521695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658596)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/18122019084557/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658596/; classtype:trojan-activity;sid:84521696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658597)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/24122019100332/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658597/; classtype:trojan-activity;sid:84521697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658594)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2021-04-04/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658594/; classtype:trojan-activity;sid:84521694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658584)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-11-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658584/; classtype:trojan-activity;sid:84521684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658585)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/24092020083048/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658585/; classtype:trojan-activity;sid:84521685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658586)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/28022020093617/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658586/; classtype:trojan-activity;sid:84521686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658587)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/28102019111528/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658587/; classtype:trojan-activity;sid:84521687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658588)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-02-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658588/; classtype:trojan-activity;sid:84521688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658589)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-12-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658589/; classtype:trojan-activity;sid:84521689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658590)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/22/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658590/; classtype:trojan-activity;sid:84521690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658591)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/27012020132401/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658591/; classtype:trojan-activity;sid:84521691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658592)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/13102019111002/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658592/; classtype:trojan-activity;sid:84521692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658593)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/26102020075618/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658593/; classtype:trojan-activity;sid:84521693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658583)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/22102019075419/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658583/; classtype:trojan-activity;sid:84521683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658582)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-06-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658582/; classtype:trojan-activity;sid:84521682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658581)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-06-25/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658581/; classtype:trojan-activity;sid:84521681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658579)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/14022020084908/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658579/; classtype:trojan-activity;sid:84521679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658580)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/03-2020/05/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658580/; classtype:trojan-activity;sid:84521680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658578)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2022-08-17/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658578/; classtype:trojan-activity;sid:84521678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658576)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/inutiliza%c3%a7%c3%a3o/2020-08-12/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658576/; classtype:trojan-activity;sid:84521676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658577)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2022-05-22/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658577/; classtype:trojan-activity;sid:84521677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658575)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-12-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658575/; classtype:trojan-activity;sid:84521675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658571)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/07-2020/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658571/; classtype:trojan-activity;sid:84521671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658572)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-12-24/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658572/; classtype:trojan-activity;sid:84521672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658573)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2020/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658573/; classtype:trojan-activity;sid:84521673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658574)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-08-28/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658574/; classtype:trojan-activity;sid:84521674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658568)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000758/2023-03-04/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658568/; classtype:trojan-activity;sid:84521668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658569)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/02032020080301/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658569/; classtype:trojan-activity;sid:84521669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658570)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/20022020080010/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658570/; classtype:trojan-activity;sid:84521670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658566)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2023-09-01/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658566/; classtype:trojan-activity;sid:84521666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658567)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-02-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658567/; classtype:trojan-activity;sid:84521667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658564)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-11-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658564/; classtype:trojan-activity;sid:84521664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658565)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-04-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658565/; classtype:trojan-activity;sid:84521665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658562)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/07022020104647/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658562/; classtype:trojan-activity;sid:84521662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658563)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/30/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658563/; classtype:trojan-activity;sid:84521663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658561)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/09/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658561/; classtype:trojan-activity;sid:84521661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658560)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/24022020071045/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658560/; classtype:trojan-activity;sid:84521660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658559)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-10-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658559/; classtype:trojan-activity;sid:84521659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658558)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-12-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658558/; classtype:trojan-activity;sid:84521658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658555)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000721/2021-07-23/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658555/; classtype:trojan-activity;sid:84521655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658556)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658556/; classtype:trojan-activity;sid:84521656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658557)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-01-18/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658557/; classtype:trojan-activity;sid:84521657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658552)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/05022020083919/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658552/; classtype:trojan-activity;sid:84521652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658553)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-08-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658553/; classtype:trojan-activity;sid:84521653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658554)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/09-2019/01/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658554/; classtype:trojan-activity;sid:84521654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658549)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658549/; classtype:trojan-activity;sid:84521649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658550)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/02-2020/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658550/; classtype:trojan-activity;sid:84521650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658551)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-09-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658551/; classtype:trojan-activity;sid:84521651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658548)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658548/; classtype:trojan-activity;sid:84521648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658547)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000677/2024-11-17/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658547/; classtype:trojan-activity;sid:84521647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658545)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-08-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658545/; classtype:trojan-activity;sid:84521645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658546)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2019/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658546/; classtype:trojan-activity;sid:84521646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658544)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-11-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658544/; classtype:trojan-activity;sid:84521644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658540)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-11-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658540/; classtype:trojan-activity;sid:84521640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658541)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/23102019112124/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658541/; classtype:trojan-activity;sid:84521641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658542)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-01-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658542/; classtype:trojan-activity;sid:84521642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658543)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-08-18/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658543/; classtype:trojan-activity;sid:84521643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658539)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/12-2019/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658539/; classtype:trojan-activity;sid:84521639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658538)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-07-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658538/; classtype:trojan-activity;sid:84521638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658537)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-08-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658537/; classtype:trojan-activity;sid:84521637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658535)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-04-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658535/; classtype:trojan-activity;sid:84521635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658536)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/29102019111414/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658536/; classtype:trojan-activity;sid:84521636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658534)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-12-05/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658534/; classtype:trojan-activity;sid:84521634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658531)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/19082019065142/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658531/; classtype:trojan-activity;sid:84521631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658532)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2020-03-16/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658532/; classtype:trojan-activity;sid:84521632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658533)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-08-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658533/; classtype:trojan-activity;sid:84521633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658528)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2022-09-13/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658528/; classtype:trojan-activity;sid:84521628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658529)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-12-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658529/; classtype:trojan-activity;sid:84521629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658530)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-02-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658530/; classtype:trojan-activity;sid:84521630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658527)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/29062020084258/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658527/; classtype:trojan-activity;sid:84521627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658526)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/26122019110920/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658526/; classtype:trojan-activity;sid:84521626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658523)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-09-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658523/; classtype:trojan-activity;sid:84521623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658524)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2020-04-25/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658524/; classtype:trojan-activity;sid:84521624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658525)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2023-01-18/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658525/; classtype:trojan-activity;sid:84521625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658520)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-01-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658520/; classtype:trojan-activity;sid:84521620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658521)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/15032020110206/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658521/; classtype:trojan-activity;sid:84521621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658522)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/31082019074602/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658522/; classtype:trojan-activity;sid:84521622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658519)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-08-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658519/; classtype:trojan-activity;sid:84521619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658516)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-07-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658516/; classtype:trojan-activity;sid:84521616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658517)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-09-16/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658517/; classtype:trojan-activity;sid:84521617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658518)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-03-01/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658518/; classtype:trojan-activity;sid:84521618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658514)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/03022020083538/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658514/; classtype:trojan-activity;sid:84521614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658515)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-11-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658515/; classtype:trojan-activity;sid:84521615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658513)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/15012020084147/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658513/; classtype:trojan-activity;sid:84521613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658511)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/20012020111328/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658511/; classtype:trojan-activity;sid:84521611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658512)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/02/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658512/; classtype:trojan-activity;sid:84521612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658505)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/24122019103340/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658505/; classtype:trojan-activity;sid:84521605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658506)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-11-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658506/; classtype:trojan-activity;sid:84521606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658507)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-07-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658507/; classtype:trojan-activity;sid:84521607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658508)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-03-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658508/; classtype:trojan-activity;sid:84521608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658509)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/01-2020/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658509/; classtype:trojan-activity;sid:84521609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658510)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/29082019090120/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658510/; classtype:trojan-activity;sid:84521610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658503)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/07/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658503/; classtype:trojan-activity;sid:84521603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658504)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-12-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658504/; classtype:trojan-activity;sid:84521604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658502)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/10-2019/25/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658502/; classtype:trojan-activity;sid:84521602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658499)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/03092020084050/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658499/; classtype:trojan-activity;sid:84521599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658500)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/15012020111529/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658500/; classtype:trojan-activity;sid:84521600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658501)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-07-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658501/; classtype:trojan-activity;sid:84521601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658496)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/12-2019/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658496/; classtype:trojan-activity;sid:84521596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658497)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/03092020083612/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658497/; classtype:trojan-activity;sid:84521597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658498)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/28102019124413/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658498/; classtype:trojan-activity;sid:84521598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658495)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/07/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658495/; classtype:trojan-activity;sid:84521595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658493)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/04/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658493/; classtype:trojan-activity;sid:84521593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658494)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-05-13/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658494/; classtype:trojan-activity;sid:84521594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658492)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/07-2020/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658492/; classtype:trojan-activity;sid:84521592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658490)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-08-29/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658490/; classtype:trojan-activity;sid:84521590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658491)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/02-2020/12/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658491/; classtype:trojan-activity;sid:84521591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658489)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/29102020082344/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658489/; classtype:trojan-activity;sid:84521589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658486)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/14/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658486/; classtype:trojan-activity;sid:84521586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658487)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/08-2019/01/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658487/; classtype:trojan-activity;sid:84521587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658488)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/28092019074335/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658488/; classtype:trojan-activity;sid:84521588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658485)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/03032020092739/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658485/; classtype:trojan-activity;sid:84521585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658482)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/11-2019/11/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658482/; classtype:trojan-activity;sid:84521582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658483)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/04305539000100/2020-10-08/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658483/; classtype:trojan-activity;sid:84521583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658484)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/12/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658484/; classtype:trojan-activity;sid:84521584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658480)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-11-15/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658480/; classtype:trojan-activity;sid:84521580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658481)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000677/2023-06-09/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658481/; classtype:trojan-activity;sid:84521581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658477)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/08-2019/07/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658477/; classtype:trojan-activity;sid:84521577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658478)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/07-2020/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658478/; classtype:trojan-activity;sid:84521578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658479)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/07112019072436/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658479/; classtype:trojan-activity;sid:84521579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658473)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-11-25/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658473/; classtype:trojan-activity;sid:84521573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658474)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/28092020084800/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658474/; classtype:trojan-activity;sid:84521574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658475)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-11-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658475/; classtype:trojan-activity;sid:84521575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658476)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-09-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658476/; classtype:trojan-activity;sid:84521576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658470)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000721/2019-11-12/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658470/; classtype:trojan-activity;sid:84521570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658471)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-07-15/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658471/; classtype:trojan-activity;sid:84521571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658472)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-01-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658472/; classtype:trojan-activity;sid:84521572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658468)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-02-22/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658468/; classtype:trojan-activity;sid:84521568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658469)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/10-2019/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658469/; classtype:trojan-activity;sid:84521569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658467)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-04-06/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658467/; classtype:trojan-activity;sid:84521567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658464)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-08-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658464/; classtype:trojan-activity;sid:84521564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658465)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-07-30/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658465/; classtype:trojan-activity;sid:84521565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658466)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/12022020073843/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658466/; classtype:trojan-activity;sid:84521566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658460)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/07-2020/22/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658460/; classtype:trojan-activity;sid:84521560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658461)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-08-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658461/; classtype:trojan-activity;sid:84521561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658462)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/01-2020/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658462/; classtype:trojan-activity;sid:84521562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658463)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/10-2019/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658463/; classtype:trojan-activity;sid:84521563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658457)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-01-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658457/; classtype:trojan-activity;sid:84521557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658458)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/info.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658458/; classtype:trojan-activity;sid:84521558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658459)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/29082019110839/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658459/; classtype:trojan-activity;sid:84521559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658455)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-06-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658455/; classtype:trojan-activity;sid:84521555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658456)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658456/; classtype:trojan-activity;sid:84521556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658454)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/15082019112133/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658454/; classtype:trojan-activity;sid:84521554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658452)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/05032020100611/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658452/; classtype:trojan-activity;sid:84521552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658453)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-06-03/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658453/; classtype:trojan-activity;sid:84521553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658450)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-01-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658450/; classtype:trojan-activity;sid:84521550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658451)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/02/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658451/; classtype:trojan-activity;sid:84521551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658448)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-09-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658448/; classtype:trojan-activity;sid:84521548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658449)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000677/2023-02-10/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658449/; classtype:trojan-activity;sid:84521549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658447)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2020-01-24/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658447/; classtype:trojan-activity;sid:84521547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658440)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-06-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658440/; classtype:trojan-activity;sid:84521540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658441)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-08-04/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658441/; classtype:trojan-activity;sid:84521541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658442)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-03-29/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658442/; classtype:trojan-activity;sid:84521542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658443)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/31012020084259/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658443/; classtype:trojan-activity;sid:84521543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658444)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/07-2020/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658444/; classtype:trojan-activity;sid:84521544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658445)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658445/; classtype:trojan-activity;sid:84521545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658446)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-10-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658446/; classtype:trojan-activity;sid:84521546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658438)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-04-20/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658438/; classtype:trojan-activity;sid:84521538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658439)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/08112019085706/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658439/; classtype:trojan-activity;sid:84521539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658437)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000721/2020-12-19/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658437/; classtype:trojan-activity;sid:84521537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658434)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-05-11/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658434/; classtype:trojan-activity;sid:84521534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658435)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/03-2020/04/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658435/; classtype:trojan-activity;sid:84521535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658436)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658436/; classtype:trojan-activity;sid:84521536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658426)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/15012020084835/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658426/; classtype:trojan-activity;sid:84521526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658427)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/20012020073942/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658427/; classtype:trojan-activity;sid:84521527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658428)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/12-2019/22/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658428/; classtype:trojan-activity;sid:84521528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658429)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/11/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658429/; classtype:trojan-activity;sid:84521529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658430)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/02-2020/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658430/; classtype:trojan-activity;sid:84521530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658431)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/05022020084858/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658431/; classtype:trojan-activity;sid:84521531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658432)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-08-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658432/; classtype:trojan-activity;sid:84521532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658433)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658433/; classtype:trojan-activity;sid:84521533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658424)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/07102019120718/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658424/; classtype:trojan-activity;sid:84521524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658425)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658425/; classtype:trojan-activity;sid:84521525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658417)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-11-01/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658417/; classtype:trojan-activity;sid:84521517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658418)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-06-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658418/; classtype:trojan-activity;sid:84521518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658419)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/26012020110837/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658419/; classtype:trojan-activity;sid:84521519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658420)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-08-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658420/; classtype:trojan-activity;sid:84521520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658421)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/03-2020/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658421/; classtype:trojan-activity;sid:84521521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658422)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-11-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658422/; classtype:trojan-activity;sid:84521522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658423)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-05-21/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658423/; classtype:trojan-activity;sid:84521523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658413)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-08-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658413/; classtype:trojan-activity;sid:84521513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658414)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/11/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658414/; classtype:trojan-activity;sid:84521514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658415)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-10-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658415/; classtype:trojan-activity;sid:84521515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658416)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/04092019101034/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658416/; classtype:trojan-activity;sid:84521516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658412)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/10022020141618/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658412/; classtype:trojan-activity;sid:84521512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658407)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/08092019091937/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658407/; classtype:trojan-activity;sid:84521507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658408)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/23112020080135/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658408/; classtype:trojan-activity;sid:84521508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658409)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-08-12/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658409/; classtype:trojan-activity;sid:84521509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658410)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000677/2019-08-15/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658410/; classtype:trojan-activity;sid:84521510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658411)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/12-2019/30/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658411/; classtype:trojan-activity;sid:84521511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658404)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-12-15/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658404/; classtype:trojan-activity;sid:84521504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658405)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-07-22/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658405/; classtype:trojan-activity;sid:84521505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658406)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-10-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658406/; classtype:trojan-activity;sid:84521506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658403)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/03-2020/16/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658403/; classtype:trojan-activity;sid:84521503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658402)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/15102020075415/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658402/; classtype:trojan-activity;sid:84521502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658401)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/01/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658401/; classtype:trojan-activity;sid:84521501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658399)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/27092019112351/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658399/; classtype:trojan-activity;sid:84521499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658400)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/11012020064612/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658400/; classtype:trojan-activity;sid:84521500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658397)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/10012020082528/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658397/; classtype:trojan-activity;sid:84521497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658398)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-01-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658398/; classtype:trojan-activity;sid:84521498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658396)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658396/; classtype:trojan-activity;sid:84521496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658395)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/24122019100156/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658395/; classtype:trojan-activity;sid:84521495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658393)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/02-2020/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658393/; classtype:trojan-activity;sid:84521493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658394)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/07-2020/25/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658394/; classtype:trojan-activity;sid:84521494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658391)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-22/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658391/; classtype:trojan-activity;sid:84521491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658392)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/03022020084036/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658392/; classtype:trojan-activity;sid:84521492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658390)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-03-03/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658390/; classtype:trojan-activity;sid:84521490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658389)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-05-09/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658389/; classtype:trojan-activity;sid:84521489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658388)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-04-22/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658388/; classtype:trojan-activity;sid:84521488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658386)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/22092019110544/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658386/; classtype:trojan-activity;sid:84521486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658387)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2020/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658387/; classtype:trojan-activity;sid:84521487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658384)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/03112020080201/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658384/; classtype:trojan-activity;sid:84521484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658385)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000489/2019-10-27/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658385/; classtype:trojan-activity;sid:84521485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658382)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/02092019084045/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658382/; classtype:trojan-activity;sid:84521482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658383)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/05-2020/31/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658383/; classtype:trojan-activity;sid:84521483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658379)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-12-13/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658379/; classtype:trojan-activity;sid:84521479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658380)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/09122019111725/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658380/; classtype:trojan-activity;sid:84521480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658381)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-02-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658381/; classtype:trojan-activity;sid:84521481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658377)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/25082020083620/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658377/; classtype:trojan-activity;sid:84521477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658378)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-03-30/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658378/; classtype:trojan-activity;sid:84521478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658376)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/28092020085505/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658376/; classtype:trojan-activity;sid:84521476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658375)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/04112019111207/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658375/; classtype:trojan-activity;sid:84521475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658372)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/08-2019/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658372/; classtype:trojan-activity;sid:84521472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658373)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-03-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658373/; classtype:trojan-activity;sid:84521473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658374)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/05/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658374/; classtype:trojan-activity;sid:84521474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658370)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/19032020110736/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658370/; classtype:trojan-activity;sid:84521470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658371)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/07012020081506/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658371/; classtype:trojan-activity;sid:84521471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658367)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658367/; classtype:trojan-activity;sid:84521467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658368)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/07102019080820/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658368/; classtype:trojan-activity;sid:84521468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658369)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/05-2020/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658369/; classtype:trojan-activity;sid:84521469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658366)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/02-2020/16/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658366/; classtype:trojan-activity;sid:84521466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658365)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-11-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658365/; classtype:trojan-activity;sid:84521465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658360)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/01-2020/01/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658360/; classtype:trojan-activity;sid:84521460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658361)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/27082019072537/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658361/; classtype:trojan-activity;sid:84521461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658362)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-11-01/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658362/; classtype:trojan-activity;sid:84521462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658363)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/01-2020/02/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658363/; classtype:trojan-activity;sid:84521463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658364)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/02022020102110/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658364/; classtype:trojan-activity;sid:84521464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658359)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-10-24/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658359/; classtype:trojan-activity;sid:84521459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658358)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/05012020072533/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658358/; classtype:trojan-activity;sid:84521458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658357)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-12-11/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658357/; classtype:trojan-activity;sid:84521457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658356)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2020/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658356/; classtype:trojan-activity;sid:84521456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658355)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-10-29/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658355/; classtype:trojan-activity;sid:84521455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658350)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/15092020084622/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658350/; classtype:trojan-activity;sid:84521450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658351)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-05-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658351/; classtype:trojan-activity;sid:84521451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658352)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/07-2020/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658352/; classtype:trojan-activity;sid:84521452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658353)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/05-2020/11/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658353/; classtype:trojan-activity;sid:84521453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658354)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/19032020103217/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658354/; classtype:trojan-activity;sid:84521454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658349)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-12-28/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658349/; classtype:trojan-activity;sid:84521449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658348)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2020/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658348/; classtype:trojan-activity;sid:84521448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658346)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/01-2020/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658346/; classtype:trojan-activity;sid:84521446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658347)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/11-2019/09/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658347/; classtype:trojan-activity;sid:84521447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658341)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/10-2019/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658341/; classtype:trojan-activity;sid:84521441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658342)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-03-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658342/; classtype:trojan-activity;sid:84521442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658343)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-03-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658343/; classtype:trojan-activity;sid:84521443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658344)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/info.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658344/; classtype:trojan-activity;sid:84521444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658345)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-10-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658345/; classtype:trojan-activity;sid:84521445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658340)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-02-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658340/; classtype:trojan-activity;sid:84521440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658337)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-12-30/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658337/; classtype:trojan-activity;sid:84521437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658338)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/27092019083316/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658338/; classtype:trojan-activity;sid:84521438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658339)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/08-2019/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658339/; classtype:trojan-activity;sid:84521439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658335)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-06-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658335/; classtype:trojan-activity;sid:84521435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658336)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/23092019111516/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658336/; classtype:trojan-activity;sid:84521436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658332)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-07-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658332/; classtype:trojan-activity;sid:84521432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658333)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658333/; classtype:trojan-activity;sid:84521433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658334)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2023-08-10/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658334/; classtype:trojan-activity;sid:84521434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658327)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-09-11/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658327/; classtype:trojan-activity;sid:84521427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658328)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-10-30/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658328/; classtype:trojan-activity;sid:84521428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658329)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-30/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658329/; classtype:trojan-activity;sid:84521429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658330)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-12-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658330/; classtype:trojan-activity;sid:84521430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658331)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/12122019101814/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658331/; classtype:trojan-activity;sid:84521431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658326)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-09-24/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658326/; classtype:trojan-activity;sid:84521426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658324)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/16092019110740/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658324/; classtype:trojan-activity;sid:84521424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658325)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/11-2019/02/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658325/; classtype:trojan-activity;sid:84521425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658323)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000677/2024-11-01/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658323/; classtype:trojan-activity;sid:84521423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658322)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/11102019085631/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658322/; classtype:trojan-activity;sid:84521422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658317)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/09092019083927/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658317/; classtype:trojan-activity;sid:84521417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658318)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/05082019090424/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658318/; classtype:trojan-activity;sid:84521418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658319)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658319/; classtype:trojan-activity;sid:84521419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658320)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-28/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658320/; classtype:trojan-activity;sid:84521420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658321)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/02/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658321/; classtype:trojan-activity;sid:84521421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658314)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-10-27/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658314/; classtype:trojan-activity;sid:84521414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658315)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/07/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658315/; classtype:trojan-activity;sid:84521415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658316)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658316/; classtype:trojan-activity;sid:84521416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658309)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/12-2019/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658309/; classtype:trojan-activity;sid:84521409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658310)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-09-30/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658310/; classtype:trojan-activity;sid:84521410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658311)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-05-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658311/; classtype:trojan-activity;sid:84521411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658312)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/22/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658312/; classtype:trojan-activity;sid:84521412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658313)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/19112019082902/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658313/; classtype:trojan-activity;sid:84521413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658308)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/06012020084127/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658308/; classtype:trojan-activity;sid:84521408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658307)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/18022020110839/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658307/; classtype:trojan-activity;sid:84521407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658304)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-06-08/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658304/; classtype:trojan-activity;sid:84521404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658305)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/12082019111048/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658305/; classtype:trojan-activity;sid:84521405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658306)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-11-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658306/; classtype:trojan-activity;sid:84521406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658302)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2020-03-11/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658302/; classtype:trojan-activity;sid:84521402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658303)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/31012020112230/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658303/; classtype:trojan-activity;sid:84521403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658300)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2022-06-01/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658300/; classtype:trojan-activity;sid:84521400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658301)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/21052020090420/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658301/; classtype:trojan-activity;sid:84521401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658296)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-12-29/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658296/; classtype:trojan-activity;sid:84521396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658297)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-11-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658297/; classtype:trojan-activity;sid:84521397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658298)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-05-17/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658298/; classtype:trojan-activity;sid:84521398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658299)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/08092019082357/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658299/; classtype:trojan-activity;sid:84521399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658295)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-12-18/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658295/; classtype:trojan-activity;sid:84521395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658294)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/17112019105427/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658294/; classtype:trojan-activity;sid:84521394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658288)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658288/; classtype:trojan-activity;sid:84521388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658289)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-07-04/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658289/; classtype:trojan-activity;sid:84521389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658290)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/11-2019/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658290/; classtype:trojan-activity;sid:84521390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658291)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/16082019084628/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658291/; classtype:trojan-activity;sid:84521391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658292)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-03-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658292/; classtype:trojan-activity;sid:84521392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658293)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/04092019080057/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658293/; classtype:trojan-activity;sid:84521393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658285)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/21102019084527/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658285/; classtype:trojan-activity;sid:84521385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658286)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-02-22/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658286/; classtype:trojan-activity;sid:84521386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658287)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000839/2022-11-10/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658287/; classtype:trojan-activity;sid:84521387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658282)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2022-04-22/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658282/; classtype:trojan-activity;sid:84521382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658283)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-04-11/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658283/; classtype:trojan-activity;sid:84521383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658284)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/02-2020/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658284/; classtype:trojan-activity;sid:84521384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658276)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/03-2020/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658276/; classtype:trojan-activity;sid:84521376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658277)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-09-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658277/; classtype:trojan-activity;sid:84521377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658278)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/06-2020/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658278/; classtype:trojan-activity;sid:84521378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658279)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-03-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658279/; classtype:trojan-activity;sid:84521379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658280)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/09-2019/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658280/; classtype:trojan-activity;sid:84521380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658281)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-02-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658281/; classtype:trojan-activity;sid:84521381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658275)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658275/; classtype:trojan-activity;sid:84521375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658274)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/03-2020/04/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658274/; classtype:trojan-activity;sid:84521374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658271)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-07-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658271/; classtype:trojan-activity;sid:84521371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658272)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-09-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658272/; classtype:trojan-activity;sid:84521372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658273)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658273/; classtype:trojan-activity;sid:84521373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658270)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000839/2022-10-14/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658270/; classtype:trojan-activity;sid:84521370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658268)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-11-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658268/; classtype:trojan-activity;sid:84521368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658269)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-12-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658269/; classtype:trojan-activity;sid:84521369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658264)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-10-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658264/; classtype:trojan-activity;sid:84521364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658265)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/07-2020/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658265/; classtype:trojan-activity;sid:84521365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658266)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/04062020080054/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658266/; classtype:trojan-activity;sid:84521366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658267)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/11092019084025/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658267/; classtype:trojan-activity;sid:84521367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658263)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/07082019112547/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658263/; classtype:trojan-activity;sid:84521363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658262)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658262/; classtype:trojan-activity;sid:84521362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658261)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/11-2019/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658261/; classtype:trojan-activity;sid:84521361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658254)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/03-2020/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658254/; classtype:trojan-activity;sid:84521354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658255)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/20012020102439/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658255/; classtype:trojan-activity;sid:84521355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658256)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/07-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658256/; classtype:trojan-activity;sid:84521356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658257)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2022-01-07/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658257/; classtype:trojan-activity;sid:84521357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658258)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658258/; classtype:trojan-activity;sid:84521358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658259)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/08022020071901/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658259/; classtype:trojan-activity;sid:84521359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658260)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/26102020075115/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658260/; classtype:trojan-activity;sid:84521360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658250)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-11-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658250/; classtype:trojan-activity;sid:84521350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658251)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000489/2019-11-06/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658251/; classtype:trojan-activity;sid:84521351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658252)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/14/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658252/; classtype:trojan-activity;sid:84521352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658253)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/02022020111428/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658253/; classtype:trojan-activity;sid:84521353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658247)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-11-09/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658247/; classtype:trojan-activity;sid:84521347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658248)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000677/2023-02-22/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658248/; classtype:trojan-activity;sid:84521348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658249)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/15092019110019/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658249/; classtype:trojan-activity;sid:84521349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658243)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/09-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658243/; classtype:trojan-activity;sid:84521343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658244)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/02-2020/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658244/; classtype:trojan-activity;sid:84521344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658245)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-01-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658245/; classtype:trojan-activity;sid:84521345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658246)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-10-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658246/; classtype:trojan-activity;sid:84521346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658240)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/31/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658240/; classtype:trojan-activity;sid:84521340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658241)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-08-25/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658241/; classtype:trojan-activity;sid:84521341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658242)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/19022020074049/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658242/; classtype:trojan-activity;sid:84521342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658235)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658235/; classtype:trojan-activity;sid:84521335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658236)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/12092019100052/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658236/; classtype:trojan-activity;sid:84521336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658237)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/11122019085114/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658237/; classtype:trojan-activity;sid:84521337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658238)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658238/; classtype:trojan-activity;sid:84521338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658239)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/30122019103005/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658239/; classtype:trojan-activity;sid:84521339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658232)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-08-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658232/; classtype:trojan-activity;sid:84521332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658233)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/02092019135755/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658233/; classtype:trojan-activity;sid:84521333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658234)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/29012020110926/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658234/; classtype:trojan-activity;sid:84521334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658229)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/21012020074337/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658229/; classtype:trojan-activity;sid:84521329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658230)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-07-12/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658230/; classtype:trojan-activity;sid:84521330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658231)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/12092019112032/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658231/; classtype:trojan-activity;sid:84521331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658227)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2020-08-17/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658227/; classtype:trojan-activity;sid:84521327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658228)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/01/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658228/; classtype:trojan-activity;sid:84521328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658220)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/04032020102908/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658220/; classtype:trojan-activity;sid:84521320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658221)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-05-13/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658221/; classtype:trojan-activity;sid:84521321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658222)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/11/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658222/; classtype:trojan-activity;sid:84521322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658223)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-09-01/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658223/; classtype:trojan-activity;sid:84521323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658224)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/16012020111550/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658224/; classtype:trojan-activity;sid:84521324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658225)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/14022020140803/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658225/; classtype:trojan-activity;sid:84521325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658226)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-11-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658226/; classtype:trojan-activity;sid:84521326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658217)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/02-2020/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658217/; classtype:trojan-activity;sid:84521317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658218)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/11-2019/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658218/; classtype:trojan-activity;sid:84521318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658219)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2020/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658219/; classtype:trojan-activity;sid:84521319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658214)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/24112020081613/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658214/; classtype:trojan-activity;sid:84521314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658215)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-01-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658215/; classtype:trojan-activity;sid:84521315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658216)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658216/; classtype:trojan-activity;sid:84521316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658210)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-01-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658210/; classtype:trojan-activity;sid:84521310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658211)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/25112020083758/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658211/; classtype:trojan-activity;sid:84521311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658212)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/22122019072721/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658212/; classtype:trojan-activity;sid:84521312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658213)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2020/16/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658213/; classtype:trojan-activity;sid:84521313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658209)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/07102019075325/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658209/; classtype:trojan-activity;sid:84521309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658208)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-07-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658208/; classtype:trojan-activity;sid:84521308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658201)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-08-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658201/; classtype:trojan-activity;sid:84521301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658202)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/31072020085247/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658202/; classtype:trojan-activity;sid:84521302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658203)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/17032020092647/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658203/; classtype:trojan-activity;sid:84521303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658204)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/21122019075441/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658204/; classtype:trojan-activity;sid:84521304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658205)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/12122019082453/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658205/; classtype:trojan-activity;sid:84521305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658206)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/09012020075032/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658206/; classtype:trojan-activity;sid:84521306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658207)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/02-2020/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658207/; classtype:trojan-activity;sid:84521307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658199)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/07-2020/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658199/; classtype:trojan-activity;sid:84521299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658200)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/03102019081724/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658200/; classtype:trojan-activity;sid:84521300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658198)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/inutiliza%c3%a7%c3%a3o/2019-08-26/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658198/; classtype:trojan-activity;sid:84521298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658196)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-11-20/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658196/; classtype:trojan-activity;sid:84521296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658197)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-03-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658197/; classtype:trojan-activity;sid:84521297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658190)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/02092020090343/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658190/; classtype:trojan-activity;sid:84521290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658191)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/03022020102546/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658191/; classtype:trojan-activity;sid:84521291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658192)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/08-2019/11/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658192/; classtype:trojan-activity;sid:84521292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658193)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2020-02-26/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658193/; classtype:trojan-activity;sid:84521293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658194)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/11-2019/25/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658194/; classtype:trojan-activity;sid:84521294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658195)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/22112019114331/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658195/; classtype:trojan-activity;sid:84521295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658187)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-03-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658187/; classtype:trojan-activity;sid:84521287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658188)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-03-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658188/; classtype:trojan-activity;sid:84521288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658189)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-04-19/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658189/; classtype:trojan-activity;sid:84521289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658182)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-08-18/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658182/; classtype:trojan-activity;sid:84521282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658183)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-08-24/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658183/; classtype:trojan-activity;sid:84521283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658184)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-05-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658184/; classtype:trojan-activity;sid:84521284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658185)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/03082020091156/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658185/; classtype:trojan-activity;sid:84521285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658186)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/14072020084319/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658186/; classtype:trojan-activity;sid:84521286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658180)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2019-10-03/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658180/; classtype:trojan-activity;sid:84521280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658181)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000489/2023-03-14/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658181/; classtype:trojan-activity;sid:84521281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658175)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/02092019074951/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658175/; classtype:trojan-activity;sid:84521275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658176)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/15122019113205/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658176/; classtype:trojan-activity;sid:84521276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658177)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-12-30/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658177/; classtype:trojan-activity;sid:84521277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658178)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658178/; classtype:trojan-activity;sid:84521278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658179)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/18112019111421/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658179/; classtype:trojan-activity;sid:84521279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658168)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/07-2020/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658168/; classtype:trojan-activity;sid:84521268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658169)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/16012020102944/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658169/; classtype:trojan-activity;sid:84521269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658170)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-03-09/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658170/; classtype:trojan-activity;sid:84521270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658171)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-10-30/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658171/; classtype:trojan-activity;sid:84521271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658172)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/28082019110944/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658172/; classtype:trojan-activity;sid:84521272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658173)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000721/2019-12-28/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658173/; classtype:trojan-activity;sid:84521273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658174)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/02-2020/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658174/; classtype:trojan-activity;sid:84521274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658165)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/11/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658165/; classtype:trojan-activity;sid:84521265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658166)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/09012020083934/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658166/; classtype:trojan-activity;sid:84521266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658167)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-05-07/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658167/; classtype:trojan-activity;sid:84521267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658163)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-01-16/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658163/; classtype:trojan-activity;sid:84521263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658164)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/01-2020/16/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658164/; classtype:trojan-activity;sid:84521264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658161)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/25/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658161/; classtype:trojan-activity;sid:84521261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658162)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-06-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658162/; classtype:trojan-activity;sid:84521262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658159)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000640/2022-04-14/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658159/; classtype:trojan-activity;sid:84521259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658160)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-08-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658160/; classtype:trojan-activity;sid:84521260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658158)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-11-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658158/; classtype:trojan-activity;sid:84521258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658157)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/17022020125714/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658157/; classtype:trojan-activity;sid:84521257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658156)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/25012020105422/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658156/; classtype:trojan-activity;sid:84521256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658151)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/17032020111050/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658151/; classtype:trojan-activity;sid:84521251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658152)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658152/; classtype:trojan-activity;sid:84521252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658153)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/21112019085250/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658153/; classtype:trojan-activity;sid:84521253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658154)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/19092019113551/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658154/; classtype:trojan-activity;sid:84521254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658155)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/10012020081934/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658155/; classtype:trojan-activity;sid:84521255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658147)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658147/; classtype:trojan-activity;sid:84521247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658148)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/05-2020/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658148/; classtype:trojan-activity;sid:84521248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658149)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/16062020071846/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658149/; classtype:trojan-activity;sid:84521249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658150)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/02-2020/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658150/; classtype:trojan-activity;sid:84521250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658143)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/12-2019/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658143/; classtype:trojan-activity;sid:84521243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658144)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000677/2024-07-13/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658144/; classtype:trojan-activity;sid:84521244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658145)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658145/; classtype:trojan-activity;sid:84521245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658146)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/28022020102447/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658146/; classtype:trojan-activity;sid:84521246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658142)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/11-2020/12/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658142/; classtype:trojan-activity;sid:84521242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658140)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/04022020091641/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658140/; classtype:trojan-activity;sid:84521240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658141)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/03-2020/12/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658141/; classtype:trojan-activity;sid:84521241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658138)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658138/; classtype:trojan-activity;sid:84521238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658139)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-08-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658139/; classtype:trojan-activity;sid:84521239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658135)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658135/; classtype:trojan-activity;sid:84521235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658136)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658136/; classtype:trojan-activity;sid:84521236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658137)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/11-2019/01/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658137/; classtype:trojan-activity;sid:84521237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658132)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/19012020111047/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658132/; classtype:trojan-activity;sid:84521232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658133)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15122019122429/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658133/; classtype:trojan-activity;sid:84521233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658134)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2020/11/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658134/; classtype:trojan-activity;sid:84521234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658130)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/19112019082650/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658130/; classtype:trojan-activity;sid:84521230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658131)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/03-2020/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658131/; classtype:trojan-activity;sid:84521231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658129)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658129/; classtype:trojan-activity;sid:84521229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658128)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-11-22/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658128/; classtype:trojan-activity;sid:84521228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658126)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/03122019122626/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658126/; classtype:trojan-activity;sid:84521226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658127)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/15102019084429/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658127/; classtype:trojan-activity;sid:84521227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658123)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658123/; classtype:trojan-activity;sid:84521223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658124)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-08-20/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658124/; classtype:trojan-activity;sid:84521224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658125)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/12-2019/16/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658125/; classtype:trojan-activity;sid:84521225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658121)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/29072020093540/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658121/; classtype:trojan-activity;sid:84521221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658122)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-01-16/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658122/; classtype:trojan-activity;sid:84521222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658120)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/12092019104436/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658120/; classtype:trojan-activity;sid:84521220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658119)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-12-01/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658119/; classtype:trojan-activity;sid:84521219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658117)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/02-2020/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658117/; classtype:trojan-activity;sid:84521217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658118)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000839/2023-04-28/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658118/; classtype:trojan-activity;sid:84521218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658115)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2021-07-04/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658115/; classtype:trojan-activity;sid:84521215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658116)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/12/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658116/; classtype:trojan-activity;sid:84521216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658113)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-08-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658113/; classtype:trojan-activity;sid:84521213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658114)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/18082019111227/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658114/; classtype:trojan-activity;sid:84521214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658110)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-06-29/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658110/; classtype:trojan-activity;sid:84521210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658111)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-01-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658111/; classtype:trojan-activity;sid:84521211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658112)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/04305539000100/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658112/; classtype:trojan-activity;sid:84521212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658108)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-07-18/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658108/; classtype:trojan-activity;sid:84521208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658109)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-04-27/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658109/; classtype:trojan-activity;sid:84521209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658107)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2020/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658107/; classtype:trojan-activity;sid:84521207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658106)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000721/2021-10-21/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658106/; classtype:trojan-activity;sid:84521206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658101)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-03-12/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658101/; classtype:trojan-activity;sid:84521201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658102)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/02-2020/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658102/; classtype:trojan-activity;sid:84521202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658103)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/05022020085221/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658103/; classtype:trojan-activity;sid:84521203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658104)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-06-17/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658104/; classtype:trojan-activity;sid:84521204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658105)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/02-2020/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658105/; classtype:trojan-activity;sid:84521205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658098)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/11-2019/07/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658098/; classtype:trojan-activity;sid:84521198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658099)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-05-15/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658099/; classtype:trojan-activity;sid:84521199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658100)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-03-20/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658100/; classtype:trojan-activity;sid:84521200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658096)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/18082019114144/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658096/; classtype:trojan-activity;sid:84521196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658097)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/16022020092958/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658097/; classtype:trojan-activity;sid:84521197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658092)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/18032020083606/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658092/; classtype:trojan-activity;sid:84521192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658093)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/21102019084320/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658093/; classtype:trojan-activity;sid:84521193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658094)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/01/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658094/; classtype:trojan-activity;sid:84521194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658095)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/04012020085315/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658095/; classtype:trojan-activity;sid:84521195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658090)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/31012020090045/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658090/; classtype:trojan-activity;sid:84521190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658091)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000758/2023-12-25/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658091/; classtype:trojan-activity;sid:84521191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658086)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000839/2021-04-17/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658086/; classtype:trojan-activity;sid:84521186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658087)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-04-07/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658087/; classtype:trojan-activity;sid:84521187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658088)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/10-2020/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658088/; classtype:trojan-activity;sid:84521188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658089)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-04-03/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658089/; classtype:trojan-activity;sid:84521189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658085)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-04-08/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658085/; classtype:trojan-activity;sid:84521185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658083)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2019-11-17/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658083/; classtype:trojan-activity;sid:84521183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658084)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-07-06/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658084/; classtype:trojan-activity;sid:84521184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658080)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/20032020110739/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658080/; classtype:trojan-activity;sid:84521180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658081)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-10-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658081/; classtype:trojan-activity;sid:84521181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658082)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/23062020085151/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658082/; classtype:trojan-activity;sid:84521182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658074)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-06-17/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658074/; classtype:trojan-activity;sid:84521174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658075)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-01-20/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658075/; classtype:trojan-activity;sid:84521175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658076)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-06-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658076/; classtype:trojan-activity;sid:84521176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658077)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-07-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658077/; classtype:trojan-activity;sid:84521177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658078)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-24/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658078/; classtype:trojan-activity;sid:84521178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658079)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-10-19/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658079/; classtype:trojan-activity;sid:84521179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658068)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-03-15/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658068/; classtype:trojan-activity;sid:84521168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658069)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-10-09/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658069/; classtype:trojan-activity;sid:84521169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658070)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/29102019072415/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658070/; classtype:trojan-activity;sid:84521170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658071)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2019-04-29/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658071/; classtype:trojan-activity;sid:84521171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658072)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/09012020083637/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658072/; classtype:trojan-activity;sid:84521172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658073)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658073/; classtype:trojan-activity;sid:84521173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658067)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-03-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658067/; classtype:trojan-activity;sid:84521167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658066)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-01-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658066/; classtype:trojan-activity;sid:84521166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658065)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/18022020080720/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658065/; classtype:trojan-activity;sid:84521165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658064)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000839/2019-03-23/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658064/; classtype:trojan-activity;sid:84521164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658061)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2021-08-28/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658061/; classtype:trojan-activity;sid:84521161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658062)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000677/2019-05-14/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658062/; classtype:trojan-activity;sid:84521162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658063)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000677/2019-04-07/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658063/; classtype:trojan-activity;sid:84521163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658060)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.76.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658060/; classtype:trojan-activity;sid:84521160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658059)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.82.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658059/; classtype:trojan-activity;sid:84521159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658058)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.54.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658058/; classtype:trojan-activity;sid:84521158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.52.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658057/; classtype:trojan-activity;sid:84521157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658056)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.238.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658056/; classtype:trojan-activity;sid:84521156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658055)"; flow:established,from_client; content:"GET"; http_method; content:"/q6y1wfwdtx.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qz9.4-z493.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658055/; classtype:trojan-activity;sid:84521155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658054)"; flow:established,from_client; content:"GET"; http_method; content:"/0y3.google|3f|t=mob98i6a"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"xt.w135v.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658054/; classtype:trojan-activity;sid:84521154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658053)"; flow:established,from_client; content:"GET"; http_method; content:"/legzhb41my.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"i.tqh2e.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658053/; classtype:trojan-activity;sid:84521153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658052)"; flow:established,from_client; content:"GET"; http_method; content:"/0y3.google|3f|t=o6976vdr"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"xt.w135v.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658052/; classtype:trojan-activity;sid:84521152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658051)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.200.211.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658051/; classtype:trojan-activity;sid:84521151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658050)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.83.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658050/; classtype:trojan-activity;sid:84521150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658049)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.82.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658049/; classtype:trojan-activity;sid:84521149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658048)"; flow:established,from_client; content:"GET"; http_method; content:"/m7p.check|3f|t=5gn8y8hb"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"n4.w135v.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658048/; classtype:trojan-activity;sid:84521148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658047)"; flow:established,from_client; content:"GET"; http_method; content:"/v91612j7zi.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2.4-z493.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658047/; classtype:trojan-activity;sid:84521147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658046)"; flow:established,from_client; content:"GET"; http_method; content:"/q1jmzzvwxs.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"i.tqh2e.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658046/; classtype:trojan-activity;sid:84521146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658045)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.238.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658045/; classtype:trojan-activity;sid:84521145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658044)"; flow:established,from_client; content:"GET"; http_method; content:"/m7p.check|3f|t=j6ouqvej"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"n4.w135v.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658044/; classtype:trojan-activity;sid:84521144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658043)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.52.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658043/; classtype:trojan-activity;sid:84521143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658042)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.54.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658042/; classtype:trojan-activity;sid:84521142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658041)"; flow:established,from_client; content:"GET"; http_method; content:"/q2.google|3f|t=x97c5ryi"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"b.w135v.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658041/; classtype:trojan-activity;sid:84521141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658040)"; flow:established,from_client; content:"GET"; http_method; content:"/ds4fqgwb6i.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k.4-z493.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658040/; classtype:trojan-activity;sid:84521140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658039)"; flow:established,from_client; content:"GET"; http_method; content:"/2m.check|3f|t=2z9qw55y"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"hv.m046d.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658039/; classtype:trojan-activity;sid:84521139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658038)"; flow:established,from_client; content:"GET"; http_method; content:"/ivo4vnkp24.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k.4-z493.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658038/; classtype:trojan-activity;sid:84521138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658037)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.83.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658037/; classtype:trojan-activity;sid:84521137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658036)"; flow:established,from_client; content:"GET"; http_method; content:"/o60lrilihl.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"i.tqh2e.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658036/; classtype:trojan-activity;sid:84521136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658035)"; flow:established,from_client; content:"GET"; http_method; content:"/2m.check|3f|t=diar828t"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"hv.m046d.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658035/; classtype:trojan-activity;sid:84521135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658034)"; flow:established,from_client; content:"GET"; http_method; content:"/r41.google|3f|t=ijk6wm08"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"x9.m046d.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658034/; classtype:trojan-activity;sid:84521134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658033)"; flow:established,from_client; content:"GET"; http_method; content:"/nlt5viic0w.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"i.tqh2e.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658033/; classtype:trojan-activity;sid:84521133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658032)"; flow:established,from_client; content:"GET"; http_method; content:"/9f304bq56b.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"b1.6-b408.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658032/; classtype:trojan-activity;sid:84521132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658031)"; flow:established,from_client; content:"GET"; http_method; content:"/r41.google|3f|t=ckaj8g4v"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"x9.m046d.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658031/; classtype:trojan-activity;sid:84521131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658030)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.245.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658030/; classtype:trojan-activity;sid:84521130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658029)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.54.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658029/; classtype:trojan-activity;sid:84521129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658028)"; flow:established,from_client; content:"GET"; http_method; content:"/n0.check|3f|t=eu1z59wn"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"t.m046d.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658028/; classtype:trojan-activity;sid:84521128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658027)"; flow:established,from_client; content:"GET"; http_method; content:"/vzcw9b5jv1.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"b1.6-b408.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658027/; classtype:trojan-activity;sid:84521127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658025)"; flow:established,from_client; content:"GET"; http_method; content:"/n0.check|3f|t=ben8v0rw"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"t.m046d.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658025/; classtype:trojan-activity;sid:84521125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658026)"; flow:established,from_client; content:"GET"; http_method; content:"/t82t3wn3q5.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"i.tqh2e.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658026/; classtype:trojan-activity;sid:84521126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658024)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.37.183"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658024/; classtype:trojan-activity;sid:84521124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658023)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.255.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658023/; classtype:trojan-activity;sid:84521123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658022)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.180.67.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658022/; classtype:trojan-activity;sid:84521122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658021)"; flow:established,from_client; content:"GET"; http_method; content:"/yd1.google|3f|t=39znqsqr"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"pz.m046d.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658021/; classtype:trojan-activity;sid:84521121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658020)"; flow:established,from_client; content:"GET"; http_method; content:"/cwnomhykf2.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"g4.6-b408.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658020/; classtype:trojan-activity;sid:84521120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658019)"; flow:established,from_client; content:"GET"; http_method; content:"/yd1.google|3f|t=030ohfku"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"pz.m046d.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658019/; classtype:trojan-activity;sid:84521119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658018)"; flow:established,from_client; content:"GET"; http_method; content:"/vhw2d8zhc9.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"i.tqh2e.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658018/; classtype:trojan-activity;sid:84521118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658016)"; flow:established,from_client; content:"GET"; http_method; content:"/3xq.check|3f|t=pcz5t01n"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"m7.m046d.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658016/; classtype:trojan-activity;sid:84521116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658017)"; flow:established,from_client; content:"GET"; http_method; content:"/bv7se6ts4i.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"g4.6-b408.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658017/; classtype:trojan-activity;sid:84521117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658015)"; flow:established,from_client; content:"GET"; http_method; content:"/thd52gz5v8.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"i.tqh2e.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658015/; classtype:trojan-activity;sid:84521115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658014)"; flow:established,from_client; content:"GET"; http_method; content:"/3xq.check|3f|t=mlkbbzgr"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"m7.m046d.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658014/; classtype:trojan-activity;sid:84521114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658013)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.135.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658013/; classtype:trojan-activity;sid:84521113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658012)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/voicemail/voicenotify/photo.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"151.29.22.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658012/; classtype:trojan-activity;sid:84521112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658010)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/documenti%20lorenzo/photo.scr"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"151.29.22.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658010/; classtype:trojan-activity;sid:84521110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658011)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/voicemail/record/video.scr"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"151.29.22.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658011/; classtype:trojan-activity;sid:84521111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658009)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/32gb/morandi/video.scr"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"151.29.22.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658009/; classtype:trojan-activity;sid:84521109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658006)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/voicemail/voicenotify/av.scr"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"151.29.22.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658006/; classtype:trojan-activity;sid:84521106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658007)"; flow:established,from_client; content:"GET"; http_method; content:"/agent.res"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.208.159.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658007/; classtype:trojan-activity;sid:84521107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658008)"; flow:established,from_client; content:"GET"; http_method; content:"/output.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.208.159.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658008/; classtype:trojan-activity;sid:84521108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658005)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/av.scr"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"151.29.22.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658005/; classtype:trojan-activity;sid:84521105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658004)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.res"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.208.159.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658004/; classtype:trojan-activity;sid:84521104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657999)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/32gb/vari/av.scr"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"151.29.22.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657999/; classtype:trojan-activity;sid:84521099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658000)"; flow:established,from_client; content:"GET"; http_method; content:"/payload_3.bin"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"167.172.194.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658000/; classtype:trojan-activity;sid:84521100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658001)"; flow:established,from_client; content:"GET"; http_method; content:"/agent_185_208_159_161_8000.dll"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"185.208.159.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658001/; classtype:trojan-activity;sid:84521101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658002)"; flow:established,from_client; content:"GET"; http_method; content:"/built_agents.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.208.159.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658002/; classtype:trojan-activity;sid:84521102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658003)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/colombo/av.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"151.29.22.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658003/; classtype:trojan-activity;sid:84521103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657998)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/level%2010/photo.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"151.29.22.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657998/; classtype:trojan-activity;sid:84521098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657994)"; flow:established,from_client; content:"GET"; http_method; content:"/ttt.go"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.208.159.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657994/; classtype:trojan-activity;sid:84521094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657995)"; flow:established,from_client; content:"GET"; http_method; content:"/payload_1.bin"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"167.172.194.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657995/; classtype:trojan-activity;sid:84521095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657996)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/tesla%20motor/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"151.29.22.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657996/; classtype:trojan-activity;sid:84521096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657997)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/voicemail/photo.scr"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"151.29.22.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657997/; classtype:trojan-activity;sid:84521097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657991)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/foto/photo.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"151.29.22.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657991/; classtype:trojan-activity;sid:84521091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657992)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/immagini/av.scr"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"151.29.22.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657992/; classtype:trojan-activity;sid:84521092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657993)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/kart%20foto/av.scr"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"151.29.22.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657993/; classtype:trojan-activity;sid:84521093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657989)"; flow:established,from_client; content:"GET"; http_method; content:"/payload_5.bin"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"167.172.194.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657989/; classtype:trojan-activity;sid:84521089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657990)"; flow:established,from_client; content:"GET"; http_method; content:"/app_185_208_159_161_8000_payload.h"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"185.208.159.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657990/; classtype:trojan-activity;sid:84521090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657987)"; flow:established,from_client; content:"GET"; http_method; content:"/payload_9.bin"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"167.172.194.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657987/; classtype:trojan-activity;sid:84521087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657988)"; flow:established,from_client; content:"GET"; http_method; content:"/dropper.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"167.172.194.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657988/; classtype:trojan-activity;sid:84521088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657985)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/foto%20maldive/photo.scr"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"151.29.22.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657985/; classtype:trojan-activity;sid:84521085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657986)"; flow:established,from_client; content:"GET"; http_method; content:"/payload_8.bin"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"167.172.194.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657986/; classtype:trojan-activity;sid:84521086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657979)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/ilaria/av.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"151.29.22.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657979/; classtype:trojan-activity;sid:84521079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657980)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.208.159.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657980/; classtype:trojan-activity;sid:84521080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657981)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/musica/av.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"151.29.22.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657981/; classtype:trojan-activity;sid:84521081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657982)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/32gb/vari/photo.scr"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"151.29.22.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657982/; classtype:trojan-activity;sid:84521082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657983)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/foto/video.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"151.29.22.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657983/; classtype:trojan-activity;sid:84521083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657984)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/documenti/av.scr"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"151.29.22.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657984/; classtype:trojan-activity;sid:84521084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657976)"; flow:established,from_client; content:"GET"; http_method; content:"/payload_2.bin"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"167.172.194.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657976/; classtype:trojan-activity;sid:84521076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657977)"; flow:established,from_client; content:"GET"; http_method; content:"/app_185_208_159_161_8000_wrapped.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"185.208.159.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657977/; classtype:trojan-activity;sid:84521077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657978)"; flow:established,from_client; content:"GET"; http_method; content:"/new%20folder/test.dll"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.208.159.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657978/; classtype:trojan-activity;sid:84521078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657973)"; flow:established,from_client; content:"GET"; http_method; content:"/app_185_208_159_161_8000_loader.c"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"185.208.159.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657973/; classtype:trojan-activity;sid:84521073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657974)"; flow:established,from_client; content:"GET"; http_method; content:"/payload_4.bin"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"167.172.194.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657974/; classtype:trojan-activity;sid:84521074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657975)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/voicemail/record/av.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"151.29.22.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657975/; classtype:trojan-activity;sid:84521075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657970)"; flow:established,from_client; content:"GET"; http_method; content:"/app_185_208_159_161_8000.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.208.159.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657970/; classtype:trojan-activity;sid:84521070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657971)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/voicemail/record/photo.scr"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"151.29.22.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657971/; classtype:trojan-activity;sid:84521071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657972)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/photo.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"151.29.22.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657972/; classtype:trojan-activity;sid:84521072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657965)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/musica/photo.scr"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"151.29.22.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657965/; classtype:trojan-activity;sid:84521065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657966)"; flow:established,from_client; content:"GET"; http_method; content:"/agent_185_208_159_161_8000.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"185.208.159.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657966/; classtype:trojan-activity;sid:84521066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657967)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/32gb/morandi/av.scr"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"151.29.22.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657967/; classtype:trojan-activity;sid:84521067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657968)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/level%2010/video.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"151.29.22.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657968/; classtype:trojan-activity;sid:84521068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657969)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/foto/av.scr"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"151.29.22.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657969/; classtype:trojan-activity;sid:84521069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657962)"; flow:established,from_client; content:"GET"; http_method; content:"/encoded.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.208.159.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657962/; classtype:trojan-activity;sid:84521062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657963)"; flow:established,from_client; content:"GET"; http_method; content:"/app_185_208_159_161_8000_wrapper.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"185.208.159.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657963/; classtype:trojan-activity;sid:84521063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657964)"; flow:established,from_client; content:"GET"; http_method; content:"/agent.dll"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.208.159.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657964/; classtype:trojan-activity;sid:84521064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657960)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/documenti%20lorenzo/av.scr"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"151.29.22.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657960/; classtype:trojan-activity;sid:84521060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657961)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/32gb/video.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"151.29.22.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657961/; classtype:trojan-activity;sid:84521061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657959)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/documenti/photo.scr"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"151.29.22.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657959/; classtype:trojan-activity;sid:84521059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657958)"; flow:established,from_client; content:"GET"; http_method; content:"/app_185_208_159_161_8000.go"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"185.208.159.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657958/; classtype:trojan-activity;sid:84521058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657956)"; flow:established,from_client; content:"GET"; http_method; content:"/agent_185_208_159_161_8000.go"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"185.208.159.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657956/; classtype:trojan-activity;sid:84521056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657957)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/voicemail/voicenotify/video.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"151.29.22.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657957/; classtype:trojan-activity;sid:84521057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657955)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/immagini/photo.scr"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"151.29.22.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657955/; classtype:trojan-activity;sid:84521055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657954)"; flow:established,from_client; content:"GET"; http_method; content:"/agent_185_208_159_161_8000.rc"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"185.208.159.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657954/; classtype:trojan-activity;sid:84521054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657953)"; flow:established,from_client; content:"GET"; http_method; content:"/test.dll"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.208.159.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657953/; classtype:trojan-activity;sid:84521053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657945)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/32gb/photo.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"151.29.22.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657945/; classtype:trojan-activity;sid:84521045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657946)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/documenti/video.scr"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"151.29.22.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657946/; classtype:trojan-activity;sid:84521046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657947)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/voicemail/index/video.scr"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"151.29.22.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657947/; classtype:trojan-activity;sid:84521047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657948)"; flow:established,from_client; content:"GET"; http_method; content:"/payload_10.bin"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"167.172.194.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657948/; classtype:trojan-activity;sid:84521048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657949)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/kart%20foto/photo.scr"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"151.29.22.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657949/; classtype:trojan-activity;sid:84521049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657950)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/ilaria/video.scr"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"151.29.22.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657950/; classtype:trojan-activity;sid:84521050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657951)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/level%2010/av.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"151.29.22.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657951/; classtype:trojan-activity;sid:84521051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657952)"; flow:established,from_client; content:"GET"; http_method; content:"/app_185_208_159_161_8000_wrapper.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"185.208.159.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657952/; classtype:trojan-activity;sid:84521052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657940)"; flow:established,from_client; content:"GET"; http_method; content:"/agent_185_208_159_161_8000_payload.h"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"185.208.159.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657940/; classtype:trojan-activity;sid:84521040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657941)"; flow:established,from_client; content:"GET"; http_method; content:"/payload_7.bin"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"167.172.194.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657941/; classtype:trojan-activity;sid:84521041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657942)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/voicemail/video.scr"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"151.29.22.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657942/; classtype:trojan-activity;sid:84521042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657943)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/video.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"151.29.22.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657943/; classtype:trojan-activity;sid:84521043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657944)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/immagini/video.scr"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"151.29.22.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657944/; classtype:trojan-activity;sid:84521044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657937)"; flow:established,from_client; content:"GET"; http_method; content:"/yourfile.go"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.208.159.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657937/; classtype:trojan-activity;sid:84521037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657938)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/32gb/morandi/photo.scr"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"151.29.22.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657938/; classtype:trojan-activity;sid:84521038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657939)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/ilaria/photo.scr"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"151.29.22.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657939/; classtype:trojan-activity;sid:84521039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657936)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/documenti%20lorenzo/video.scr"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"151.29.22.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657936/; classtype:trojan-activity;sid:84521036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657935)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/colombo/video.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"151.29.22.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657935/; classtype:trojan-activity;sid:84521035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657933)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/32gb/vari/video.scr"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"151.29.22.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657933/; classtype:trojan-activity;sid:84521033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657934)"; flow:established,from_client; content:"GET"; http_method; content:"/app_185_208_159_161_8000.exe~"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"185.208.159.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657934/; classtype:trojan-activity;sid:84521034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657931)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/foto%20maldive/video.scr"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"151.29.22.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657931/; classtype:trojan-activity;sid:84521031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657932)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/tesla%20motor/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"151.29.22.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657932/; classtype:trojan-activity;sid:84521032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657930)"; flow:established,from_client; content:"GET"; http_method; content:"/test.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.208.159.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657930/; classtype:trojan-activity;sid:84521030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657929)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/colombo/photo.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"151.29.22.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657929/; classtype:trojan-activity;sid:84521029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657926)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/voicemail/index/av.scr"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"151.29.22.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657926/; classtype:trojan-activity;sid:84521026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657927)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/kart%20foto/video.scr"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"151.29.22.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657927/; classtype:trojan-activity;sid:84521027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657928)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/voicemail/av.scr"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"151.29.22.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657928/; classtype:trojan-activity;sid:84521028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657924)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/musica/video.scr"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"151.29.22.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657924/; classtype:trojan-activity;sid:84521024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657925)"; flow:established,from_client; content:"GET"; http_method; content:"/app_185_208_159_161_8000_wrapper.c"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"185.208.159.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657925/; classtype:trojan-activity;sid:84521025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657922)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/tesla%20motor/av.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"151.29.22.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657922/; classtype:trojan-activity;sid:84521022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657923)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/voicemail/index/photo.scr"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"151.29.22.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657923/; classtype:trojan-activity;sid:84521023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657921)"; flow:established,from_client; content:"GET"; http_method; content:"/app_185_208_159_161_8000.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.208.159.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657921/; classtype:trojan-activity;sid:84521021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657920)"; flow:established,from_client; content:"GET"; http_method; content:"/agent_wrapped.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.208.159.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657920/; classtype:trojan-activity;sid:84521020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657918)"; flow:established,from_client; content:"GET"; http_method; content:"/payload_6.bin"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"167.172.194.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657918/; classtype:trojan-activity;sid:84521018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657919)"; flow:established,from_client; content:"GET"; http_method; content:"/agent_185_208_159_161_8000.res"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"185.208.159.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657919/; classtype:trojan-activity;sid:84521019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657917)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/32gb/av.scr"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"151.29.22.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657917/; classtype:trojan-activity;sid:84521017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657916)"; flow:established,from_client; content:"GET"; http_method; content:"/teee.go"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.208.159.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657916/; classtype:trojan-activity;sid:84521016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657912)"; flow:established,from_client; content:"GET"; http_method; content:"/test.go"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.208.159.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657912/; classtype:trojan-activity;sid:84521012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657913)"; flow:established,from_client; content:"GET"; http_method; content:"/ou.go"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.208.159.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657913/; classtype:trojan-activity;sid:84521013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657914)"; flow:established,from_client; content:"GET"; http_method; content:"/app_185_208_159_161_8000_dll.c"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"185.208.159.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657914/; classtype:trojan-activity;sid:84521014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657915)"; flow:established,from_client; content:"GET"; http_method; content:"/te.go"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.208.159.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657915/; classtype:trojan-activity;sid:84521015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657911)"; flow:established,from_client; content:"GET"; http_method; content:"/xo.go"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.208.159.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657911/; classtype:trojan-activity;sid:84521011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657910)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.148.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657910/; classtype:trojan-activity;sid:84521010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657909)"; flow:established,from_client; content:"GET"; http_method; content:"/2cttjx1avz.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pm7.6-b408.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657909/; classtype:trojan-activity;sid:84521009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657908)"; flow:established,from_client; content:"GET"; http_method; content:"/0k.google|3f|t=ak67nfk5"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"a.m046d.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657908/; classtype:trojan-activity;sid:84521008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657907)"; flow:established,from_client; content:"GET"; http_method; content:"/53xtglwhcg.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"i.tqh2e.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657907/; classtype:trojan-activity;sid:84521007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657906)"; flow:established,from_client; content:"GET"; http_method; content:"/0k.google|3f|t=bern63pk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"a.m046d.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657906/; classtype:trojan-activity;sid:84521006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657905)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.64.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657905/; classtype:trojan-activity;sid:84521005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657904)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.19.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657904/; classtype:trojan-activity;sid:84521004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657903)"; flow:established,from_client; content:"GET"; http_method; content:"/xb7a8ax9ww.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"i.tqh2e.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657903/; classtype:trojan-activity;sid:84521003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657902)"; flow:established,from_client; content:"GET"; http_method; content:"/b5wwb4w8ml.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k4.6-b408.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657902/; classtype:trojan-activity;sid:84521002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657901)"; flow:established,from_client; content:"GET"; http_method; content:"/ya04.google|3f|t=ok9p7zu7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"z9m.x352x.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657901/; classtype:trojan-activity;sid:84521001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657900)"; flow:established,from_client; content:"GET"; http_method; content:"/ya04.google|3f|t=tlvxerdh"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"z9m.x352x.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657900/; classtype:trojan-activity;sid:84521000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657899)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.54.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657899/; classtype:trojan-activity;sid:84520999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657898)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.135.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657898/; classtype:trojan-activity;sid:84520998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657897)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.148.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657897/; classtype:trojan-activity;sid:84520997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657896)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.64.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657896/; classtype:trojan-activity;sid:84520996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657895)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.108.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657895/; classtype:trojan-activity;sid:84520995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657894)"; flow:established,from_client; content:"GET"; http_method; content:"/1n.check|3f|t=me26t0p5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"qb.x352x.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657894/; classtype:trojan-activity;sid:84520994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657893)"; flow:established,from_client; content:"GET"; http_method; content:"/o31owme9s4.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"i.tqh2e.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657893/; classtype:trojan-activity;sid:84520993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657892)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.50.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657892/; classtype:trojan-activity;sid:84520992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657891)"; flow:established,from_client; content:"GET"; http_method; content:"/fpb7uwisvr.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"y.6-b408.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657891/; classtype:trojan-activity;sid:84520991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657890)"; flow:established,from_client; content:"GET"; http_method; content:"/1n.check|3f|t=cn2tm4fq"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"qb.x352x.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657890/; classtype:trojan-activity;sid:84520990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657889)"; flow:established,from_client; content:"GET"; http_method; content:"/0nypfh5f0x.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"y.6-b408.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657889/; classtype:trojan-activity;sid:84520989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657888)"; flow:established,from_client; content:"GET"; http_method; content:"/4wq.google|3f|t=1gbu3xn4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"m2.x352x.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657888/; classtype:trojan-activity;sid:84520988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657887)"; flow:established,from_client; content:"GET"; http_method; content:"/4wq.google|3f|t=tfdj7dau"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"m2.x352x.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657887/; classtype:trojan-activity;sid:84520987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657886)"; flow:established,from_client; content:"GET"; http_method; content:"/z0cpn1zezz.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"i.tqh2e.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657886/; classtype:trojan-activity;sid:84520986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657885)"; flow:established,from_client; content:"GET"; http_method; content:"/g1vmelx29l.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"i.tqh2e.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657885/; classtype:trojan-activity;sid:84520985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657884)"; flow:established,from_client; content:"GET"; http_method; content:"/tv.check|3f|t=82rhcame"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"x.x352x.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657884/; classtype:trojan-activity;sid:84520984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657883)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.231.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657883/; classtype:trojan-activity;sid:84520983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657882)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.81.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657882/; classtype:trojan-activity;sid:84520982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657881)"; flow:established,from_client; content:"GET"; http_method; content:"/tv.check|3f|t=63ulmz5t"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"x.x352x.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657881/; classtype:trojan-activity;sid:84520981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657880)"; flow:established,from_client; content:"GET"; http_method; content:"/nisfqq3nmu.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k4.3-c719.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657880/; classtype:trojan-activity;sid:84520980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657879)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.108.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657879/; classtype:trojan-activity;sid:84520979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657878)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.122.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657878/; classtype:trojan-activity;sid:84520978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657877)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.50.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657877/; classtype:trojan-activity;sid:84520977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657876)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.118.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657876/; classtype:trojan-activity;sid:84520976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657875)"; flow:established,from_client; content:"GET"; http_method; content:"/ech9dy4282.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k4.3-c719.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657875/; classtype:trojan-activity;sid:84520975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657874)"; flow:established,from_client; content:"GET"; http_method; content:"/0a7.google|3f|t=lrk9obw6"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"pn.x352x.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657874/; classtype:trojan-activity;sid:84520974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657873)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.90.145.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657873/; classtype:trojan-activity;sid:84520973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657872)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.231.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657872/; classtype:trojan-activity;sid:84520972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657871)"; flow:established,from_client; content:"GET"; http_method; content:"/0wqv8d6gqf.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"i.tqh2e.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657871/; classtype:trojan-activity;sid:84520971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657870)"; flow:established,from_client; content:"GET"; http_method; content:"/9q2.check|3f|t=h7x2qztk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"h3.x352x.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657870/; classtype:trojan-activity;sid:84520970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657868)"; flow:established,from_client; content:"GET"; http_method; content:"/9q2.check|3f|t=2w0wocx8"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"h3.x352x.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657868/; classtype:trojan-activity;sid:84520968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657869)"; flow:established,from_client; content:"GET"; http_method; content:"/dukhfdhr9x.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"z3.3-c719.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657869/; classtype:trojan-activity;sid:84520969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657867)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.101.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657867/; classtype:trojan-activity;sid:84520967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657866)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.95.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657866/; classtype:trojan-activity;sid:84520966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657865)"; flow:established,from_client; content:"GET"; http_method; content:"/tk6sg4o4jo.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"i.tqh2e.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657865/; classtype:trojan-activity;sid:84520965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657862)"; flow:established,from_client; content:"GET"; http_method; content:"/f1.google|3f|t=40d1u7xp"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"s.x352x.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657862/; classtype:trojan-activity;sid:84520962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657863)"; flow:established,from_client; content:"GET"; http_method; content:"/f1.google|3f|t=o19fb4fe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"s.x352x.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657863/; classtype:trojan-activity;sid:84520963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657864)"; flow:established,from_client; content:"GET"; http_method; content:"/7663ynwrft.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qm9.3-c719.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657864/; classtype:trojan-activity;sid:84520964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657861)"; flow:established,from_client; content:"GET"; http_method; content:"/c5m8.google|3f|t=beca9g1e"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"z.z491l.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657861/; classtype:trojan-activity;sid:84520961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657860)"; flow:established,from_client; content:"GET"; http_method; content:"/55axhtphns.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"i.tqh2e.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657860/; classtype:trojan-activity;sid:84520960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657859)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.145.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657859/; classtype:trojan-activity;sid:84520959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657858)"; flow:established,from_client; content:"GET"; http_method; content:"/3smk2txiez.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qm9.3-c719.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657858/; classtype:trojan-activity;sid:84520958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657857)"; flow:established,from_client; content:"GET"; http_method; content:"/c5m8.google|3f|t=aqtnbhqv"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"z.z491l.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657857/; classtype:trojan-activity;sid:84520957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657856)"; flow:established,from_client; content:"GET"; http_method; content:"/5epnvgb9zx.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"i.tqh2e.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657856/; classtype:trojan-activity;sid:84520956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657855)"; flow:established,from_client; content:"GET"; http_method; content:"/c5m8.google|3f|t=73phmra1"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"z.z491l.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657855/; classtype:trojan-activity;sid:84520955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657854)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.81.99.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657854/; classtype:trojan-activity;sid:84520954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657853)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.179.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657853/; classtype:trojan-activity;sid:84520953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657852)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.95.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657852/; classtype:trojan-activity;sid:84520952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657851)"; flow:established,from_client; content:"GET"; http_method; content:"/7b0.check|3f|t=wz70g5zp"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"t1v.z491l.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657851/; classtype:trojan-activity;sid:84520951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657849)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"infounitehub.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657849/; classtype:trojan-activity;sid:84520949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657850)"; flow:established,from_client; content:"GET"; http_method; content:"/qt737yh640.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"i.tqh2e.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657850/; classtype:trojan-activity;sid:84520950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657848)"; flow:established,from_client; content:"GET"; http_method; content:"/pytjx9vvru.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"u1.3-c719.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657848/; classtype:trojan-activity;sid:84520948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657847)"; flow:established,from_client; content:"GET"; http_method; content:"/7b0.check|3f|t=uzuc6l6g"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"t1v.z491l.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657847/; classtype:trojan-activity;sid:84520947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657846)"; flow:established,from_client; content:"GET"; http_method; content:"/xkey13n25h.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"u1.3-c719.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657846/; classtype:trojan-activity;sid:84520946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657845)"; flow:established,from_client; content:"GET"; http_method; content:"/k8.google|3f|t=q7cimdei"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"m2.z491l.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657845/; classtype:trojan-activity;sid:84520945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657844)"; flow:established,from_client; content:"GET"; http_method; content:"/8a242049c1a544959e327edc8b7030a4_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657844/; classtype:trojan-activity;sid:84520944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657840)"; flow:established,from_client; content:"GET"; http_method; content:"/af613d2a4c3f4b1f90ed44a066aad120_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657840/; classtype:trojan-activity;sid:84520940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657841)"; flow:established,from_client; content:"GET"; http_method; content:"/7daf6df0631b49c99b5fd8bd8ac8f5fa_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657841/; classtype:trojan-activity;sid:84520941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657842)"; flow:established,from_client; content:"GET"; http_method; content:"/d27444f388174b6cb1797e1231490fbd_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657842/; classtype:trojan-activity;sid:84520942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657843)"; flow:established,from_client; content:"GET"; http_method; content:"/41871cbeecb742b491ba660018f6a745_build.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657843/; classtype:trojan-activity;sid:84520943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657839)"; flow:established,from_client; content:"GET"; http_method; content:"/bab180a47f7f4e539281d55729229a35_build.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657839/; classtype:trojan-activity;sid:84520939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657834)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/3tokfoi.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657834/; classtype:trojan-activity;sid:84520934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657835)"; flow:established,from_client; content:"GET"; http_method; content:"/aff93c7d122a49fdadfac79f6772e2c3_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657835/; classtype:trojan-activity;sid:84520935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657836)"; flow:established,from_client; content:"GET"; http_method; content:"/757b472eb94c4319b0110ccb818efa62_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657836/; classtype:trojan-activity;sid:84520936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657837)"; flow:established,from_client; content:"GET"; http_method; content:"/18c07787a8f64cefbbdf2654800587fd_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657837/; classtype:trojan-activity;sid:84520937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657838)"; flow:established,from_client; content:"GET"; http_method; content:"/a7981d5db9244c64af00518cab17b6ca_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657838/; classtype:trojan-activity;sid:84520938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657819)"; flow:established,from_client; content:"GET"; http_method; content:"/3d8f6d30398d4164a1ee7c1cff13dcd2_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657819/; classtype:trojan-activity;sid:84520919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657820)"; flow:established,from_client; content:"GET"; http_method; content:"/f365415546494464bb939957e6f1425b_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657820/; classtype:trojan-activity;sid:84520920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657821)"; flow:established,from_client; content:"GET"; http_method; content:"/426f2f1c949e4f1cbe9cd33ba1825228_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657821/; classtype:trojan-activity;sid:84520921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657822)"; flow:established,from_client; content:"GET"; http_method; content:"/5e449b3d9e114218bf2804de1171b97d_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657822/; classtype:trojan-activity;sid:84520922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657823)"; flow:established,from_client; content:"GET"; http_method; content:"/b839faeb51054565a4b3167a5ea2a983_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657823/; classtype:trojan-activity;sid:84520923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657824)"; flow:established,from_client; content:"GET"; http_method; content:"/2711f6f1da194c6988a7bbb442adc497_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657824/; classtype:trojan-activity;sid:84520924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657825)"; flow:established,from_client; content:"GET"; http_method; content:"/75333d8a0eab4c138cda8e1e8a25b08c_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657825/; classtype:trojan-activity;sid:84520925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657826)"; flow:established,from_client; content:"GET"; http_method; content:"/4f2a4a7472ed4cf3bc5169cfc78bbc2a_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657826/; classtype:trojan-activity;sid:84520926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657827)"; flow:established,from_client; content:"GET"; http_method; content:"/38cb767c16d540ca8ddec944a5630a19_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657827/; classtype:trojan-activity;sid:84520927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657828)"; flow:established,from_client; content:"GET"; http_method; content:"/485cdb1e12474cdcbb699d7da21dfc4b_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657828/; classtype:trojan-activity;sid:84520928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657829)"; flow:established,from_client; content:"GET"; http_method; content:"/f1e5a59b2a9145f6983e2b256ac85ece_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657829/; classtype:trojan-activity;sid:84520929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657830)"; flow:established,from_client; content:"GET"; http_method; content:"/29edca7692ef47b8b96111772d829167_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657830/; classtype:trojan-activity;sid:84520930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657831)"; flow:established,from_client; content:"GET"; http_method; content:"/aaaf981bbc4b49faa06ffb4ee0945290_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657831/; classtype:trojan-activity;sid:84520931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657832)"; flow:established,from_client; content:"GET"; http_method; content:"/53290cf06e95475fa6ebc07d5b612d8f_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657832/; classtype:trojan-activity;sid:84520932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657833)"; flow:established,from_client; content:"GET"; http_method; content:"/305056fab30e4c04a491787c14867fee_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657833/; classtype:trojan-activity;sid:84520933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657814)"; flow:established,from_client; content:"GET"; http_method; content:"/9c6acbed3faa456abaa16388e9c7667c_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657814/; classtype:trojan-activity;sid:84520914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657815)"; flow:established,from_client; content:"GET"; http_method; content:"/f1b4cc7898d045af91b7d550bb78c93c_build.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657815/; classtype:trojan-activity;sid:84520915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657816)"; flow:established,from_client; content:"GET"; http_method; content:"/b30229946e9e4d4aa9846128e779a33c_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657816/; classtype:trojan-activity;sid:84520916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657817)"; flow:established,from_client; content:"GET"; http_method; content:"/dadaasads_new.ps1|3f|c"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657817/; classtype:trojan-activity;sid:84520917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657818)"; flow:established,from_client; content:"GET"; http_method; content:"/2c9332860ee544daabf3449fd4a5b914_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657818/; classtype:trojan-activity;sid:84520918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657811)"; flow:established,from_client; content:"GET"; http_method; content:"/ba6752c4d8034ddeaafa804902bcd4c8_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657811/; classtype:trojan-activity;sid:84520911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657812)"; flow:established,from_client; content:"GET"; http_method; content:"/c2e23717744b43abaa3bed47a19309b3_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657812/; classtype:trojan-activity;sid:84520912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657813)"; flow:established,from_client; content:"GET"; http_method; content:"/80c34ba726e8444395fc5acb5f6461cd_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657813/; classtype:trojan-activity;sid:84520913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657810)"; flow:established,from_client; content:"GET"; http_method; content:"/5d410f2cf7594dbe9390d56f746995d1_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657810/; classtype:trojan-activity;sid:84520910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657807)"; flow:established,from_client; content:"GET"; http_method; content:"/7bf5a1d8a204495caad97b148eb1bf97_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657807/; classtype:trojan-activity;sid:84520907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657808)"; flow:established,from_client; content:"GET"; http_method; content:"/1656cc33836f45d3b71798c874fa8543_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657808/; classtype:trojan-activity;sid:84520908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657809)"; flow:established,from_client; content:"GET"; http_method; content:"/3dcd6dd8348540bfaacce836c8e157fa_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657809/; classtype:trojan-activity;sid:84520909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657805)"; flow:established,from_client; content:"GET"; http_method; content:"/03f48fe85fa6454bac21ae095ebb502b_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657805/; classtype:trojan-activity;sid:84520905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657806)"; flow:established,from_client; content:"GET"; http_method; content:"/89be5298127c4675b13e5347c435a9ab_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657806/; classtype:trojan-activity;sid:84520906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657794)"; flow:established,from_client; content:"GET"; http_method; content:"/df070a68f9aa4546975fbb3af8206dc4_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657794/; classtype:trojan-activity;sid:84520894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657795)"; flow:established,from_client; content:"GET"; http_method; content:"/1bdd223140d443b883991e5f9417bdba_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657795/; classtype:trojan-activity;sid:84520895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657796)"; flow:established,from_client; content:"GET"; http_method; content:"/2fcba6c61f984bb2961c26d50d02e609_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657796/; classtype:trojan-activity;sid:84520896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657797)"; flow:established,from_client; content:"GET"; http_method; content:"/c98b36f432364f18af87198670387fe4_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657797/; classtype:trojan-activity;sid:84520897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657798)"; flow:established,from_client; content:"GET"; http_method; content:"/7b6e617e0a6d48539be22c865f8c0bf9_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657798/; classtype:trojan-activity;sid:84520898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657799)"; flow:established,from_client; content:"GET"; http_method; content:"/b6e6471857364f4292d095423fa7ebd0_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657799/; classtype:trojan-activity;sid:84520899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657800)"; flow:established,from_client; content:"GET"; http_method; content:"/89ff9bdcea23450fb3db369ccbe08dae_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657800/; classtype:trojan-activity;sid:84520900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657801)"; flow:established,from_client; content:"GET"; http_method; content:"/fbb49b7f138445709424a8ea0ecf1b0e_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657801/; classtype:trojan-activity;sid:84520901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657802)"; flow:established,from_client; content:"GET"; http_method; content:"/5f70936adcc640a4852b6037417b1301_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657802/; classtype:trojan-activity;sid:84520902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657803)"; flow:established,from_client; content:"GET"; http_method; content:"/040c5409ce5d40168c989f9346803091_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657803/; classtype:trojan-activity;sid:84520903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657804)"; flow:established,from_client; content:"GET"; http_method; content:"/e1ae86354aec48f9924f31c4660ee0e8_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657804/; classtype:trojan-activity;sid:84520904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657786)"; flow:established,from_client; content:"GET"; http_method; content:"/5e8dd5ce6900428bb572ba7705002618_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657786/; classtype:trojan-activity;sid:84520886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657787)"; flow:established,from_client; content:"GET"; http_method; content:"/132859e38755407f8b96a074084bbcd8_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657787/; classtype:trojan-activity;sid:84520887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657788)"; flow:established,from_client; content:"GET"; http_method; content:"/ebb10b00c7d74dd58698a0983cb9b526_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657788/; classtype:trojan-activity;sid:84520888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657789)"; flow:established,from_client; content:"GET"; http_method; content:"/442541487e10423ab3fef5d7c2abbe1a_build.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657789/; classtype:trojan-activity;sid:84520889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657790)"; flow:established,from_client; content:"GET"; http_method; content:"/ecf3472393084c539688cdf124f987e3_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657790/; classtype:trojan-activity;sid:84520890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657791)"; flow:established,from_client; content:"GET"; http_method; content:"/9614db5763934b9eace34b1a16dc0ae8_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657791/; classtype:trojan-activity;sid:84520891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657792)"; flow:established,from_client; content:"GET"; http_method; content:"/2ed3e3c5abb540b4a2af71d844db728d_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657792/; classtype:trojan-activity;sid:84520892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657793)"; flow:established,from_client; content:"GET"; http_method; content:"/ee3a7ec1b7e847179e4d6df1de6bae6d_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657793/; classtype:trojan-activity;sid:84520893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657784)"; flow:established,from_client; content:"GET"; http_method; content:"/46c75e08065c4e1eb01a8cba113d68f6_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657784/; classtype:trojan-activity;sid:84520884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657785)"; flow:established,from_client; content:"GET"; http_method; content:"/91367eb6b012489799a8454b8a080de4_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657785/; classtype:trojan-activity;sid:84520885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657781)"; flow:established,from_client; content:"GET"; http_method; content:"/file/pdf24creator.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"62.60.226.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657781/; classtype:trojan-activity;sid:84520881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657782)"; flow:established,from_client; content:"GET"; http_method; content:"/04f74d1de9b942179b52fd8b6eef1a84_build.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657782/; classtype:trojan-activity;sid:84520882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657783)"; flow:established,from_client; content:"GET"; http_method; content:"/58e87367f66b46828e268b8a1ed4ae95_build.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657783/; classtype:trojan-activity;sid:84520883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657779)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/bj4bgb6.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657779/; classtype:trojan-activity;sid:84520879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657780)"; flow:established,from_client; content:"GET"; http_method; content:"/218aac863bec4553b2da928cecceb9ca_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657780/; classtype:trojan-activity;sid:84520880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657778)"; flow:established,from_client; content:"GET"; http_method; content:"/f2e3c40595504038a1900698eb78ea5a_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657778/; classtype:trojan-activity;sid:84520878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657775)"; flow:established,from_client; content:"GET"; http_method; content:"/file/sourcetree.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"62.60.226.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657775/; classtype:trojan-activity;sid:84520875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657776)"; flow:established,from_client; content:"GET"; http_method; content:"/21bb7bb55e9f4135a043a2d6e783216b_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657776/; classtype:trojan-activity;sid:84520876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657777)"; flow:established,from_client; content:"GET"; http_method; content:"/e6bc761b995d49628fdc56f52a4ac780_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657777/; classtype:trojan-activity;sid:84520877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657770)"; flow:established,from_client; content:"GET"; http_method; content:"/ae398be3fc4745c097c3e1003846ce05_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657770/; classtype:trojan-activity;sid:84520870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657771)"; flow:established,from_client; content:"GET"; http_method; content:"/04866d9cf72f437187f791a847040774_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657771/; classtype:trojan-activity;sid:84520871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657772)"; flow:established,from_client; content:"GET"; http_method; content:"/3074850e10f44959aef8995471cdfced_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657772/; classtype:trojan-activity;sid:84520872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657773)"; flow:established,from_client; content:"GET"; http_method; content:"/60d25956c6cb4df38868bf1d604861b3_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657773/; classtype:trojan-activity;sid:84520873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657774)"; flow:established,from_client; content:"GET"; http_method; content:"/f641efb3c3d04eb996984fbc0098e9ad_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657774/; classtype:trojan-activity;sid:84520874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657763)"; flow:established,from_client; content:"GET"; http_method; content:"/6571e11111ad4da18ed71a9275800062_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657763/; classtype:trojan-activity;sid:84520863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657764)"; flow:established,from_client; content:"GET"; http_method; content:"/914cf5da09ca4e9da309443ad7e5e13b_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657764/; classtype:trojan-activity;sid:84520864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657765)"; flow:established,from_client; content:"GET"; http_method; content:"/6a1c5881aa22442a85892ac093c10e12_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657765/; classtype:trojan-activity;sid:84520865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657766)"; flow:established,from_client; content:"GET"; http_method; content:"/78dbc280468a4ab3a3675ff6a1d28efd_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657766/; classtype:trojan-activity;sid:84520866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657767)"; flow:established,from_client; content:"GET"; http_method; content:"/741413b0b9cf4d058a1ae62a2b886365_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657767/; classtype:trojan-activity;sid:84520867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657768)"; flow:established,from_client; content:"GET"; http_method; content:"/b01f04d722c24033b496ba909110e1ce_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657768/; classtype:trojan-activity;sid:84520868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657769)"; flow:established,from_client; content:"GET"; http_method; content:"/ac3409e25721489087143770aed94645_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657769/; classtype:trojan-activity;sid:84520869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657751)"; flow:established,from_client; content:"GET"; http_method; content:"/d10c0c3f963d40e69fb8149615dde1b4_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657751/; classtype:trojan-activity;sid:84520851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657752)"; flow:established,from_client; content:"GET"; http_method; content:"/a4e6e3b9453445448a124d3f62f020ec_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657752/; classtype:trojan-activity;sid:84520852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657753)"; flow:established,from_client; content:"GET"; http_method; content:"/708e36a28435404ca3653b39a963e9f8_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657753/; classtype:trojan-activity;sid:84520853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657754)"; flow:established,from_client; content:"GET"; http_method; content:"/7dbc521760fa460191532ca77b4ca23a_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657754/; classtype:trojan-activity;sid:84520854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657755)"; flow:established,from_client; content:"GET"; http_method; content:"/88dc2d944efc4dc19545353b94ce594a_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657755/; classtype:trojan-activity;sid:84520855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657756)"; flow:established,from_client; content:"GET"; http_method; content:"/7077db60aea6421d9e95cc0222df9a31_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657756/; classtype:trojan-activity;sid:84520856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657757)"; flow:established,from_client; content:"GET"; http_method; content:"/301cc0439aaa45a1a80ef7ed23f6e7c8_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657757/; classtype:trojan-activity;sid:84520857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657758)"; flow:established,from_client; content:"GET"; http_method; content:"/4af237735cc742a3a2d84baf69eecb85_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657758/; classtype:trojan-activity;sid:84520858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657759)"; flow:established,from_client; content:"GET"; http_method; content:"/0c482097516c4490ad4d005ffb73e076_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657759/; classtype:trojan-activity;sid:84520859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657760)"; flow:established,from_client; content:"GET"; http_method; content:"/3398ffa279fd4a7aabcac3657cb98378_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657760/; classtype:trojan-activity;sid:84520860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657761)"; flow:established,from_client; content:"GET"; http_method; content:"/c6143ceb76d746eca1121b98c8254435_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657761/; classtype:trojan-activity;sid:84520861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657762)"; flow:established,from_client; content:"GET"; http_method; content:"/be44039d7da0443c857f94c005b5b8c4_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657762/; classtype:trojan-activity;sid:84520862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657749)"; flow:established,from_client; content:"GET"; http_method; content:"/736030f66a1e437fa58d8a166f9f1422_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657749/; classtype:trojan-activity;sid:84520849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657750)"; flow:established,from_client; content:"GET"; http_method; content:"/30222e26c45741c0a06521bd3f5e28f9_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657750/; classtype:trojan-activity;sid:84520850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657747)"; flow:established,from_client; content:"GET"; http_method; content:"/074d8797ddac4bcdbd05e8c0d5941ed8_build.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657747/; classtype:trojan-activity;sid:84520847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657748)"; flow:established,from_client; content:"GET"; http_method; content:"/c2a521ec278b41a38950679597766f2a_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657748/; classtype:trojan-activity;sid:84520848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657744)"; flow:established,from_client; content:"GET"; http_method; content:"/bd8e62239c594aeca5e0785b8f5fa368_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657744/; classtype:trojan-activity;sid:84520844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657745)"; flow:established,from_client; content:"GET"; http_method; content:"/file/fontdrvhost.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"62.60.226.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657745/; classtype:trojan-activity;sid:84520845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657746)"; flow:established,from_client; content:"GET"; http_method; content:"/9abf81ae282b4f398bba7c945e657624_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657746/; classtype:trojan-activity;sid:84520846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657737)"; flow:established,from_client; content:"GET"; http_method; content:"/7a6f948f35bd41c88546db3ead53990c_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657737/; classtype:trojan-activity;sid:84520837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657738)"; flow:established,from_client; content:"GET"; http_method; content:"/32d9a97901e441e08f883b071cb324c4_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657738/; classtype:trojan-activity;sid:84520838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657739)"; flow:established,from_client; content:"GET"; http_method; content:"/6f3b855bce634082bf944c3d65038833_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657739/; classtype:trojan-activity;sid:84520839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657740)"; flow:established,from_client; content:"GET"; http_method; content:"/7bef0f44fba54f0ea5c9ada8b5115b73_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657740/; classtype:trojan-activity;sid:84520840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657741)"; flow:established,from_client; content:"GET"; http_method; content:"/e6ca62d6172b4f619e59d374e8567a27_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657741/; classtype:trojan-activity;sid:84520841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657742)"; flow:established,from_client; content:"GET"; http_method; content:"/04455e4f11d042758ee1dab76f26dd6c_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657742/; classtype:trojan-activity;sid:84520842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657743)"; flow:established,from_client; content:"GET"; http_method; content:"/ddcff2bd3604444f8055d57736f29d09_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657743/; classtype:trojan-activity;sid:84520843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657714)"; flow:established,from_client; content:"GET"; http_method; content:"/f06045973f2043538aaa269bee4cb02b_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657714/; classtype:trojan-activity;sid:84520814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657715)"; flow:established,from_client; content:"GET"; http_method; content:"/c78591f50b0041d599151771426a0758_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657715/; classtype:trojan-activity;sid:84520815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657716)"; flow:established,from_client; content:"GET"; http_method; content:"/63feea935a7b49f39588bad72c1c4f6b_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657716/; classtype:trojan-activity;sid:84520816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657717)"; flow:established,from_client; content:"GET"; http_method; content:"/29ff59a137ef4f108807614deeb0b58d_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657717/; classtype:trojan-activity;sid:84520817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657718)"; flow:established,from_client; content:"GET"; http_method; content:"/acf7c76677cc44eb92156ce0f29fa6f5_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657718/; classtype:trojan-activity;sid:84520818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657719)"; flow:established,from_client; content:"GET"; http_method; content:"/64195ea194c845a4b31dde94b658b0bb_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657719/; classtype:trojan-activity;sid:84520819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657720)"; flow:established,from_client; content:"GET"; http_method; content:"/1a855032e1fc46c7ab073ff58918f943_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657720/; classtype:trojan-activity;sid:84520820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657721)"; flow:established,from_client; content:"GET"; http_method; content:"/4331b8e42fcf454580be7f5929dd3776_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657721/; classtype:trojan-activity;sid:84520821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657722)"; flow:established,from_client; content:"GET"; http_method; content:"/20b319db40e149f1b0438f4ac9aef542_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657722/; classtype:trojan-activity;sid:84520822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657723)"; flow:established,from_client; content:"GET"; http_method; content:"/892bfb297a93470fbcf073b510534165_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657723/; classtype:trojan-activity;sid:84520823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657724)"; flow:established,from_client; content:"GET"; http_method; content:"/63df703358414f308eac15cd4a75c1ee_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657724/; classtype:trojan-activity;sid:84520824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657725)"; flow:established,from_client; content:"GET"; http_method; content:"/1631740674234e668a663a08ce980aa5_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657725/; classtype:trojan-activity;sid:84520825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657726)"; flow:established,from_client; content:"GET"; http_method; content:"/e09694d98f9b43c89ac373a5bae28b82_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657726/; classtype:trojan-activity;sid:84520826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657727)"; flow:established,from_client; content:"GET"; http_method; content:"/8c861213f929421eb98979781a255507_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657727/; classtype:trojan-activity;sid:84520827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657728)"; flow:established,from_client; content:"GET"; http_method; content:"/a9679536cfd04bdc87927190200292d9_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657728/; classtype:trojan-activity;sid:84520828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657729)"; flow:established,from_client; content:"GET"; http_method; content:"/918613bf6a6f4ff8a18d51d68bcd6503_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657729/; classtype:trojan-activity;sid:84520829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657730)"; flow:established,from_client; content:"GET"; http_method; content:"/889585280bd240d3a73a63e90498e289_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657730/; classtype:trojan-activity;sid:84520830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657731)"; flow:established,from_client; content:"GET"; http_method; content:"/501855b4ed734aaebd9cd9599a2ba038_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657731/; classtype:trojan-activity;sid:84520831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657732)"; flow:established,from_client; content:"GET"; http_method; content:"/9b11c23d5a4e4873823ad6ef03ff2875_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657732/; classtype:trojan-activity;sid:84520832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657733)"; flow:established,from_client; content:"GET"; http_method; content:"/b45a428a9f514d019b4548e9d61394af_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657733/; classtype:trojan-activity;sid:84520833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657734)"; flow:established,from_client; content:"GET"; http_method; content:"/1c826e8f7e5a4fef9e4f63ec87b80bf5_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657734/; classtype:trojan-activity;sid:84520834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657735)"; flow:established,from_client; content:"GET"; http_method; content:"/2bd4c57657c643a48fcc33885aa924f2_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657735/; classtype:trojan-activity;sid:84520835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657736)"; flow:established,from_client; content:"GET"; http_method; content:"/2813f891633e4b7a8216ad6dcfe4a175_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657736/; classtype:trojan-activity;sid:84520836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657711)"; flow:established,from_client; content:"GET"; http_method; content:"/1249c71b75e546be9ea2f089b1c87335_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657711/; classtype:trojan-activity;sid:84520811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657712)"; flow:established,from_client; content:"GET"; http_method; content:"/725cb442dd0b44b393f4bf381cce2eb7_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657712/; classtype:trojan-activity;sid:84520812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657713)"; flow:established,from_client; content:"GET"; http_method; content:"/15bd76f3de7148078d13b134436e8d3a_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657713/; classtype:trojan-activity;sid:84520813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657701)"; flow:established,from_client; content:"GET"; http_method; content:"/dwrioej/neon.x86_64"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"176.65.141.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657701/; classtype:trojan-activity;sid:84520801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657702)"; flow:established,from_client; content:"GET"; http_method; content:"/dwrioej/neon.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"176.65.141.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657702/; classtype:trojan-activity;sid:84520802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657703)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"151.242.30.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657703/; classtype:trojan-activity;sid:84520803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657704)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"91.92.242.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657704/; classtype:trojan-activity;sid:84520804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657705)"; flow:established,from_client; content:"GET"; http_method; content:"/dwrioej/neon.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"176.65.141.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657705/; classtype:trojan-activity;sid:84520805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657706)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"91.92.242.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657706/; classtype:trojan-activity;sid:84520806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657707)"; flow:established,from_client; content:"GET"; http_method; content:"/dwrioej/neon.arc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"176.65.141.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657707/; classtype:trojan-activity;sid:84520807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657708)"; flow:established,from_client; content:"GET"; http_method; content:"/dwrioej/neon.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"176.65.141.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657708/; classtype:trojan-activity;sid:84520808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657709)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"151.242.30.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657709/; classtype:trojan-activity;sid:84520809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657710)"; flow:established,from_client; content:"GET"; http_method; content:"/dwrioej/neon.i686"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"176.65.141.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657710/; classtype:trojan-activity;sid:84520810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657693)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"151.242.30.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657693/; classtype:trojan-activity;sid:84520793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657694)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"151.242.30.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657694/; classtype:trojan-activity;sid:84520794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657695)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"151.242.30.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657695/; classtype:trojan-activity;sid:84520795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657696)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"151.242.30.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657696/; classtype:trojan-activity;sid:84520796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657697)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"151.242.30.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657697/; classtype:trojan-activity;sid:84520797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657698)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"151.242.30.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657698/; classtype:trojan-activity;sid:84520798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657699)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"151.242.30.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657699/; classtype:trojan-activity;sid:84520799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657700)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"151.242.30.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657700/; classtype:trojan-activity;sid:84520800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657688)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"91.92.242.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657688/; classtype:trojan-activity;sid:84520788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657689)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.92.242.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657689/; classtype:trojan-activity;sid:84520789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657690)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"91.92.242.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657690/; classtype:trojan-activity;sid:84520790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657691)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.92.242.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657691/; classtype:trojan-activity;sid:84520791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657692)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"91.92.242.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657692/; classtype:trojan-activity;sid:84520792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657684)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.92.242.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657684/; classtype:trojan-activity;sid:84520784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657685)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.92.242.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657685/; classtype:trojan-activity;sid:84520785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657686)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.92.242.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657686/; classtype:trojan-activity;sid:84520786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657687)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.92.242.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657687/; classtype:trojan-activity;sid:84520787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657683)"; flow:established,from_client; content:"GET"; http_method; content:"/aa043iyprk.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"a.tqh2e.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657683/; classtype:trojan-activity;sid:84520783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657682)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"151.242.30.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657682/; classtype:trojan-activity;sid:84520782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657681)"; flow:established,from_client; content:"GET"; http_method; content:"/tn3.check|3f|t=g5iu3vq3"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"q.z491l.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657681/; classtype:trojan-activity;sid:84520781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657680)"; flow:established,from_client; content:"GET"; http_method; content:"/p4lhrigewd.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"h.3-c719.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657680/; classtype:trojan-activity;sid:84520780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657679)"; flow:established,from_client; content:"GET"; http_method; content:"/tn3.check|3f|t=r0lhmun9"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"q.z491l.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657679/; classtype:trojan-activity;sid:84520779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657678)"; flow:established,from_client; content:"GET"; http_method; content:"/c/install.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"jesook.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657678/; classtype:trojan-activity;sid:84520778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657677)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.64.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657677/; classtype:trojan-activity;sid:84520777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657676)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.59.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657676/; classtype:trojan-activity;sid:84520776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657675)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.110.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657675/; classtype:trojan-activity;sid:84520775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657673)"; flow:established,from_client; content:"GET"; http_method; content:"/03sbg8wqhi.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"zd.7-j230.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657673/; classtype:trojan-activity;sid:84520773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657674)"; flow:established,from_client; content:"GET"; http_method; content:"/0c1.google|3f|t=7w80tq88"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"hx.z491l.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657674/; classtype:trojan-activity;sid:84520774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657672)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"168.197.157.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657672/; classtype:trojan-activity;sid:84520772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657671)"; flow:established,from_client; content:"GET"; http_method; content:"/4xl02ncvbs.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ex.xhs-8-e.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657671/; classtype:trojan-activity;sid:84520771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657670)"; flow:established,from_client; content:"GET"; http_method; content:"/0c1.google|3f|t=9twoi856"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"hx.z491l.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657670/; classtype:trojan-activity;sid:84520770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657669)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.190.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657669/; classtype:trojan-activity;sid:84520769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657668)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.64.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657668/; classtype:trojan-activity;sid:84520768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657667)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.251.161.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657667/; classtype:trojan-activity;sid:84520767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657666)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.59.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657666/; classtype:trojan-activity;sid:84520766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657665)"; flow:established,from_client; content:"GET"; http_method; content:"/anvw1o1sey.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"zd.7-j230.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657665/; classtype:trojan-activity;sid:84520765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657664)"; flow:established,from_client; content:"GET"; http_method; content:"/qk7.check|3f|t=cshptxc1"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"d4.z491l.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657664/; classtype:trojan-activity;sid:84520764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657663)"; flow:established,from_client; content:"GET"; http_method; content:"/xuxbm0qm6y.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ex.xhs-8-e.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657663/; classtype:trojan-activity;sid:84520763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657662)"; flow:established,from_client; content:"GET"; http_method; content:"/qk7.check|3f|t=36r05bej"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"d4.z491l.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657662/; classtype:trojan-activity;sid:84520762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657661)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.35.92.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657661/; classtype:trojan-activity;sid:84520761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657660)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.54.127.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657660/; classtype:trojan-activity;sid:84520760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657659)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.251.161.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657659/; classtype:trojan-activity;sid:84520759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657658)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"168.197.157.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657658/; classtype:trojan-activity;sid:84520758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657657)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.186.144.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657657/; classtype:trojan-activity;sid:84520757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657656)"; flow:established,from_client; content:"GET"; http_method; content:"/d/vipx69930"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.93.89.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657656/; classtype:trojan-activity;sid:84520756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657654)"; flow:established,from_client; content:"GET"; http_method; content:"/otherassets/plist"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.93.89.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657654/; classtype:trojan-activity;sid:84520754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657655)"; flow:established,from_client; content:"GET"; http_method; content:"/c9eyytdtza.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ew.xhs-8-e.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657655/; classtype:trojan-activity;sid:84520755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657653)"; flow:established,from_client; content:"GET"; http_method; content:"/d/vipx92994"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.93.89.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657653/; classtype:trojan-activity;sid:84520753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657652)"; flow:established,from_client; content:"GET"; http_method; content:"/2x.google|3f|t=pc3i8lmm"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"n.z491l.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657652/; classtype:trojan-activity;sid:84520752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657650)"; flow:established,from_client; content:"GET"; http_method; content:"/parfume"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"franceparfumes.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657650/; classtype:trojan-activity;sid:84520750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657651)"; flow:established,from_client; content:"GET"; http_method; content:"/parfume"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"franceparfumes.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657651/; classtype:trojan-activity;sid:84520751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657649)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.110.13.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657649/; classtype:trojan-activity;sid:84520749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657647)"; flow:established,from_client; content:"GET"; http_method; content:"/d/vipx16554"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.93.89.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657647/; classtype:trojan-activity;sid:84520747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657648)"; flow:established,from_client; content:"GET"; http_method; content:"/d/vipx18685"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.93.89.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657648/; classtype:trojan-activity;sid:84520748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657646)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.54.127.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657646/; classtype:trojan-activity;sid:84520746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657645)"; flow:established,from_client; content:"GET"; http_method; content:"/bt6j1690j5.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r2.7-j230.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657645/; classtype:trojan-activity;sid:84520745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657644)"; flow:established,from_client; content:"GET"; http_method; content:"/2x.google|3f|t=hw0iyqsa"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"n.z491l.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657644/; classtype:trojan-activity;sid:84520744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657643)"; flow:established,from_client; content:"GET"; http_method; content:"/w8kuy6hlwk.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ew.xhs-8-e.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657643/; classtype:trojan-activity;sid:84520743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657642)"; flow:established,from_client; content:"GET"; http_method; content:"/2x.google|3f|t=3p4jrqb5"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"n.z491l.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657642/; classtype:trojan-activity;sid:84520742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657641)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.186.144.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657641/; classtype:trojan-activity;sid:84520741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657640)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.236.244.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657640/; classtype:trojan-activity;sid:84520740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657639)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.114.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657639/; classtype:trojan-activity;sid:84520739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657636)"; flow:established,from_client; content:"GET"; http_method; content:"/w7q4.google|3f|t=9e2k4rj0"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"p2n.c109s.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657636/; classtype:trojan-activity;sid:84520736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657637)"; flow:established,from_client; content:"GET"; http_method; content:"/8zaaxqqewe.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"wq9.7-j230.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657637/; classtype:trojan-activity;sid:84520737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657638)"; flow:established,from_client; content:"GET"; http_method; content:"/ycedwd6nom.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"er.xhs-8-e.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657638/; classtype:trojan-activity;sid:84520738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657635)"; flow:established,from_client; content:"GET"; http_method; content:"/w7q4.google|3f|t=z3osacdx"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"p2n.c109s.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657635/; classtype:trojan-activity;sid:84520735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657634)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.81.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657634/; classtype:trojan-activity;sid:84520734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657633)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.163.13.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657633/; classtype:trojan-activity;sid:84520733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657632)"; flow:established,from_client; content:"GET"; http_method; content:"/k7p.google|3f|t=ccj5ensl"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"x9.c109s.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657632/; classtype:trojan-activity;sid:84520732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657631)"; flow:established,from_client; content:"GET"; http_method; content:"/gstftnte2b.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c7.7-j230.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657631/; classtype:trojan-activity;sid:84520731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657630)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.52.144.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657630/; classtype:trojan-activity;sid:84520730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657629)"; flow:established,from_client; content:"GET"; http_method; content:"/l55dkmvxkk.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"et.xhs-8-e.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657629/; classtype:trojan-activity;sid:84520729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657627)"; flow:established,from_client; content:"GET"; http_method; content:"/dq.check|3f|t=r955ohnh"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"t1.c109s.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657627/; classtype:trojan-activity;sid:84520727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657628)"; flow:established,from_client; content:"GET"; http_method; content:"/vy57ix906p.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c7.7-j230.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657628/; classtype:trojan-activity;sid:84520728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657626)"; flow:established,from_client; content:"GET"; http_method; content:"/dq.check|3f|t=gz0x60x7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"t1.c109s.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657626/; classtype:trojan-activity;sid:84520726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657625)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.38.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657625/; classtype:trojan-activity;sid:84520725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657624)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.101.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657624/; classtype:trojan-activity;sid:84520724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657623)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657623/; classtype:trojan-activity;sid:84520723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657622)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.186.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657622/; classtype:trojan-activity;sid:84520722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657620)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.198.133.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657620/; classtype:trojan-activity;sid:84520720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657621)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.52.144.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657621/; classtype:trojan-activity;sid:84520721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657619)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.76.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657619/; classtype:trojan-activity;sid:84520719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657617)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.1.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657617/; classtype:trojan-activity;sid:84520717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657618)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.163.13.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657618/; classtype:trojan-activity;sid:84520718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657614)"; flow:established,from_client; content:"GET"; http_method; content:"/pq30rpbl9c.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"n.7-j230.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657614/; classtype:trojan-activity;sid:84520714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657615)"; flow:established,from_client; content:"GET"; http_method; content:"/0a1.google|3f|t=j8z0q50x"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"qs.c109s.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657615/; classtype:trojan-activity;sid:84520715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657616)"; flow:established,from_client; content:"GET"; http_method; content:"/p3d15kbirn.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"es.xhs-8-e.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657616/; classtype:trojan-activity;sid:84520716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657613)"; flow:established,from_client; content:"GET"; http_method; content:"/0a1.google|3f|t=9zl8zae5"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"qs.c109s.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657613/; classtype:trojan-activity;sid:84520713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657611)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.37.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657611/; classtype:trojan-activity;sid:84520711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657612)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.236.244.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657612/; classtype:trojan-activity;sid:84520712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657610)"; flow:established,from_client; content:"GET"; http_method; content:"/4jcdk5cojq.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"es.xhs-8-e.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657610/; classtype:trojan-activity;sid:84520710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657609)"; flow:established,from_client; content:"GET"; http_method; content:"/7kz.check|3f|t=wehicewy"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"m8.c109s.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657609/; classtype:trojan-activity;sid:84520709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657608)"; flow:established,from_client; content:"GET"; http_method; content:"/e5t56ks8ek.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k9.2-j695.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657608/; classtype:trojan-activity;sid:84520708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657607)"; flow:established,from_client; content:"GET"; http_method; content:"/7kz.check|3f|t=5hvg683x"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"m8.c109s.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657607/; classtype:trojan-activity;sid:84520707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657606)"; flow:established,from_client; content:"GET"; http_method; content:"/e0hjrhfgoz.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"en.dbc-8-i.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657606/; classtype:trojan-activity;sid:84520706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657605)"; flow:established,from_client; content:"GET"; http_method; content:"/r2.google|3f|t=on7pbvk1"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"b.c109s.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657605/; classtype:trojan-activity;sid:84520705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657604)"; flow:established,from_client; content:"GET"; http_method; content:"/sw7hs0b1vv.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k9.2-j695.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657604/; classtype:trojan-activity;sid:84520704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657603)"; flow:established,from_client; content:"GET"; http_method; content:"/r2.google|3f|t=8th4xigl"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"b.c109s.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657603/; classtype:trojan-activity;sid:84520703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657602)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657602/; classtype:trojan-activity;sid:84520702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657601)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.186.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657601/; classtype:trojan-activity;sid:84520701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657600)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.76.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657600/; classtype:trojan-activity;sid:84520700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657599)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.198.133.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657599/; classtype:trojan-activity;sid:84520699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657598)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.37.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657598/; classtype:trojan-activity;sid:84520698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657596)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.139.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657596/; classtype:trojan-activity;sid:84520696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657595)"; flow:established,from_client; content:"GET"; http_method; content:"/95t7bvyqkj.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m7.2-j695.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657595/; classtype:trojan-activity;sid:84520695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657594)"; flow:established,from_client; content:"GET"; http_method; content:"/w1m3.google|3f|t=is8lvu5k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"xq9.f926m.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657594/; classtype:trojan-activity;sid:84520694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657593)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.85.170.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657593/; classtype:trojan-activity;sid:84520693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657592)"; flow:established,from_client; content:"GET"; http_method; content:"/s0c2u25nr3.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"en.dbc-8-i.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657592/; classtype:trojan-activity;sid:84520692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657591)"; flow:established,from_client; content:"GET"; http_method; content:"/w1m3.google|3f|t=xztti61k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"xq9.f926m.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657591/; classtype:trojan-activity;sid:84520691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657590)"; flow:established,from_client; content:"GET"; http_method; content:"/sostener1.vbs"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"158.94.209.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657590/; classtype:trojan-activity;sid:84520690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657589)"; flow:established,from_client; content:"GET"; http_method; content:"/otc.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"158.94.209.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657589/; classtype:trojan-activity;sid:84520689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657585)"; flow:established,from_client; content:"GET"; http_method; content:"/sostener.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"exclusionremcoss.duckdns.org"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657585/; classtype:trojan-activity;sid:84520685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657586)"; flow:established,from_client; content:"GET"; http_method; content:"/proceso.vbs"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"exclusionremcoss.duckdns.org"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657586/; classtype:trojan-activity;sid:84520686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657587)"; flow:established,from_client; content:"GET"; http_method; content:"/hgt.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"alpinreisan1.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657587/; classtype:trojan-activity;sid:84520687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657588)"; flow:established,from_client; content:"GET"; http_method; content:"/tiktok18.apk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"fun-game-downloaders.top"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657588/; classtype:trojan-activity;sid:84520688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657584)"; flow:established,from_client; content:"GET"; http_method; content:"/sostener1.vbs"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"exclusionremcoss.duckdns.org"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657584/; classtype:trojan-activity;sid:84520684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657582)"; flow:established,from_client; content:"GET"; http_method; content:"/gh/reklamortak-hub/tmlaa@main/chromeguncelleme.apk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"cdn.jsdelivr.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657582/; classtype:trojan-activity;sid:84520682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657583)"; flow:established,from_client; content:"GET"; http_method; content:"/gh/reklamortak-hub/axma@main/chromeguncelleme.apk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"cdn.jsdelivr.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657583/; classtype:trojan-activity;sid:84520683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657576)"; flow:established,from_client; content:"GET"; http_method; content:"/hhp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"alpinreisan1.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657576/; classtype:trojan-activity;sid:84520676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657577)"; flow:established,from_client; content:"GET"; http_method; content:"/mmm.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"alpinreisan1.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657577/; classtype:trojan-activity;sid:84520677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657578)"; flow:established,from_client; content:"GET"; http_method; content:"/scvhost.vbs"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"exclusionremcoss.duckdns.org"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657578/; classtype:trojan-activity;sid:84520678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657579)"; flow:established,from_client; content:"GET"; http_method; content:"/hcr.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"alpinreisan1.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657579/; classtype:trojan-activity;sid:84520679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657580)"; flow:established,from_client; content:"GET"; http_method; content:"/excel.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"bmh-global.myfirewall.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657580/; classtype:trojan-activity;sid:84520680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657581)"; flow:established,from_client; content:"GET"; http_method; content:"/voucherwonderland.js"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"js-storage.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657581/; classtype:trojan-activity;sid:84520681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657568)"; flow:established,from_client; content:"GET"; http_method; content:"/kawt2qxfppuenm/plugins/clip64.dll"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.92.242.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657568/; classtype:trojan-activity;sid:84520668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657569)"; flow:established,from_client; content:"GET"; http_method; content:"/review%20and%20sign..pdf"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"lg.oneguy4u.sa.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657569/; classtype:trojan-activity;sid:84520669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657570)"; flow:established,from_client; content:"GET"; http_method; content:"/sostener.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"158.94.209.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657570/; classtype:trojan-activity;sid:84520670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657571)"; flow:established,from_client; content:"GET"; http_method; content:"/kawt2qxfppuenm/plugins/clip.dll"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"91.92.242.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657571/; classtype:trojan-activity;sid:84520671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657572)"; flow:established,from_client; content:"GET"; http_method; content:"/log/ce574991.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"178.16.52.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657572/; classtype:trojan-activity;sid:84520672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657573)"; flow:established,from_client; content:"GET"; http_method; content:"/kawt2qxfppuenm/plugins/cred.dll"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"91.92.242.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657573/; classtype:trojan-activity;sid:84520673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657574)"; flow:established,from_client; content:"GET"; http_method; content:"/kawt2qxfppuenm/plugins/cred64.dll"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.92.242.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657574/; classtype:trojan-activity;sid:84520674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657575)"; flow:established,from_client; content:"GET"; http_method; content:"/wff.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"alpinreisan1.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657575/; classtype:trojan-activity;sid:84520675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657565)"; flow:established,from_client; content:"GET"; http_method; content:"/rad/random.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657565/; classtype:trojan-activity;sid:84520665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657566)"; flow:established,from_client; content:"GET"; http_method; content:"/min2/ce510697.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"178.16.52.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657566/; classtype:trojan-activity;sid:84520666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657567)"; flow:established,from_client; content:"GET"; http_method; content:"/taqumn21pwtffka.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.92.240.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657567/; classtype:trojan-activity;sid:84520667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657563)"; flow:established,from_client; content:"GET"; http_method; content:"/lrcnaco7v7vkgmm.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.92.240.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657563/; classtype:trojan-activity;sid:84520663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657564)"; flow:established,from_client; content:"GET"; http_method; content:"/jsrepo|3f|rnd=0.7602454220020385|7c|26|7c|ts=1759496707015"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"getfix.win"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657564/; classtype:trojan-activity;sid:84520664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657561)"; flow:established,from_client; content:"GET"; http_method; content:"/e55gjjtfitxysh4.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.92.240.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657561/; classtype:trojan-activity;sid:84520661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657562)"; flow:established,from_client; content:"GET"; http_method; content:"/umn21taqpwtaffk.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.92.240.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657562/; classtype:trojan-activity;sid:84520662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657560)"; flow:established,from_client; content:"GET"; http_method; content:"/dknmzcc2vqbm/raw/"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"paste.monster"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657560/; classtype:trojan-activity;sid:84520660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657558)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"91.92.242.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657558/; classtype:trojan-activity;sid:84520658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657559)"; flow:established,from_client; content:"GET"; http_method; content:"/random.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"91.92.240.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657559/; classtype:trojan-activity;sid:84520659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657557)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.7.221.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657557/; classtype:trojan-activity;sid:84520657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657556)"; flow:established,from_client; content:"GET"; http_method; content:"/t39.check|3f|t=44djdme8"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"h7.f926m.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657556/; classtype:trojan-activity;sid:84520656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657554)"; flow:established,from_client; content:"GET"; http_method; content:"/l8m2beo13p.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m7.2-j695.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657554/; classtype:trojan-activity;sid:84520654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657555)"; flow:established,from_client; content:"GET"; http_method; content:"/rb1lt8gzbq.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"en.dbc-8-i.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657555/; classtype:trojan-activity;sid:84520655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657553)"; flow:established,from_client; content:"GET"; http_method; content:"/t39.check|3f|t=l8fizmv3"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"h7.f926m.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657553/; classtype:trojan-activity;sid:84520653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657552)"; flow:established,from_client; content:"GET"; http_method; content:"/5eq1weblzp.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"tq1.2-j695.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657552/; classtype:trojan-activity;sid:84520652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657551)"; flow:established,from_client; content:"GET"; http_method; content:"/0xq.google|3f|t=vgmrygu4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"pv.f926m.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657551/; classtype:trojan-activity;sid:84520651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657550)"; flow:established,from_client; content:"GET"; http_method; content:"/m4d.check|3f|t=bxqnnh40"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"a1.f926m.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657550/; classtype:trojan-activity;sid:84520650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657549)"; flow:established,from_client; content:"GET"; http_method; content:"/zzjxjcpnrs.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"tq1.2-j695.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657549/; classtype:trojan-activity;sid:84520649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657548)"; flow:established,from_client; content:"GET"; http_method; content:"/eal6x146u3.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"en.dbc-8-i.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657548/; classtype:trojan-activity;sid:84520648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657547)"; flow:established,from_client; content:"GET"; http_method; content:"/m4d.check|3f|t=h4rgcwdq"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"a1.f926m.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657547/; classtype:trojan-activity;sid:84520647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657546)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.177.18.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657546/; classtype:trojan-activity;sid:84520646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657545)"; flow:established,from_client; content:"GET"; http_method; content:"/1r.google|3f|t=stb3a9uw"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"zt.f926m.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657545/; classtype:trojan-activity;sid:84520645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657544)"; flow:established,from_client; content:"GET"; http_method; content:"/50bb0t35en.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"en.dbc-8-i.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657544/; classtype:trojan-activity;sid:84520644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657543)"; flow:established,from_client; content:"GET"; http_method; content:"/1r.google|3f|t=ev00xrhe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"zt.f926m.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657543/; classtype:trojan-activity;sid:84520643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657542)"; flow:established,from_client; content:"GET"; http_method; content:"/2txllqx4ug.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"b2.2-j695.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657542/; classtype:trojan-activity;sid:84520642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657541)"; flow:established,from_client; content:"GET"; http_method; content:"/axc73regib.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"en.dbc-8-i.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657541/; classtype:trojan-activity;sid:84520641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657540)"; flow:established,from_client; content:"GET"; http_method; content:"/q8p.google|3f|t=ebq0cqmv"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"n3.f926m.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657540/; classtype:trojan-activity;sid:84520640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657539)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.112.45.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657539/; classtype:trojan-activity;sid:84520639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657538)"; flow:established,from_client; content:"GET"; http_method; content:"/q8p.google|3f|t=6oimb0em"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"n3.f926m.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657538/; classtype:trojan-activity;sid:84520638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657537)"; flow:established,from_client; content:"GET"; http_method; content:"/ne9dihnji5.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"x.2-j695.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657537/; classtype:trojan-activity;sid:84520637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657536)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.5.67.176"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657536/; classtype:trojan-activity;sid:84520636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657535)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.76.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657535/; classtype:trojan-activity;sid:84520635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657534)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.177.18.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657534/; classtype:trojan-activity;sid:84520634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657533)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.189.132.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657533/; classtype:trojan-activity;sid:84520633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657532)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.206.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657532/; classtype:trojan-activity;sid:84520632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657531)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.230.250.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657531/; classtype:trojan-activity;sid:84520631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657530)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.173.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657530/; classtype:trojan-activity;sid:84520630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657529)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.6.150"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657529/; classtype:trojan-activity;sid:84520629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657528)"; flow:established,from_client; content:"GET"; http_method; content:"/imcgwoi306.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"en.dbc-8-i.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657528/; classtype:trojan-activity;sid:84520628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657527)"; flow:established,from_client; content:"GET"; http_method; content:"/wxm9cznlr5.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"n0.4-j722.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657527/; classtype:trojan-activity;sid:84520627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657525)"; flow:established,from_client; content:"GET"; http_method; content:"/u9.check|3f|t=mx5zdct8"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"e.f926m.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657525/; classtype:trojan-activity;sid:84520625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657526)"; flow:established,from_client; content:"GET"; http_method; content:"/u9.check|3f|t=h1g5sp5p"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"e.f926m.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657526/; classtype:trojan-activity;sid:84520626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657524)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.126.86.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657524/; classtype:trojan-activity;sid:84520624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657523)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.83.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657523/; classtype:trojan-activity;sid:84520623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657522)"; flow:established,from_client; content:"GET"; http_method; content:"/nlrnjvumz8.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"n0.4-j722.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657522/; classtype:trojan-activity;sid:84520622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657521)"; flow:established,from_client; content:"GET"; http_method; content:"/w904.google|3f|t=dczu5uqe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"v2n.g601c.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657521/; classtype:trojan-activity;sid:84520621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657520)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.206.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657520/; classtype:trojan-activity;sid:84520620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657519)"; flow:established,from_client; content:"GET"; http_method; content:"/igcb1t4dc1.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"en.dbc-8-i.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657519/; classtype:trojan-activity;sid:84520619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657518)"; flow:established,from_client; content:"GET"; http_method; content:"/w904.google|3f|t=etc55fpg"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"v2n.g601c.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657518/; classtype:trojan-activity;sid:84520618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657517)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.189.132.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657517/; classtype:trojan-activity;sid:84520617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657516)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.67.176"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657516/; classtype:trojan-activity;sid:84520616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657515)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.102.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657515/; classtype:trojan-activity;sid:84520615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657514)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.173.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657514/; classtype:trojan-activity;sid:84520614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657513)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.112.45.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657513/; classtype:trojan-activity;sid:84520613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657512)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.78.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657512/; classtype:trojan-activity;sid:84520612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657511)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657511/; classtype:trojan-activity;sid:84520611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657509)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657509/; classtype:trojan-activity;sid:84520609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657510)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.46.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657510/; classtype:trojan-activity;sid:84520610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657507)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.179.14.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657507/; classtype:trojan-activity;sid:84520607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657508)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.39.131.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657508/; classtype:trojan-activity;sid:84520608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657504)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.105.76.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657504/; classtype:trojan-activity;sid:84520604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657505)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.7.222.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657505/; classtype:trojan-activity;sid:84520605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657506)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.5.6.69"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657506/; classtype:trojan-activity;sid:84520606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657503)"; flow:established,from_client; content:"GET"; http_method; content:"/6waa2tkwcn.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"e1.4-j722.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657503/; classtype:trojan-activity;sid:84520603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657502)"; flow:established,from_client; content:"GET"; http_method; content:"/h3q.check|3f|t=fe9s69j2"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"tn.g601c.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657502/; classtype:trojan-activity;sid:84520602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657501)"; flow:established,from_client; content:"GET"; http_method; content:"/5n9airtg49.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"en.dbc-8-i.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657501/; classtype:trojan-activity;sid:84520601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657500)"; flow:established,from_client; content:"GET"; http_method; content:"/h3q.check|3f|t=xu9zs9ut"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"tn.g601c.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657500/; classtype:trojan-activity;sid:84520600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657499)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.78.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657499/; classtype:trojan-activity;sid:84520599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657498)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657498/; classtype:trojan-activity;sid:84520598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657497)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657497/; classtype:trojan-activity;sid:84520597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657496)"; flow:established,from_client; content:"GET"; http_method; content:"/5v2mqgoi84.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"en.dbc-8-i.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657496/; classtype:trojan-activity;sid:84520596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657495)"; flow:established,from_client; content:"GET"; http_method; content:"/9am.google|3f|t=bs6vyydx"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"x.g601c.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657495/; classtype:trojan-activity;sid:84520595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657494)"; flow:established,from_client; content:"GET"; http_method; content:"/lbibehbbd5.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qk2.4-j722.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657494/; classtype:trojan-activity;sid:84520594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657493)"; flow:established,from_client; content:"GET"; http_method; content:"/9am.google|3f|t=brl9wb15"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"x.g601c.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657493/; classtype:trojan-activity;sid:84520593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657492)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.189.202.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657492/; classtype:trojan-activity;sid:84520592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657491)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657491/; classtype:trojan-activity;sid:84520591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657490)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.85.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657490/; classtype:trojan-activity;sid:84520590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657489)"; flow:established,from_client; content:"GET"; http_method; content:"/9feknmopvp.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"u5.4-j722.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657489/; classtype:trojan-activity;sid:84520589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657487)"; flow:established,from_client; content:"GET"; http_method; content:"/6vlwkwi14e.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"en.dbc-8-i.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657487/; classtype:trojan-activity;sid:84520587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657488)"; flow:established,from_client; content:"GET"; http_method; content:"/za.check|3f|t=vm7palvj"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"r1.g601c.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657488/; classtype:trojan-activity;sid:84520588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657486)"; flow:established,from_client; content:"GET"; http_method; content:"/za.check|3f|t=2tc57xqw"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"r1.g601c.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657486/; classtype:trojan-activity;sid:84520586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657485)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.198.255"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657485/; classtype:trojan-activity;sid:84520585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657483)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.247.83.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657483/; classtype:trojan-activity;sid:84520583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657484)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.189.202.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657484/; classtype:trojan-activity;sid:84520584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657482)"; flow:established,from_client; content:"GET"; http_method; content:"/vab1qg4umu.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"en.dbc-8-i.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657482/; classtype:trojan-activity;sid:84520582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657481)"; flow:established,from_client; content:"GET"; http_method; content:"/0b2.google|3f|t=bggp59i8"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"qz.g601c.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657481/; classtype:trojan-activity;sid:84520581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657480)"; flow:established,from_client; content:"GET"; http_method; content:"/reprfbpwdo.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r.4-j722.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657480/; classtype:trojan-activity;sid:84520580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657479)"; flow:established,from_client; content:"GET"; http_method; content:"/0b2.google|3f|t=rdqip75k"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"qz.g601c.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657479/; classtype:trojan-activity;sid:84520579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657478)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.41.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657478/; classtype:trojan-activity;sid:84520578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657477)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.113.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657477/; classtype:trojan-activity;sid:84520577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657476)"; flow:established,from_client; content:"GET"; http_method; content:"/0brscgy912.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r3.9-k588.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657476/; classtype:trojan-activity;sid:84520576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657475)"; flow:established,from_client; content:"GET"; http_method; content:"/tq3.check|3f|t=kf7nhv93"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"m9.g601c.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657475/; classtype:trojan-activity;sid:84520575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657474)"; flow:established,from_client; content:"GET"; http_method; content:"/wdkwb4qlet.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"en.dbc-8-i.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657474/; classtype:trojan-activity;sid:84520574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657473)"; flow:established,from_client; content:"GET"; http_method; content:"/tq3.check|3f|t=73548kce"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"m9.g601c.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657473/; classtype:trojan-activity;sid:84520573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657472)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.41.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657472/; classtype:trojan-activity;sid:84520572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657471)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.133.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657471/; classtype:trojan-activity;sid:84520571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657470)"; flow:established,from_client; content:"GET"; http_method; content:"/khnnx1ewnz.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k7.9-k588.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657470/; classtype:trojan-activity;sid:84520570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657469)"; flow:established,from_client; content:"GET"; http_method; content:"/k7.google|3f|t=8br6ny8w"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"a.g601c.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657469/; classtype:trojan-activity;sid:84520569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657468)"; flow:established,from_client; content:"GET"; http_method; content:"/tuia8jp5db.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"en.dbc-8-i.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657468/; classtype:trojan-activity;sid:84520568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657467)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.179.120.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657467/; classtype:trojan-activity;sid:84520567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657466)"; flow:established,from_client; content:"GET"; http_method; content:"/k7.google|3f|t=nnne9v6n"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"a.g601c.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657466/; classtype:trojan-activity;sid:84520566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657465)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.195.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657465/; classtype:trojan-activity;sid:84520565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657464)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.231.148.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657464/; classtype:trojan-activity;sid:84520564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657463)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.249.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657463/; classtype:trojan-activity;sid:84520563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657462)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.222.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657462/; classtype:trojan-activity;sid:84520562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657461)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.149.107.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657461/; classtype:trojan-activity;sid:84520561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657460)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"vmi2835080.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657460/; classtype:trojan-activity;sid:84520560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657459)"; flow:established,from_client; content:"GET"; http_method; content:"/iu5t2qij4z.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"aa9.9-k588.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657459/; classtype:trojan-activity;sid:84520559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657458)"; flow:established,from_client; content:"GET"; http_method; content:"/2h.google|3f|t=5qgun89d"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"1m.wagoda.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657458/; classtype:trojan-activity;sid:84520558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657455)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"vmi2835080.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657455/; classtype:trojan-activity;sid:84520555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657456)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"vmi2835080.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657456/; classtype:trojan-activity;sid:84520556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657457)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"vmi2835080.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657457/; classtype:trojan-activity;sid:84520557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657453)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"vmi2835080.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657453/; classtype:trojan-activity;sid:84520553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657454)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"vmi2835080.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657454/; classtype:trojan-activity;sid:84520554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657451)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"vmi2835080.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657451/; classtype:trojan-activity;sid:84520551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657452)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"vmi2835080.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657452/; classtype:trojan-activity;sid:84520552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657450)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"vmi2835080.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657450/; classtype:trojan-activity;sid:84520550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657449)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"vmi2835080.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657449/; classtype:trojan-activity;sid:84520549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657448)"; flow:established,from_client; content:"GET"; http_method; content:"/2h.google|3f|t=xfbhamvl"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"1m.wagoda.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657448/; classtype:trojan-activity;sid:84520548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657447)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.141.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657447/; classtype:trojan-activity;sid:84520547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657446)"; flow:established,from_client; content:"GET"; http_method; content:"/a3w4wijwm4.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"en.dbc-8-i.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657446/; classtype:trojan-activity;sid:84520546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657444)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"vmi2835080.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657444/; classtype:trojan-activity;sid:84520544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657445)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"vmi2835080.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657445/; classtype:trojan-activity;sid:84520545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657442)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"vmi2835080.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657442/; classtype:trojan-activity;sid:84520542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657443)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"vmi2835080.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657443/; classtype:trojan-activity;sid:84520543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657441)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"vmi2835080.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657441/; classtype:trojan-activity;sid:84520541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657440)"; flow:established,from_client; content:"GET"; http_method; content:"/w1n.check|3f|t=dgwcfy8l"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"c8.wagoda.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657440/; classtype:trojan-activity;sid:84520540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657439)"; flow:established,from_client; content:"GET"; http_method; content:"/jpxt5hcpzd.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"aa9.9-k588.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657439/; classtype:trojan-activity;sid:84520539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657438)"; flow:established,from_client; content:"GET"; http_method; content:"/w1n.check|3f|t=9uc7pcia"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"c8.wagoda.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657438/; classtype:trojan-activity;sid:84520538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657437)"; flow:established,from_client; content:"GET"; http_method; content:"/mqkvib0xp4.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"en.dbc-8-i.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657437/; classtype:trojan-activity;sid:84520537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657436)"; flow:established,from_client; content:"GET"; http_method; content:"/renji/renji.x86_64"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"196.251.116.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657436/; classtype:trojan-activity;sid:84520536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657433)"; flow:established,from_client; content:"GET"; http_method; content:"/renji/renji.m68k"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"196.251.116.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657433/; classtype:trojan-activity;sid:84520533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657434)"; flow:established,from_client; content:"GET"; http_method; content:"/renji/renji.spc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.116.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657434/; classtype:trojan-activity;sid:84520534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657435)"; flow:established,from_client; content:"GET"; http_method; content:"/renji/renji.arm5"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"196.251.116.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657435/; classtype:trojan-activity;sid:84520535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657430)"; flow:established,from_client; content:"GET"; http_method; content:"/renji/renji.ppc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.116.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657430/; classtype:trojan-activity;sid:84520530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657431)"; flow:established,from_client; content:"GET"; http_method; content:"/renji/renji.x86"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.116.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657431/; classtype:trojan-activity;sid:84520531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657432)"; flow:established,from_client; content:"GET"; http_method; content:"/renji/renji.i686"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"196.251.116.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657432/; classtype:trojan-activity;sid:84520532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657427)"; flow:established,from_client; content:"GET"; http_method; content:"/condi/main_m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"89.213.174.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657427/; classtype:trojan-activity;sid:84520527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657428)"; flow:established,from_client; content:"GET"; http_method; content:"/condi/main_ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"89.213.174.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657428/; classtype:trojan-activity;sid:84520528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657429)"; flow:established,from_client; content:"GET"; http_method; content:"/condi/main_x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"89.213.174.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657429/; classtype:trojan-activity;sid:84520529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657424)"; flow:established,from_client; content:"GET"; http_method; content:"/condi/main_mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"89.213.174.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657424/; classtype:trojan-activity;sid:84520524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657425)"; flow:established,from_client; content:"GET"; http_method; content:"/condi/main_arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"89.213.174.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657425/; classtype:trojan-activity;sid:84520525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657426)"; flow:established,from_client; content:"GET"; http_method; content:"/condi/main_arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"89.213.174.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657426/; classtype:trojan-activity;sid:84520526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657421)"; flow:established,from_client; content:"GET"; http_method; content:"/condi/main_x86_64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"89.213.174.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657421/; classtype:trojan-activity;sid:84520521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657422)"; flow:established,from_client; content:"GET"; http_method; content:"/condi/main_arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"89.213.174.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657422/; classtype:trojan-activity;sid:84520522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657423)"; flow:established,from_client; content:"GET"; http_method; content:"/condi/main_mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"89.213.174.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657423/; classtype:trojan-activity;sid:84520523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657420)"; flow:established,from_client; content:"GET"; http_method; content:"/condi/main_sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"89.213.174.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657420/; classtype:trojan-activity;sid:84520520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657416)"; flow:established,from_client; content:"GET"; http_method; content:"/renji/renji.arm"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.116.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657416/; classtype:trojan-activity;sid:84520516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657417)"; flow:established,from_client; content:"GET"; http_method; content:"/renji/renji.mpsl"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"196.251.116.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657417/; classtype:trojan-activity;sid:84520517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657418)"; flow:established,from_client; content:"GET"; http_method; content:"/renji/renji.arc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.116.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657418/; classtype:trojan-activity;sid:84520518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657419)"; flow:established,from_client; content:"GET"; http_method; content:"/renji/renji.arm6"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"196.251.116.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657419/; classtype:trojan-activity;sid:84520519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657413)"; flow:established,from_client; content:"GET"; http_method; content:"/renji/renji.mips"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"196.251.116.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657413/; classtype:trojan-activity;sid:84520513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657414)"; flow:established,from_client; content:"GET"; http_method; content:"/renji/renji.arm7"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"196.251.116.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657414/; classtype:trojan-activity;sid:84520514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657415)"; flow:established,from_client; content:"GET"; http_method; content:"/renji/renji.sh4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.116.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657415/; classtype:trojan-activity;sid:84520515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657411)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm4"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657411/; classtype:trojan-activity;sid:84520511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657412)"; flow:established,from_client; content:"GET"; http_method; content:"/renji/renji.i468"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"196.251.116.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657412/; classtype:trojan-activity;sid:84520512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657410)"; flow:established,from_client; content:"GET"; http_method; content:"/condi/main_arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"89.213.174.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657410/; classtype:trojan-activity;sid:84520510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657409)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.231.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657409/; classtype:trojan-activity;sid:84520509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657408)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.173.83.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657408/; classtype:trojan-activity;sid:84520508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657406)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.88.165.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657406/; classtype:trojan-activity;sid:84520506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657407)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.88.165.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657407/; classtype:trojan-activity;sid:84520507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657405)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.88.165.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657405/; classtype:trojan-activity;sid:84520505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657403)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.65.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657403/; classtype:trojan-activity;sid:84520503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657404)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"49.88.165.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657404/; classtype:trojan-activity;sid:84520504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657402)"; flow:established,from_client; content:"GET"; http_method; content:"/gmlw9dkc6o.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2.9-k588.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657402/; classtype:trojan-activity;sid:84520502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657401)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6383121604/xojeh7m.msi"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657401/; classtype:trojan-activity;sid:84520501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657399)"; flow:established,from_client; content:"GET"; http_method; content:"/f"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"f6l.su"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657399/; classtype:trojan-activity;sid:84520499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657400)"; flow:established,from_client; content:"GET"; http_method; content:"/upl04d/cl13ent/edu.mpsl"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"78.153.140.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657400/; classtype:trojan-activity;sid:84520500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657394)"; flow:established,from_client; content:"GET"; http_method; content:"/upl04d/cl13ent/edu.mips"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"78.153.140.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657394/; classtype:trojan-activity;sid:84520494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657395)"; flow:established,from_client; content:"GET"; http_method; content:"/upl04d/cl13ent/edu.arm7"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"78.153.140.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657395/; classtype:trojan-activity;sid:84520495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657396)"; flow:established,from_client; content:"GET"; http_method; content:"/upl04d/cl13ent/edu.arm6"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"78.153.140.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657396/; classtype:trojan-activity;sid:84520496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657397)"; flow:established,from_client; content:"GET"; http_method; content:"/upl04d/cl13ent/edu.arm5n"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"78.153.140.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657397/; classtype:trojan-activity;sid:84520497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657398)"; flow:established,from_client; content:"GET"; http_method; content:"/upl04d/cl13ent/edu.arm"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"78.153.140.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657398/; classtype:trojan-activity;sid:84520498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657392)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.226.201.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657392/; classtype:trojan-activity;sid:84520492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657393)"; flow:established,from_client; content:"GET"; http_method; content:"/col8289j8b.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"en.dbc-8-i.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657393/; classtype:trojan-activity;sid:84520493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657390)"; flow:established,from_client; content:"GET"; http_method; content:"/e4.google|3f|t=vvoghynf"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"p0.wagoda.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657390/; classtype:trojan-activity;sid:84520490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657391)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7044575709/cjgvzpc.bat"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657391/; classtype:trojan-activity;sid:84520491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657387)"; flow:established,from_client; content:"GET"; http_method; content:"/files/735769429/i2jrlyk.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657387/; classtype:trojan-activity;sid:84520487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657388)"; flow:established,from_client; content:"GET"; http_method; content:"/files/735769429/omivhov.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657388/; classtype:trojan-activity;sid:84520488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657389)"; flow:established,from_client; content:"GET"; http_method; content:"/e4.google|3f|t=8bm2ey4j"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"p0.wagoda.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657389/; classtype:trojan-activity;sid:84520489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657386)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.249.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657386/; classtype:trojan-activity;sid:84520486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657385)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.116.196.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657385/; classtype:trojan-activity;sid:84520485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657384)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.149.107.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657384/; classtype:trojan-activity;sid:84520484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657383)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.208.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657383/; classtype:trojan-activity;sid:84520483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657382)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.221.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657382/; classtype:trojan-activity;sid:84520482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657381)"; flow:established,from_client; content:"GET"; http_method; content:"/d7m.check|3f|t=y8nsy1t4"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"0zq.wagoda.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657381/; classtype:trojan-activity;sid:84520481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657380)"; flow:established,from_client; content:"GET"; http_method; content:"/j5ljyt9cme.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"en.dbc-8-i.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657380/; classtype:trojan-activity;sid:84520480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657379)"; flow:established,from_client; content:"GET"; http_method; content:"/sbum7n4jhq.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"g.9-k588.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657379/; classtype:trojan-activity;sid:84520479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657378)"; flow:established,from_client; content:"GET"; http_method; content:"/d7m.check|3f|t=55s772km"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"0zq.wagoda.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657378/; classtype:trojan-activity;sid:84520478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657377)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.228.2.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657377/; classtype:trojan-activity;sid:84520477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657374)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.44.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657374/; classtype:trojan-activity;sid:84520474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657375)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.58.44.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657375/; classtype:trojan-activity;sid:84520475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657376)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.186.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657376/; classtype:trojan-activity;sid:84520476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657373)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.15.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657373/; classtype:trojan-activity;sid:84520473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657372)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.208.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657372/; classtype:trojan-activity;sid:84520472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657371)"; flow:established,from_client; content:"GET"; http_method; content:"/l2.google|3f|t=tj6ltspl"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"v3.wagoda.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657371/; classtype:trojan-activity;sid:84520471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657370)"; flow:established,from_client; content:"GET"; http_method; content:"/0hmnfnrbg6.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"em.dbc-8-i.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657370/; classtype:trojan-activity;sid:84520470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657369)"; flow:established,from_client; content:"GET"; http_method; content:"/ng0wrt3fvv.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m2.9-f566.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657369/; classtype:trojan-activity;sid:84520469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657368)"; flow:established,from_client; content:"GET"; http_method; content:"/l2.google|3f|t=85s84187"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"v3.wagoda.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657368/; classtype:trojan-activity;sid:84520468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657367)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.163.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657367/; classtype:trojan-activity;sid:84520467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657366)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.247.211.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657366/; classtype:trojan-activity;sid:84520466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657365)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.254.7.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657365/; classtype:trojan-activity;sid:84520465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657364)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.193.158.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657364/; classtype:trojan-activity;sid:84520464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657363)"; flow:established,from_client; content:"GET"; http_method; content:"/ltt4h3kw0c.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"aa9.9-f566.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657363/; classtype:trojan-activity;sid:84520463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657362)"; flow:established,from_client; content:"GET"; http_method; content:"/9fa.check|3f|t=jtq43gt1"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"h1.wagoda.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657362/; classtype:trojan-activity;sid:84520462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657361)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657361/; classtype:trojan-activity;sid:84520461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657360)"; flow:established,from_client; content:"GET"; http_method; content:"/2xv36r4hx9.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"el.dbc-8-i.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657360/; classtype:trojan-activity;sid:84520460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657359)"; flow:established,from_client; content:"GET"; http_method; content:"/9fa.check|3f|t=geue9eci"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"h1.wagoda.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657359/; classtype:trojan-activity;sid:84520459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657358)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.54.145.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657358/; classtype:trojan-activity;sid:84520458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657357)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.85.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657357/; classtype:trojan-activity;sid:84520457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657356)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.245.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657356/; classtype:trojan-activity;sid:84520456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657354)"; flow:established,from_client; content:"GET"; http_method; content:"/yk.google|3f|t=v3iwamd0"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"s.wagoda.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657354/; classtype:trojan-activity;sid:84520454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657355)"; flow:established,from_client; content:"GET"; http_method; content:"/gnjw8xg1jd.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"xq0.9-f566.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657355/; classtype:trojan-activity;sid:84520455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657353)"; flow:established,from_client; content:"GET"; http_method; content:"/43ch5pn18e.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"el.dbc-8-i.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657353/; classtype:trojan-activity;sid:84520453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657352)"; flow:established,from_client; content:"GET"; http_method; content:"/yk.google|3f|t=b28qvsmc"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"s.wagoda.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657352/; classtype:trojan-activity;sid:84520452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657351)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.163.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657351/; classtype:trojan-activity;sid:84520451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657350)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.185.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657350/; classtype:trojan-activity;sid:84520450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657349)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657349/; classtype:trojan-activity;sid:84520449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657348)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.193.158.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657348/; classtype:trojan-activity;sid:84520448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657346)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.210.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657346/; classtype:trojan-activity;sid:84520446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657347)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.210.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657347/; classtype:trojan-activity;sid:84520447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657345)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.35.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657345/; classtype:trojan-activity;sid:84520445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657344)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.135.249.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657344/; classtype:trojan-activity;sid:84520444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657343)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.44.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657343/; classtype:trojan-activity;sid:84520443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657342)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657342/; classtype:trojan-activity;sid:84520442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657341)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.185.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657341/; classtype:trojan-activity;sid:84520441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657340)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.237.249.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657340/; classtype:trojan-activity;sid:84520440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657339)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.95.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657339/; classtype:trojan-activity;sid:84520439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657338)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.190.195.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657338/; classtype:trojan-activity;sid:84520438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657337)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.135.249.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657337/; classtype:trojan-activity;sid:84520437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657336)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.188.118.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657336/; classtype:trojan-activity;sid:84520436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657335)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.144.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657335/; classtype:trojan-activity;sid:84520435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657334)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.155.17.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657334/; classtype:trojan-activity;sid:84520434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657333)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.190.195.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657333/; classtype:trojan-activity;sid:84520433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657332)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.95.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657332/; classtype:trojan-activity;sid:84520432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657331)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.237.249.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657331/; classtype:trojan-activity;sid:84520431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657330)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"154.242.237.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657330/; classtype:trojan-activity;sid:84520430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657329)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.177.197.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657329/; classtype:trojan-activity;sid:84520429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657328)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657328/; classtype:trojan-activity;sid:84520428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657327)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.44.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657327/; classtype:trojan-activity;sid:84520427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657326)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.155.17.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657326/; classtype:trojan-activity;sid:84520426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657325)"; flow:established,from_client; content:"GET"; http_method; content:"/k240.google|3f|t=6h3qqtd8"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"t1n.mexizo.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657325/; classtype:trojan-activity;sid:84520425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657323)"; flow:established,from_client; content:"GET"; http_method; content:"/m3xlzkf0a6.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"eh.dbc-8-i.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657323/; classtype:trojan-activity;sid:84520423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657324)"; flow:established,from_client; content:"GET"; http_method; content:"/q5n6rg4hzz.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c5.9-f566.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657324/; classtype:trojan-activity;sid:84520424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657322)"; flow:established,from_client; content:"GET"; http_method; content:"/k240.google|3f|t=g9jpnzdz"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"t1n.mexizo.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657322/; classtype:trojan-activity;sid:84520422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657320)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.227.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657320/; classtype:trojan-activity;sid:84520420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657321)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.37.183"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657321/; classtype:trojan-activity;sid:84520421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657319)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.177.197.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657319/; classtype:trojan-activity;sid:84520419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657318)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657318/; classtype:trojan-activity;sid:84520418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657317)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.139.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657317/; classtype:trojan-activity;sid:84520417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657316)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.194.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657316/; classtype:trojan-activity;sid:84520416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657315)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.220.84.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657315/; classtype:trojan-activity;sid:84520415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657314)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.195.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657314/; classtype:trojan-activity;sid:84520414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657313)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.81.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657313/; classtype:trojan-activity;sid:84520413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657312)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.241.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657312/; classtype:trojan-activity;sid:84520412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657310)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.38.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657310/; classtype:trojan-activity;sid:84520410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657311)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.163.13.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657311/; classtype:trojan-activity;sid:84520411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657308)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.83.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657308/; classtype:trojan-activity;sid:84520408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657309)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.163.13.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657309/; classtype:trojan-activity;sid:84520409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657307)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.10.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657307/; classtype:trojan-activity;sid:84520407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657306)"; flow:established,from_client; content:"GET"; http_method; content:"/fu4ksgcmav.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"l.9-f566.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657306/; classtype:trojan-activity;sid:84520406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657305)"; flow:established,from_client; content:"GET"; http_method; content:"/zm.check|3f|t=u8cg2q7l"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"r9.mexizo.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657305/; classtype:trojan-activity;sid:84520405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657303)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.172.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657303/; classtype:trojan-activity;sid:84520403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657304)"; flow:established,from_client; content:"GET"; http_method; content:"/n428xpmap3.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ef.dbc-8-i.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657304/; classtype:trojan-activity;sid:84520404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657302)"; flow:established,from_client; content:"GET"; http_method; content:"/zm.check|3f|t=lbm2rucj"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"r9.mexizo.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657302/; classtype:trojan-activity;sid:84520402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657301)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.220.84.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657301/; classtype:trojan-activity;sid:84520401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657300)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.59.231.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657300/; classtype:trojan-activity;sid:84520400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657299)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.35.92.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657299/; classtype:trojan-activity;sid:84520399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657298)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.25.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657298/; classtype:trojan-activity;sid:84520398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657297)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.105.78.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657297/; classtype:trojan-activity;sid:84520397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657296)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.59.231.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657296/; classtype:trojan-activity;sid:84520396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657295)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.140.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657295/; classtype:trojan-activity;sid:84520395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657293)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.24.73.208"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657293/; classtype:trojan-activity;sid:84520393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657294)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.10.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657294/; classtype:trojan-activity;sid:84520394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657292)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.241.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657292/; classtype:trojan-activity;sid:84520392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657291)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.105.78.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657291/; classtype:trojan-activity;sid:84520391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657290)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.202.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657290/; classtype:trojan-activity;sid:84520390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657289)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657289/; classtype:trojan-activity;sid:84520389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657288)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.12.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657288/; classtype:trojan-activity;sid:84520388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657287)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.222.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657287/; classtype:trojan-activity;sid:84520387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657286)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.24.73.208"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657286/; classtype:trojan-activity;sid:84520386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657285)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.60.226.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657285/; classtype:trojan-activity;sid:84520385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657284)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.140.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657284/; classtype:trojan-activity;sid:84520384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657283)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.241.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657283/; classtype:trojan-activity;sid:84520383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657282)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.78.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657282/; classtype:trojan-activity;sid:84520382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657281)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.172.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657281/; classtype:trojan-activity;sid:84520381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657280)"; flow:established,from_client; content:"GET"; http_method; content:"/apk8zs3ejf.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"de.tqh-2-e.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657280/; classtype:trojan-activity;sid:84520380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657279)"; flow:established,from_client; content:"GET"; http_method; content:"/1c.google|3f|t=wr66nlnw"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"bq.mexizo.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657279/; classtype:trojan-activity;sid:84520379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657278)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.80.0.41"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657278/; classtype:trojan-activity;sid:84520378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657277)"; flow:established,from_client; content:"GET"; http_method; content:"/1c.google|3f|t=yvwmpw2j"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"bq.mexizo.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657277/; classtype:trojan-activity;sid:84520377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657276)"; flow:established,from_client; content:"GET"; http_method; content:"/1bb97zbq29.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"aa.0-c448.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657276/; classtype:trojan-activity;sid:84520376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657274)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.86.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657274/; classtype:trojan-activity;sid:84520374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657275)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.179.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657275/; classtype:trojan-activity;sid:84520375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657273)"; flow:established,from_client; content:"GET"; http_method; content:"/p1xru53wjw.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"de.tqh-2-e.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657273/; classtype:trojan-activity;sid:84520373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657272)"; flow:established,from_client; content:"GET"; http_method; content:"/ab3.check|3f|t=0ak1tem0"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"x2j.mexizo.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657272/; classtype:trojan-activity;sid:84520372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657271)"; flow:established,from_client; content:"GET"; http_method; content:"/c9kmys6ybp.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"h1.0-c448.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657271/; classtype:trojan-activity;sid:84520371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657270)"; flow:established,from_client; content:"GET"; http_method; content:"/ab3.check|3f|t=a3wydnbp"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"x2j.mexizo.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657270/; classtype:trojan-activity;sid:84520370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657269)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.110.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657269/; classtype:trojan-activity;sid:84520369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657268)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.189.237.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657268/; classtype:trojan-activity;sid:84520368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657267)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.140.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657267/; classtype:trojan-activity;sid:84520367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657266)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.92.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657266/; classtype:trojan-activity;sid:84520366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657264)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.101.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657264/; classtype:trojan-activity;sid:84520364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657265)"; flow:established,from_client; content:"GET"; http_method; content:"/6kqzig57jw.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pz8.0-c448.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657265/; classtype:trojan-activity;sid:84520365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657263)"; flow:established,from_client; content:"GET"; http_method; content:"/0w4n.google|3f|t=mhmm2xl9"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"pc.mexizo.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657263/; classtype:trojan-activity;sid:84520363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657262)"; flow:established,from_client; content:"GET"; http_method; content:"/0w4n.google|3f|t=znan0neb"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"pc.mexizo.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657262/; classtype:trojan-activity;sid:84520362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657261)"; flow:established,from_client; content:"GET"; http_method; content:"/enbltwbxpt.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"de.tqh-2-e.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657261/; classtype:trojan-activity;sid:84520361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657260)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.164.56.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657260/; classtype:trojan-activity;sid:84520360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657259)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.196.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657259/; classtype:trojan-activity;sid:84520359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657258)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.128.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657258/; classtype:trojan-activity;sid:84520358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657257)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.92.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657257/; classtype:trojan-activity;sid:84520357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657256)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"222.93.9.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657256/; classtype:trojan-activity;sid:84520356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657255)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.112.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657255/; classtype:trojan-activity;sid:84520355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657254)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.114.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657254/; classtype:trojan-activity;sid:84520354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657253)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.173.199.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657253/; classtype:trojan-activity;sid:84520353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657251)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.203.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657251/; classtype:trojan-activity;sid:84520351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657252)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.118.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657252/; classtype:trojan-activity;sid:84520352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657250)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657250/; classtype:trojan-activity;sid:84520350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657249)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.244.69.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657249/; classtype:trojan-activity;sid:84520349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657248)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.36.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657248/; classtype:trojan-activity;sid:84520348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657247)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.206.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657247/; classtype:trojan-activity;sid:84520347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657246)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.89.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657246/; classtype:trojan-activity;sid:84520346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657245)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.128.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657245/; classtype:trojan-activity;sid:84520345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657244)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.117.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657244/; classtype:trojan-activity;sid:84520344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657243)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.215.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657243/; classtype:trojan-activity;sid:84520343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657242)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.203.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657242/; classtype:trojan-activity;sid:84520342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657241)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657241/; classtype:trojan-activity;sid:84520341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657240)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.69.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657240/; classtype:trojan-activity;sid:84520340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657239)"; flow:established,from_client; content:"GET"; http_method; content:"/sostener.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"exclusionremcoss.duckdns.org"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657239/; classtype:trojan-activity;sid:84520339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657237)"; flow:established,from_client; content:"GET"; http_method; content:"/sostener1.vbs"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"exclusionremcoss.duckdns.org"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657237/; classtype:trojan-activity;sid:84520337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657238)"; flow:established,from_client; content:"GET"; http_method; content:"/proceso.vbs"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"exclusionremcoss.duckdns.org"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657238/; classtype:trojan-activity;sid:84520338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657236)"; flow:established,from_client; content:"GET"; http_method; content:"/scvhost.vbs"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"exclusionremcoss.duckdns.org"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657236/; classtype:trojan-activity;sid:84520336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657235)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.191.128.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657235/; classtype:trojan-activity;sid:84520335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657234)"; flow:established,from_client; content:"GET"; http_method; content:"/sostener.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"arcangelgabriel2828.duckdns.org"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657234/; classtype:trojan-activity;sid:84520334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657233)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.173.199.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657233/; classtype:trojan-activity;sid:84520333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657232)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.117.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657232/; classtype:trojan-activity;sid:84520332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657230)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.168.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657230/; classtype:trojan-activity;sid:84520330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657231)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.130.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657231/; classtype:trojan-activity;sid:84520331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657229)"; flow:established,from_client; content:"GET"; http_method; content:"/sosten.vbs"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"arcangelgabriel2830.duckdns.org"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657229/; classtype:trojan-activity;sid:84520329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657228)"; flow:established,from_client; content:"GET"; http_method; content:"/sostener.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"arcangelgabriel2830.duckdns.org"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657228/; classtype:trojan-activity;sid:84520328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657225)"; flow:established,from_client; content:"GET"; http_method; content:"/sostener.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"remcolinomayo24.duckdns.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657225/; classtype:trojan-activity;sid:84520325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657226)"; flow:established,from_client; content:"GET"; http_method; content:"/proceso.vbs"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"avefenix21deabril.duckdns.org"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657226/; classtype:trojan-activity;sid:84520326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657227)"; flow:established,from_client; content:"GET"; http_method; content:"/proceso.vbs"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"remcolino.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657227/; classtype:trojan-activity;sid:84520327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657224)"; flow:established,from_client; content:"GET"; http_method; content:"/sosten.vbs"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"remcolinomayo24.duckdns.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657224/; classtype:trojan-activity;sid:84520324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657220)"; flow:established,from_client; content:"GET"; http_method; content:"/sosten.vbs"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"rc2404.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657220/; classtype:trojan-activity;sid:84520320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657221)"; flow:established,from_client; content:"GET"; http_method; content:"/sostener.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"avefenix21deabril.duckdns.org"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657221/; classtype:trojan-activity;sid:84520321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657222)"; flow:established,from_client; content:"GET"; http_method; content:"/sosten.vbs"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"cookies641570.duckdns.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657222/; classtype:trojan-activity;sid:84520322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657223)"; flow:established,from_client; content:"GET"; http_method; content:"/sostener.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"remcolino.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657223/; classtype:trojan-activity;sid:84520323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657212)"; flow:established,from_client; content:"GET"; http_method; content:"/proceso.vbs"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"remcos7770.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657212/; classtype:trojan-activity;sid:84520312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657213)"; flow:established,from_client; content:"GET"; http_method; content:"/sostener.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"rc2404.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657213/; classtype:trojan-activity;sid:84520313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657214)"; flow:established,from_client; content:"GET"; http_method; content:"/sostener.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"cookies32560.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657214/; classtype:trojan-activity;sid:84520314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657215)"; flow:established,from_client; content:"GET"; http_method; content:"/sosten.vbs"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"cookies32560.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657215/; classtype:trojan-activity;sid:84520315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657216)"; flow:established,from_client; content:"GET"; http_method; content:"/proceso.vbs"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"remcolinomayo24.duckdns.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657216/; classtype:trojan-activity;sid:84520316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657217)"; flow:established,from_client; content:"GET"; http_method; content:"/proceso.vbs"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"arcangelgabriel2828.duckdns.org"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657217/; classtype:trojan-activity;sid:84520317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657218)"; flow:established,from_client; content:"GET"; http_method; content:"/sosten.vbs"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"arcangelgabriel2828.duckdns.org"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657218/; classtype:trojan-activity;sid:84520318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657219)"; flow:established,from_client; content:"GET"; http_method; content:"/sosten.vbs"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"remcos7770.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657219/; classtype:trojan-activity;sid:84520319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657207)"; flow:established,from_client; content:"GET"; http_method; content:"/sosten.vbs"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"remcolino.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657207/; classtype:trojan-activity;sid:84520307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657208)"; flow:established,from_client; content:"GET"; http_method; content:"/sostener.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"cookies641570.duckdns.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657208/; classtype:trojan-activity;sid:84520308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657209)"; flow:established,from_client; content:"GET"; http_method; content:"/proceso.vbs"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"cookies32560.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657209/; classtype:trojan-activity;sid:84520309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657210)"; flow:established,from_client; content:"GET"; http_method; content:"/proceso.vbs"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"rc2404.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657210/; classtype:trojan-activity;sid:84520310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657211)"; flow:established,from_client; content:"GET"; http_method; content:"/sosten.vbs"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"asincnew5555.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657211/; classtype:trojan-activity;sid:84520311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657203)"; flow:established,from_client; content:"GET"; http_method; content:"/sostener.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"remcos7770.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657203/; classtype:trojan-activity;sid:84520303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657204)"; flow:established,from_client; content:"GET"; http_method; content:"/sosten.vbs"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"avefenix21deabril.duckdns.org"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657204/; classtype:trojan-activity;sid:84520304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657205)"; flow:established,from_client; content:"GET"; http_method; content:"/proceso.vbs"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"cookies641570.duckdns.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657205/; classtype:trojan-activity;sid:84520305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657206)"; flow:established,from_client; content:"GET"; http_method; content:"/proceso.vbs"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"arcangelgabriel2830.duckdns.org"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657206/; classtype:trojan-activity;sid:84520306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657201)"; flow:established,from_client; content:"GET"; http_method; content:"/sostener.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"asincnew5555.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657201/; classtype:trojan-activity;sid:84520301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657202)"; flow:established,from_client; content:"GET"; http_method; content:"/proceso.vbs"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"asincnew5555.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657202/; classtype:trojan-activity;sid:84520302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657200)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.101.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657200/; classtype:trojan-activity;sid:84520300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657199)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.14.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657199/; classtype:trojan-activity;sid:84520299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657198)"; flow:established,from_client; content:"GET"; http_method; content:"/q3k.check|3f|t=h1mdtbko"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"m8.mexizo.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657198/; classtype:trojan-activity;sid:84520298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657197)"; flow:established,from_client; content:"GET"; http_method; content:"/p6h1m4ssvm.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"w4.0-c448.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657197/; classtype:trojan-activity;sid:84520297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657196)"; flow:established,from_client; content:"GET"; http_method; content:"/nsp6cay6t0.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"de.tqh-2-e.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657196/; classtype:trojan-activity;sid:84520296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657195)"; flow:established,from_client; content:"GET"; http_method; content:"/q3k.check|3f|t=ef6rm0xh"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"m8.mexizo.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657195/; classtype:trojan-activity;sid:84520295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657194)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.237.26.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657194/; classtype:trojan-activity;sid:84520294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657193)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.168.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657193/; classtype:trojan-activity;sid:84520293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657192)"; flow:established,from_client; content:"GET"; http_method; content:"/kn786fsxxw.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"w4.0-c448.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657192/; classtype:trojan-activity;sid:84520292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657191)"; flow:established,from_client; content:"GET"; http_method; content:"/7t.google|3f|t=yy7uo3ue"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"a.mexizo.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657191/; classtype:trojan-activity;sid:84520291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657190)"; flow:established,from_client; content:"GET"; http_method; content:"/7t.google|3f|t=ngjvik4x"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"a.mexizo.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657190/; classtype:trojan-activity;sid:84520290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657189)"; flow:established,from_client; content:"GET"; http_method; content:"/20jvaurn7k.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"de.tqh-2-e.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657189/; classtype:trojan-activity;sid:84520289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657188)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.95.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657188/; classtype:trojan-activity;sid:84520288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657187)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.191.128.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657187/; classtype:trojan-activity;sid:84520287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657186)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.91.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657186/; classtype:trojan-activity;sid:84520286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657185)"; flow:established,from_client; content:"GET"; http_method; content:"/7x1gforj3p.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"de.tqh-2-e.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657185/; classtype:trojan-activity;sid:84520285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657184)"; flow:established,from_client; content:"GET"; http_method; content:"/pq14.google|3f|t=vimw6b8f"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"k0n.faqyhi.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657184/; classtype:trojan-activity;sid:84520284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657183)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.87.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657183/; classtype:trojan-activity;sid:84520283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657182)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.237.26.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657182/; classtype:trojan-activity;sid:84520282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657181)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.246.56.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657181/; classtype:trojan-activity;sid:84520281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657179)"; flow:established,from_client; content:"GET"; http_method; content:"/pq14.google|3f|t=56fgz3d1"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"k0n.faqyhi.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657179/; classtype:trojan-activity;sid:84520279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657180)"; flow:established,from_client; content:"GET"; http_method; content:"/r0nqyzsvy9.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"d.0-c448.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657180/; classtype:trojan-activity;sid:84520280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657178)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.112.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657178/; classtype:trojan-activity;sid:84520278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657177)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.227.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657177/; classtype:trojan-activity;sid:84520277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657176)"; flow:established,from_client; content:"GET"; http_method; content:"/0ejasvkehl.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"de.tqh-2-e.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657176/; classtype:trojan-activity;sid:84520276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657175)"; flow:established,from_client; content:"GET"; http_method; content:"/zz7.google|3f|t=ingqhyt1"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"h2.faqyhi.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657175/; classtype:trojan-activity;sid:84520275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657174)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.170.226.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657174/; classtype:trojan-activity;sid:84520274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657172)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.174.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657172/; classtype:trojan-activity;sid:84520272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657173)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.123.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657173/; classtype:trojan-activity;sid:84520273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657171)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.87.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657171/; classtype:trojan-activity;sid:84520271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657170)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.91.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657170/; classtype:trojan-activity;sid:84520270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657169)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.81.27"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657169/; classtype:trojan-activity;sid:84520269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657168)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.174.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657168/; classtype:trojan-activity;sid:84520268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657167)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.176.121.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657167/; classtype:trojan-activity;sid:84520267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657166)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.65.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657166/; classtype:trojan-activity;sid:84520266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657165)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.246.56.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657165/; classtype:trojan-activity;sid:84520265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657164)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.215.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657164/; classtype:trojan-activity;sid:84520264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657163)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.143.31.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657163/; classtype:trojan-activity;sid:84520263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657162)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.140.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657162/; classtype:trojan-activity;sid:84520262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657161)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.146.154.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657161/; classtype:trojan-activity;sid:84520261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657160)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.44.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657160/; classtype:trojan-activity;sid:84520260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657159)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.170.226.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657159/; classtype:trojan-activity;sid:84520259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657158)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.81.27"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657158/; classtype:trojan-activity;sid:84520258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657157)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.29.225.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657157/; classtype:trojan-activity;sid:84520257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657156)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.176.121.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657156/; classtype:trojan-activity;sid:84520256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657155)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.116.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657155/; classtype:trojan-activity;sid:84520255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657154)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.188.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657154/; classtype:trojan-activity;sid:84520254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657153)"; flow:established,from_client; content:"GET"; http_method; content:"/1za.check|3f|t=u1rr0o4n"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"q.faqyhi.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657153/; classtype:trojan-activity;sid:84520253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657152)"; flow:established,from_client; content:"GET"; http_method; content:"/f3l3ditn7y.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"de.tqh-2-e.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657152/; classtype:trojan-activity;sid:84520252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657151)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.143.31.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657151/; classtype:trojan-activity;sid:84520251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657149)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.63.48"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657149/; classtype:trojan-activity;sid:84520249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657150)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.89.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657150/; classtype:trojan-activity;sid:84520250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657148)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.189.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657148/; classtype:trojan-activity;sid:84520248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657147)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.146.154.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657147/; classtype:trojan-activity;sid:84520247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657146)"; flow:established,from_client; content:"GET"; http_method; content:"/xmanh60mix.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"de.tqh-2-e.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657146/; classtype:trojan-activity;sid:84520246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657145)"; flow:established,from_client; content:"GET"; http_method; content:"/v8.google|3f|t=8zb1ss8z"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"xt.faqyhi.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657145/; classtype:trojan-activity;sid:84520245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657144)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.35.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657144/; classtype:trojan-activity;sid:84520244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657136)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.163.13.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657136/; classtype:trojan-activity;sid:84520236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657137)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657137/; classtype:trojan-activity;sid:84520237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657138)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.52.60.133"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657138/; classtype:trojan-activity;sid:84520238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657139)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657139/; classtype:trojan-activity;sid:84520239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657140)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.101.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657140/; classtype:trojan-activity;sid:84520240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657141)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.137.196.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657141/; classtype:trojan-activity;sid:84520241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657142)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.4.112.91"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657142/; classtype:trojan-activity;sid:84520242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657143)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.217.192.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657143/; classtype:trojan-activity;sid:84520243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657135)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.29.225.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657135/; classtype:trojan-activity;sid:84520235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657134)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.89.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657134/; classtype:trojan-activity;sid:84520234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657133)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.63.48"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657133/; classtype:trojan-activity;sid:84520233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.8.224.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657132/; classtype:trojan-activity;sid:84520232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657131)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.189.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657131/; classtype:trojan-activity;sid:84520231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657130)"; flow:established,from_client; content:"GET"; http_method; content:"/w6fxllmliy.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"hm.0-g845.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657130/; classtype:trojan-activity;sid:84520230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657129)"; flow:established,from_client; content:"GET"; http_method; content:"/0am.check|3f|t=l7pk2vtq"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"n5.faqyhi.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657129/; classtype:trojan-activity;sid:84520229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657128)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.178.125.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657128/; classtype:trojan-activity;sid:84520228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657127)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.19.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657127/; classtype:trojan-activity;sid:84520227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657126)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.191.40.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657126/; classtype:trojan-activity;sid:84520226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657125)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.82.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657125/; classtype:trojan-activity;sid:84520225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657124)"; flow:established,from_client; content:"GET"; http_method; content:"/15jbv0s0ah.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t1.0-g845.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657124/; classtype:trojan-activity;sid:84520224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657123)"; flow:established,from_client; content:"GET"; http_method; content:"/q6.google|3f|t=q0pec7ps"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"b.faqyhi.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657123/; classtype:trojan-activity;sid:84520223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657122)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.225.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657122/; classtype:trojan-activity;sid:84520222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657121)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.105.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657121/; classtype:trojan-activity;sid:84520221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657120)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.178.125.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657120/; classtype:trojan-activity;sid:84520220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657118)"; flow:established,from_client; content:"GET"; http_method; content:"/qkzrn05tkh.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qz9.0-g845.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657118/; classtype:trojan-activity;sid:84520218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657119)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.223.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657119/; classtype:trojan-activity;sid:84520219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657117)"; flow:established,from_client; content:"GET"; http_method; content:"/68bdo9l233.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"de.tqh-2-e.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657117/; classtype:trojan-activity;sid:84520217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657115)"; flow:established,from_client; content:"GET"; http_method; content:"/w2n.google|3f|t=dffuunmq"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"x.kudaxy.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657115/; classtype:trojan-activity;sid:84520215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657116)"; flow:established,from_client; content:"GET"; http_method; content:"/w2n.google|3f|t=fjurpgfw"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"x.kudaxy.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657116/; classtype:trojan-activity;sid:84520216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657114)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.111.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657114/; classtype:trojan-activity;sid:84520214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657113)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.25.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657113/; classtype:trojan-activity;sid:84520213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657112)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.191.40.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657112/; classtype:trojan-activity;sid:84520212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657110)"; flow:established,from_client; content:"GET"; http_method; content:"/ra0.check|3f|t=gzxx8zba"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"h9m.kudaxy.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657110/; classtype:trojan-activity;sid:84520210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657111)"; flow:established,from_client; content:"GET"; http_method; content:"/3aw2onaj8f.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"de.tqh-2-e.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657111/; classtype:trojan-activity;sid:84520211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657109)"; flow:established,from_client; content:"GET"; http_method; content:"/0v9.google|3f|t=0l8cyl5r"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"tq.kudaxy.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657109/; classtype:trojan-activity;sid:84520209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657108)"; flow:established,from_client; content:"GET"; http_method; content:"/rqhe9wjiur.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2.0-g845.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657108/; classtype:trojan-activity;sid:84520208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657107)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.190.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657107/; classtype:trojan-activity;sid:84520207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657106)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.74.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657106/; classtype:trojan-activity;sid:84520206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657105)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.69.61.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657105/; classtype:trojan-activity;sid:84520205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657104)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.105.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657104/; classtype:trojan-activity;sid:84520204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657103)"; flow:established,from_client; content:"GET"; http_method; content:"/7vnk5nnlqb.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k.0-g845.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657103/; classtype:trojan-activity;sid:84520203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657102)"; flow:established,from_client; content:"GET"; http_method; content:"/pk2.check|3f|t=p8tivnqr"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"z1.kudaxy.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657102/; classtype:trojan-activity;sid:84520202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657101)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.211.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657101/; classtype:trojan-activity;sid:84520201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657100)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.69.61.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657100/; classtype:trojan-activity;sid:84520200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657099)"; flow:established,from_client; content:"GET"; http_method; content:"/azuysq0k8z.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k4.p-13a.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657099/; classtype:trojan-activity;sid:84520199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657098)"; flow:established,from_client; content:"GET"; http_method; content:"/m3.google|3f|t=nxmu3acn"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"bd.kudaxy.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657098/; classtype:trojan-activity;sid:84520198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657097)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.66.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657097/; classtype:trojan-activity;sid:84520197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657096)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.183.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657096/; classtype:trojan-activity;sid:84520196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657094)"; flow:established,from_client; content:"GET"; http_method; content:"/4ta.check|3f|t=wt899nnu"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"q7.kudaxy.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657094/; classtype:trojan-activity;sid:84520194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657095)"; flow:established,from_client; content:"GET"; http_method; content:"/q26l08w6xx.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"z3.p-13a.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657095/; classtype:trojan-activity;sid:84520195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657093)"; flow:established,from_client; content:"GET"; http_method; content:"/yn.google|3f|t=3k4yb0qp"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"g.kudaxy.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657093/; classtype:trojan-activity;sid:84520193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657092)"; flow:established,from_client; content:"GET"; http_method; content:"/y71foq020e.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"z3.p-13a.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657092/; classtype:trojan-activity;sid:84520192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657091)"; flow:established,from_client; content:"GET"; http_method; content:"/sh2rbr2thl.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"de.tqh-2-e.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657091/; classtype:trojan-activity;sid:84520191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657090)"; flow:established,from_client; content:"GET"; http_method; content:"/yn.google|3f|t=hbhs5gie"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"g.kudaxy.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657090/; classtype:trojan-activity;sid:84520190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657089)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.223.85.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657089/; classtype:trojan-activity;sid:84520189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657088)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.183.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657088/; classtype:trojan-activity;sid:84520188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657087)"; flow:established,from_client; content:"GET"; http_method; content:"/6k2l6tsr9u.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"de.tqh-2-e.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657087/; classtype:trojan-activity;sid:84520187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657086)"; flow:established,from_client; content:"GET"; http_method; content:"/t39.check|3f|t=bmywtmq6"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"h7.focove.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657086/; classtype:trojan-activity;sid:84520186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657085)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.223.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657085/; classtype:trojan-activity;sid:84520185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657084)"; flow:established,from_client; content:"GET"; http_method; content:"/r2tffbi1u3.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qm9.p-13a.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657084/; classtype:trojan-activity;sid:84520184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657083)"; flow:established,from_client; content:"GET"; http_method; content:"/t39.check|3f|t=k0aqehpl"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"h7.focove.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657083/; classtype:trojan-activity;sid:84520183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657082)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"174.34.242.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657082/; classtype:trojan-activity;sid:84520182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657081)"; flow:established,from_client; content:"GET"; http_method; content:"/ka3pkmo6gh.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"u1.p-13a.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657081/; classtype:trojan-activity;sid:84520181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657080)"; flow:established,from_client; content:"GET"; http_method; content:"/0xq.google|3f|t=xy80kibh"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"pv.focove.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657080/; classtype:trojan-activity;sid:84520180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657079)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.52.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657079/; classtype:trojan-activity;sid:84520179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657078)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657078/; classtype:trojan-activity;sid:84520178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657077)"; flow:established,from_client; content:"GET"; http_method; content:"/og17n0lmpf.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"da.tqh-2-e.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657077/; classtype:trojan-activity;sid:84520177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657076)"; flow:established,from_client; content:"GET"; http_method; content:"/m4d.check|3f|t=9thhe9jq"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"a1.focove.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657076/; classtype:trojan-activity;sid:84520176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657075)"; flow:established,from_client; content:"GET"; http_method; content:"/8pushlevh9.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"h.p-13a.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657075/; classtype:trojan-activity;sid:84520175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657074)"; flow:established,from_client; content:"GET"; http_method; content:"/m4d.check|3f|t=hv152e83"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"a1.focove.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657074/; classtype:trojan-activity;sid:84520174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657073)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.204.193.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657073/; classtype:trojan-activity;sid:84520173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657072)"; flow:established,from_client; content:"GET"; http_method; content:"/dazxf134py.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"zd.j-31u.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657072/; classtype:trojan-activity;sid:84520172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657071)"; flow:established,from_client; content:"GET"; http_method; content:"/1r.google|3f|t=q88qybso"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"zt.focove.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657071/; classtype:trojan-activity;sid:84520171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657070)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.52.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657070/; classtype:trojan-activity;sid:84520170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657069)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.94.199.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657069/; classtype:trojan-activity;sid:84520169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657068)"; flow:established,from_client; content:"GET"; http_method; content:"/lifvtlhix7.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"zd.j-31u.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657068/; classtype:trojan-activity;sid:84520168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657065)"; flow:established,from_client; content:"GET"; http_method; content:"/q7p.check|3f|t=oaxdg4m8"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"n3.focove.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657065/; classtype:trojan-activity;sid:84520165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657066)"; flow:established,from_client; content:"GET"; http_method; content:"/q7p.check|3f|t=hux5t5zf"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"n3.focove.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657066/; classtype:trojan-activity;sid:84520166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657067)"; flow:established,from_client; content:"GET"; http_method; content:"/ylhzpb5jdb.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ch.xxx-2-u.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657067/; classtype:trojan-activity;sid:84520167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657064)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.147.103.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657064/; classtype:trojan-activity;sid:84520164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657063)"; flow:established,from_client; content:"GET"; http_method; content:"/3824jpx7qn.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r2.j-31u.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657063/; classtype:trojan-activity;sid:84520163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657062)"; flow:established,from_client; content:"GET"; http_method; content:"/u8.google|3f|t=1ctvygxa"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"e.focove.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657062/; classtype:trojan-activity;sid:84520162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657061)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.69.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657061/; classtype:trojan-activity;sid:84520161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657060)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.187.53.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657060/; classtype:trojan-activity;sid:84520160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657059)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.20.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657059/; classtype:trojan-activity;sid:84520159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657058)"; flow:established,from_client; content:"GET"; http_method; content:"/rah.google|3f|t=qqdbqvc6"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"hi.xrxo2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657058/; classtype:trojan-activity;sid:84520158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657057)"; flow:established,from_client; content:"GET"; http_method; content:"/h25uh7n0jj.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r2.j-31u.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657057/; classtype:trojan-activity;sid:84520157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657056)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.155.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657056/; classtype:trojan-activity;sid:84520156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657055)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.73.159"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657055/; classtype:trojan-activity;sid:84520155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657054)"; flow:established,from_client; content:"GET"; http_method; content:"/y0tvs5wtat.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"wq9.j-31u.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657054/; classtype:trojan-activity;sid:84520154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657053)"; flow:established,from_client; content:"GET"; http_method; content:"/33d.check|3f|t=we9ircew"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ho.xrxo2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657053/; classtype:trojan-activity;sid:84520153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657052)"; flow:established,from_client; content:"GET"; http_method; content:"/d2.google|3f|t=w9avx65g"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"if.xrxo2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657052/; classtype:trojan-activity;sid:84520152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657051)"; flow:established,from_client; content:"GET"; http_method; content:"/kdo5tujuq2.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"wq9.j-31u.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657051/; classtype:trojan-activity;sid:84520151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657050)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/sh4.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.237.253.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657050/; classtype:trojan-activity;sid:84520150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657047)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.237.253.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657047/; classtype:trojan-activity;sid:84520147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657048)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86-debug"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.237.253.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657048/; classtype:trojan-activity;sid:84520148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657049)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/spc.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.237.253.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657049/; classtype:trojan-activity;sid:84520149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657046)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.174.62.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657046/; classtype:trojan-activity;sid:84520146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657045)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.73.159"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657045/; classtype:trojan-activity;sid:84520145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657044)"; flow:established,from_client; content:"GET"; http_method; content:"/yo6h6nef2t.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c7.j-31u.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657044/; classtype:trojan-activity;sid:84520144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657043)"; flow:established,from_client; content:"GET"; http_method; content:"/dq.google|3f|t=0p9v3bs0"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"in.xrxo2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657043/; classtype:trojan-activity;sid:84520143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657041)"; flow:established,from_client; content:"GET"; http_method; content:"/lof.google|3f|t=58cx53r3"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"is.xvqy8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657041/; classtype:trojan-activity;sid:84520141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657042)"; flow:established,from_client; content:"GET"; http_method; content:"/dwxh57pkz3.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"n.j-31u.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657042/; classtype:trojan-activity;sid:84520142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657040)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.247.83.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657040/; classtype:trojan-activity;sid:84520140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657037)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.3.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657037/; classtype:trojan-activity;sid:84520137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657038)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.95.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657038/; classtype:trojan-activity;sid:84520138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657039)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.83.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657039/; classtype:trojan-activity;sid:84520139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657036)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.85.194.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657036/; classtype:trojan-activity;sid:84520136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657035)"; flow:established,from_client; content:"GET"; http_method; content:"/x4chbwrbm9.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"by.xxx-2-u.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657035/; classtype:trojan-activity;sid:84520135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657034)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.82.244.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657034/; classtype:trojan-activity;sid:84520134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657033)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.85.197.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657033/; classtype:trojan-activity;sid:84520133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657030)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.89.95.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657030/; classtype:trojan-activity;sid:84520130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657031)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.174.62.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657031/; classtype:trojan-activity;sid:84520131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657032)"; flow:established,from_client; content:"GET"; http_method; content:"/o2.png"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.167.150.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657032/; classtype:trojan-activity;sid:84520132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657026)"; flow:established,from_client; content:"GET"; http_method; content:"/reynhsurveillance.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.167.150.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657026/; classtype:trojan-activity;sid:84520126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657027)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.248.162.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657027/; classtype:trojan-activity;sid:84520127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657028)"; flow:established,from_client; content:"GET"; http_method; content:"/enterpriseservice.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.167.150.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657028/; classtype:trojan-activity;sid:84520128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657029)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.16.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657029/; classtype:trojan-activity;sid:84520129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657025)"; flow:established,from_client; content:"GET"; http_method; content:"/o3.png"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.167.150.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657025/; classtype:trojan-activity;sid:84520125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657023)"; flow:established,from_client; content:"GET"; http_method; content:"/enterpriseserviceoptional.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"103.167.150.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657023/; classtype:trojan-activity;sid:84520123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657024)"; flow:established,from_client; content:"GET"; http_method; content:"/sigmapotato.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"103.167.150.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657024/; classtype:trojan-activity;sid:84520124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657022)"; flow:established,from_client; content:"GET"; http_method; content:"/0w3dsz53w0.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"n.j-31u.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657022/; classtype:trojan-activity;sid:84520122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657020)"; flow:established,from_client; content:"GET"; http_method; content:"/u73.check|3f|t=ytc0y900"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"it.xvqy8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657020/; classtype:trojan-activity;sid:84520120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657021)"; flow:established,from_client; content:"GET"; http_method; content:"/u73.check|3f|t=e2q2tdkh"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"it.xvqy8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657021/; classtype:trojan-activity;sid:84520121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657019)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.85.197.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657019/; classtype:trojan-activity;sid:84520119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657018)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.82.244.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657018/; classtype:trojan-activity;sid:84520118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657017)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.80.145.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657017/; classtype:trojan-activity;sid:84520117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657016)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.80.145.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657016/; classtype:trojan-activity;sid:84520116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657015)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.80.145.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657015/; classtype:trojan-activity;sid:84520115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657014)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.80.145.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657014/; classtype:trojan-activity;sid:84520114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656990)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.85.197.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656990/; classtype:trojan-activity;sid:84520090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656991)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.41.107.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656991/; classtype:trojan-activity;sid:84520091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656993)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.67.39.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656993/; classtype:trojan-activity;sid:84520093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656985)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.85.197.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656985/; classtype:trojan-activity;sid:84520085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656986)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.85.197.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656986/; classtype:trojan-activity;sid:84520086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656979)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.227.5.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656979/; classtype:trojan-activity;sid:84520079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656978)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.27.210.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656978/; classtype:trojan-activity;sid:84520078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656943)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.137.237.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656943/; classtype:trojan-activity;sid:84520043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656942)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.85.194.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656942/; classtype:trojan-activity;sid:84520042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656941)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.215.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656941/; classtype:trojan-activity;sid:84520041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656940)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.83.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656940/; classtype:trojan-activity;sid:84520040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656939)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.237.253.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656939/; classtype:trojan-activity;sid:84520039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656930)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.237.253.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656930/; classtype:trojan-activity;sid:84520030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656931)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.237.253.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656931/; classtype:trojan-activity;sid:84520031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656932)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.237.253.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656932/; classtype:trojan-activity;sid:84520032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656933)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.237.253.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656933/; classtype:trojan-activity;sid:84520033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656934)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.237.253.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656934/; classtype:trojan-activity;sid:84520034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656935)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.237.253.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656935/; classtype:trojan-activity;sid:84520035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656936)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.237.253.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656936/; classtype:trojan-activity;sid:84520036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656937)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.237.253.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656937/; classtype:trojan-activity;sid:84520037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656938)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.237.253.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656938/; classtype:trojan-activity;sid:84520038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656929)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.16.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656929/; classtype:trojan-activity;sid:84520029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656928)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.95.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656928/; classtype:trojan-activity;sid:84520028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656927)"; flow:established,from_client; content:"GET"; http_method; content:"/sosten.vbs"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"46.246.86.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656927/; classtype:trojan-activity;sid:84520027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656926)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.51.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656926/; classtype:trojan-activity;sid:84520026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656925)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.237.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656925/; classtype:trojan-activity;sid:84520025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656923)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.215.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656923/; classtype:trojan-activity;sid:84520023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656924)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.14.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656924/; classtype:trojan-activity;sid:84520024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656921)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.69.238.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656921/; classtype:trojan-activity;sid:84520021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656922)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.168.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656922/; classtype:trojan-activity;sid:84520022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656918)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"draak.nathandev.nl"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656918/; classtype:trojan-activity;sid:84520018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656919)"; flow:established,from_client; content:"GET"; http_method; content:"/proceso.vbs"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"46.246.86.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656919/; classtype:trojan-activity;sid:84520019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656920)"; flow:established,from_client; content:"GET"; http_method; content:"/sostener.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"46.246.86.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656920/; classtype:trojan-activity;sid:84520020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656917)"; flow:established,from_client; content:"GET"; http_method; content:"/31fcfqfvrs.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"by.xxx-2-u.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656917/; classtype:trojan-activity;sid:84520017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656916)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/giga.sh"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656916/; classtype:trojan-activity;sid:84520016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656915)"; flow:established,from_client; content:"GET"; http_method; content:"/p8.google|3f|t=ei7mzhw2"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"jo.xvqy8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656915/; classtype:trojan-activity;sid:84520015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656914)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/voicemail/voicenotify/video.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"106.68.167.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656914/; classtype:trojan-activity;sid:84520014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656909)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/android/av.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"106.68.167.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656909/; classtype:trojan-activity;sid:84520009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656910)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/voicemail/record/av.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"106.68.167.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656910/; classtype:trojan-activity;sid:84520010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656911)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/voicemail/index/video.scr"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"106.68.167.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656911/; classtype:trojan-activity;sid:84520011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656912)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/android/data/photo.scr"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"106.68.167.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656912/; classtype:trojan-activity;sid:84520012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656913)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/installers%20apk/video.scr"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"106.68.167.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656913/; classtype:trojan-activity;sid:84520013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656908)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/installers%20apk/av.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"106.68.167.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656908/; classtype:trojan-activity;sid:84520008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656907)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.202.211.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656907/; classtype:trojan-activity;sid:84520007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656906)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.242.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656906/; classtype:trojan-activity;sid:84520006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656905)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/system%20volume%20information/av.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"106.68.167.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656905/; classtype:trojan-activity;sid:84520005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656904)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/android/data/video.scr"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"106.68.167.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656904/; classtype:trojan-activity;sid:84520004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656903)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/voicemail/voicenotify/photo.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"106.68.167.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656903/; classtype:trojan-activity;sid:84520003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656901)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/voicemail/record/photo.scr"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"106.68.167.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656901/; classtype:trojan-activity;sid:84520001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656902)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/system%20volume%20information/video.scr"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"106.68.167.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656902/; classtype:trojan-activity;sid:84520002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656899)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/android/video.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"106.68.167.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656899/; classtype:trojan-activity;sid:84519999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656900)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/wget2.sh"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656900/; classtype:trojan-activity;sid:84520000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656892)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/voicemail/index/av.scr"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"106.68.167.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656892/; classtype:trojan-activity;sid:84519992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656893)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/voicemail/record/video.scr"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"106.68.167.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656893/; classtype:trojan-activity;sid:84519993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656894)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/android/photo.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"106.68.167.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656894/; classtype:trojan-activity;sid:84519994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656895)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/voicemail/voicenotify/av.scr"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"106.68.167.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656895/; classtype:trojan-activity;sid:84519995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656896)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/installers%20apk/photo.scr"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"106.68.167.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656896/; classtype:trojan-activity;sid:84519996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656897)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/voicemail/index/photo.scr"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"106.68.167.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656897/; classtype:trojan-activity;sid:84519997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656898)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/system%20volume%20information/photo.scr"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"106.68.167.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656898/; classtype:trojan-activity;sid:84519998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656890)"; flow:established,from_client; content:"GET"; http_method; content:"/cr.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656890/; classtype:trojan-activity;sid:84519990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656891)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/android/data/av.scr"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"106.68.167.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656891/; classtype:trojan-activity;sid:84519991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656887)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/cr.sh"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656887/; classtype:trojan-activity;sid:84519987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656888)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/toto.sh"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656888/; classtype:trojan-activity;sid:84519988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656889)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/wget.sh"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656889/; classtype:trojan-activity;sid:84519989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656874)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/o.xml"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656874/; classtype:trojan-activity;sid:84519974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656875)"; flow:established,from_client; content:"GET"; http_method; content:"/o.xml"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656875/; classtype:trojan-activity;sid:84519975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656876)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/tplink.sh"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656876/; classtype:trojan-activity;sid:84519976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656877)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/w2.sh"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656877/; classtype:trojan-activity;sid:84519977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656878)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/hik.sh"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656878/; classtype:trojan-activity;sid:84519978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656879)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/zyxel.sh"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656879/; classtype:trojan-activity;sid:84519979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656880)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/c.sh"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656880/; classtype:trojan-activity;sid:84519980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656881)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.68.162.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656881/; classtype:trojan-activity;sid:84519981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656882)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656882/; classtype:trojan-activity;sid:84519982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656883)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656883/; classtype:trojan-activity;sid:84519983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656884)"; flow:established,from_client; content:"GET"; http_method; content:"/giga.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656884/; classtype:trojan-activity;sid:84519984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656885)"; flow:established,from_client; content:"GET"; http_method; content:"/hik.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656885/; classtype:trojan-activity;sid:84519985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656886)"; flow:established,from_client; content:"GET"; http_method; content:"/8usa.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656886/; classtype:trojan-activity;sid:84519986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656873)"; flow:established,from_client; content:"GET"; http_method; content:"/umpsl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"n7.gay"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656873/; classtype:trojan-activity;sid:84519973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656872)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/w.sh"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656872/; classtype:trojan-activity;sid:84519972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656871)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/boatnet.sh4"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656871/; classtype:trojan-activity;sid:84519971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.190.242.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656869/; classtype:trojan-activity;sid:84519969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656870)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"157.156.243.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656870/; classtype:trojan-activity;sid:84519970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656868)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.spc"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656868/; classtype:trojan-activity;sid:84519968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656866)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/unhanaaw.arm5"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656866/; classtype:trojan-activity;sid:84519966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656867)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656867/; classtype:trojan-activity;sid:84519967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656865)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"n7.gay"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656865/; classtype:trojan-activity;sid:84519965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656855)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656855/; classtype:trojan-activity;sid:84519955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656856)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/unhanaaw.sh4"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656856/; classtype:trojan-activity;sid:84519956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656857)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/boatnet.ppc"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656857/; classtype:trojan-activity;sid:84519957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656858)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.sh4"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656858/; classtype:trojan-activity;sid:84519958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656859)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/boatnet.arm7"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656859/; classtype:trojan-activity;sid:84519959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656860)"; flow:established,from_client; content:"GET"; http_method; content:"/boatnet.x86_64"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656860/; classtype:trojan-activity;sid:84519960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656861)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/boatnet.mpsl"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656861/; classtype:trojan-activity;sid:84519961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656862)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/video.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.68.167.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656862/; classtype:trojan-activity;sid:84519962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656863)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.209.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656863/; classtype:trojan-activity;sid:84519963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656864)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/boatnet.x86_64"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656864/; classtype:trojan-activity;sid:84519964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656853)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.x86"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656853/; classtype:trojan-activity;sid:84519953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656854)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656854/; classtype:trojan-activity;sid:84519954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656849)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/boatnet.arm6"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656849/; classtype:trojan-activity;sid:84519949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656850)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/unhanaaw.ppc"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656850/; classtype:trojan-activity;sid:84519950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656851)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86_64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656851/; classtype:trojan-activity;sid:84519951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656852)"; flow:established,from_client; content:"GET"; http_method; content:"/emips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"n7.gay"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656852/; classtype:trojan-activity;sid:84519952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656847)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.240.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656847/; classtype:trojan-activity;sid:84519947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656848)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.168.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656848/; classtype:trojan-activity;sid:84519948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656846)"; flow:established,from_client; content:"GET"; http_method; content:"/curl.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"n7.gay"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656846/; classtype:trojan-activity;sid:84519946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656843)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/boatnet.x86"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656843/; classtype:trojan-activity;sid:84519943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656844)"; flow:established,from_client; content:"GET"; http_method; content:"/boatnet.ppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656844/; classtype:trojan-activity;sid:84519944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656845)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm7"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656845/; classtype:trojan-activity;sid:84519945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656842)"; flow:established,from_client; content:"GET"; http_method; content:"/boatnet.x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656842/; classtype:trojan-activity;sid:84519942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656840)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm5"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"p2.dstat.digital2"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656840/; classtype:trojan-activity;sid:84519940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656841)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/boatnet.mips"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656841/; classtype:trojan-activity;sid:84519941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656836)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656836/; classtype:trojan-activity;sid:84519936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656837)"; flow:established,from_client; content:"GET"; http_method; content:"/boatnet.spc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656837/; classtype:trojan-activity;sid:84519937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656838)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/voicemail/video.scr"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"106.68.167.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656838/; classtype:trojan-activity;sid:84519938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656839)"; flow:established,from_client; content:"GET"; http_method; content:"/boatnet.mpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656839/; classtype:trojan-activity;sid:84519939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656835)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/av.scr"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"106.68.167.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656835/; classtype:trojan-activity;sid:84519935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656833)"; flow:established,from_client; content:"GET"; http_method; content:"/boatnet.arm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656833/; classtype:trojan-activity;sid:84519933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656834)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"n7.gay"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656834/; classtype:trojan-activity;sid:84519934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656832)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/voicemail/video.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"106.68.167.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656832/; classtype:trojan-activity;sid:84519932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656823)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/unhanaaw.arm7"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656823/; classtype:trojan-activity;sid:84519923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656824)"; flow:established,from_client; content:"GET"; http_method; content:"/boatnet.m68k"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656824/; classtype:trojan-activity;sid:84519924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656825)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/boatnet.arm"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656825/; classtype:trojan-activity;sid:84519925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656826)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/boatnet.spc"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656826/; classtype:trojan-activity;sid:84519926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656827)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656827/; classtype:trojan-activity;sid:84519927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656828)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm6"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656828/; classtype:trojan-activity;sid:84519928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656829)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/voicemail/photo.scr"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"106.68.167.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656829/; classtype:trojan-activity;sid:84519929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656830)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/av.lnk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"106.68.167.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656830/; classtype:trojan-activity;sid:84519930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656831)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.mpsl"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656831/; classtype:trojan-activity;sid:84519931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656821)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.mips"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656821/; classtype:trojan-activity;sid:84519921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656822)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.68.162.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656822/; classtype:trojan-activity;sid:84519922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656813)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/unhanaaw.mpsl"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656813/; classtype:trojan-activity;sid:84519913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656814)"; flow:established,from_client; content:"GET"; http_method; content:"/boatnet.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656814/; classtype:trojan-activity;sid:84519914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656815)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.179.31.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656815/; classtype:trojan-activity;sid:84519915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656816)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656816/; classtype:trojan-activity;sid:84519916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656817)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656817/; classtype:trojan-activity;sid:84519917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656818)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/unhanaaw.mips"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656818/; classtype:trojan-activity;sid:84519918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656819)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/unhanaaw.m68k"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656819/; classtype:trojan-activity;sid:84519919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656820)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.193.129.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656820/; classtype:trojan-activity;sid:84519920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656804)"; flow:established,from_client; content:"GET"; http_method; content:"/boatnet.arm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656804/; classtype:trojan-activity;sid:84519904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656805)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/boatnet.m68k"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656805/; classtype:trojan-activity;sid:84519905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656806)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656806/; classtype:trojan-activity;sid:84519906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656807)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"n7.gay"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656807/; classtype:trojan-activity;sid:84519907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656808)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/boatnet.arm5"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656808/; classtype:trojan-activity;sid:84519908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656809)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/unhanaaw.x86"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656809/; classtype:trojan-activity;sid:84519909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656810)"; flow:established,from_client; content:"GET"; http_method; content:"/boatnet.arm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656810/; classtype:trojan-activity;sid:84519910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656811)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656811/; classtype:trojan-activity;sid:84519911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656812)"; flow:established,from_client; content:"GET"; http_method; content:"/boatnet.arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656812/; classtype:trojan-activity;sid:84519912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656803)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656803/; classtype:trojan-activity;sid:84519903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656802)"; flow:established,from_client; content:"GET"; http_method; content:"/ftpget.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"n7.gay"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656802/; classtype:trojan-activity;sid:84519902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656794)"; flow:established,from_client; content:"GET"; http_method; content:"/boatnet.sh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656794/; classtype:trojan-activity;sid:84519894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656795)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/unhanaaw.arm6"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656795/; classtype:trojan-activity;sid:84519895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656796)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.m68k"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656796/; classtype:trojan-activity;sid:84519896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656797)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656797/; classtype:trojan-activity;sid:84519897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656798)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/unhanaaw.x86_64"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656798/; classtype:trojan-activity;sid:84519898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656799)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.ppc"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656799/; classtype:trojan-activity;sid:84519899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656800)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/unhanaaw.arm"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656800/; classtype:trojan-activity;sid:84519900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656801)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"p2.dstat.digital"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656801/; classtype:trojan-activity;sid:84519901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656792)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.231.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656792/; classtype:trojan-activity;sid:84519892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656793)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.69.238.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656793/; classtype:trojan-activity;sid:84519893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656790)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/voicemail/av.scr"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"106.68.167.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656790/; classtype:trojan-activity;sid:84519890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656791)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/photo.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.68.167.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656791/; classtype:trojan-activity;sid:84519891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656785)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"42.150.143.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656785/; classtype:trojan-activity;sid:84519885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656786)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/voicemail/photo.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"106.68.167.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656786/; classtype:trojan-activity;sid:84519886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656787)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/video.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.68.167.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656787/; classtype:trojan-activity;sid:84519887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656788)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/photo.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.68.167.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656788/; classtype:trojan-activity;sid:84519888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656789)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/voicemail/av.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"106.68.167.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656789/; classtype:trojan-activity;sid:84519889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656782)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"n7.gay"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656782/; classtype:trojan-activity;sid:84519882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656783)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"n7.gay"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656783/; classtype:trojan-activity;sid:84519883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656784)"; flow:established,from_client; content:"GET"; http_method; content:"/lmpsl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"n7.gay"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656784/; classtype:trojan-activity;sid:84519884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656770)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"n7.gay"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656770/; classtype:trojan-activity;sid:84519870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656771)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"n7.gay"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656771/; classtype:trojan-activity;sid:84519871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656772)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"n7.gay"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656772/; classtype:trojan-activity;sid:84519872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656773)"; flow:established,from_client; content:"GET"; http_method; content:"/gmips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"n7.gay"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656773/; classtype:trojan-activity;sid:84519873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656774)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"n7.gay"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656774/; classtype:trojan-activity;sid:84519874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656775)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"n7.gay"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656775/; classtype:trojan-activity;sid:84519875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656776)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"n7.gay"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656776/; classtype:trojan-activity;sid:84519876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656777)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"n7.gay"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656777/; classtype:trojan-activity;sid:84519877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656778)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"n7.gay"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656778/; classtype:trojan-activity;sid:84519878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656779)"; flow:established,from_client; content:"GET"; http_method; content:"/umips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"n7.gay"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656779/; classtype:trojan-activity;sid:84519879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656780)"; flow:established,from_client; content:"GET"; http_method; content:"/nmips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"n7.gay"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656780/; classtype:trojan-activity;sid:84519880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656781)"; flow:established,from_client; content:"GET"; http_method; content:"/lmips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"n7.gay"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656781/; classtype:trojan-activity;sid:84519881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656769)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"go-invie.invie.id"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656769/; classtype:trojan-activity;sid:84519869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656767)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"go-invie.invie.id"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656767/; classtype:trojan-activity;sid:84519867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656768)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"go-invie.invie.id"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656768/; classtype:trojan-activity;sid:84519868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656764)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"go-invie.invie.id"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656764/; classtype:trojan-activity;sid:84519864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656765)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"go-invie.invie.id"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656765/; classtype:trojan-activity;sid:84519865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656766)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"go-invie.invie.id"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656766/; classtype:trojan-activity;sid:84519866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656757)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"go-invie.invie.id"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656757/; classtype:trojan-activity;sid:84519857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656758)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"go-invie.invie.id"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656758/; classtype:trojan-activity;sid:84519858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656759)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"go-invie.invie.id"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656759/; classtype:trojan-activity;sid:84519859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656760)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"go-invie.invie.id"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656760/; classtype:trojan-activity;sid:84519860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656761)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"go-invie.invie.id"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656761/; classtype:trojan-activity;sid:84519861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656762)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"go-invie.invie.id"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656762/; classtype:trojan-activity;sid:84519862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656763)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.i686"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"go-invie.invie.id"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656763/; classtype:trojan-activity;sid:84519863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656756)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"go-invie.invie.id"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656756/; classtype:trojan-activity;sid:84519856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656755)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"go-invie.invie.id"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656755/; classtype:trojan-activity;sid:84519855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656754)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.209.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656754/; classtype:trojan-activity;sid:84519854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656753)"; flow:established,from_client; content:"GET"; http_method; content:"/ovm3trcs75.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"by.xxx-2-u.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656753/; classtype:trojan-activity;sid:84519853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656752)"; flow:established,from_client; content:"GET"; http_method; content:"/ql2.google|3f|t=fs1aabhr"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"la.xvqy8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656752/; classtype:trojan-activity;sid:84519852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656751)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.84.128.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656751/; classtype:trojan-activity;sid:84519851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656750)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.83.115.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656750/; classtype:trojan-activity;sid:84519850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656749)"; flow:established,from_client; content:"GET"; http_method; content:"/cwbqw5ks82.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"by.xxx-2-u.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656749/; classtype:trojan-activity;sid:84519849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656745)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.137.142.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656745/; classtype:trojan-activity;sid:84519845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656746)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.0.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656746/; classtype:trojan-activity;sid:84519846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656747)"; flow:established,from_client; content:"GET"; http_method; content:"/garm"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.222.97.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656747/; classtype:trojan-activity;sid:84519847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656748)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"193.222.97.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656748/; classtype:trojan-activity;sid:84519848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656744)"; flow:established,from_client; content:"GET"; http_method; content:"/garm6"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"84.201.4.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656744/; classtype:trojan-activity;sid:84519844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656743)"; flow:established,from_client; content:"GET"; http_method; content:"/garm5"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"84.201.4.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656743/; classtype:trojan-activity;sid:84519843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656742)"; flow:established,from_client; content:"GET"; http_method; content:"/garm"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"84.201.4.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656742/; classtype:trojan-activity;sid:84519842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656741)"; flow:established,from_client; content:"GET"; http_method; content:"/k4c.google|3f|t=9g7fp89e"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"li.tvti-0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656741/; classtype:trojan-activity;sid:84519841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656740)"; flow:established,from_client; content:"GET"; http_method; content:"/d95cxlu47w.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"by.xxx-2-u.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656740/; classtype:trojan-activity;sid:84519840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656739)"; flow:established,from_client; content:"GET"; http_method; content:"/v2.check|3f|t=i0u15ovr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"lo.tvti-0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656739/; classtype:trojan-activity;sid:84519839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656738)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.83.115.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656738/; classtype:trojan-activity;sid:84519838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656737)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.84.128.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656737/; classtype:trojan-activity;sid:84519837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656736)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.109.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656736/; classtype:trojan-activity;sid:84519836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656735)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.158.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656735/; classtype:trojan-activity;sid:84519835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656734)"; flow:established,from_client; content:"GET"; http_method; content:"/e0v6brmc8u.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k9.n-82o.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656734/; classtype:trojan-activity;sid:84519834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656733)"; flow:established,from_client; content:"GET"; http_method; content:"/v2.check|3f|t=7jbxae1q"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"lo.tvti-0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656733/; classtype:trojan-activity;sid:84519833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656732)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.82.88.141"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656732/; classtype:trojan-activity;sid:84519832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656731)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.82.88.141"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656731/; classtype:trojan-activity;sid:84519831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656730)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.81.161.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656730/; classtype:trojan-activity;sid:84519830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656729)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.115.212.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656729/; classtype:trojan-activity;sid:84519829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656728)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"217.115.212.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656728/; classtype:trojan-activity;sid:84519828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656727)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"217.115.212.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656727/; classtype:trojan-activity;sid:84519827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656726)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.115.212.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656726/; classtype:trojan-activity;sid:84519826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656725)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"47.104.96.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656725/; classtype:trojan-activity;sid:84519825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656724)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"201.103.229.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656724/; classtype:trojan-activity;sid:84519824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656723)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"59.127.130.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656723/; classtype:trojan-activity;sid:84519823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656722)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.107.43.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656722/; classtype:trojan-activity;sid:84519822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656720)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"92.150.82.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656720/; classtype:trojan-activity;sid:84519820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656721)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"217.128.74.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656721/; classtype:trojan-activity;sid:84519821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656719)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"113.212.92.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656719/; classtype:trojan-activity;sid:84519819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656714)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"119.45.161.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656714/; classtype:trojan-activity;sid:84519814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656715)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"27.152.73.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656715/; classtype:trojan-activity;sid:84519815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656716)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"184.105.33.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656716/; classtype:trojan-activity;sid:84519816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656717)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.240.211.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656717/; classtype:trojan-activity;sid:84519817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656718)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.226.135.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656718/; classtype:trojan-activity;sid:84519818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656713)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"27.110.187.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656713/; classtype:trojan-activity;sid:84519813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656711)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"122.117.134.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656711/; classtype:trojan-activity;sid:84519811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656712)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.81.224.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656712/; classtype:trojan-activity;sid:84519812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656708)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.240.211.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656708/; classtype:trojan-activity;sid:84519808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656709)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.206.139.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656709/; classtype:trojan-activity;sid:84519809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656710)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"180.148.33.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656710/; classtype:trojan-activity;sid:84519810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656706)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"211.197.121.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656706/; classtype:trojan-activity;sid:84519806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656707)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.206.139.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656707/; classtype:trojan-activity;sid:84519807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656705)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.128.74.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656705/; classtype:trojan-activity;sid:84519805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656704)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.214.0.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656704/; classtype:trojan-activity;sid:84519804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656702)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.240.211.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656702/; classtype:trojan-activity;sid:84519802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656703)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.45.46.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656703/; classtype:trojan-activity;sid:84519803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656700)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"47.104.96.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656700/; classtype:trojan-activity;sid:84519800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656701)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"212.27.26.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656701/; classtype:trojan-activity;sid:84519801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656698)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"114.33.154.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656698/; classtype:trojan-activity;sid:84519798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656699)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"184.105.33.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656699/; classtype:trojan-activity;sid:84519799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656695)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.68.94.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656695/; classtype:trojan-activity;sid:84519795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656696)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"90.8.145.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656696/; classtype:trojan-activity;sid:84519796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656697)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"217.128.74.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656697/; classtype:trojan-activity;sid:84519797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656693)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"179.214.0.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656693/; classtype:trojan-activity;sid:84519793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656694)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.117.134.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656694/; classtype:trojan-activity;sid:84519794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656689)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.206.139.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656689/; classtype:trojan-activity;sid:84519789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656690)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.128.74.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656690/; classtype:trojan-activity;sid:84519790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656691)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"125.80.199.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656691/; classtype:trojan-activity;sid:84519791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656692)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.115.212.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656692/; classtype:trojan-activity;sid:84519792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656684)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.80.164.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656684/; classtype:trojan-activity;sid:84519784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656685)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.128.74.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656685/; classtype:trojan-activity;sid:84519785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656686)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.117.134.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656686/; classtype:trojan-activity;sid:84519786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656687)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"80.134.158.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656687/; classtype:trojan-activity;sid:84519787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656688)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"118.68.94.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656688/; classtype:trojan-activity;sid:84519788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656681)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"119.45.161.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656681/; classtype:trojan-activity;sid:84519781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656682)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"14.107.43.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656682/; classtype:trojan-activity;sid:84519782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656683)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.212.92.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656683/; classtype:trojan-activity;sid:84519783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656678)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.81.224.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656678/; classtype:trojan-activity;sid:84519778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656679)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656679/; classtype:trojan-activity;sid:84519779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656680)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"14.107.43.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656680/; classtype:trojan-activity;sid:84519780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656676)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"182.227.5.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656676/; classtype:trojan-activity;sid:84519776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656677)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"180.148.33.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656677/; classtype:trojan-activity;sid:84519777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656675)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.94.192.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656675/; classtype:trojan-activity;sid:84519775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656670)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.127.130.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656670/; classtype:trojan-activity;sid:84519770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656671)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"68.224.70.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656671/; classtype:trojan-activity;sid:84519771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656672)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.149.184.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656672/; classtype:trojan-activity;sid:84519772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656673)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"14.107.43.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656673/; classtype:trojan-activity;sid:84519773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656674)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.214.0.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656674/; classtype:trojan-activity;sid:84519774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656668)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"118.68.94.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656668/; classtype:trojan-activity;sid:84519768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656669)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.152.73.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656669/; classtype:trojan-activity;sid:84519769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656666)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"180.76.153.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656666/; classtype:trojan-activity;sid:84519766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656667)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.8.145.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656667/; classtype:trojan-activity;sid:84519767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656664)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"201.103.229.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656664/; classtype:trojan-activity;sid:84519764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656665)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.206.139.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656665/; classtype:trojan-activity;sid:84519765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656662)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"92.150.82.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656662/; classtype:trojan-activity;sid:84519762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656663)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.226.135.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656663/; classtype:trojan-activity;sid:84519763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656660)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.214.0.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656660/; classtype:trojan-activity;sid:84519760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656661)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.240.211.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656661/; classtype:trojan-activity;sid:84519761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656658)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.226.135.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656658/; classtype:trojan-activity;sid:84519758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656659)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"125.80.199.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656659/; classtype:trojan-activity;sid:84519759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656656)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"217.128.74.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656656/; classtype:trojan-activity;sid:84519756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656657)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"151.177.100.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656657/; classtype:trojan-activity;sid:84519757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656649)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.45.46.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656649/; classtype:trojan-activity;sid:84519749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656650)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"125.80.199.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656650/; classtype:trojan-activity;sid:84519750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656651)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.127.130.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656651/; classtype:trojan-activity;sid:84519751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656652)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.214.0.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656652/; classtype:trojan-activity;sid:84519752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656653)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.80.199.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656653/; classtype:trojan-activity;sid:84519753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656654)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.148.33.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656654/; classtype:trojan-activity;sid:84519754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656655)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.152.73.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656655/; classtype:trojan-activity;sid:84519755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656647)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.128.74.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656647/; classtype:trojan-activity;sid:84519747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656648)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.226.135.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656648/; classtype:trojan-activity;sid:84519748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656644)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"59.127.130.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656644/; classtype:trojan-activity;sid:84519744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656645)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.45.46.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656645/; classtype:trojan-activity;sid:84519745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656646)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.226.135.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656646/; classtype:trojan-activity;sid:84519746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656642)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"114.33.154.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656642/; classtype:trojan-activity;sid:84519742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656643)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"124.218.221.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656643/; classtype:trojan-activity;sid:84519743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656641)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"119.45.161.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656641/; classtype:trojan-activity;sid:84519741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656638)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"212.27.26.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656638/; classtype:trojan-activity;sid:84519738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656639)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.170.8.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656639/; classtype:trojan-activity;sid:84519739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656640)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.206.139.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656640/; classtype:trojan-activity;sid:84519740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656637)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"216.221.70.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656637/; classtype:trojan-activity;sid:84519737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656634)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.170.8.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656634/; classtype:trojan-activity;sid:84519734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656635)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.170.8.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656635/; classtype:trojan-activity;sid:84519735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656636)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"68.224.70.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656636/; classtype:trojan-activity;sid:84519736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656633)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"59.127.130.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656633/; classtype:trojan-activity;sid:84519733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656632)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.214.0.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656632/; classtype:trojan-activity;sid:84519732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656631)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.104.96.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656631/; classtype:trojan-activity;sid:84519731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656630)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"180.148.33.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656630/; classtype:trojan-activity;sid:84519730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656629)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"70.45.46.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656629/; classtype:trojan-activity;sid:84519729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656627)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.170.8.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656627/; classtype:trojan-activity;sid:84519727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656628)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"90.8.145.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656628/; classtype:trojan-activity;sid:84519728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656626)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"119.45.161.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656626/; classtype:trojan-activity;sid:84519726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656624)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.80.199.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656624/; classtype:trojan-activity;sid:84519724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656625)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.152.73.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656625/; classtype:trojan-activity;sid:84519725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656621)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"180.148.33.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656621/; classtype:trojan-activity;sid:84519721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656622)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.68.94.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656622/; classtype:trojan-activity;sid:84519722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656623)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"209.146.21.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656623/; classtype:trojan-activity;sid:84519723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656617)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"14.107.43.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656617/; classtype:trojan-activity;sid:84519717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656618)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"70.45.46.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656618/; classtype:trojan-activity;sid:84519718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656619)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.152.73.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656619/; classtype:trojan-activity;sid:84519719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656620)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"14.4.41.113"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656620/; classtype:trojan-activity;sid:84519720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656616)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.103.229.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656616/; classtype:trojan-activity;sid:84519716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656615)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"118.68.94.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656615/; classtype:trojan-activity;sid:84519715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656613)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"118.68.94.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656613/; classtype:trojan-activity;sid:84519713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656614)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"70.45.46.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656614/; classtype:trojan-activity;sid:84519714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656612)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.117.134.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656612/; classtype:trojan-activity;sid:84519712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656611)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"90.8.145.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656611/; classtype:trojan-activity;sid:84519711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656606)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"220.124.112.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656606/; classtype:trojan-activity;sid:84519706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656607)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.206.139.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656607/; classtype:trojan-activity;sid:84519707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656608)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.8.145.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656608/; classtype:trojan-activity;sid:84519708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656609)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.27.26.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656609/; classtype:trojan-activity;sid:84519709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656610)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"70.45.46.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656610/; classtype:trojan-activity;sid:84519710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656603)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"125.80.199.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656603/; classtype:trojan-activity;sid:84519703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656604)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"125.80.199.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656604/; classtype:trojan-activity;sid:84519704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656605)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"70.45.46.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656605/; classtype:trojan-activity;sid:84519705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656598)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.128.74.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656598/; classtype:trojan-activity;sid:84519698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656599)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"201.103.229.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656599/; classtype:trojan-activity;sid:84519699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656600)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.128.74.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656600/; classtype:trojan-activity;sid:84519700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656601)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.206.139.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656601/; classtype:trojan-activity;sid:84519701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656602)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"90.8.145.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656602/; classtype:trojan-activity;sid:84519702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656596)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"184.105.33.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656596/; classtype:trojan-activity;sid:84519696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656597)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.45.46.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656597/; classtype:trojan-activity;sid:84519697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656591)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.117.134.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656591/; classtype:trojan-activity;sid:84519691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656592)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"180.148.33.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656592/; classtype:trojan-activity;sid:84519692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656593)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"59.127.130.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656593/; classtype:trojan-activity;sid:84519693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656594)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.148.33.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656594/; classtype:trojan-activity;sid:84519694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656595)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.170.8.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656595/; classtype:trojan-activity;sid:84519695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656587)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.103.229.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656587/; classtype:trojan-activity;sid:84519687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656588)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"201.103.229.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656588/; classtype:trojan-activity;sid:84519688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656589)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"217.128.74.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656589/; classtype:trojan-activity;sid:84519689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656590)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.117.134.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656590/; classtype:trojan-activity;sid:84519690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656586)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"184.105.33.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656586/; classtype:trojan-activity;sid:84519686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656581)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.170.8.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656581/; classtype:trojan-activity;sid:84519681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656582)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.152.73.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656582/; classtype:trojan-activity;sid:84519682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656583)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"184.105.33.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656583/; classtype:trojan-activity;sid:84519683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656584)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"122.170.8.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656584/; classtype:trojan-activity;sid:84519684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656585)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.117.134.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656585/; classtype:trojan-activity;sid:84519685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656580)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"14.107.43.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656580/; classtype:trojan-activity;sid:84519680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656579)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"217.128.74.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656579/; classtype:trojan-activity;sid:84519679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656578)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"184.105.33.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656578/; classtype:trojan-activity;sid:84519678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656576)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"184.105.33.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656576/; classtype:trojan-activity;sid:84519676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656577)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.214.0.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656577/; classtype:trojan-activity;sid:84519677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656573)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"201.103.229.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656573/; classtype:trojan-activity;sid:84519673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656574)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"76.130.209.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656574/; classtype:trojan-activity;sid:84519674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656575)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.128.74.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656575/; classtype:trojan-activity;sid:84519675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656571)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"182.233.151.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656571/; classtype:trojan-activity;sid:84519671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656572)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"212.27.26.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656572/; classtype:trojan-activity;sid:84519672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656567)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.152.73.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656567/; classtype:trojan-activity;sid:84519667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656568)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"217.128.74.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656568/; classtype:trojan-activity;sid:84519668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656569)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.240.211.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656569/; classtype:trojan-activity;sid:84519669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656570)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.45.46.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656570/; classtype:trojan-activity;sid:84519670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656564)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.45.46.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656564/; classtype:trojan-activity;sid:84519664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656565)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"122.252.83.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656565/; classtype:trojan-activity;sid:84519665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656566)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"188.118.38.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656566/; classtype:trojan-activity;sid:84519666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656558)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"80.134.158.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656558/; classtype:trojan-activity;sid:84519658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656559)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.45.46.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656559/; classtype:trojan-activity;sid:84519659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656560)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.132.96.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656560/; classtype:trojan-activity;sid:84519660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656561)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"70.45.46.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656561/; classtype:trojan-activity;sid:84519661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656562)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.45.46.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656562/; classtype:trojan-activity;sid:84519662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656563)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"90.8.145.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656563/; classtype:trojan-activity;sid:84519663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656556)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.104.96.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656556/; classtype:trojan-activity;sid:84519656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656557)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"59.127.130.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656557/; classtype:trojan-activity;sid:84519657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656552)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.240.211.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656552/; classtype:trojan-activity;sid:84519652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656553)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.107.43.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656553/; classtype:trojan-activity;sid:84519653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656554)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"118.68.94.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656554/; classtype:trojan-activity;sid:84519654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656555)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.240.211.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656555/; classtype:trojan-activity;sid:84519655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656551)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.128.74.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656551/; classtype:trojan-activity;sid:84519651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656550)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.3.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656550/; classtype:trojan-activity;sid:84519650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656548)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.55.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656548/; classtype:trojan-activity;sid:84519648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656549)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.158.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656549/; classtype:trojan-activity;sid:84519649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656547)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"postkzpostal.shop"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656547/; classtype:trojan-activity;sid:84519647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656546)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"ghanaapostgh.shop"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656546/; classtype:trojan-activity;sid:84519646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656545)"; flow:established,from_client; content:"GET"; http_method; content:"/flmnwx1c6m.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"by.xxx-2-u.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656545/; classtype:trojan-activity;sid:84519645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656544)"; flow:established,from_client; content:"GET"; http_method; content:"/5rjrc5kqvh.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m7.n-82o.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656544/; classtype:trojan-activity;sid:84519644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656542)"; flow:established,from_client; content:"GET"; http_method; content:"/fx.check|3f|t=1y10tie3"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ma.tvti-0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656542/; classtype:trojan-activity;sid:84519642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656543)"; flow:established,from_client; content:"GET"; http_method; content:"/fx.check|3f|t=c99lms4n"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ma.tvti-0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656543/; classtype:trojan-activity;sid:84519643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656540)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"adoring-shannon.196-251-85-63.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656540/; classtype:trojan-activity;sid:84519640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656541)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"posttsaba.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656541/; classtype:trojan-activity;sid:84519641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656539)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"happy-galileo.196-251-85-63.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656539/; classtype:trojan-activity;sid:84519639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656538)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"m85-net.redirectme.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656538/; classtype:trojan-activity;sid:84519638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656528)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"posttsaba.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656528/; classtype:trojan-activity;sid:84519628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656529)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"ghanaapostgh.shop"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656529/; classtype:trojan-activity;sid:84519629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656530)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"ghanaapostgh.shop"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656530/; classtype:trojan-activity;sid:84519630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656531)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"omniwa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656531/; classtype:trojan-activity;sid:84519631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656532)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"holiganbet10185.lease"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656532/; classtype:trojan-activity;sid:84519632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656533)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"posttsaba.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656533/; classtype:trojan-activity;sid:84519633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656534)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.holiganbet10185.lease"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656534/; classtype:trojan-activity;sid:84519634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656535)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"posttsaba.click"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656535/; classtype:trojan-activity;sid:84519635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656536)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"draft247.redirectme.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656536/; classtype:trojan-activity;sid:84519636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656537)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"holiganbet10185.lease"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656537/; classtype:trojan-activity;sid:84519637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656526)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"adoring-shannon.196-251-85-63.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656526/; classtype:trojan-activity;sid:84519626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656527)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.holiganbet10185.lease"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656527/; classtype:trojan-activity;sid:84519627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656524)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"posttsaba.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656524/; classtype:trojan-activity;sid:84519624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656525)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"posttsaba.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656525/; classtype:trojan-activity;sid:84519625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656523)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"posttsaba.click"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656523/; classtype:trojan-activity;sid:84519623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656521)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"postkzpostal.shop"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656521/; classtype:trojan-activity;sid:84519621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656522)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"happy-galileo.196-251-85-63.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656522/; classtype:trojan-activity;sid:84519622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656520)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ghanaapostgh.shop"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656520/; classtype:trojan-activity;sid:84519620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656516)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"omniwa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656516/; classtype:trojan-activity;sid:84519616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656517)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"posttsaba.click"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656517/; classtype:trojan-activity;sid:84519617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656518)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196-251-85-63.cprapid.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656518/; classtype:trojan-activity;sid:84519618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656519)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"draft247.redirectme.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656519/; classtype:trojan-activity;sid:84519619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656515)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"omniwa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656515/; classtype:trojan-activity;sid:84519615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656511)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"postkzpostal.shop"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656511/; classtype:trojan-activity;sid:84519611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656512)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"omniwa.blog"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656512/; classtype:trojan-activity;sid:84519612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656513)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"happy-galileo.196-251-85-63.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656513/; classtype:trojan-activity;sid:84519613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656514)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"posttsaba.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656514/; classtype:trojan-activity;sid:84519614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656509)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"196-251-85-63.cprapid.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656509/; classtype:trojan-activity;sid:84519609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656510)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.holiganbet10185.lease"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656510/; classtype:trojan-activity;sid:84519610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656507)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"posttsaba.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656507/; classtype:trojan-activity;sid:84519607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656508)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"posttsaba.click"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656508/; classtype:trojan-activity;sid:84519608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656502)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"posttsaba.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656502/; classtype:trojan-activity;sid:84519602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656503)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656503/; classtype:trojan-activity;sid:84519603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656504)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"adoring-shannon.196-251-85-63.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656504/; classtype:trojan-activity;sid:84519604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656505)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"posttsaba.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656505/; classtype:trojan-activity;sid:84519605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656506)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"happy-galileo.196-251-85-63.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656506/; classtype:trojan-activity;sid:84519606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656498)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"omniwa.blog"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656498/; classtype:trojan-activity;sid:84519598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656499)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"posttsaba.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656499/; classtype:trojan-activity;sid:84519599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656500)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.holiganbet10185.lease"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656500/; classtype:trojan-activity;sid:84519600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656501)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"adoring-shannon.196-251-85-63.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656501/; classtype:trojan-activity;sid:84519601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656493)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196-251-85-63.cprapid.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656493/; classtype:trojan-activity;sid:84519593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656494)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"adoring-shannon.196-251-85-63.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656494/; classtype:trojan-activity;sid:84519594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656495)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"draft247.redirectme.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656495/; classtype:trojan-activity;sid:84519595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656496)"; flow:established,from_client; content:"GET"; http_method; content:"/6bd23ykgc3.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"by.xxx-2-u.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656496/; classtype:trojan-activity;sid:84519596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656497)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"omniwa.blog"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656497/; classtype:trojan-activity;sid:84519597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656490)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"happy-galileo.196-251-85-63.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656490/; classtype:trojan-activity;sid:84519590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656491)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ghanaapostgh.shop"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656491/; classtype:trojan-activity;sid:84519591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656492)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"adoring-shannon.196-251-85-63.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656492/; classtype:trojan-activity;sid:84519592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656486)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"posttsaba.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656486/; classtype:trojan-activity;sid:84519586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656487)"; flow:established,from_client; content:"GET"; http_method; content:"/wv.check|3f|t=kk7pplfk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"me.tvti-0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656487/; classtype:trojan-activity;sid:84519587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656488)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196-251-85-63.cprapid.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656488/; classtype:trojan-activity;sid:84519588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656489)"; flow:established,from_client; content:"GET"; http_method; content:"/wv.check|3f|t=34p7a6z0"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"me.tvti-0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656489/; classtype:trojan-activity;sid:84519589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656485)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"posttsaba.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656485/; classtype:trojan-activity;sid:84519585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656484)"; flow:established,from_client; content:"GET"; http_method; content:"/fov.google|3f|t=21uehz1p"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"mi.tvti-0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656484/; classtype:trojan-activity;sid:84519584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656482)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"omniwa.blog"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656482/; classtype:trojan-activity;sid:84519582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656483)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"omniwa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656483/; classtype:trojan-activity;sid:84519583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656462)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"adoring-shannon.196-251-85-63.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656462/; classtype:trojan-activity;sid:84519562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656463)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"posttsaba.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656463/; classtype:trojan-activity;sid:84519563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656464)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"omniwa.blog"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656464/; classtype:trojan-activity;sid:84519564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656465)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.holiganbet10185.lease"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656465/; classtype:trojan-activity;sid:84519565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656466)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"draft247.redirectme.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656466/; classtype:trojan-activity;sid:84519566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656467)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"posttsaba.click"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656467/; classtype:trojan-activity;sid:84519567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656468)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"posttsaba.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656468/; classtype:trojan-activity;sid:84519568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656469)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"posttsaba.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656469/; classtype:trojan-activity;sid:84519569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656470)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"happy-galileo.196-251-85-63.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656470/; classtype:trojan-activity;sid:84519570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656471)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"adoring-shannon.196-251-85-63.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656471/; classtype:trojan-activity;sid:84519571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656472)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"omniwa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656472/; classtype:trojan-activity;sid:84519572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656473)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"m85-net.redirectme.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656473/; classtype:trojan-activity;sid:84519573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656474)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ghanaapostgh.shop"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656474/; classtype:trojan-activity;sid:84519574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656475)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"holiganbet10185.lease"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656475/; classtype:trojan-activity;sid:84519575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656476)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"m85-net.redirectme.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656476/; classtype:trojan-activity;sid:84519576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656477)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"posttsaba.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656477/; classtype:trojan-activity;sid:84519577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656478)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"ghanaapostgh.shop"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656478/; classtype:trojan-activity;sid:84519578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656479)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"omniwa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656479/; classtype:trojan-activity;sid:84519579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656480)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"happy-galileo.196-251-85-63.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656480/; classtype:trojan-activity;sid:84519580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656481)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"postkzpostal.shop"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656481/; classtype:trojan-activity;sid:84519581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656461)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"omniwa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656461/; classtype:trojan-activity;sid:84519561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656460)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"postkzpostal.shop"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656460/; classtype:trojan-activity;sid:84519560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656459)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196-251-85-63.cprapid.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656459/; classtype:trojan-activity;sid:84519559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656454)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"draft247.redirectme.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656454/; classtype:trojan-activity;sid:84519554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656455)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"omniwa.blog"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656455/; classtype:trojan-activity;sid:84519555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656456)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656456/; classtype:trojan-activity;sid:84519556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656457)"; flow:established,from_client; content:"GET"; http_method; content:"/wp5g05vgx6.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"by.xxx-2-u.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656457/; classtype:trojan-activity;sid:84519557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656458)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"posttsaba.click"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656458/; classtype:trojan-activity;sid:84519558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656451)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196-251-85-63.cprapid.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656451/; classtype:trojan-activity;sid:84519551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656452)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"omniwa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656452/; classtype:trojan-activity;sid:84519552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656453)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"postkzpostal.shop"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656453/; classtype:trojan-activity;sid:84519553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656450)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"m85-net.redirectme.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656450/; classtype:trojan-activity;sid:84519550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656447)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196-251-85-63.cprapid.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656447/; classtype:trojan-activity;sid:84519547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656448)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"m85-net.redirectme.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656448/; classtype:trojan-activity;sid:84519548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656449)"; flow:established,from_client; content:"GET"; http_method; content:"/xgyzcjxy80.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m7.n-82o.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656449/; classtype:trojan-activity;sid:84519549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656445)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"posttsaba.click"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656445/; classtype:trojan-activity;sid:84519545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656446)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.101.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656446/; classtype:trojan-activity;sid:84519546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656424)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.holiganbet10185.lease"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656424/; classtype:trojan-activity;sid:84519524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656425)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"happy-galileo.196-251-85-63.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656425/; classtype:trojan-activity;sid:84519525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656426)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"omniwa.blog"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656426/; classtype:trojan-activity;sid:84519526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656427)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"omniwa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656427/; classtype:trojan-activity;sid:84519527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656428)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"draft247.redirectme.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656428/; classtype:trojan-activity;sid:84519528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656429)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196-251-85-63.cprapid.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656429/; classtype:trojan-activity;sid:84519529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656430)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"postkzpostal.shop"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656430/; classtype:trojan-activity;sid:84519530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656431)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"m85-net.redirectme.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656431/; classtype:trojan-activity;sid:84519531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656432)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"holiganbet10185.lease"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656432/; classtype:trojan-activity;sid:84519532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656433)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"holiganbet10185.lease"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656433/; classtype:trojan-activity;sid:84519533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656434)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"posttsaba.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656434/; classtype:trojan-activity;sid:84519534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656435)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ghanaapostgh.shop"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656435/; classtype:trojan-activity;sid:84519535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656436)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"postkzpostal.shop"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656436/; classtype:trojan-activity;sid:84519536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656437)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.holiganbet10185.lease"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656437/; classtype:trojan-activity;sid:84519537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656438)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"posttsaba.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656438/; classtype:trojan-activity;sid:84519538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656439)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ghanaapostgh.shop"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656439/; classtype:trojan-activity;sid:84519539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656440)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"omniwa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656440/; classtype:trojan-activity;sid:84519540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656441)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196-251-85-63.cprapid.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656441/; classtype:trojan-activity;sid:84519541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656442)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"omniwa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656442/; classtype:trojan-activity;sid:84519542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656443)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"posttsaba.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656443/; classtype:trojan-activity;sid:84519543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656444)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"ghanaapostgh.shop"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656444/; classtype:trojan-activity;sid:84519544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656422)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"omniwa.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656422/; classtype:trojan-activity;sid:84519522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656423)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"m85-net.redirectme.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656423/; classtype:trojan-activity;sid:84519523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656420)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"happy-galileo.196-251-85-63.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656420/; classtype:trojan-activity;sid:84519520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656421)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.holiganbet10185.lease"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656421/; classtype:trojan-activity;sid:84519521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656419)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"postkzpostal.shop"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656419/; classtype:trojan-activity;sid:84519519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656418)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.holiganbet10185.lease"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656418/; classtype:trojan-activity;sid:84519518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656417)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"holiganbet10185.lease"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656417/; classtype:trojan-activity;sid:84519517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656415)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"omniwa.blog"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656415/; classtype:trojan-activity;sid:84519515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656416)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"adoring-shannon.196-251-85-63.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656416/; classtype:trojan-activity;sid:84519516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656406)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"postkzpostal.shop"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656406/; classtype:trojan-activity;sid:84519506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656407)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"postkzpostal.shop"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656407/; classtype:trojan-activity;sid:84519507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656408)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"omniwa.blog"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656408/; classtype:trojan-activity;sid:84519508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656409)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"postkzpostal.shop"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656409/; classtype:trojan-activity;sid:84519509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656410)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196-251-85-63.cprapid.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656410/; classtype:trojan-activity;sid:84519510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656411)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"posttsaba.click"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656411/; classtype:trojan-activity;sid:84519511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656412)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196-251-85-63.cprapid.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656412/; classtype:trojan-activity;sid:84519512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656413)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.holiganbet10185.lease"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656413/; classtype:trojan-activity;sid:84519513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656414)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"posttsaba.click"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656414/; classtype:trojan-activity;sid:84519514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656404)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"posttsaba.click"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656404/; classtype:trojan-activity;sid:84519504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656405)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"posttsaba.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656405/; classtype:trojan-activity;sid:84519505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656400)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.228.111.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656400/; classtype:trojan-activity;sid:84519500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656401)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"posttsaba.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656401/; classtype:trojan-activity;sid:84519501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656402)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ghanaapostgh.shop"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656402/; classtype:trojan-activity;sid:84519502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656403)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"posttsaba.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656403/; classtype:trojan-activity;sid:84519503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656398)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656398/; classtype:trojan-activity;sid:84519498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656399)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"posttsaba.click"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656399/; classtype:trojan-activity;sid:84519499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656390)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"ghanaapostgh.shop"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656390/; classtype:trojan-activity;sid:84519490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656391)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"holiganbet10185.lease"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656391/; classtype:trojan-activity;sid:84519491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656392)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"posttsaba.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656392/; classtype:trojan-activity;sid:84519492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656393)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"happy-galileo.196-251-85-63.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656393/; classtype:trojan-activity;sid:84519493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656394)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"posttsaba.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656394/; classtype:trojan-activity;sid:84519494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656395)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"adoring-shannon.196-251-85-63.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656395/; classtype:trojan-activity;sid:84519495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656396)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"happy-galileo.196-251-85-63.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656396/; classtype:trojan-activity;sid:84519496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656397)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.holiganbet10185.lease"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656397/; classtype:trojan-activity;sid:84519497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656385)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"holiganbet10185.lease"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656385/; classtype:trojan-activity;sid:84519485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656386)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"m85-net.redirectme.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656386/; classtype:trojan-activity;sid:84519486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656387)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"m85-net.redirectme.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656387/; classtype:trojan-activity;sid:84519487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656388)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"holiganbet10185.lease"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656388/; classtype:trojan-activity;sid:84519488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656389)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"m85-net.redirectme.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656389/; classtype:trojan-activity;sid:84519489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656377)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"omniwa.blog"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656377/; classtype:trojan-activity;sid:84519477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656378)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"adoring-shannon.196-251-85-63.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656378/; classtype:trojan-activity;sid:84519478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656379)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"omniwa.blog"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656379/; classtype:trojan-activity;sid:84519479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656380)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"draft247.redirectme.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656380/; classtype:trojan-activity;sid:84519480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656381)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"draft247.redirectme.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656381/; classtype:trojan-activity;sid:84519481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656382)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"posttsaba.click"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656382/; classtype:trojan-activity;sid:84519482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656383)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"m85-net.redirectme.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656383/; classtype:trojan-activity;sid:84519483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656384)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"holiganbet10185.lease"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656384/; classtype:trojan-activity;sid:84519484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656376)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"holiganbet10185.lease"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656376/; classtype:trojan-activity;sid:84519476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656375)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"omniwa.blog"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656375/; classtype:trojan-activity;sid:84519475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656374)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"draft247.redirectme.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656374/; classtype:trojan-activity;sid:84519474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656372)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"draft247.redirectme.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656372/; classtype:trojan-activity;sid:84519472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656373)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"draft247.redirectme.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656373/; classtype:trojan-activity;sid:84519473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656363)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"draft247.redirectme.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656363/; classtype:trojan-activity;sid:84519463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656364)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i686"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"draft247.redirectme.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656364/; classtype:trojan-activity;sid:84519464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656365)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.sh4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"draft247.redirectme.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656365/; classtype:trojan-activity;sid:84519465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656366)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"draft247.redirectme.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656366/; classtype:trojan-activity;sid:84519466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656367)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"draft247.redirectme.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656367/; classtype:trojan-activity;sid:84519467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656368)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"draft247.redirectme.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656368/; classtype:trojan-activity;sid:84519468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656369)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656369/; classtype:trojan-activity;sid:84519469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656370)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656370/; classtype:trojan-activity;sid:84519470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656371)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656371/; classtype:trojan-activity;sid:84519471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656361)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/debug"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"draft247.redirectme.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656361/; classtype:trojan-activity;sid:84519461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656362)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86_64"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"draft247.redirectme.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656362/; classtype:trojan-activity;sid:84519462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656360)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.89.95.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656360/; classtype:trojan-activity;sid:84519460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656359)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.203.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656359/; classtype:trojan-activity;sid:84519459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656358)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.43.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656358/; classtype:trojan-activity;sid:84519458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656357)"; flow:established,from_client; content:"GET"; http_method; content:"/whyho3entf.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"tq1.n-82o.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656357/; classtype:trojan-activity;sid:84519457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656356)"; flow:established,from_client; content:"GET"; http_method; content:"/fov.google|3f|t=ij8mp9fu"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"mi.tvti-0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656356/; classtype:trojan-activity;sid:84519456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656355)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.3.150"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656355/; classtype:trojan-activity;sid:84519455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656354)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.32.141"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656354/; classtype:trojan-activity;sid:84519454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656353)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.0.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656353/; classtype:trojan-activity;sid:84519453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656352)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.202.207.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656352/; classtype:trojan-activity;sid:84519452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656351)"; flow:established,from_client; content:"GET"; http_method; content:"/1ogo1dujjj.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"b2.n-82o.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656351/; classtype:trojan-activity;sid:84519451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656350)"; flow:established,from_client; content:"GET"; http_method; content:"/ms.google|3f|t=birbncfw"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"mm.vwjy-7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656350/; classtype:trojan-activity;sid:84519450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656347)"; flow:established,from_client; content:"GET"; http_method; content:"/tplink"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.205.213.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656347/; classtype:trojan-activity;sid:84519447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656348)"; flow:established,from_client; content:"GET"; http_method; content:"/tlr"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"109.205.213.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656348/; classtype:trojan-activity;sid:84519448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656349)"; flow:established,from_client; content:"GET"; http_method; content:"/sea"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"109.205.213.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656349/; classtype:trojan-activity;sid:84519449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656346)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.80.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656346/; classtype:trojan-activity;sid:84519446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656345)"; flow:established,from_client; content:"GET"; http_method; content:"/139assicc.dll"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"82.157.70.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656345/; classtype:trojan-activity;sid:84519445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656344)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.158.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656344/; classtype:trojan-activity;sid:84519444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656343)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.49.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656343/; classtype:trojan-activity;sid:84519443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656342)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.3.150"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656342/; classtype:trojan-activity;sid:84519442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656341)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.110.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656341/; classtype:trojan-activity;sid:84519441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656340)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.114.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656340/; classtype:trojan-activity;sid:84519440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656339)"; flow:established,from_client; content:"GET"; http_method; content:"/kmpsl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"84.201.4.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656339/; classtype:trojan-activity;sid:84519439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656338)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.32.141"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656338/; classtype:trojan-activity;sid:84519438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656335)"; flow:established,from_client; content:"GET"; http_method; content:"/garm4"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"84.201.4.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656335/; classtype:trojan-activity;sid:84519435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656336)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"84.201.4.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656336/; classtype:trojan-activity;sid:84519436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656337)"; flow:established,from_client; content:"GET"; http_method; content:"/karm4"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"84.201.4.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656337/; classtype:trojan-activity;sid:84519437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656334)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"84.201.4.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656334/; classtype:trojan-activity;sid:84519434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656327)"; flow:established,from_client; content:"GET"; http_method; content:"/kmips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"84.201.4.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656327/; classtype:trojan-activity;sid:84519427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656328)"; flow:established,from_client; content:"GET"; http_method; content:"/wt"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"84.201.4.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656328/; classtype:trojan-activity;sid:84519428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656329)"; flow:established,from_client; content:"GET"; http_method; content:"/garm5"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"84.201.4.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656329/; classtype:trojan-activity;sid:84519429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656330)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"84.201.4.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656330/; classtype:trojan-activity;sid:84519430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656331)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"84.201.4.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656331/; classtype:trojan-activity;sid:84519431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656332)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"84.201.4.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656332/; classtype:trojan-activity;sid:84519432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656333)"; flow:established,from_client; content:"GET"; http_method; content:"/sm"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"84.201.4.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656333/; classtype:trojan-activity;sid:84519433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656320)"; flow:established,from_client; content:"GET"; http_method; content:"/karm6"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"84.201.4.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656320/; classtype:trojan-activity;sid:84519420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656321)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"84.201.4.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656321/; classtype:trojan-activity;sid:84519421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656322)"; flow:established,from_client; content:"GET"; http_method; content:"/q"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.201.4.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656322/; classtype:trojan-activity;sid:84519422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656323)"; flow:established,from_client; content:"GET"; http_method; content:"/kz"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"84.201.4.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656323/; classtype:trojan-activity;sid:84519423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656324)"; flow:established,from_client; content:"GET"; http_method; content:"/kb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"84.201.4.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656324/; classtype:trojan-activity;sid:84519424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656325)"; flow:established,from_client; content:"GET"; http_method; content:"/g"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.201.4.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656325/; classtype:trojan-activity;sid:84519425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656326)"; flow:established,from_client; content:"GET"; http_method; content:"/karm7"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"84.201.4.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656326/; classtype:trojan-activity;sid:84519426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656314)"; flow:established,from_client; content:"GET"; http_method; content:"/karm5"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"84.201.4.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656314/; classtype:trojan-activity;sid:84519414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656315)"; flow:established,from_client; content:"GET"; http_method; content:"/garm6"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"84.201.4.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656315/; classtype:trojan-activity;sid:84519415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656316)"; flow:established,from_client; content:"GET"; http_method; content:"/gmips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"84.201.4.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656316/; classtype:trojan-activity;sid:84519416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656317)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"84.201.4.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656317/; classtype:trojan-activity;sid:84519417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656318)"; flow:established,from_client; content:"GET"; http_method; content:"/garm7"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"84.201.4.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656318/; classtype:trojan-activity;sid:84519418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656319)"; flow:established,from_client; content:"GET"; http_method; content:"/gmpsl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"84.201.4.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656319/; classtype:trojan-activity;sid:84519419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656313)"; flow:established,from_client; content:"GET"; http_method; content:"/updater.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"108.28.87.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656313/; classtype:trojan-activity;sid:84519413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656312)"; flow:established,from_client; content:"GET"; http_method; content:"/stager.ps1"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"108.28.87.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656312/; classtype:trojan-activity;sid:84519412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656311)"; flow:established,from_client; content:"GET"; http_method; content:"/steep_duster.bin"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"108.28.87.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656311/; classtype:trojan-activity;sid:84519411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656310)"; flow:established,from_client; content:"GET"; http_method; content:"/updater.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"108.28.87.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656310/; classtype:trojan-activity;sid:84519410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656309)"; flow:established,from_client; content:"GET"; http_method; content:"/stager.bin"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"108.28.87.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656309/; classtype:trojan-activity;sid:84519409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656308)"; flow:established,from_client; content:"GET"; http_method; content:"/7yp9yg2vn9.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"x.n-82o.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656308/; classtype:trojan-activity;sid:84519408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656307)"; flow:established,from_client; content:"GET"; http_method; content:"/e6.check|3f|t=34m1nh6l"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"mo.vwjy-7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656307/; classtype:trojan-activity;sid:84519407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656306)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.158.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656306/; classtype:trojan-activity;sid:84519406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656305)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.214.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656305/; classtype:trojan-activity;sid:84519405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656304)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.163.57.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656304/; classtype:trojan-activity;sid:84519404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656303)"; flow:established,from_client; content:"GET"; http_method; content:"/qv5sy7p6ag.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"n0.m-49e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656303/; classtype:trojan-activity;sid:84519403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656302)"; flow:established,from_client; content:"GET"; http_method; content:"/w33.google|3f|t=3tyv44ig"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"mu.vwjy-7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656302/; classtype:trojan-activity;sid:84519402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656301)"; flow:established,from_client; content:"GET"; http_method; content:"/3qokgr2g21.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"by.xxx-2-u.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656301/; classtype:trojan-activity;sid:84519401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656300)"; flow:established,from_client; content:"GET"; http_method; content:"/iv.check|3f|t=5i3zccsc"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"my.vwjy-7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656300/; classtype:trojan-activity;sid:84519400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656299)"; flow:established,from_client; content:"GET"; http_method; content:"/30cg0kcx5g.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"by.xxx-2-u.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656299/; classtype:trojan-activity;sid:84519399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656298)"; flow:established,from_client; content:"GET"; http_method; content:"/imd.check|3f|t=8jmgynni"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"na.vwjy-7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656298/; classtype:trojan-activity;sid:84519398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656296)"; flow:established,from_client; content:"GET"; http_method; content:"/imd.check|3f|t=omiqx7sk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"na.vwjy-7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656296/; classtype:trojan-activity;sid:84519396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656297)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.163.57.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656297/; classtype:trojan-activity;sid:84519397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656295)"; flow:established,from_client; content:"GET"; http_method; content:"/389t3he082.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"e1.m-49e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656295/; classtype:trojan-activity;sid:84519395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656294)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.179.4.96"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656294/; classtype:trojan-activity;sid:84519394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656293)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.25.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656293/; classtype:trojan-activity;sid:84519393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656292)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.1.147.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656292/; classtype:trojan-activity;sid:84519392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656291)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.69.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656291/; classtype:trojan-activity;sid:84519391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656290)"; flow:established,from_client; content:"GET"; http_method; content:"/joony.txt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"darkside.cy"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656290/; classtype:trojan-activity;sid:84519390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656289)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.114.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656289/; classtype:trojan-activity;sid:84519389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656288)"; flow:established,from_client; content:"GET"; http_method; content:"/q3igjx7wkl.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qk2.m-49e.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656288/; classtype:trojan-activity;sid:84519388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656287)"; flow:established,from_client; content:"GET"; http_method; content:"/8u.google|3f|t=vso2k3vz"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ve.pvzi-1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656287/; classtype:trojan-activity;sid:84519387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656286)"; flow:established,from_client; content:"GET"; http_method; content:"/g90i7bjifw.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"by.xxx-2-u.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656286/; classtype:trojan-activity;sid:84519386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656285)"; flow:established,from_client; content:"GET"; http_method; content:"/8u.google|3f|t=ltiozy9p"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ve.pvzi-1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656285/; classtype:trojan-activity;sid:84519385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656284)"; flow:established,from_client; content:"GET"; http_method; content:"/kxh7kdjlhp.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"by.xxx-2-u.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656284/; classtype:trojan-activity;sid:84519384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656283)"; flow:established,from_client; content:"GET"; http_method; content:"/s56.google|3f|t=9xvqh9mk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"va.pvzi-1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656283/; classtype:trojan-activity;sid:84519383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656282)"; flow:established,from_client; content:"GET"; http_method; content:"/s56.google|3f|t=ju482woi"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"va.pvzi-1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656282/; classtype:trojan-activity;sid:84519382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656281)"; flow:established,from_client; content:"GET"; http_method; content:"/oorg3ewees.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qk2.m-49e.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656281/; classtype:trojan-activity;sid:84519381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656280)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.69.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656280/; classtype:trojan-activity;sid:84519380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656279)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.174.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656279/; classtype:trojan-activity;sid:84519379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656278)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.4.96"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656278/; classtype:trojan-activity;sid:84519378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656277)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.173.151.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656277/; classtype:trojan-activity;sid:84519377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656276)"; flow:established,from_client; content:"GET"; http_method; content:"/hhlka1qes6.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"u5.m-49e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656276/; classtype:trojan-activity;sid:84519376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656275)"; flow:established,from_client; content:"GET"; http_method; content:"/cq.google|3f|t=rw0igsvl"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ty.pvzi-1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656275/; classtype:trojan-activity;sid:84519375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656274)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.227.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656274/; classtype:trojan-activity;sid:84519374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656273)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.174.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656273/; classtype:trojan-activity;sid:84519373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656272)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.151.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656272/; classtype:trojan-activity;sid:84519372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656270)"; flow:established,from_client; content:"GET"; http_method; content:"/ba71k4tmig.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"by.xxx-2-u.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656270/; classtype:trojan-activity;sid:84519370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656271)"; flow:established,from_client; content:"GET"; http_method; content:"/4u.google|3f|t=616cpv72"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"tu.pvzi-1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656271/; classtype:trojan-activity;sid:84519371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656269)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.164.56.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656269/; classtype:trojan-activity;sid:84519369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656268)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.110.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656268/; classtype:trojan-activity;sid:84519368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656266)"; flow:established,from_client; content:"GET"; http_method; content:"/s7ubtcwm0u.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r.m-49e.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656266/; classtype:trojan-activity;sid:84519366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656267)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.158.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656267/; classtype:trojan-activity;sid:84519367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656265)"; flow:established,from_client; content:"GET"; http_method; content:"/4u.google|3f|t=7o0ol3am"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"tu.pvzi-1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656265/; classtype:trojan-activity;sid:84519365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656264)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"106.41.140.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656264/; classtype:trojan-activity;sid:84519364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656263)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.38.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656263/; classtype:trojan-activity;sid:84519363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656262)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.123.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656262/; classtype:trojan-activity;sid:84519362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656261)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.249.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656261/; classtype:trojan-activity;sid:84519361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656258)"; flow:established,from_client; content:"GET"; http_method; content:"/procesos.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.65.132.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656258/; classtype:trojan-activity;sid:84519358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656259)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7809302844/2c5qxr6.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656259/; classtype:trojan-activity;sid:84519359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656260)"; flow:established,from_client; content:"GET"; http_method; content:"/main-auto/lttf/rkrfy.rar"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"5.252.153.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656260/; classtype:trojan-activity;sid:84519360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656257)"; flow:established,from_client; content:"GET"; http_method; content:"/2.ps1"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"mde.tours"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656257/; classtype:trojan-activity;sid:84519357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656253)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7665719804/ayyjq9j.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656253/; classtype:trojan-activity;sid:84519353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656254)"; flow:established,from_client; content:"GET"; http_method; content:"/main-auto/onat/wzin.rar"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"5.252.153.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656254/; classtype:trojan-activity;sid:84519354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656255)"; flow:established,from_client; content:"GET"; http_method; content:"/unrar.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.252.153.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656255/; classtype:trojan-activity;sid:84519355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656256)"; flow:established,from_client; content:"GET"; http_method; content:"/procesos.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.65.132.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656256/; classtype:trojan-activity;sid:84519356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656252)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.150.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656252/; classtype:trojan-activity;sid:84519352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656251)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.41.140.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656251/; classtype:trojan-activity;sid:84519351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656250)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.202.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656250/; classtype:trojan-activity;sid:84519350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656249)"; flow:established,from_client; content:"GET"; http_method; content:"/to6hrbmlrp.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"bo.xxx-2-u.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656249/; classtype:trojan-activity;sid:84519349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656248)"; flow:established,from_client; content:"GET"; http_method; content:"/0i.google|3f|t=ratqpqom"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"te.pvzi-1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656248/; classtype:trojan-activity;sid:84519348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656247)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.216.40.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656247/; classtype:trojan-activity;sid:84519347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656246)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.180.12.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656246/; classtype:trojan-activity;sid:84519346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656245)"; flow:established,from_client; content:"GET"; http_method; content:"/0i.google|3f|t=74938xr8"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"te.pvzi-1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656245/; classtype:trojan-activity;sid:84519345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656244)"; flow:established,from_client; content:"GET"; http_method; content:"/rmbkvvyrc2.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r3.l-75y.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656244/; classtype:trojan-activity;sid:84519344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656243)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.249.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656243/; classtype:trojan-activity;sid:84519343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656242)"; flow:established,from_client; content:"GET"; http_method; content:"/k7uw6v9uyr.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r3.l-75y.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656242/; classtype:trojan-activity;sid:84519342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656241)"; flow:established,from_client; content:"GET"; http_method; content:"/dd.google|3f|t=48h2y1ob"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"sy.phpa-3.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656241/; classtype:trojan-activity;sid:84519341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656240)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.45.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656240/; classtype:trojan-activity;sid:84519340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656239)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.6.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656239/; classtype:trojan-activity;sid:84519339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656238)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.43.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656238/; classtype:trojan-activity;sid:84519338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656237)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.216.40.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656237/; classtype:trojan-activity;sid:84519337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656236)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.83.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656236/; classtype:trojan-activity;sid:84519336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656235)"; flow:established,from_client; content:"GET"; http_method; content:"/a5zxm6ii63.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"bi.xxx-2-u.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656235/; classtype:trojan-activity;sid:84519335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656234)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.6.48.109"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656234/; classtype:trojan-activity;sid:84519334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656233)"; flow:established,from_client; content:"GET"; http_method; content:"/dd.google|3f|t=ncf0gus9"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"sy.phpa-3.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656233/; classtype:trojan-activity;sid:84519333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656232)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.191.51.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656232/; classtype:trojan-activity;sid:84519332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656231)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.180.12.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656231/; classtype:trojan-activity;sid:84519331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656230)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.89.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656230/; classtype:trojan-activity;sid:84519330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656228)"; flow:established,from_client; content:"GET"; http_method; content:"/vthdaoju3n.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"be.xxx-2-u.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656228/; classtype:trojan-activity;sid:84519328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656229)"; flow:established,from_client; content:"GET"; http_method; content:"/d3d.google|3f|t=7t8fhyzt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"su.phpa-3.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656229/; classtype:trojan-activity;sid:84519329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656227)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.130.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656227/; classtype:trojan-activity;sid:84519327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656225)"; flow:established,from_client; content:"GET"; http_method; content:"/d3d.google|3f|t=d9efsvpv"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"su.phpa-3.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656225/; classtype:trojan-activity;sid:84519325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656226)"; flow:established,from_client; content:"GET"; http_method; content:"/rluk0eh1bj.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k7.l-75y.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656226/; classtype:trojan-activity;sid:84519326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656224)"; flow:established,from_client; content:"GET"; http_method; content:"/99vuq3q20t.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k7.l-75y.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656224/; classtype:trojan-activity;sid:84519324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656223)"; flow:established,from_client; content:"GET"; http_method; content:"/jnj.google|3f|t=0bwzub3a"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"se.phpa-3.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656223/; classtype:trojan-activity;sid:84519323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656222)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.79.151.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656222/; classtype:trojan-activity;sid:84519322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656221)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.89.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656221/; classtype:trojan-activity;sid:84519321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656220)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.191.51.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656220/; classtype:trojan-activity;sid:84519320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656218)"; flow:established,from_client; content:"GET"; http_method; content:"/l1.google|3f|t=7o9u6jka"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"sa.phpa-3.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656218/; classtype:trojan-activity;sid:84519318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656219)"; flow:established,from_client; content:"GET"; http_method; content:"/mwqxa6ofh0.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"aa9.l-75y.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656219/; classtype:trojan-activity;sid:84519319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656217)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.32.50.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656217/; classtype:trojan-activity;sid:84519317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656215)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7541447895/goqzbjn.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656215/; classtype:trojan-activity;sid:84519315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656216)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7541447895/mfpjytv.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656216/; classtype:trojan-activity;sid:84519316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656214)"; flow:established,from_client; content:"GET"; http_method; content:"/j9jghjiehs.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2.l-75y.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656214/; classtype:trojan-activity;sid:84519314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656213)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.218.240.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656213/; classtype:trojan-activity;sid:84519313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656212)"; flow:established,from_client; content:"GET"; http_method; content:"/654.google|3f|t=20rocyc4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ry.phpa-3.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656212/; classtype:trojan-activity;sid:84519312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656211)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.130.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656211/; classtype:trojan-activity;sid:84519311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656210)"; flow:established,from_client; content:"GET"; http_method; content:"/urzjludovh.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2.l-75y.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656210/; classtype:trojan-activity;sid:84519310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656209)"; flow:established,from_client; content:"GET"; http_method; content:"/9o.check|3f|t=3gob15w2"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ru.nzki-7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656209/; classtype:trojan-activity;sid:84519309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656207)"; flow:established,from_client; content:"GET"; http_method; content:"/87rh1c6/fotfoypsyo/dreambot.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"api.chimera-hosting.zip"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656207/; classtype:trojan-activity;sid:84519307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656208)"; flow:established,from_client; content:"GET"; http_method; content:"/af5f.wav"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"portraitcardgames.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656208/; classtype:trojan-activity;sid:84519308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656206)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.94.127.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656206/; classtype:trojan-activity;sid:84519306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656197)"; flow:established,from_client; content:"GET"; http_method; content:"/toto"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656197/; classtype:trojan-activity;sid:84519297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656198)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6589084083/2h4pgqu.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656198/; classtype:trojan-activity;sid:84519298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656199)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656199/; classtype:trojan-activity;sid:84519299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656200)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.190.212.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656200/; classtype:trojan-activity;sid:84519300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656201)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud.zip"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"jsj.adrise.world"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656201/; classtype:trojan-activity;sid:84519301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656202)"; flow:established,from_client; content:"GET"; http_method; content:"/8usa.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656202/; classtype:trojan-activity;sid:84519302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656203)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.196.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656203/; classtype:trojan-activity;sid:84519303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656204)"; flow:established,from_client; content:"GET"; http_method; content:"/87rh1c6/lefwsoxjmet/anydesk_pro.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"api.chimera-hosting.zip"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656204/; classtype:trojan-activity;sid:84519304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656205)"; flow:established,from_client; content:"GET"; http_method; content:"/sx.txt"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"jsj.adrise.world"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656205/; classtype:trojan-activity;sid:84519305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656194)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7541447895/ek8pb5q.bat"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656194/; classtype:trojan-activity;sid:84519294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656195)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7541447895/rfe4yzv.bat"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656195/; classtype:trojan-activity;sid:84519295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656196)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"91.92.240.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656196/; classtype:trojan-activity;sid:84519296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656191)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7541447895/rfe4yzv.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656191/; classtype:trojan-activity;sid:84519291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656192)"; flow:established,from_client; content:"GET"; http_method; content:"/files/2122787556/12lbtcj.bat"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656192/; classtype:trojan-activity;sid:84519292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656193)"; flow:established,from_client; content:"GET"; http_method; content:"/luma/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"91.92.240.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656193/; classtype:trojan-activity;sid:84519293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656190)"; flow:established,from_client; content:"GET"; http_method; content:"/wget2.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656190/; classtype:trojan-activity;sid:84519290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656185)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1975996902/8woe05j.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656185/; classtype:trojan-activity;sid:84519285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656186)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7755144173/ckxcwvo.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656186/; classtype:trojan-activity;sid:84519286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656187)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6383121604/f3u9xch.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656187/; classtype:trojan-activity;sid:84519287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656188)"; flow:established,from_client; content:"GET"; http_method; content:"/87rh1c6/uvmehjdgxgfpc/deluxe_crypted%205.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"api.chimera-hosting.zip"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656188/; classtype:trojan-activity;sid:84519288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656189)"; flow:established,from_client; content:"GET"; http_method; content:"/88svxs3/vdbpjkiiexszb/deluxe_crypted%206.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"api.chimera-hosting.zip"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656189/; classtype:trojan-activity;sid:84519289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656182)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1397167287/kshttl9.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656182/; classtype:trojan-activity;sid:84519282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656183)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8420046067/lnmp6zp.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656183/; classtype:trojan-activity;sid:84519283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656184)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5968840904/5do4mcx.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656184/; classtype:trojan-activity;sid:84519284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656181)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.2.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656181/; classtype:trojan-activity;sid:84519281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656180)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.6.48.109"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656180/; classtype:trojan-activity;sid:84519280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656172)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"157.20.32.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656172/; classtype:trojan-activity;sid:84519272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656173)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"157.20.32.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656173/; classtype:trojan-activity;sid:84519273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656174)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"157.20.32.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656174/; classtype:trojan-activity;sid:84519274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656175)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"157.20.32.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656175/; classtype:trojan-activity;sid:84519275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656176)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"157.20.32.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656176/; classtype:trojan-activity;sid:84519276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656177)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"157.20.32.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656177/; classtype:trojan-activity;sid:84519277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656178)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"157.20.32.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656178/; classtype:trojan-activity;sid:84519278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656179)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"157.20.32.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656179/; classtype:trojan-activity;sid:84519279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656161)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"91.235.116.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656161/; classtype:trojan-activity;sid:84519261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656162)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.sparc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"91.235.116.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656162/; classtype:trojan-activity;sid:84519262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656163)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mips64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"91.235.116.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656163/; classtype:trojan-activity;sid:84519263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656164)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"91.235.116.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656164/; classtype:trojan-activity;sid:84519264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656165)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"157.20.32.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656165/; classtype:trojan-activity;sid:84519265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656166)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"157.20.32.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656166/; classtype:trojan-activity;sid:84519266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656167)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i468"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"157.20.32.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656167/; classtype:trojan-activity;sid:84519267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656168)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"157.20.32.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656168/; classtype:trojan-activity;sid:84519268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656169)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"157.20.32.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656169/; classtype:trojan-activity;sid:84519269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656170)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"157.20.32.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656170/; classtype:trojan-activity;sid:84519270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656171)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"157.20.32.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656171/; classtype:trojan-activity;sid:84519271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656160)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91.235.116.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656160/; classtype:trojan-activity;sid:84519260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656159)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.79.151.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656159/; classtype:trojan-activity;sid:84519259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656158)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.83.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656158/; classtype:trojan-activity;sid:84519258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656157)"; flow:established,from_client; content:"GET"; http_method; content:"/lliquw8bqq.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"g.l-75y.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656157/; classtype:trojan-activity;sid:84519257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656156)"; flow:established,from_client; content:"GET"; http_method; content:"/2jx.google|3f|t=5niblofw"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ro.nzki-7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656156/; classtype:trojan-activity;sid:84519256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656155)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.95.121.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656155/; classtype:trojan-activity;sid:84519255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656154)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.118.32.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656154/; classtype:trojan-activity;sid:84519254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656147)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.137.151.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656147/; classtype:trojan-activity;sid:84519247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656148)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.8.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656148/; classtype:trojan-activity;sid:84519248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656149)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.134.162.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656149/; classtype:trojan-activity;sid:84519249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656150)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.8.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656150/; classtype:trojan-activity;sid:84519250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656151)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.114.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656151/; classtype:trojan-activity;sid:84519251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656152)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.202.211.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656152/; classtype:trojan-activity;sid:84519252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656153)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.114.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656153/; classtype:trojan-activity;sid:84519253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656146)"; flow:established,from_client; content:"GET"; http_method; content:"/ftlqau2x16.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ba.cns-3-u.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656146/; classtype:trojan-activity;sid:84519246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656145)"; flow:established,from_client; content:"GET"; http_method; content:"/2jx.google|3f|t=nvotjvxu"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ro.nzki-7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656145/; classtype:trojan-activity;sid:84519245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656144)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.246.41.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656144/; classtype:trojan-activity;sid:84519244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656143)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.231.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656143/; classtype:trojan-activity;sid:84519243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656140)"; flow:established,from_client; content:"GET"; http_method; content:"/christian%20cg17042021%20xpanel.c3prj/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"82.67.13.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656140/; classtype:trojan-activity;sid:84519240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656141)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.14.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656141/; classtype:trojan-activity;sid:84519241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656142)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.173.70.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656142/; classtype:trojan-activity;sid:84519242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656139)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.86.234.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656139/; classtype:trojan-activity;sid:84519239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656138)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.82.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656138/; classtype:trojan-activity;sid:84519238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656137)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.182.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656137/; classtype:trojan-activity;sid:84519237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656136)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.2.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656136/; classtype:trojan-activity;sid:84519236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656135)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.86.234.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656135/; classtype:trojan-activity;sid:84519235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656134)"; flow:established,from_client; content:"GET"; http_method; content:"/tqtwmvm04m.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m2.p-62i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656134/; classtype:trojan-activity;sid:84519234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656133)"; flow:established,from_client; content:"GET"; http_method; content:"/p3.check|3f|t=1rdjw718"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ri.nzki-7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656133/; classtype:trojan-activity;sid:84519233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.108.59.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656132/; classtype:trojan-activity;sid:84519232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656130)"; flow:established,from_client; content:"GET"; http_method; content:"/mex.google|3f|t=iwr6mhjh"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ra.nzki-7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656130/; classtype:trojan-activity;sid:84519230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656131)"; flow:established,from_client; content:"GET"; http_method; content:"/heucw7pvc1.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"aa9.p-62i.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656131/; classtype:trojan-activity;sid:84519231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656129)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.125.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656129/; classtype:trojan-activity;sid:84519229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656128)"; flow:established,from_client; content:"GET"; http_method; content:"/fae74c4r7z.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ay.cns-3-u.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656128/; classtype:trojan-activity;sid:84519228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656127)"; flow:established,from_client; content:"GET"; http_method; content:"/3ie.check|3f|t=r9r2trzx"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"qy.nzki-7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656127/; classtype:trojan-activity;sid:84519227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656126)"; flow:established,from_client; content:"GET"; http_method; content:"/kauvpe6t6b.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"aa9.p-62i.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656126/; classtype:trojan-activity;sid:84519226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656125)"; flow:established,from_client; content:"GET"; http_method; content:"/iyn.google|3f|t=1v4bmud9"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"qu.mzvo-7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656125/; classtype:trojan-activity;sid:84519225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656124)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.191.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656124/; classtype:trojan-activity;sid:84519224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656123)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.82.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656123/; classtype:trojan-activity;sid:84519223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656122)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.108.59.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656122/; classtype:trojan-activity;sid:84519222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656120)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.119.237.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656120/; classtype:trojan-activity;sid:84519220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656121)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.119.237.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656121/; classtype:trojan-activity;sid:84519221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656119)"; flow:established,from_client; content:"GET"; http_method; content:"/62m4xh0ofq.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"xq0.p-62i.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656119/; classtype:trojan-activity;sid:84519219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656118)"; flow:established,from_client; content:"GET"; http_method; content:"/et.google|3f|t=753uc4t9"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"qo.mzvo-7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656118/; classtype:trojan-activity;sid:84519218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656117)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.45.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656117/; classtype:trojan-activity;sid:84519217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656116)"; flow:established,from_client; content:"GET"; http_method; content:"/0m7iw9efg2.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ax.cns-3-u.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656116/; classtype:trojan-activity;sid:84519216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656115)"; flow:established,from_client; content:"GET"; http_method; content:"/et.google|3f|t=xed3bv4g"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"qo.mzvo-7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656115/; classtype:trojan-activity;sid:84519215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656114)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.113.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656114/; classtype:trojan-activity;sid:84519214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656113)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.87.140.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656113/; classtype:trojan-activity;sid:84519213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656112)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.221.15.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656112/; classtype:trojan-activity;sid:84519212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656111)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.6.132"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656111/; classtype:trojan-activity;sid:84519211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656110)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.23.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656110/; classtype:trojan-activity;sid:84519210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656109)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.17.79.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656109/; classtype:trojan-activity;sid:84519209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656108)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.145.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656108/; classtype:trojan-activity;sid:84519208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656107)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.237.249.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656107/; classtype:trojan-activity;sid:84519207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656106)"; flow:established,from_client; content:"GET"; http_method; content:"/6u6.google|3f|t=mpt1akww"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"qe.mzvo-7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656106/; classtype:trojan-activity;sid:84519206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656105)"; flow:established,from_client; content:"GET"; http_method; content:"/bn0jr5xxp8.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c5.p-62i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656105/; classtype:trojan-activity;sid:84519205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656103)"; flow:established,from_client; content:"GET"; http_method; content:"/6u6.google|3f|t=1h2cb9gc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"qe.mzvo-7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656103/; classtype:trojan-activity;sid:84519203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656104)"; flow:established,from_client; content:"GET"; http_method; content:"/gxwp4rahea.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"aw.cns-3-u.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656104/; classtype:trojan-activity;sid:84519204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656102)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.113.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656102/; classtype:trojan-activity;sid:84519202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656100)"; flow:established,from_client; content:"GET"; http_method; content:"/lb.google|3f|t=omn3jctm"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"qa.mzvo-7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656100/; classtype:trojan-activity;sid:84519200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656101)"; flow:established,from_client; content:"GET"; http_method; content:"/1inp869gbn.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"l.p-62i.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656101/; classtype:trojan-activity;sid:84519201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656099)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.80.0.41"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656099/; classtype:trojan-activity;sid:84519199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656098)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.87.140.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656098/; classtype:trojan-activity;sid:84519198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656097)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.23.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656097/; classtype:trojan-activity;sid:84519197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656096)"; flow:established,from_client; content:"GET"; http_method; content:"/4p.google|3f|t=iij1wxyr"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"py.mzvo-7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656096/; classtype:trojan-activity;sid:84519196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656095)"; flow:established,from_client; content:"GET"; http_method; content:"/tihjkmc1eq.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"aa.m-89a.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656095/; classtype:trojan-activity;sid:84519195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656094)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.221.15.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656094/; classtype:trojan-activity;sid:84519194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656093)"; flow:established,from_client; content:"GET"; http_method; content:"/4p.google|3f|t=xrihbb96"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"py.mzvo-7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656093/; classtype:trojan-activity;sid:84519193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656092)"; flow:established,from_client; content:"GET"; http_method; content:"/50bhl69kg3.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"at.cns-3-u.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656092/; classtype:trojan-activity;sid:84519192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656091)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.135.255.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656091/; classtype:trojan-activity;sid:84519191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656090)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.250.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656090/; classtype:trojan-activity;sid:84519190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656089)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.94.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656089/; classtype:trojan-activity;sid:84519189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656088)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.237.249.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656088/; classtype:trojan-activity;sid:84519188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656087)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.89.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656087/; classtype:trojan-activity;sid:84519187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656086)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.78.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656086/; classtype:trojan-activity;sid:84519186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656085)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.135.255.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656085/; classtype:trojan-activity;sid:84519185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.250.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656084/; classtype:trojan-activity;sid:84519184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656083)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.252.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656083/; classtype:trojan-activity;sid:84519183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656082)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.94.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656082/; classtype:trojan-activity;sid:84519182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656081)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.64.20"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656081/; classtype:trojan-activity;sid:84519181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656080)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.7.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656080/; classtype:trojan-activity;sid:84519180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656079)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.250.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656079/; classtype:trojan-activity;sid:84519179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656078)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656078/; classtype:trojan-activity;sid:84519178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656077)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.135.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656077/; classtype:trojan-activity;sid:84519177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656076)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.1.147.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656076/; classtype:trojan-activity;sid:84519176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656075)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.69.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656075/; classtype:trojan-activity;sid:84519175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656074)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.64.20"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656074/; classtype:trojan-activity;sid:84519174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656073)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.86.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656073/; classtype:trojan-activity;sid:84519173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656072)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.150.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656072/; classtype:trojan-activity;sid:84519172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656071)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.252.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656071/; classtype:trojan-activity;sid:84519171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656070)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.7.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656070/; classtype:trojan-activity;sid:84519170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656069)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.148.107.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656069/; classtype:trojan-activity;sid:84519169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656068)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.38.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656068/; classtype:trojan-activity;sid:84519168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656066)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.8.224.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656066/; classtype:trojan-activity;sid:84519166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656067)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.10.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656067/; classtype:trojan-activity;sid:84519167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656065)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.81.173.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656065/; classtype:trojan-activity;sid:84519165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656063)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.212.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656063/; classtype:trojan-activity;sid:84519163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656064)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.77.100.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656064/; classtype:trojan-activity;sid:84519164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656062)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.10.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656062/; classtype:trojan-activity;sid:84519162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656061)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656061/; classtype:trojan-activity;sid:84519161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656060)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-07-26/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656060/; classtype:trojan-activity;sid:84519160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656059)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656059/; classtype:trojan-activity;sid:84519159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656058)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"181.36.153.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656058/; classtype:trojan-activity;sid:84519158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656056)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656056/; classtype:trojan-activity;sid:84519156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656057)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.235.143.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656057/; classtype:trojan-activity;sid:84519157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656055)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.89.215.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656055/; classtype:trojan-activity;sid:84519155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656054)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-05-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656054/; classtype:trojan-activity;sid:84519154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656051)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656051/; classtype:trojan-activity;sid:84519151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656052)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.89.215.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656052/; classtype:trojan-activity;sid:84519152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656053)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.72.203.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656053/; classtype:trojan-activity;sid:84519153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656049)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656049/; classtype:trojan-activity;sid:84519149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656050)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.155.36.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656050/; classtype:trojan-activity;sid:84519150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656048)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.38.185.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656048/; classtype:trojan-activity;sid:84519148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656044)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-072/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656044/; classtype:trojan-activity;sid:84519144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656045)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/com/res/2052/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656045/; classtype:trojan-activity;sid:84519145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656046)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230518-057/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656046/; classtype:trojan-activity;sid:84519146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656047)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.247.242.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656047/; classtype:trojan-activity;sid:84519147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656041)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211116-023/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656041/; classtype:trojan-activity;sid:84519141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656042)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.32.254.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656042/; classtype:trojan-activity;sid:84519142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656043)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1041/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656043/; classtype:trojan-activity;sid:84519143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656035)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetfx35/x86/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656035/; classtype:trojan-activity;sid:84519135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656036)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/zh-chs/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656036/; classtype:trojan-activity;sid:84519136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656037)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656037/; classtype:trojan-activity;sid:84519137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656038)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.179.136.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656038/; classtype:trojan-activity;sid:84519138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656039)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-053/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656039/; classtype:trojan-activity;sid:84519139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656040)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-076/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656040/; classtype:trojan-activity;sid:84519140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656030)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656030/; classtype:trojan-activity;sid:84519130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656031)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.84.50.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656031/; classtype:trojan-activity;sid:84519131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656032)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/windows/gac/zh-chs/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656032/; classtype:trojan-activity;sid:84519132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656033)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250308-120/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656033/; classtype:trojan-activity;sid:84519133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656034)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.195.224.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656034/; classtype:trojan-activity;sid:84519134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656027)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/sqlservr/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656027/; classtype:trojan-activity;sid:84519127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656028)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/tasks/zh-chs/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656028/; classtype:trojan-activity;sid:84519128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656029)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"108.6.137.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656029/; classtype:trojan-activity;sid:84519129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656025)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210607-069/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656025/; classtype:trojan-activity;sid:84519125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656026)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-023/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656026/; classtype:trojan-activity;sid:84519126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656024)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"161.97.147.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656024/; classtype:trojan-activity;sid:84519124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656021)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656021/; classtype:trojan-activity;sid:84519121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656022)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/powershell/x86/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656022/; classtype:trojan-activity;sid:84519122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656023)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210720-066/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656023/; classtype:trojan-activity;sid:84519123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656020)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"98.15.210.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656020/; classtype:trojan-activity;sid:84519120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656019)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"157.10.63.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656019/; classtype:trojan-activity;sid:84519119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656016)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.198.243.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656016/; classtype:trojan-activity;sid:84519116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656017)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"83.87.76.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656017/; classtype:trojan-activity;sid:84519117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656018)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165656/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656018/; classtype:trojan-activity;sid:84519118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656011)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/dotnetfx35/x64/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656011/; classtype:trojan-activity;sid:84519111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656012)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/connect/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656012/; classtype:trojan-activity;sid:84519112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656013)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211215-049/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656013/; classtype:trojan-activity;sid:84519113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656014)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231101-141/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656014/; classtype:trojan-activity;sid:84519114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656015)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168509/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656015/; classtype:trojan-activity;sid:84519115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656003)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.28.218.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656003/; classtype:trojan-activity;sid:84519103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656004)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211005-031/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656004/; classtype:trojan-activity;sid:84519104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656005)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/windows/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656005/; classtype:trojan-activity;sid:84519105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656006)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/windows/gac/info.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656006/; classtype:trojan-activity;sid:84519106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656007)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.172.14.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656007/; classtype:trojan-activity;sid:84519107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656008)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171466/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656008/; classtype:trojan-activity;sid:84519108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656009)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/sdk/assembly/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656009/; classtype:trojan-activity;sid:84519109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656010)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-07-12/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656010/; classtype:trojan-activity;sid:84519110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655993)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/1033/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655993/; classtype:trojan-activity;sid:84519093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655994)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210817-031/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655994/; classtype:trojan-activity;sid:84519094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655995)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221110-062/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655995/; classtype:trojan-activity;sid:84519095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655996)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/res/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655996/; classtype:trojan-activity;sid:84519096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655997)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.83.121.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655997/; classtype:trojan-activity;sid:84519097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655998)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655998/; classtype:trojan-activity;sid:84519098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655999)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.80.243.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655999/; classtype:trojan-activity;sid:84519099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656000)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-12-06/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656000/; classtype:trojan-activity;sid:84519100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656001)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/src/js/info.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656001/; classtype:trojan-activity;sid:84519101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656002)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/msvs9/common7/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656002/; classtype:trojan-activity;sid:84519102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655990)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210810-022/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655990/; classtype:trojan-activity;sid:84519090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655991)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655991/; classtype:trojan-activity;sid:84519091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655992)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"98.213.164.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655992/; classtype:trojan-activity;sid:84519092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655986)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220210-142/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655986/; classtype:trojan-activity;sid:84519086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655987)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210909-018/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655987/; classtype:trojan-activity;sid:84519087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655988)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/images/zhijia-kancha/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655988/; classtype:trojan-activity;sid:84519088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655989)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/ia64/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655989/; classtype:trojan-activity;sid:84519089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655982)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.190.46.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655982/; classtype:trojan-activity;sid:84519082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655983)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250429-119/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655983/; classtype:trojan-activity;sid:84519083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655984)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211230-002/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655984/; classtype:trojan-activity;sid:84519084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655985)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"73.32.57.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655985/; classtype:trojan-activity;sid:84519085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655980)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210804-082/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655980/; classtype:trojan-activity;sid:84519080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655981)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"67.10.149.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655981/; classtype:trojan-activity;sid:84519081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655979)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.85.36.173"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655979/; classtype:trojan-activity;sid:84519079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655977)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655977/; classtype:trojan-activity;sid:84519077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655978)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-05-11/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655978/; classtype:trojan-activity;sid:84519078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655975)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-12-08/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655975/; classtype:trojan-activity;sid:84519075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655976)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.83.186.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655976/; classtype:trojan-activity;sid:84519076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655974)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166665/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655974/; classtype:trojan-activity;sid:84519074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655972)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-05-14/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655972/; classtype:trojan-activity;sid:84519072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655973)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.43.45.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655973/; classtype:trojan-activity;sid:84519073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655968)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000640/2024-05-26/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655968/; classtype:trojan-activity;sid:84519068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655969)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.72.159.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655969/; classtype:trojan-activity;sid:84519069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655970)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.202.15.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655970/; classtype:trojan-activity;sid:84519070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655971)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.8.233.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655971/; classtype:trojan-activity;sid:84519071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655964)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.195.224.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655964/; classtype:trojan-activity;sid:84519064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655965)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"14.224.205.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655965/; classtype:trojan-activity;sid:84519065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655966)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"152.230.116.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655966/; classtype:trojan-activity;sid:84519066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655967)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.80.191.205"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655967/; classtype:trojan-activity;sid:84519067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655954)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211110-006/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655954/; classtype:trojan-activity;sid:84519054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655955)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220804-012/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655955/; classtype:trojan-activity;sid:84519055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655956)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/plcomps/res/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655956/; classtype:trojan-activity;sid:84519056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655957)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"99.232.252.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655957/; classtype:trojan-activity;sid:84519057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655958)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.39.111.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655958/; classtype:trojan-activity;sid:84519058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655959)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165010/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655959/; classtype:trojan-activity;sid:84519059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655960)"; flow:established,from_client; content:"GET"; http_method; content:"/kc5q5eovyc.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"h1.m-89a.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655960/; classtype:trojan-activity;sid:84519060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655961)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"72.219.74.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655961/; classtype:trojan-activity;sid:84519061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655962)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.209.146.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655962/; classtype:trojan-activity;sid:84519062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655963)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"68.108.119.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655963/; classtype:trojan-activity;sid:84519063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655941)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/tasks/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655941/; classtype:trojan-activity;sid:84519041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655942)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/sdk/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655942/; classtype:trojan-activity;sid:84519042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655943)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/binn/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655943/; classtype:trojan-activity;sid:84519043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655944)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/sqlservr/100/keyfile/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655944/; classtype:trojan-activity;sid:84519044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655945)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqlparam/info.zip"; http_uri; depth:168; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655945/; classtype:trojan-activity;sid:84519045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655946)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/sqlservr/100/com/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655946/; classtype:trojan-activity;sid:84519046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655947)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211008-008/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655947/; classtype:trojan-activity;sid:84519047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655948)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220916-031/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655948/; classtype:trojan-activity;sid:84519048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655949)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-075/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655949/; classtype:trojan-activity;sid:84519049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655950)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/2052/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655950/; classtype:trojan-activity;sid:84519050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655951)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210918-075/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655951/; classtype:trojan-activity;sid:84519051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655952)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/sdk/assembly/zh-chs/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655952/; classtype:trojan-activity;sid:84519052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655953)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220217-062/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655953/; classtype:trojan-activity;sid:84519053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655928)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/zh-chs/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655928/; classtype:trojan-activity;sid:84519028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655929)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-001/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655929/; classtype:trojan-activity;sid:84519029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655930)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-02-06/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655930/; classtype:trojan-activity;sid:84519030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655931)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/sdk/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655931/; classtype:trojan-activity;sid:84519031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655932)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-012/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655932/; classtype:trojan-activity;sid:84519032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655933)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.156.110.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655933/; classtype:trojan-activity;sid:84519033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655934)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1036/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655934/; classtype:trojan-activity;sid:84519034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655935)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240918-031/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655935/; classtype:trojan-activity;sid:84519035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655936)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220824-011/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655936/; classtype:trojan-activity;sid:84519036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655937)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250219-050/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655937/; classtype:trojan-activity;sid:84519037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655938)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210103-001/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655938/; classtype:trojan-activity;sid:84519038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655939)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-033/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655939/; classtype:trojan-activity;sid:84519039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655940)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/sqlservr/100/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655940/; classtype:trojan-activity;sid:84519040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655922)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/images/famen/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655922/; classtype:trojan-activity;sid:84519022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655923)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1033/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655923/; classtype:trojan-activity;sid:84519023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655924)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/shared/zh-chs/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655924/; classtype:trojan-activity;sid:84519024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655925)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/catalog/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655925/; classtype:trojan-activity;sid:84519025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655926)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-020/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655926/; classtype:trojan-activity;sid:84519026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655927)"; flow:established,from_client; content:"GET"; http_method; content:"/update/%e8%a5%bf%e7%be%8e%e5%8d%b0%e5%88%b7%e7%94%9f%e4%ba%a7%e4%bb%93%e5%ba%93%e7%b3%bb%e7%bb%9f/update/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655927/; classtype:trojan-activity;sid:84519027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655919)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/plcomps/res/2052/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655919/; classtype:trojan-activity;sid:84519019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655920)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211030-056/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655920/; classtype:trojan-activity;sid:84519020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655921)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"191.25.218.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655921/; classtype:trojan-activity;sid:84519021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655917)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/sdk/assembly/zh-chs/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655917/; classtype:trojan-activity;sid:84519017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655918)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210807-023/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655918/; classtype:trojan-activity;sid:84519018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655916)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/com/en/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655916/; classtype:trojan-activity;sid:84519016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655915)"; flow:established,from_client; content:"GET"; http_method; content:"/ye.google|3f|t=lgxqhln2"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ny.khhu-8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655915/; classtype:trojan-activity;sid:84519015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655914)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.190.46.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655914/; classtype:trojan-activity;sid:84519014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655912)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210730-024/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655912/; classtype:trojan-activity;sid:84519012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655913)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"190.153.137.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655913/; classtype:trojan-activity;sid:84519013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655910)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/1.8933demo/177278d1757f/41dae12595c9/e3ee6be74f9a/info.zip"; http_uri; depth:153; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655910/; classtype:trojan-activity;sid:84519010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655911)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"24.93.22.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655911/; classtype:trojan-activity;sid:84519011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655909)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"47.195.224.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655909/; classtype:trojan-activity;sid:84519009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655907)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"145.249.186.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655907/; classtype:trojan-activity;sid:84519007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655908)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"157.10.63.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655908/; classtype:trojan-activity;sid:84519008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655906)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"189.159.133.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655906/; classtype:trojan-activity;sid:84519006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655905)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-051/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655905/; classtype:trojan-activity;sid:84519005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655904)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240711-130/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655904/; classtype:trojan-activity;sid:84519004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655903)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655903/; classtype:trojan-activity;sid:84519003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655902)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.249.142.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655902/; classtype:trojan-activity;sid:84519002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655901)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655901/; classtype:trojan-activity;sid:84519001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655900)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.11.228.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655900/; classtype:trojan-activity;sid:84519000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655899)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655899/; classtype:trojan-activity;sid:84518999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655898)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2025-01-03/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655898/; classtype:trojan-activity;sid:84518998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655896)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.8.164.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655896/; classtype:trojan-activity;sid:84518996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655897)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.201.237.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655897/; classtype:trojan-activity;sid:84518997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655894)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/sdk/assembly/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655894/; classtype:trojan-activity;sid:84518994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655895)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/zh-chs/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655895/; classtype:trojan-activity;sid:84518995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655891)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240403-011/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655891/; classtype:trojan-activity;sid:84518991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655892)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-042/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655892/; classtype:trojan-activity;sid:84518992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655893)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655893/; classtype:trojan-activity;sid:84518993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655890)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/binn/dlltmp32/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655890/; classtype:trojan-activity;sid:84518990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655889)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"82.67.13.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655889/; classtype:trojan-activity;sid:84518989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655888)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210729-050/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655888/; classtype:trojan-activity;sid:84518988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655887)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-31/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655887/; classtype:trojan-activity;sid:84518987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655886)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"107.128.101.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655886/; classtype:trojan-activity;sid:84518986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655885)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"82.67.39.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655885/; classtype:trojan-activity;sid:84518985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655884)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"149.88.73.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655884/; classtype:trojan-activity;sid:84518984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655883)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.32.254.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655883/; classtype:trojan-activity;sid:84518983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655882)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"88.12.14.229"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655882/; classtype:trojan-activity;sid:84518982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655881)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-12-23/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655881/; classtype:trojan-activity;sid:84518981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655880)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-05-11/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655880/; classtype:trojan-activity;sid:84518980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655879)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"24.93.22.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655879/; classtype:trojan-activity;sid:84518979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655878)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"186.214.131.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655878/; classtype:trojan-activity;sid:84518978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655876)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"87.200.95.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655876/; classtype:trojan-activity;sid:84518976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655877)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-029/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655877/; classtype:trojan-activity;sid:84518977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655874)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"110.81.112.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655874/; classtype:trojan-activity;sid:84518974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655875)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"70.95.233.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655875/; classtype:trojan-activity;sid:84518975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655871)"; flow:established,from_client; content:"GET"; http_method; content:"/36dadn7t1r.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pz8.m-89a.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655871/; classtype:trojan-activity;sid:84518971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655872)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211026-077/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655872/; classtype:trojan-activity;sid:84518972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655873)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655873/; classtype:trojan-activity;sid:84518973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655870)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.200.95.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655870/; classtype:trojan-activity;sid:84518970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655869)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"152.0.25.96"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655869/; classtype:trojan-activity;sid:84518969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655867)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-06-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655867/; classtype:trojan-activity;sid:84518967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655868)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1150/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655868/; classtype:trojan-activity;sid:84518968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655866)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.58.62.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655866/; classtype:trojan-activity;sid:84518966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655864)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:155; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655864/; classtype:trojan-activity;sid:84518964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655865)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.6.205"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655865/; classtype:trojan-activity;sid:84518965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655863)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"220.134.237.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655863/; classtype:trojan-activity;sid:84518963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655862)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655862/; classtype:trojan-activity;sid:84518962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655860)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655860/; classtype:trojan-activity;sid:84518960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655861)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-057/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655861/; classtype:trojan-activity;sid:84518961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655859)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"138.36.2.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655859/; classtype:trojan-activity;sid:84518959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655858)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171292/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655858/; classtype:trojan-activity;sid:84518958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655857)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"68.225.217.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655857/; classtype:trojan-activity;sid:84518957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655852)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.229.164.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655852/; classtype:trojan-activity;sid:84518952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655853)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"73.155.237.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655853/; classtype:trojan-activity;sid:84518953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655854)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.246.7.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655854/; classtype:trojan-activity;sid:84518954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655855)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-020/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655855/; classtype:trojan-activity;sid:84518955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655856)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"47.195.224.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655856/; classtype:trojan-activity;sid:84518956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655850)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"152.0.25.96"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655850/; classtype:trojan-activity;sid:84518950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655851)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.35.55.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655851/; classtype:trojan-activity;sid:84518951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655849)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220117-019/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655849/; classtype:trojan-activity;sid:84518949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655848)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-058/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655848/; classtype:trojan-activity;sid:84518948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655847)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.218.214.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655847/; classtype:trojan-activity;sid:84518947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655846)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655846/; classtype:trojan-activity;sid:84518946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655844)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655844/; classtype:trojan-activity;sid:84518944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655845)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-07-14/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655845/; classtype:trojan-activity;sid:84518945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655843)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"183.83.186.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655843/; classtype:trojan-activity;sid:84518943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655842)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.170.103.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655842/; classtype:trojan-activity;sid:84518942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655841)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"2.193.69.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655841/; classtype:trojan-activity;sid:84518941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655840)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"154.29.148.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655840/; classtype:trojan-activity;sid:84518940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655838)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655838/; classtype:trojan-activity;sid:84518938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655839)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.55.251.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655839/; classtype:trojan-activity;sid:84518939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655837)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.72.16.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655837/; classtype:trojan-activity;sid:84518937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655836)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"152.0.25.96"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655836/; classtype:trojan-activity;sid:84518936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655835)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250214-003/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655835/; classtype:trojan-activity;sid:84518935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655834)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.34.230.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655834/; classtype:trojan-activity;sid:84518934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655833)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169473/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655833/; classtype:trojan-activity;sid:84518933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655831)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"88.28.218.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655831/; classtype:trojan-activity;sid:84518931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655832)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/src/sass/demo/helpers/info.zip"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655832/; classtype:trojan-activity;sid:84518932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655830)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231024-129/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655830/; classtype:trojan-activity;sid:84518930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655828)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.50.167.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655828/; classtype:trojan-activity;sid:84518928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655829)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655829/; classtype:trojan-activity;sid:84518929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655826)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000640/2024-06-13/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655826/; classtype:trojan-activity;sid:84518926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655827)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"74.105.18.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655827/; classtype:trojan-activity;sid:84518927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655825)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.249.142.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655825/; classtype:trojan-activity;sid:84518925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655824)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-01-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655824/; classtype:trojan-activity;sid:84518924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655823)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-001/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655823/; classtype:trojan-activity;sid:84518923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655822)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220427-035/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655822/; classtype:trojan-activity;sid:84518922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655821)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.82.142.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655821/; classtype:trojan-activity;sid:84518921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655820)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.8.233.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655820/; classtype:trojan-activity;sid:84518920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655818)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.204.83.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655818/; classtype:trojan-activity;sid:84518918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655819)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1200/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655819/; classtype:trojan-activity;sid:84518919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655817)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.93.22.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655817/; classtype:trojan-activity;sid:84518917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655816)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/com/res/1033/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655816/; classtype:trojan-activity;sid:84518916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655815)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"98.191.121.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655815/; classtype:trojan-activity;sid:84518915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655813)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"152.0.19.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655813/; classtype:trojan-activity;sid:84518913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655814)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.56.227.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655814/; classtype:trojan-activity;sid:84518914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655812)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/rj/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655812/; classtype:trojan-activity;sid:84518912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655811)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"79.17.213.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655811/; classtype:trojan-activity;sid:84518911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655807)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655807/; classtype:trojan-activity;sid:84518907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655808)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-074/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655808/; classtype:trojan-activity;sid:84518908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655809)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-004/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655809/; classtype:trojan-activity;sid:84518909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655810)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655810/; classtype:trojan-activity;sid:84518910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655806)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655806/; classtype:trojan-activity;sid:84518906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655805)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"70.39.111.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655805/; classtype:trojan-activity;sid:84518905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655804)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.83.8.142"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655804/; classtype:trojan-activity;sid:84518904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655803)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-01-31/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655803/; classtype:trojan-activity;sid:84518903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655802)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"118.68.94.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655802/; classtype:trojan-activity;sid:84518902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655801)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-03-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655801/; classtype:trojan-activity;sid:84518901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655800)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"68.148.10.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655800/; classtype:trojan-activity;sid:84518900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655799)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2023-06-22/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655799/; classtype:trojan-activity;sid:84518899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655798)"; flow:established,from_client; content:"GET"; http_method; content:"/req.google|3f|t=ev3s2h8g"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"pu.khhu-8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655798/; classtype:trojan-activity;sid:84518898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655797)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-01-14/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655797/; classtype:trojan-activity;sid:84518897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655796)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.225.169.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655796/; classtype:trojan-activity;sid:84518896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655794)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-001/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655794/; classtype:trojan-activity;sid:84518894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655795)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.56.227.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655795/; classtype:trojan-activity;sid:84518895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655793)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"152.0.25.96"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655793/; classtype:trojan-activity;sid:84518893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655792)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"138.36.2.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655792/; classtype:trojan-activity;sid:84518892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655790)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/windows/gac_32/zh-chs/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655790/; classtype:trojan-activity;sid:84518890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655791)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655791/; classtype:trojan-activity;sid:84518891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655788)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168339/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655788/; classtype:trojan-activity;sid:84518888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655789)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/msvs9/info.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655789/; classtype:trojan-activity;sid:84518889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655785)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.144.63.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655785/; classtype:trojan-activity;sid:84518885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655786)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"47.50.167.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655786/; classtype:trojan-activity;sid:84518886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655787)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-06-02/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655787/; classtype:trojan-activity;sid:84518887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655784)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655784/; classtype:trojan-activity;sid:84518884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655782)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655782/; classtype:trojan-activity;sid:84518882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655783)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.34.230.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655783/; classtype:trojan-activity;sid:84518883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655780)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"172.251.160.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655780/; classtype:trojan-activity;sid:84518880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655781)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.154.249.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655781/; classtype:trojan-activity;sid:84518881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655779)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"68.148.10.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655779/; classtype:trojan-activity;sid:84518879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655778)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/connect/zh-chs/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655778/; classtype:trojan-activity;sid:84518878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655775)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655775/; classtype:trojan-activity;sid:84518875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655776)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171464/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655776/; classtype:trojan-activity;sid:84518876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655777)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"114.32.217.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655777/; classtype:trojan-activity;sid:84518877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655771)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.82.142.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655771/; classtype:trojan-activity;sid:84518871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655772)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"79.123.54.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655772/; classtype:trojan-activity;sid:84518872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655773)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"161.97.147.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655773/; classtype:trojan-activity;sid:84518873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655774)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"32.219.189.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655774/; classtype:trojan-activity;sid:84518874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655769)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160618/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655769/; classtype:trojan-activity;sid:84518869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655770)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-04-03/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655770/; classtype:trojan-activity;sid:84518870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655768)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655768/; classtype:trojan-activity;sid:84518868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655766)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655766/; classtype:trojan-activity;sid:84518866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655767)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"114.32.217.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655767/; classtype:trojan-activity;sid:84518867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655765)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"177.116.226.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655765/; classtype:trojan-activity;sid:84518865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655764)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/9929/11032020104400/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655764/; classtype:trojan-activity;sid:84518864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655762)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.83.8.142"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655762/; classtype:trojan-activity;sid:84518862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655763)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.67.13.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655763/; classtype:trojan-activity;sid:84518863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655759)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.83.121.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655759/; classtype:trojan-activity;sid:84518859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655760)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.82.142.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655760/; classtype:trojan-activity;sid:84518860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655761)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655761/; classtype:trojan-activity;sid:84518861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655757)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.172.14.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655757/; classtype:trojan-activity;sid:84518857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655758)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000640/2024-05-28/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655758/; classtype:trojan-activity;sid:84518858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655756)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.200.95.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655756/; classtype:trojan-activity;sid:84518856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655754)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-11-16/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655754/; classtype:trojan-activity;sid:84518854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655755)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.211.28.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655755/; classtype:trojan-activity;sid:84518855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655752)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.200.95.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655752/; classtype:trojan-activity;sid:84518852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655753)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655753/; classtype:trojan-activity;sid:84518853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655751)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.172.14.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655751/; classtype:trojan-activity;sid:84518851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655750)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"47.216.198.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655750/; classtype:trojan-activity;sid:84518850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655748)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"188.82.127.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655748/; classtype:trojan-activity;sid:84518848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655749)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"24.93.22.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655749/; classtype:trojan-activity;sid:84518849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655746)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211208-061/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655746/; classtype:trojan-activity;sid:84518846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655747)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-002/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655747/; classtype:trojan-activity;sid:84518847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655743)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-06-22/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655743/; classtype:trojan-activity;sid:84518843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655744)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.216.198.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655744/; classtype:trojan-activity;sid:84518844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655745)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"170.55.7.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655745/; classtype:trojan-activity;sid:84518845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655738)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210807-020/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655738/; classtype:trojan-activity;sid:84518838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655739)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.38.217.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655739/; classtype:trojan-activity;sid:84518839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655740)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211218-033/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655740/; classtype:trojan-activity;sid:84518840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655741)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/res/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655741/; classtype:trojan-activity;sid:84518841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655742)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231228-073/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655742/; classtype:trojan-activity;sid:84518842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655735)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/res/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655735/; classtype:trojan-activity;sid:84518835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655736)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/com/res/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655736/; classtype:trojan-activity;sid:84518836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655737)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"177.116.226.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655737/; classtype:trojan-activity;sid:84518837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655734)"; flow:established,from_client; content:"GET"; http_method; content:"/req.google|3f|t=qk6ufft9"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"pu.khhu-8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655734/; classtype:trojan-activity;sid:84518834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655731)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"73.51.224.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655731/; classtype:trojan-activity;sid:84518831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655732)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655732/; classtype:trojan-activity;sid:84518832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655733)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2023-03-07/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655733/; classtype:trojan-activity;sid:84518833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655730)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"67.177.204.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655730/; classtype:trojan-activity;sid:84518830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655726)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220223-034/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655726/; classtype:trojan-activity;sid:84518826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655727)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-11-07/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655727/; classtype:trojan-activity;sid:84518827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655728)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/keyfile/2052/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655728/; classtype:trojan-activity;sid:84518828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655729)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.122.175.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655729/; classtype:trojan-activity;sid:84518829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655724)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-030/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655724/; classtype:trojan-activity;sid:84518824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655725)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.251.252.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655725/; classtype:trojan-activity;sid:84518825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655722)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/%e8%a5%bf%e7%be%8e%e5%8d%b0%e5%88%b7%e7%94%9f%e4%ba%a7%e4%bb%93%e5%ba%93%e7%b3%bb%e7%bb%9f/pic/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655722/; classtype:trojan-activity;sid:84518822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655723)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"110.81.112.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655723/; classtype:trojan-activity;sid:84518823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655719)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-006/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655719/; classtype:trojan-activity;sid:84518819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655720)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655720/; classtype:trojan-activity;sid:84518820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655721)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171250/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655721/; classtype:trojan-activity;sid:84518821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655718)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.55.251.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655718/; classtype:trojan-activity;sid:84518818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655717)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655717/; classtype:trojan-activity;sid:84518817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655716)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"79.123.54.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655716/; classtype:trojan-activity;sid:84518816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655713)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/binn/dlltmp64/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655713/; classtype:trojan-activity;sid:84518813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655714)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"157.10.63.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655714/; classtype:trojan-activity;sid:84518814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655715)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"73.71.107.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655715/; classtype:trojan-activity;sid:84518815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655711)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/dist/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655711/; classtype:trojan-activity;sid:84518811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655712)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-12-01/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655712/; classtype:trojan-activity;sid:84518812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655706)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-053/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655706/; classtype:trojan-activity;sid:84518806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655707)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/sqlservr/100/shared/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655707/; classtype:trojan-activity;sid:84518807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655708)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.94.192.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655708/; classtype:trojan-activity;sid:84518808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655709)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"107.128.101.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655709/; classtype:trojan-activity;sid:84518809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655710)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"175.246.7.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655710/; classtype:trojan-activity;sid:84518810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655699)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"72.132.64.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655699/; classtype:trojan-activity;sid:84518799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655700)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2025-01-04/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655700/; classtype:trojan-activity;sid:84518800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655701)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"73.51.224.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655701/; classtype:trojan-activity;sid:84518801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655702)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.239.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655702/; classtype:trojan-activity;sid:84518802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655703)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"92.150.82.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655703/; classtype:trojan-activity;sid:84518803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655704)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655704/; classtype:trojan-activity;sid:84518804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655705)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/res/2052/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655705/; classtype:trojan-activity;sid:84518805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655696)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.211.28.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655696/; classtype:trojan-activity;sid:84518796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655697)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.89.102.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655697/; classtype:trojan-activity;sid:84518797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655698)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230817-055/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655698/; classtype:trojan-activity;sid:84518798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655694)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"121.207.44.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655694/; classtype:trojan-activity;sid:84518794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655695)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"79.17.213.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655695/; classtype:trojan-activity;sid:84518795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655690)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/mapfiles/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655690/; classtype:trojan-activity;sid:84518790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655691)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/msnet/adomd.net/100/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655691/; classtype:trojan-activity;sid:84518791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655692)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/sdk/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655692/; classtype:trojan-activity;sid:84518792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655693)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/res/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655693/; classtype:trojan-activity;sid:84518793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655689)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220211-036/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655689/; classtype:trojan-activity;sid:84518789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655686)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655686/; classtype:trojan-activity;sid:84518786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655687)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220503-020/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655687/; classtype:trojan-activity;sid:84518787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655688)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655688/; classtype:trojan-activity;sid:84518788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655680)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"68.225.217.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655680/; classtype:trojan-activity;sid:84518780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655681)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"117.24.155.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655681/; classtype:trojan-activity;sid:84518781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655682)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210910-072/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655682/; classtype:trojan-activity;sid:84518782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655683)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171640/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655683/; classtype:trojan-activity;sid:84518783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655684)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.236.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655684/; classtype:trojan-activity;sid:84518784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655685)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220809-080/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655685/; classtype:trojan-activity;sid:84518785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655678)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"155.253.34.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655678/; classtype:trojan-activity;sid:84518778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655679)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.201.237.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655679/; classtype:trojan-activity;sid:84518779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655673)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220428-040/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655673/; classtype:trojan-activity;sid:84518773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655674)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-018/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655674/; classtype:trojan-activity;sid:84518774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655675)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655675/; classtype:trojan-activity;sid:84518775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655676)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/zh-chs/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655676/; classtype:trojan-activity;sid:84518776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655677)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"91.53.49.93"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655677/; classtype:trojan-activity;sid:84518777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655670)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/pfiles/info.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655670/; classtype:trojan-activity;sid:84518770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655671)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655671/; classtype:trojan-activity;sid:84518771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655672)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210826-050/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655672/; classtype:trojan-activity;sid:84518772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655668)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-053/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655668/; classtype:trojan-activity;sid:84518768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655669)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.89.215.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655669/; classtype:trojan-activity;sid:84518769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655666)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"124.218.221.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655666/; classtype:trojan-activity;sid:84518766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655667)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"175.246.7.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655667/; classtype:trojan-activity;sid:84518767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655662)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"157.10.63.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655662/; classtype:trojan-activity;sid:84518762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655663)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655663/; classtype:trojan-activity;sid:84518763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655664)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/res/1033/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655664/; classtype:trojan-activity;sid:84518764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655665)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"50.65.169.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655665/; classtype:trojan-activity;sid:84518765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655657)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-048/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655657/; classtype:trojan-activity;sid:84518757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655658)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.38.185.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655658/; classtype:trojan-activity;sid:84518758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655659)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/help/2052/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655659/; classtype:trojan-activity;sid:84518759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655660)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220406-019/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655660/; classtype:trojan-activity;sid:84518760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655661)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.207.44.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655661/; classtype:trojan-activity;sid:84518761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655656)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166657/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655656/; classtype:trojan-activity;sid:84518756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655654)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"71.198.110.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655654/; classtype:trojan-activity;sid:84518754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655655)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-002/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655655/; classtype:trojan-activity;sid:84518755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655648)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.38.217.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655648/; classtype:trojan-activity;sid:84518748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655649)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.61.160.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655649/; classtype:trojan-activity;sid:84518749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655650)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.11.228.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655650/; classtype:trojan-activity;sid:84518750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655651)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.190.46.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655651/; classtype:trojan-activity;sid:84518751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655652)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166747/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655652/; classtype:trojan-activity;sid:84518752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655653)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"117.30.75.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655653/; classtype:trojan-activity;sid:84518753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655641)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655641/; classtype:trojan-activity;sid:84518741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655642)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.216.198.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655642/; classtype:trojan-activity;sid:84518742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655643)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"189.152.107.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655643/; classtype:trojan-activity;sid:84518743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655644)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"79.17.213.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655644/; classtype:trojan-activity;sid:84518744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655645)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"47.216.198.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655645/; classtype:trojan-activity;sid:84518745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655646)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-12-23/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655646/; classtype:trojan-activity;sid:84518746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655647)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/remoteblobstore/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655647/; classtype:trojan-activity;sid:84518747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655636)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169167/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655636/; classtype:trojan-activity;sid:84518736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655637)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-02-11/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655637/; classtype:trojan-activity;sid:84518737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655638)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.200.95.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655638/; classtype:trojan-activity;sid:84518738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655639)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"145.249.186.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655639/; classtype:trojan-activity;sid:84518739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655640)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"117.30.75.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655640/; classtype:trojan-activity;sid:84518740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655633)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-061/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655633/; classtype:trojan-activity;sid:84518733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655634)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-050/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655634/; classtype:trojan-activity;sid:84518734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655635)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655635/; classtype:trojan-activity;sid:84518735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655631)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.198.246.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655631/; classtype:trojan-activity;sid:84518731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655632)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"66.108.238.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655632/; classtype:trojan-activity;sid:84518732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655626)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/help/2052/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655626/; classtype:trojan-activity;sid:84518726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655627)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-007/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655627/; classtype:trojan-activity;sid:84518727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655628)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"14.162.129.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655628/; classtype:trojan-activity;sid:84518728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655629)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2021-08-20/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655629/; classtype:trojan-activity;sid:84518729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655630)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/msnet/adomd.net/100/zh-chs/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655630/; classtype:trojan-activity;sid:84518730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655623)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/sqlservr/100/tools/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655623/; classtype:trojan-activity;sid:84518723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655624)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/shared/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655624/; classtype:trojan-activity;sid:84518724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655625)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655625/; classtype:trojan-activity;sid:84518725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655622)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"1.34.224.191"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655622/; classtype:trojan-activity;sid:84518722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655621)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655621/; classtype:trojan-activity;sid:84518721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655618)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240831-053/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655618/; classtype:trojan-activity;sid:84518718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655619)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/msnet/adomd.net/100/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655619/; classtype:trojan-activity;sid:84518719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655620)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"152.230.116.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655620/; classtype:trojan-activity;sid:84518720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655614)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655614/; classtype:trojan-activity;sid:84518714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655615)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"220.134.237.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655615/; classtype:trojan-activity;sid:84518715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655616)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250310-026/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655616/; classtype:trojan-activity;sid:84518716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655617)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655617/; classtype:trojan-activity;sid:84518717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655612)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-10-24/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655612/; classtype:trojan-activity;sid:84518712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655613)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211228-022/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655613/; classtype:trojan-activity;sid:84518713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655609)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"149.88.73.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655609/; classtype:trojan-activity;sid:84518709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655610)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220427-035/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655610/; classtype:trojan-activity;sid:84518710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655611)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.85.36.173"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655611/; classtype:trojan-activity;sid:84518711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655606)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/sqlservr/100/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655606/; classtype:trojan-activity;sid:84518706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655607)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/install/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655607/; classtype:trojan-activity;sid:84518707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655608)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/com/res/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655608/; classtype:trojan-activity;sid:84518708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655604)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"117.30.75.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655604/; classtype:trojan-activity;sid:84518704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655605)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"99.232.252.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655605/; classtype:trojan-activity;sid:84518705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655603)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/sqlservr/100/dts/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655603/; classtype:trojan-activity;sid:84518703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655600)"; flow:established,from_client; content:"GET"; http_method; content:"/6j4z1hxlk0.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"an.qjf-1-o.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655600/; classtype:trojan-activity;sid:84518700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655601)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.200.95.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655601/; classtype:trojan-activity;sid:84518701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655602)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.218.221.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655602/; classtype:trojan-activity;sid:84518702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655597)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/res/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655597/; classtype:trojan-activity;sid:84518697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655598)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"154.29.148.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655598/; classtype:trojan-activity;sid:84518698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655599)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"220.134.237.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655599/; classtype:trojan-activity;sid:84518699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655596)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.209.67.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655596/; classtype:trojan-activity;sid:84518696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655592)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-047/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655592/; classtype:trojan-activity;sid:84518692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655593)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"138.36.2.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655593/; classtype:trojan-activity;sid:84518693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655594)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.61.160.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655594/; classtype:trojan-activity;sid:84518694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655595)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/windows/gac/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655595/; classtype:trojan-activity;sid:84518695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655591)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.249.142.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655591/; classtype:trojan-activity;sid:84518691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655590)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"222.252.31.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655590/; classtype:trojan-activity;sid:84518690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655587)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655587/; classtype:trojan-activity;sid:84518687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655588)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211021-033/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655588/; classtype:trojan-activity;sid:84518688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655589)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-024/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655589/; classtype:trojan-activity;sid:84518689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655581)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-043/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655581/; classtype:trojan-activity;sid:84518681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655582)"; flow:established,from_client; content:"GET"; http_method; content:"/ryl.check|3f|t=fbhqcb3w"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ni.khhu-8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655582/; classtype:trojan-activity;sid:84518682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655583)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/info.zip"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655583/; classtype:trojan-activity;sid:84518683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655584)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-10-25/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655584/; classtype:trojan-activity;sid:84518684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655585)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171726/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655585/; classtype:trojan-activity;sid:84518685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655586)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-11-29/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655586/; classtype:trojan-activity;sid:84518686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655579)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"74.105.123.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655579/; classtype:trojan-activity;sid:84518679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655580)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-065/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655580/; classtype:trojan-activity;sid:84518680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655565)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655565/; classtype:trojan-activity;sid:84518665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655566)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-053/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655566/; classtype:trojan-activity;sid:84518666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655567)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2006/11/info.zip"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655567/; classtype:trojan-activity;sid:84518667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655568)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250709-032/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655568/; classtype:trojan-activity;sid:84518668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655569)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166851/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655569/; classtype:trojan-activity;sid:84518669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655570)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-02-04/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655570/; classtype:trojan-activity;sid:84518670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655571)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"191.25.218.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655571/; classtype:trojan-activity;sid:84518671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655572)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.59.134.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655572/; classtype:trojan-activity;sid:84518672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655573)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"161.97.147.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655573/; classtype:trojan-activity;sid:84518673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655574)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-058/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655574/; classtype:trojan-activity;sid:84518674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655575)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.84.50.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655575/; classtype:trojan-activity;sid:84518675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655576)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-018/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655576/; classtype:trojan-activity;sid:84518676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655577)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-049/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655577/; classtype:trojan-activity;sid:84518677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655578)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211110-008/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655578/; classtype:trojan-activity;sid:84518678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655564)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/info.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655564/; classtype:trojan-activity;sid:84518664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655561)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-09-16/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655561/; classtype:trojan-activity;sid:84518661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655562)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.59.134.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655562/; classtype:trojan-activity;sid:84518662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655563)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/src/js/info.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655563/; classtype:trojan-activity;sid:84518663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655560)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.95.233.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655560/; classtype:trojan-activity;sid:84518660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655556)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-03-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655556/; classtype:trojan-activity;sid:84518656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655557)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.43.53.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655557/; classtype:trojan-activity;sid:84518657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655558)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"90.194.127.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655558/; classtype:trojan-activity;sid:84518658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655559)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.34.230.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655559/; classtype:trojan-activity;sid:84518659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655555)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.229.164.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655555/; classtype:trojan-activity;sid:84518655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655554)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.68.94.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655554/; classtype:trojan-activity;sid:84518654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655552)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000640/2024-06-16/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655552/; classtype:trojan-activity;sid:84518652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655553)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.36.80.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655553/; classtype:trojan-activity;sid:84518653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655546)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-02-22/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655546/; classtype:trojan-activity;sid:84518646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655547)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/shared/2052/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655547/; classtype:trojan-activity;sid:84518647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655548)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"69.28.85.199"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655548/; classtype:trojan-activity;sid:84518648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655549)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"107.128.101.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655549/; classtype:trojan-activity;sid:84518649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655550)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.212.247.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655550/; classtype:trojan-activity;sid:84518650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655551)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.85.42.203"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655551/; classtype:trojan-activity;sid:84518651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655540)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.204.83.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655540/; classtype:trojan-activity;sid:84518640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655541)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/windows/gac/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655541/; classtype:trojan-activity;sid:84518641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655542)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-041/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655542/; classtype:trojan-activity;sid:84518642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655543)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655543/; classtype:trojan-activity;sid:84518643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655544)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/sqlservr/100/dts/binn/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655544/; classtype:trojan-activity;sid:84518644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655545)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220427-035/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655545/; classtype:trojan-activity;sid:84518645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655529)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655529/; classtype:trojan-activity;sid:84518629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655530)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/dotnetfx35/x86/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655530/; classtype:trojan-activity;sid:84518630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655531)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/sqlservr/100/tools/binn/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655531/; classtype:trojan-activity;sid:84518631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655532)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/res/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655532/; classtype:trojan-activity;sid:84518632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655533)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"155.253.34.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655533/; classtype:trojan-activity;sid:84518633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655534)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655534/; classtype:trojan-activity;sid:84518634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655535)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.154.249.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655535/; classtype:trojan-activity;sid:84518635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655536)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"99.232.252.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655536/; classtype:trojan-activity;sid:84518636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655537)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"220.134.237.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655537/; classtype:trojan-activity;sid:84518637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655538)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210807-020/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655538/; classtype:trojan-activity;sid:84518638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655539)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-055/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655539/; classtype:trojan-activity;sid:84518639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655521)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655521/; classtype:trojan-activity;sid:84518621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655522)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655522/; classtype:trojan-activity;sid:84518622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655523)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655523/; classtype:trojan-activity;sid:84518623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655524)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-053/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655524/; classtype:trojan-activity;sid:84518624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655525)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/dotnetfx20/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655525/; classtype:trojan-activity;sid:84518625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655526)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/dotnetmsp/x86/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655526/; classtype:trojan-activity;sid:84518626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655527)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/msnet/adomd.net/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655527/; classtype:trojan-activity;sid:84518627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655528)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/msvs9/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655528/; classtype:trojan-activity;sid:84518628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655513)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250715-023/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655513/; classtype:trojan-activity;sid:84518613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655514)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-055/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655514/; classtype:trojan-activity;sid:84518614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655515)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655515/; classtype:trojan-activity;sid:84518615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655516)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210816-019/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655516/; classtype:trojan-activity;sid:84518616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655517)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655517/; classtype:trojan-activity;sid:84518617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655518)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.211.28.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655518/; classtype:trojan-activity;sid:84518618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655519)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220117-019/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655519/; classtype:trojan-activity;sid:84518619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655520)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/bulkload/info.zip"; http_uri; depth:160; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655520/; classtype:trojan-activity;sid:84518620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655512)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"91.53.49.93"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655512/; classtype:trojan-activity;sid:84518612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655509)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/1033/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655509/; classtype:trojan-activity;sid:84518609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655510)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-10-22/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655510/; classtype:trojan-activity;sid:84518610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655511)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250715-011/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655511/; classtype:trojan-activity;sid:84518611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655507)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"138.36.2.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655507/; classtype:trojan-activity;sid:84518607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655508)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.201.237.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655508/; classtype:trojan-activity;sid:84518608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655506)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.249.142.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655506/; classtype:trojan-activity;sid:84518606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655505)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/msnet/adomd.net/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655505/; classtype:trojan-activity;sid:84518605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655503)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-08-05/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655503/; classtype:trojan-activity;sid:84518603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655504)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"73.71.107.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655504/; classtype:trojan-activity;sid:84518604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655502)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655502/; classtype:trojan-activity;sid:84518602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655501)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.8.164.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655501/; classtype:trojan-activity;sid:84518601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655499)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"73.71.107.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655499/; classtype:trojan-activity;sid:84518599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655500)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-072/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655500/; classtype:trojan-activity;sid:84518600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655498)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/msnet/adomd.net/100/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655498/; classtype:trojan-activity;sid:84518598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655497)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/pfiles/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655497/; classtype:trojan-activity;sid:84518597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655495)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655495/; classtype:trojan-activity;sid:84518595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655496)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/connect/zh-chs/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655496/; classtype:trojan-activity;sid:84518596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655494)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"73.155.237.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655494/; classtype:trojan-activity;sid:84518594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655493)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655493/; classtype:trojan-activity;sid:84518593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655492)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-058/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655492/; classtype:trojan-activity;sid:84518592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655491)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/sqlservr/100/dts/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655491/; classtype:trojan-activity;sid:84518591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655490)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-12-17/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655490/; classtype:trojan-activity;sid:84518590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655488)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"175.207.184.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655488/; classtype:trojan-activity;sid:84518588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655489)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/windows/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655489/; classtype:trojan-activity;sid:84518589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655486)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"60.249.150.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655486/; classtype:trojan-activity;sid:84518586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655487)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8109944604/4ikqxtn.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655487/; classtype:trojan-activity;sid:84518587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655485)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.218.221.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655485/; classtype:trojan-activity;sid:84518585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655484)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.116.226.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655484/; classtype:trojan-activity;sid:84518584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655482)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/images/zhijia/info.zip"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655482/; classtype:trojan-activity;sid:84518582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655483)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655483/; classtype:trojan-activity;sid:84518583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655481)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.162.129.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655481/; classtype:trojan-activity;sid:84518581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655480)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"107.128.101.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655480/; classtype:trojan-activity;sid:84518580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655479)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.202.15.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655479/; classtype:trojan-activity;sid:84518579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655478)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168301/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655478/; classtype:trojan-activity;sid:84518578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655475)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"124.218.221.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655475/; classtype:trojan-activity;sid:84518575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655476)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655476/; classtype:trojan-activity;sid:84518576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655477)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.122.175.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655477/; classtype:trojan-activity;sid:84518577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655474)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.252.31.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655474/; classtype:trojan-activity;sid:84518574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655472)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"117.24.155.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655472/; classtype:trojan-activity;sid:84518572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655473)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"152.0.25.96"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655473/; classtype:trojan-activity;sid:84518573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655470)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171316/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655470/; classtype:trojan-activity;sid:84518570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655471)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-09-17/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655471/; classtype:trojan-activity;sid:84518571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655468)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"172.251.160.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655468/; classtype:trojan-activity;sid:84518568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655469)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"70.190.199.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655469/; classtype:trojan-activity;sid:84518569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655464)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/dotnetfx30/x86/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655464/; classtype:trojan-activity;sid:84518564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655465)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.123.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655465/; classtype:trojan-activity;sid:84518565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655466)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.72.16.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655466/; classtype:trojan-activity;sid:84518566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655467)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"115.96.25.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655467/; classtype:trojan-activity;sid:84518567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655462)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.55.251.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655462/; classtype:trojan-activity;sid:84518562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655463)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"149.88.73.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655463/; classtype:trojan-activity;sid:84518563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655461)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.136.85.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655461/; classtype:trojan-activity;sid:84518561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655457)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.84.50.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655457/; classtype:trojan-activity;sid:84518557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655458)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"73.51.224.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655458/; classtype:trojan-activity;sid:84518558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655459)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"68.108.119.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655459/; classtype:trojan-activity;sid:84518559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655460)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.83.8.142"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655460/; classtype:trojan-activity;sid:84518560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655455)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.82.62.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655455/; classtype:trojan-activity;sid:84518555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655456)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.248.186.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655456/; classtype:trojan-activity;sid:84518556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655454)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168287/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655454/; classtype:trojan-activity;sid:84518554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655452)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"83.87.76.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655452/; classtype:trojan-activity;sid:84518552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655453)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"92.150.82.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655453/; classtype:trojan-activity;sid:84518553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655449)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.59.97.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655449/; classtype:trojan-activity;sid:84518549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655450)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"177.116.226.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655450/; classtype:trojan-activity;sid:84518550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655451)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"69.28.85.199"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655451/; classtype:trojan-activity;sid:84518551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655445)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"84.201.4.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655445/; classtype:trojan-activity;sid:84518545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655446)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.85.36.173"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655446/; classtype:trojan-activity;sid:84518546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655447)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"138.36.2.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655447/; classtype:trojan-activity;sid:84518547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655448)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170836/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655448/; classtype:trojan-activity;sid:84518548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655444)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000173022/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655444/; classtype:trojan-activity;sid:84518544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655440)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.235.86.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655440/; classtype:trojan-activity;sid:84518540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655441)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"98.15.210.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655441/; classtype:trojan-activity;sid:84518541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655442)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-02-24/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655442/; classtype:trojan-activity;sid:84518542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655443)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-04-23/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655443/; classtype:trojan-activity;sid:84518543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655439)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.83.121.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655439/; classtype:trojan-activity;sid:84518539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655437)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"68.148.10.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655437/; classtype:trojan-activity;sid:84518537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655438)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"154.29.148.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655438/; classtype:trojan-activity;sid:84518538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655428)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"182.227.5.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655428/; classtype:trojan-activity;sid:84518528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655429)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"223.198.243.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655429/; classtype:trojan-activity;sid:84518529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655430)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655430/; classtype:trojan-activity;sid:84518530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655431)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"189.159.133.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655431/; classtype:trojan-activity;sid:84518531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655432)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172746/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655432/; classtype:trojan-activity;sid:84518532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655433)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000640/2024-09-21/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655433/; classtype:trojan-activity;sid:84518533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655434)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.225.169.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655434/; classtype:trojan-activity;sid:84518534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655435)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.248.107.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655435/; classtype:trojan-activity;sid:84518535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655436)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"124.123.123.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655436/; classtype:trojan-activity;sid:84518536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655427)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.248.186.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655427/; classtype:trojan-activity;sid:84518527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655425)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"152.0.19.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655425/; classtype:trojan-activity;sid:84518525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655426)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220824-011/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655426/; classtype:trojan-activity;sid:84518526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655421)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-12/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655421/; classtype:trojan-activity;sid:84518521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655422)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-001/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655422/; classtype:trojan-activity;sid:84518522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655423)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.211.28.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655423/; classtype:trojan-activity;sid:84518523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655424)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.53.49.93"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655424/; classtype:trojan-activity;sid:84518524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655419)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.218.221.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655419/; classtype:trojan-activity;sid:84518519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655420)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.43.53.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655420/; classtype:trojan-activity;sid:84518520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655418)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"183.83.186.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655418/; classtype:trojan-activity;sid:84518518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655416)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170922/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655416/; classtype:trojan-activity;sid:84518516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655417)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655417/; classtype:trojan-activity;sid:84518517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655415)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.24.155.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655415/; classtype:trojan-activity;sid:84518515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655413)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-01-07/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655413/; classtype:trojan-activity;sid:84518513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655414)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210814-026/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655414/; classtype:trojan-activity;sid:84518514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655412)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/windows/system32/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655412/; classtype:trojan-activity;sid:84518512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655411)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655411/; classtype:trojan-activity;sid:84518511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655410)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetfx35/ia64/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655410/; classtype:trojan-activity;sid:84518510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655409)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"79.17.213.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655409/; classtype:trojan-activity;sid:84518509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655408)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"141.155.36.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655408/; classtype:trojan-activity;sid:84518508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655407)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.200.95.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655407/; classtype:trojan-activity;sid:84518507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655406)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220217-058/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655406/; classtype:trojan-activity;sid:84518506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655403)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"186.235.86.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655403/; classtype:trojan-activity;sid:84518503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655404)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655404/; classtype:trojan-activity;sid:84518504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655405)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/binn/dlltmp64/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655405/; classtype:trojan-activity;sid:84518505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655402)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211110-006/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655402/; classtype:trojan-activity;sid:84518502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655400)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"177.116.226.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655400/; classtype:trojan-activity;sid:84518500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655401)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"88.12.14.229"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655401/; classtype:trojan-activity;sid:84518501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655398)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.209.67.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655398/; classtype:trojan-activity;sid:84518498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655399)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/msnet/adomd.net/100/zh-chs/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655399/; classtype:trojan-activity;sid:84518499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655397)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"152.0.19.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655397/; classtype:trojan-activity;sid:84518497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655396)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241021-102/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655396/; classtype:trojan-activity;sid:84518496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655394)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.198.243.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655394/; classtype:trojan-activity;sid:84518494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655395)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.194.127.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655395/; classtype:trojan-activity;sid:84518495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655393)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"187.213.91.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655393/; classtype:trojan-activity;sid:84518493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655391)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.84.50.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655391/; classtype:trojan-activity;sid:84518491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655392)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/%e8%a5%bf%e7%be%8e%e5%8d%b0%e5%88%b7%e7%94%9f%e4%ba%a7%e4%bb%93%e5%ba%93%e7%b3%bb%e7%bb%9f/sysdll/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655392/; classtype:trojan-activity;sid:84518492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655389)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"68.108.119.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655389/; classtype:trojan-activity;sid:84518489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655390)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210703-016/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655390/; classtype:trojan-activity;sid:84518490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655388)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/ide/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655388/; classtype:trojan-activity;sid:84518488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655387)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655387/; classtype:trojan-activity;sid:84518487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655386)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"161.97.147.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655386/; classtype:trojan-activity;sid:84518486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655385)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211201-059/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655385/; classtype:trojan-activity;sid:84518485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655383)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.198.246.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655383/; classtype:trojan-activity;sid:84518483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655384)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2020-10-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655384/; classtype:trojan-activity;sid:84518484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655382)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240413-004/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655382/; classtype:trojan-activity;sid:84518482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655381)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"84.201.4.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655381/; classtype:trojan-activity;sid:84518481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655380)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/windows/gac/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655380/; classtype:trojan-activity;sid:84518480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655379)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.209.67.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655379/; classtype:trojan-activity;sid:84518479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655378)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655378/; classtype:trojan-activity;sid:84518478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655377)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw0606/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655377/; classtype:trojan-activity;sid:84518477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655376)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/keyfile/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655376/; classtype:trojan-activity;sid:84518476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655375)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"124.72.203.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655375/; classtype:trojan-activity;sid:84518475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655372)"; flow:established,from_client; content:"GET"; http_method; content:"/wy14hfep42.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"an.qjf-1-o.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655372/; classtype:trojan-activity;sid:84518472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655373)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-03-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655373/; classtype:trojan-activity;sid:84518473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655374)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210804-089/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655374/; classtype:trojan-activity;sid:84518474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655370)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.143.172.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655370/; classtype:trojan-activity;sid:84518470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655371)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-030/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655371/; classtype:trojan-activity;sid:84518471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655369)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"189.152.107.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655369/; classtype:trojan-activity;sid:84518469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655368)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655368/; classtype:trojan-activity;sid:84518468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655366)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000839/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655366/; classtype:trojan-activity;sid:84518466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655367)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/cancelamento/2020-05-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655367/; classtype:trojan-activity;sid:84518467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655364)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172428/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655364/; classtype:trojan-activity;sid:84518464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655365)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.216.198.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655365/; classtype:trojan-activity;sid:84518465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655363)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.236.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655363/; classtype:trojan-activity;sid:84518463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655362)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"160.202.15.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655362/; classtype:trojan-activity;sid:84518462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655359)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/msvs9/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655359/; classtype:trojan-activity;sid:84518459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655360)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw0505/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655360/; classtype:trojan-activity;sid:84518460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655361)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"47.216.198.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655361/; classtype:trojan-activity;sid:84518461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655358)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/windows/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655358/; classtype:trojan-activity;sid:84518458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655357)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220503-020/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655357/; classtype:trojan-activity;sid:84518457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655356)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/cfiles/msshared/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655356/; classtype:trojan-activity;sid:84518456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655355)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"175.246.7.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655355/; classtype:trojan-activity;sid:84518455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655354)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210103-001/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655354/; classtype:trojan-activity;sid:84518454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655353)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655353/; classtype:trojan-activity;sid:84518453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655352)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"98.191.121.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655352/; classtype:trojan-activity;sid:84518452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655351)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"189.159.133.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655351/; classtype:trojan-activity;sid:84518451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655350)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/sqlservr/100/dts/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655350/; classtype:trojan-activity;sid:84518450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655349)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.80.26.62"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655349/; classtype:trojan-activity;sid:84518449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655348)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.192.211.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655348/; classtype:trojan-activity;sid:84518448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655347)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/windows/system32/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655347/; classtype:trojan-activity;sid:84518447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655346)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/dotnetfx35/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655346/; classtype:trojan-activity;sid:84518446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655345)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-02-14/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655345/; classtype:trojan-activity;sid:84518445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655344)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000640/2024-06-11/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655344/; classtype:trojan-activity;sid:84518444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655343)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.209.67.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655343/; classtype:trojan-activity;sid:84518443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655342)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"74.105.123.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655342/; classtype:trojan-activity;sid:84518442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655341)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/com/res/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655341/; classtype:trojan-activity;sid:84518441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655340)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/shared/2052/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655340/; classtype:trojan-activity;sid:84518440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655339)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"72.132.64.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655339/; classtype:trojan-activity;sid:84518439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655337)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"91.53.49.93"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655337/; classtype:trojan-activity;sid:84518437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655338)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655338/; classtype:trojan-activity;sid:84518438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655335)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"109.193.105.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655335/; classtype:trojan-activity;sid:84518435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655336)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.176.125.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655336/; classtype:trojan-activity;sid:84518436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655334)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-037/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655334/; classtype:trojan-activity;sid:84518434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655333)"; flow:established,from_client; content:"GET"; http_method; content:"/gmpsl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"84.201.4.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655333/; classtype:trojan-activity;sid:84518433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655332)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655332/; classtype:trojan-activity;sid:84518432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655330)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-11-14/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655330/; classtype:trojan-activity;sid:84518430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655331)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655331/; classtype:trojan-activity;sid:84518431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655329)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"32.219.189.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655329/; classtype:trojan-activity;sid:84518429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655328)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.248.107.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655328/; classtype:trojan-activity;sid:84518428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655325)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.169.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655325/; classtype:trojan-activity;sid:84518425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655326)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"107.128.101.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655326/; classtype:trojan-activity;sid:84518426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655327)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.80.35.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655327/; classtype:trojan-activity;sid:84518427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655324)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240423-021/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655324/; classtype:trojan-activity;sid:84518424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655322)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.8.164.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655322/; classtype:trojan-activity;sid:84518422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655323)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.203.254.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655323/; classtype:trojan-activity;sid:84518423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655320)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.144.63.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655320/; classtype:trojan-activity;sid:84518420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655321)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655321/; classtype:trojan-activity;sid:84518421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655318)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/res/2052/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655318/; classtype:trojan-activity;sid:84518418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655319)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/dotnetfx30/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655319/; classtype:trojan-activity;sid:84518419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655317)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.247.242.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655317/; classtype:trojan-activity;sid:84518417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655315)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"47.216.198.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655315/; classtype:trojan-activity;sid:84518415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655316)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"24.251.252.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655316/; classtype:trojan-activity;sid:84518416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655312)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"115.96.25.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655312/; classtype:trojan-activity;sid:84518412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655313)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.95.233.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655313/; classtype:trojan-activity;sid:84518413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655314)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-03-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655314/; classtype:trojan-activity;sid:84518414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655311)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-03-15/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655311/; classtype:trojan-activity;sid:84518411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655309)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.235.86.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655309/; classtype:trojan-activity;sid:84518409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655310)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655310/; classtype:trojan-activity;sid:84518410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655308)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.178.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655308/; classtype:trojan-activity;sid:84518408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655307)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.156.110.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655307/; classtype:trojan-activity;sid:84518407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655306)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.179.136.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655306/; classtype:trojan-activity;sid:84518406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655305)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"161.97.147.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655305/; classtype:trojan-activity;sid:84518405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655304)"; flow:established,from_client; content:"GET"; http_method; content:"/gmips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"84.201.4.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655304/; classtype:trojan-activity;sid:84518404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655303)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220804-012/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655303/; classtype:trojan-activity;sid:84518403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655301)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.214.131.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655301/; classtype:trojan-activity;sid:84518401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655302)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"1.64.40.207"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655302/; classtype:trojan-activity;sid:84518402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655300)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655300/; classtype:trojan-activity;sid:84518400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655299)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"189.152.107.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655299/; classtype:trojan-activity;sid:84518399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655297)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1028/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655297/; classtype:trojan-activity;sid:84518397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655298)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"71.162.3.185"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655298/; classtype:trojan-activity;sid:84518398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655295)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.155.36.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655295/; classtype:trojan-activity;sid:84518395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655296)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"87.200.95.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655296/; classtype:trojan-activity;sid:84518396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655294)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"74.64.155.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655294/; classtype:trojan-activity;sid:84518394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655293)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-10-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655293/; classtype:trojan-activity;sid:84518393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655292)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/options/info.zip"; http_uri; depth:161; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655292/; classtype:trojan-activity;sid:84518392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655290)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/1033/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655290/; classtype:trojan-activity;sid:84518390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655291)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655291/; classtype:trojan-activity;sid:84518391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655289)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.229.164.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655289/; classtype:trojan-activity;sid:84518389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655288)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-042/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655288/; classtype:trojan-activity;sid:84518388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655285)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655285/; classtype:trojan-activity;sid:84518385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655286)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655286/; classtype:trojan-activity;sid:84518386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655287)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"14.224.205.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655287/; classtype:trojan-activity;sid:84518387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655281)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170516/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655281/; classtype:trojan-activity;sid:84518381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655282)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166309/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655282/; classtype:trojan-activity;sid:84518382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655283)"; flow:established,from_client; content:"GET"; http_method; content:"/req.google|3f|t=66dol6a9"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"pu.khhu-8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655283/; classtype:trojan-activity;sid:84518383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655284)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-026/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655284/; classtype:trojan-activity;sid:84518384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655280)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72.132.64.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655280/; classtype:trojan-activity;sid:84518380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655277)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166739/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655277/; classtype:trojan-activity;sid:84518377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655278)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210730-004/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655278/; classtype:trojan-activity;sid:84518378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655279)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"138.36.2.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655279/; classtype:trojan-activity;sid:84518379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655274)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-02-28/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655274/; classtype:trojan-activity;sid:84518374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655275)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"1.64.40.207"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655275/; classtype:trojan-activity;sid:84518375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655276)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"93.55.251.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655276/; classtype:trojan-activity;sid:84518376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655273)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/shared/zh-chs/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655273/; classtype:trojan-activity;sid:84518373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655271)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655271/; classtype:trojan-activity;sid:84518371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655272)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"188.82.127.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655272/; classtype:trojan-activity;sid:84518372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655270)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000176793/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655270/; classtype:trojan-activity;sid:84518370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655267)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.8.164.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655267/; classtype:trojan-activity;sid:84518367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655268)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"71.162.3.185"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655268/; classtype:trojan-activity;sid:84518368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655269)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/undw/undw70/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655269/; classtype:trojan-activity;sid:84518369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655266)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"115.96.25.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655266/; classtype:trojan-activity;sid:84518366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655265)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655265/; classtype:trojan-activity;sid:84518365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655264)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170776/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655264/; classtype:trojan-activity;sid:84518364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655262)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.179.225.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655262/; classtype:trojan-activity;sid:84518362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655263)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.85.36.173"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655263/; classtype:trojan-activity;sid:84518363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655261)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.77.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655261/; classtype:trojan-activity;sid:84518361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655260)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211125-002/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655260/; classtype:trojan-activity;sid:84518360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655259)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655259/; classtype:trojan-activity;sid:84518359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655257)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-01-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655257/; classtype:trojan-activity;sid:84518357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655258)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqlrowct/info.zip"; http_uri; depth:168; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655258/; classtype:trojan-activity;sid:84518358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655255)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/xiangdan/210721-020/document/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655255/; classtype:trojan-activity;sid:84518355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655256)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/connect/en/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655256/; classtype:trojan-activity;sid:84518356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655252)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.200.95.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655252/; classtype:trojan-activity;sid:84518352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655253)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.82.127.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655253/; classtype:trojan-activity;sid:84518353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655254)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"152.230.116.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655254/; classtype:trojan-activity;sid:84518354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655249)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211202-019/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655249/; classtype:trojan-activity;sid:84518349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655250)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210723-002/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655250/; classtype:trojan-activity;sid:84518350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655251)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.32.254.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655251/; classtype:trojan-activity;sid:84518351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655248)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/bulkload/format/info.zip"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655248/; classtype:trojan-activity;sid:84518348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655247)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"114.33.7.47"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655247/; classtype:trojan-activity;sid:84518347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655244)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655244/; classtype:trojan-activity;sid:84518344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655245)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/sp/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655245/; classtype:trojan-activity;sid:84518345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655246)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"68.148.10.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655246/; classtype:trojan-activity;sid:84518346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655243)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/zh-chs/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655243/; classtype:trojan-activity;sid:84518343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655242)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171312/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655242/; classtype:trojan-activity;sid:84518342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655240)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"119.204.83.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655240/; classtype:trojan-activity;sid:84518340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655241)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"117.24.155.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655241/; classtype:trojan-activity;sid:84518341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655237)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655237/; classtype:trojan-activity;sid:84518337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655238)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655238/; classtype:trojan-activity;sid:84518338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655239)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655239/; classtype:trojan-activity;sid:84518339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655236)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72.219.74.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655236/; classtype:trojan-activity;sid:84518336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655233)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000640/2024-04-29/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655233/; classtype:trojan-activity;sid:84518333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655234)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210814-028/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655234/; classtype:trojan-activity;sid:84518334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655235)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.144.63.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655235/; classtype:trojan-activity;sid:84518335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655232)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000640/2024-11-30/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655232/; classtype:trojan-activity;sid:84518332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655229)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/src/fonts/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655229/; classtype:trojan-activity;sid:84518329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655230)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.234.95.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655230/; classtype:trojan-activity;sid:84518330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655231)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2019-09-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655231/; classtype:trojan-activity;sid:84518331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655228)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.35.55.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655228/; classtype:trojan-activity;sid:84518328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655227)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.201.237.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655227/; classtype:trojan-activity;sid:84518327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655224)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.156.110.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655224/; classtype:trojan-activity;sid:84518324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655225)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.193.69.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655225/; classtype:trojan-activity;sid:84518325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655226)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.83.121.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655226/; classtype:trojan-activity;sid:84518326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655222)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"76.136.85.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655222/; classtype:trojan-activity;sid:84518322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655223)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/80/tools/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655223/; classtype:trojan-activity;sid:84518323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655221)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/binn/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655221/; classtype:trojan-activity;sid:84518321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655220)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655220/; classtype:trojan-activity;sid:84518320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655217)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.59.97.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655217/; classtype:trojan-activity;sid:84518317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655218)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-059/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655218/; classtype:trojan-activity;sid:84518318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655219)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"98.15.210.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655219/; classtype:trojan-activity;sid:84518319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655215)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.229.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655215/; classtype:trojan-activity;sid:84518315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655216)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.248.107.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655216/; classtype:trojan-activity;sid:84518316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655214)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"73.155.237.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655214/; classtype:trojan-activity;sid:84518314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655212)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-053/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655212/; classtype:trojan-activity;sid:84518312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655213)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655213/; classtype:trojan-activity;sid:84518313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655209)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166869/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655209/; classtype:trojan-activity;sid:84518309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655210)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.213.91.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655210/; classtype:trojan-activity;sid:84518310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655211)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"62.228.75.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655211/; classtype:trojan-activity;sid:84518311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655204)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/cfiles/msshared/sqldbg/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655204/; classtype:trojan-activity;sid:84518304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655205)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210810-003/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655205/; classtype:trojan-activity;sid:84518305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655206)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/catalog/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655206/; classtype:trojan-activity;sid:84518306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655207)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.204.232.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655207/; classtype:trojan-activity;sid:84518307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655208)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/vs2008/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655208/; classtype:trojan-activity;sid:84518308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655202)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqlmes/info.zip"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655202/; classtype:trojan-activity;sid:84518302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655203)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"43.230.44.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655203/; classtype:trojan-activity;sid:84518303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655201)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210804-020/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655201/; classtype:trojan-activity;sid:84518301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655200)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"32.219.189.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655200/; classtype:trojan-activity;sid:84518300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655199)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220729-016/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655199/; classtype:trojan-activity;sid:84518299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655198)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"98.213.164.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655198/; classtype:trojan-activity;sid:84518298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655197)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.179.225.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655197/; classtype:trojan-activity;sid:84518297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655195)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"177.212.247.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655195/; classtype:trojan-activity;sid:84518295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655196)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"73.71.107.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655196/; classtype:trojan-activity;sid:84518296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655192)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/com/res/2052/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655192/; classtype:trojan-activity;sid:84518292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655193)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-011/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655193/; classtype:trojan-activity;sid:84518293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655194)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/windows/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655194/; classtype:trojan-activity;sid:84518294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655191)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.247.242.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655191/; classtype:trojan-activity;sid:84518291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655190)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/07/showplan/info.zip"; http_uri; depth:163; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655190/; classtype:trojan-activity;sid:84518290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655189)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.248.186.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655189/; classtype:trojan-activity;sid:84518289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655188)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/windows%20installer/ia64/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655188/; classtype:trojan-activity;sid:84518288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655187)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655187/; classtype:trojan-activity;sid:84518287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655186)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"121.207.44.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655186/; classtype:trojan-activity;sid:84518286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655185)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-023/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655185/; classtype:trojan-activity;sid:84518285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655183)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"68.225.217.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655183/; classtype:trojan-activity;sid:84518283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655184)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/windows/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655184/; classtype:trojan-activity;sid:84518284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655182)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160983/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655182/; classtype:trojan-activity;sid:84518282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655181)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230424-035/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655181/; classtype:trojan-activity;sid:84518281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655180)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.80.243.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655180/; classtype:trojan-activity;sid:84518280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655179)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pb/normal/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655179/; classtype:trojan-activity;sid:84518279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655178)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"107.128.101.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655178/; classtype:trojan-activity;sid:84518278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655177)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"172.251.160.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655177/; classtype:trojan-activity;sid:84518277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655176)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168295/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655176/; classtype:trojan-activity;sid:84518276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655175)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"175.207.184.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655175/; classtype:trojan-activity;sid:84518275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655174)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"73.71.107.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655174/; classtype:trojan-activity;sid:84518274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655173)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.207.44.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655173/; classtype:trojan-activity;sid:84518273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655172)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/dotnetfx35/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655172/; classtype:trojan-activity;sid:84518272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655171)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211201-059/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655171/; classtype:trojan-activity;sid:84518271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655169)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.230.44.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655169/; classtype:trojan-activity;sid:84518269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655170)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655170/; classtype:trojan-activity;sid:84518270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655168)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/sqlservr/100/keyfile/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655168/; classtype:trojan-activity;sid:84518268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655166)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171462/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655166/; classtype:trojan-activity;sid:84518266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655167)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"91.53.49.93"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655167/; classtype:trojan-activity;sid:84518267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655165)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.84.50.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655165/; classtype:trojan-activity;sid:84518265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655164)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.50.167.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655164/; classtype:trojan-activity;sid:84518264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655163)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.8.233.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655163/; classtype:trojan-activity;sid:84518263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655162)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.83.186.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655162/; classtype:trojan-activity;sid:84518262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655161)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/res/2052/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655161/; classtype:trojan-activity;sid:84518261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655160)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"124.123.123.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655160/; classtype:trojan-activity;sid:84518260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655157)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/powershell/ia64/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655157/; classtype:trojan-activity;sid:84518257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655158)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220406-025/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655158/; classtype:trojan-activity;sid:84518258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655159)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/res/1033/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655159/; classtype:trojan-activity;sid:84518259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655156)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/catalog/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655156/; classtype:trojan-activity;sid:84518256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655155)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-021/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655155/; classtype:trojan-activity;sid:84518255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655154)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655154/; classtype:trojan-activity;sid:84518254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655153)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211228-039/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655153/; classtype:trojan-activity;sid:84518253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655152)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/windows/gac_32/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655152/; classtype:trojan-activity;sid:84518252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655151)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"108.6.137.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655151/; classtype:trojan-activity;sid:84518251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655150)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"115.215.242.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655150/; classtype:trojan-activity;sid:84518250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655149)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/90/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655149/; classtype:trojan-activity;sid:84518249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655148)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/tasks/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655148/; classtype:trojan-activity;sid:84518248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655146)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-023/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655146/; classtype:trojan-activity;sid:84518246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655147)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.82.62.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655147/; classtype:trojan-activity;sid:84518247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655145)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.84.85.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655145/; classtype:trojan-activity;sid:84518245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655143)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"111.235.143.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655143/; classtype:trojan-activity;sid:84518243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655144)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"181.36.153.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655144/; classtype:trojan-activity;sid:84518244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655142)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.8.233.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655142/; classtype:trojan-activity;sid:84518242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655140)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.96.25.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655140/; classtype:trojan-activity;sid:84518240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655141)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"69.28.85.199"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655141/; classtype:trojan-activity;sid:84518241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655138)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240726-073/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655138/; classtype:trojan-activity;sid:84518238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655139)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/zh-chs/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655139/; classtype:trojan-activity;sid:84518239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655137)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210720-066/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655137/; classtype:trojan-activity;sid:84518237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655135)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.11.228.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655135/; classtype:trojan-activity;sid:84518235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655136)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.143.172.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655136/; classtype:trojan-activity;sid:84518236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655134)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"186.214.131.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655134/; classtype:trojan-activity;sid:84518234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655133)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"115.215.242.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655133/; classtype:trojan-activity;sid:84518233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655129)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"189.152.107.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655129/; classtype:trojan-activity;sid:84518229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655130)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655130/; classtype:trojan-activity;sid:84518230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655131)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/com/res/2052/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655131/; classtype:trojan-activity;sid:84518231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655132)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210706-066/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655132/; classtype:trojan-activity;sid:84518232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655128)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655128/; classtype:trojan-activity;sid:84518228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655127)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"183.83.186.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655127/; classtype:trojan-activity;sid:84518227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655125)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655125/; classtype:trojan-activity;sid:84518225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655126)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.252.31.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655126/; classtype:trojan-activity;sid:84518226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655124)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220618-010/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655124/; classtype:trojan-activity;sid:84518224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655122)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.195.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655122/; classtype:trojan-activity;sid:84518222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655123)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.83.8.142"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655123/; classtype:trojan-activity;sid:84518223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655120)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"79.123.54.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655120/; classtype:trojan-activity;sid:84518220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655121)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"82.67.39.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655121/; classtype:trojan-activity;sid:84518221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655119)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250721-033/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655119/; classtype:trojan-activity;sid:84518219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655118)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220211-036/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655118/; classtype:trojan-activity;sid:84518218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655117)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetmsp/ia64/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655117/; classtype:trojan-activity;sid:84518217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655116)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"76.154.249.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655116/; classtype:trojan-activity;sid:84518216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655114)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.94.192.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655114/; classtype:trojan-activity;sid:84518214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655115)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655115/; classtype:trojan-activity;sid:84518215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655113)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171330/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655113/; classtype:trojan-activity;sid:84518213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655112)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"118.68.94.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655112/; classtype:trojan-activity;sid:84518212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655111)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250104-016/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655111/; classtype:trojan-activity;sid:84518211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655110)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"72.219.74.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655110/; classtype:trojan-activity;sid:84518210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655109)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.43.53.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655109/; classtype:trojan-activity;sid:84518209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655106)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"91.53.49.93"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655106/; classtype:trojan-activity;sid:84518206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655107)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pdffactory_pro_setup/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655107/; classtype:trojan-activity;sid:84518207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655108)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"66.108.238.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655108/; classtype:trojan-activity;sid:84518208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655103)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"99.232.252.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655103/; classtype:trojan-activity;sid:84518203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655104)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-061/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655104/; classtype:trojan-activity;sid:84518204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655105)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/src/sass/demo/info.zip"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655105/; classtype:trojan-activity;sid:84518205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655101)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.224.205.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655101/; classtype:trojan-activity;sid:84518201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655102)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"62.228.75.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655102/; classtype:trojan-activity;sid:84518202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655098)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655098/; classtype:trojan-activity;sid:84518198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655099)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655099/; classtype:trojan-activity;sid:84518199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655100)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/2052/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655100/; classtype:trojan-activity;sid:84518200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655097)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/com/zh-chs/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655097/; classtype:trojan-activity;sid:84518197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655096)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655096/; classtype:trojan-activity;sid:84518196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655095)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/80/tools/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655095/; classtype:trojan-activity;sid:84518195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655093)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.35.55.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655093/; classtype:trojan-activity;sid:84518193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655094)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"88.28.218.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655094/; classtype:trojan-activity;sid:84518194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655089)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.72.16.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655089/; classtype:trojan-activity;sid:84518189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655090)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"109.193.105.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655090/; classtype:trojan-activity;sid:84518190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655091)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250606-148/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655091/; classtype:trojan-activity;sid:84518191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655092)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.53.49.93"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655092/; classtype:trojan-activity;sid:84518192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655088)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-03-07/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655088/; classtype:trojan-activity;sid:84518188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655087)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"220.89.164.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655087/; classtype:trojan-activity;sid:84518187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655085)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2025-01-02/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655085/; classtype:trojan-activity;sid:84518185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655086)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-074/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655086/; classtype:trojan-activity;sid:84518186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655084)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.34.230.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655084/; classtype:trojan-activity;sid:84518184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655082)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250328-154/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655082/; classtype:trojan-activity;sid:84518182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655083)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.229.164.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655083/; classtype:trojan-activity;sid:84518183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655081)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"124.123.123.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655081/; classtype:trojan-activity;sid:84518181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655080)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171450/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655080/; classtype:trojan-activity;sid:84518180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655077)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.165.240.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655077/; classtype:trojan-activity;sid:84518177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655078)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/2052/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655078/; classtype:trojan-activity;sid:84518178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655079)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-01-14/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655079/; classtype:trojan-activity;sid:84518179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655074)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/com/zh-chs/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655074/; classtype:trojan-activity;sid:84518174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655075)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250613-003/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655075/; classtype:trojan-activity;sid:84518175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655076)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-028/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655076/; classtype:trojan-activity;sid:84518176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655073)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.35.55.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655073/; classtype:trojan-activity;sid:84518173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655072)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"71.198.110.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655072/; classtype:trojan-activity;sid:84518172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655070)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.205.173.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655070/; classtype:trojan-activity;sid:84518170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655071)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"177.212.247.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655071/; classtype:trojan-activity;sid:84518171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655069)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-10-02/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655069/; classtype:trojan-activity;sid:84518169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655068)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-003/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655068/; classtype:trojan-activity;sid:84518168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655067)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"161.97.147.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655067/; classtype:trojan-activity;sid:84518167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655065)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655065/; classtype:trojan-activity;sid:84518165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655066)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"172.251.160.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655066/; classtype:trojan-activity;sid:84518166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655064)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"109.193.105.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655064/; classtype:trojan-activity;sid:84518164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655063)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170520/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655063/; classtype:trojan-activity;sid:84518163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655062)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167115/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655062/; classtype:trojan-activity;sid:84518162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655061)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655061/; classtype:trojan-activity;sid:84518161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655060)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/dotnetfx30/x64/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655060/; classtype:trojan-activity;sid:84518160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655059)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/sqlservr/100/com/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655059/; classtype:trojan-activity;sid:84518159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655057)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.165.240.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655057/; classtype:trojan-activity;sid:84518157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655058)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.32.254.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655058/; classtype:trojan-activity;sid:84518158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655056)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-05-09/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655056/; classtype:trojan-activity;sid:84518156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655053)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/res/2052/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655053/; classtype:trojan-activity;sid:84518153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655054)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"186.235.86.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655054/; classtype:trojan-activity;sid:84518154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655055)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.89.164.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655055/; classtype:trojan-activity;sid:84518155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655051)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/com/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655051/; classtype:trojan-activity;sid:84518151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655052)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655052/; classtype:trojan-activity;sid:84518152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655050)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"155.253.34.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655050/; classtype:trojan-activity;sid:84518150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655049)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.67.13.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655049/; classtype:trojan-activity;sid:84518149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655048)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/provdesc/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655048/; classtype:trojan-activity;sid:84518148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655047)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.82.142.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655047/; classtype:trojan-activity;sid:84518147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655046)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"111.235.143.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655046/; classtype:trojan-activity;sid:84518146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655045)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.64.40.207"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655045/; classtype:trojan-activity;sid:84518145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655043)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-010/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655043/; classtype:trojan-activity;sid:84518143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655044)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655044/; classtype:trojan-activity;sid:84518144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655042)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"124.218.221.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655042/; classtype:trojan-activity;sid:84518142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655040)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000640/2024-05-22/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655040/; classtype:trojan-activity;sid:84518140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655041)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"114.33.7.47"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655041/; classtype:trojan-activity;sid:84518141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655039)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-065/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655039/; classtype:trojan-activity;sid:84518139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655037)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"132.247.103.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655037/; classtype:trojan-activity;sid:84518137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655038)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.43.53.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655038/; classtype:trojan-activity;sid:84518138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655036)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-056/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655036/; classtype:trojan-activity;sid:84518136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655035)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2020-07-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655035/; classtype:trojan-activity;sid:84518135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655034)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655034/; classtype:trojan-activity;sid:84518134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655033)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240531-121/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655033/; classtype:trojan-activity;sid:84518133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655029)"; flow:established,from_client; content:"GET"; http_method; content:"/arm/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655029/; classtype:trojan-activity;sid:84518129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655030)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.82.62.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655030/; classtype:trojan-activity;sid:84518130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655031)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/dotnetmsp/x86/info.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655031/; classtype:trojan-activity;sid:84518131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655032)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/msnet/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655032/; classtype:trojan-activity;sid:84518132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655028)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655028/; classtype:trojan-activity;sid:84518128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655027)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.39.111.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655027/; classtype:trojan-activity;sid:84518127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655026)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/1/0011/28082019084303/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655026/; classtype:trojan-activity;sid:84518126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655025)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655025/; classtype:trojan-activity;sid:84518125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655024)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220715-064/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655024/; classtype:trojan-activity;sid:84518124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655022)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-11-05/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655022/; classtype:trojan-activity;sid:84518122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655023)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/windows%20installer/x64/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655023/; classtype:trojan-activity;sid:84518123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655021)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655021/; classtype:trojan-activity;sid:84518121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655019)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210826-050/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655019/; classtype:trojan-activity;sid:84518119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655020)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/upgrade/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655020/; classtype:trojan-activity;sid:84518120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655017)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"1.34.224.191"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655017/; classtype:trojan-activity;sid:84518117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655018)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.152.73.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655018/; classtype:trojan-activity;sid:84518118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655014)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"186.214.131.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655014/; classtype:trojan-activity;sid:84518114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655015)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/connect/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655015/; classtype:trojan-activity;sid:84518115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655016)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.72.159.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655016/; classtype:trojan-activity;sid:84518116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655013)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210809-047/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655013/; classtype:trojan-activity;sid:84518113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655012)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"220.89.164.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655012/; classtype:trojan-activity;sid:84518112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655011)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"79.17.213.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655011/; classtype:trojan-activity;sid:84518111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655009)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.240.239.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655009/; classtype:trojan-activity;sid:84518109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655010)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.170.103.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655010/; classtype:trojan-activity;sid:84518110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655008)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.193.105.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655008/; classtype:trojan-activity;sid:84518108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655006)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-002/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655006/; classtype:trojan-activity;sid:84518106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655007)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1028/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655007/; classtype:trojan-activity;sid:84518107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655005)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.8.164.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655005/; classtype:trojan-activity;sid:84518105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655004)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.204.232.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655004/; classtype:trojan-activity;sid:84518104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655003)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"79.123.54.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655003/; classtype:trojan-activity;sid:84518103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655002)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"71.162.3.185"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655002/; classtype:trojan-activity;sid:84518102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655001)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.55.251.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655001/; classtype:trojan-activity;sid:84518101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655000)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/bulkload/info.zip"; http_uri; depth:157; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655000/; classtype:trojan-activity;sid:84518100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654999)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.82.127.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654999/; classtype:trojan-activity;sid:84518099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654998)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211208-061/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654998/; classtype:trojan-activity;sid:84518098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654997)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/windows/gac/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654997/; classtype:trojan-activity;sid:84518097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654996)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"183.83.186.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654996/; classtype:trojan-activity;sid:84518096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654995)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"98.191.121.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654995/; classtype:trojan-activity;sid:84518095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654994)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"122.165.240.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654994/; classtype:trojan-activity;sid:84518094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654992)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-01-11/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654992/; classtype:trojan-activity;sid:84518092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654993)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000640/2024-05-09/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654993/; classtype:trojan-activity;sid:84518093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654991)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"203.192.211.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654991/; classtype:trojan-activity;sid:84518091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654990)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"121.207.44.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654990/; classtype:trojan-activity;sid:84518090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654989)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/zh-chs/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654989/; classtype:trojan-activity;sid:84518089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654988)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"69.28.85.199"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654988/; classtype:trojan-activity;sid:84518088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654987)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160615/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654987/; classtype:trojan-activity;sid:84518087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654985)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-03-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654985/; classtype:trojan-activity;sid:84518085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654986)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220211-036/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654986/; classtype:trojan-activity;sid:84518086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654984)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"119.204.83.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654984/; classtype:trojan-activity;sid:84518084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654981)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654981/; classtype:trojan-activity;sid:84518081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654982)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"98.213.164.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654982/; classtype:trojan-activity;sid:84518082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654983)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.89.164.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654983/; classtype:trojan-activity;sid:84518083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654978)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"145.249.186.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654978/; classtype:trojan-activity;sid:84518078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654979)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"154.29.148.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654979/; classtype:trojan-activity;sid:84518079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654980)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.82.62.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654980/; classtype:trojan-activity;sid:84518080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654977)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-075/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654977/; classtype:trojan-activity;sid:84518077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654975)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220824-006/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654975/; classtype:trojan-activity;sid:84518075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654976)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240905-044/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654976/; classtype:trojan-activity;sid:84518076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654973)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-10-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654973/; classtype:trojan-activity;sid:84518073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654974)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-11-02/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654974/; classtype:trojan-activity;sid:84518074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654971)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.154.249.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654971/; classtype:trojan-activity;sid:84518071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654972)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.249.142.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654972/; classtype:trojan-activity;sid:84518072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654969)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/keyfile/2052/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654969/; classtype:trojan-activity;sid:84518069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654970)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"189.61.50.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654970/; classtype:trojan-activity;sid:84518070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654968)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172163/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654968/; classtype:trojan-activity;sid:84518068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654967)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"141.155.36.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654967/; classtype:trojan-activity;sid:84518067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654966)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-10-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654966/; classtype:trojan-activity;sid:84518066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654964)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/sqlservr/100/tools/binn/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654964/; classtype:trojan-activity;sid:84518064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654965)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"182.227.5.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654965/; classtype:trojan-activity;sid:84518065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654963)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/msvs9/common7/ide/priassem/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654963/; classtype:trojan-activity;sid:84518063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654962)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.36.80.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654962/; classtype:trojan-activity;sid:84518062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654961)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167443/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654961/; classtype:trojan-activity;sid:84518061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654959)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.80.35.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654959/; classtype:trojan-activity;sid:84518059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654960)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211116-023/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654960/; classtype:trojan-activity;sid:84518060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654958)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220624-043/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654958/; classtype:trojan-activity;sid:84518058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654957)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"67.10.149.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654957/; classtype:trojan-activity;sid:84518057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654956)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"115.215.242.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654956/; classtype:trojan-activity;sid:84518056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654955)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.83.6.159"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654955/; classtype:trojan-activity;sid:84518055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654954)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"152.0.19.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654954/; classtype:trojan-activity;sid:84518054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654952)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"75.42.36.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654952/; classtype:trojan-activity;sid:84518052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654953)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"109.193.105.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654953/; classtype:trojan-activity;sid:84518053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654950)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.5.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654950/; classtype:trojan-activity;sid:84518050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654951)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"107.128.101.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654951/; classtype:trojan-activity;sid:84518051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654949)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000640/2024-06-04/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654949/; classtype:trojan-activity;sid:84518049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654948)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/msnet/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654948/; classtype:trojan-activity;sid:84518048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654947)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"62.150.203.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654947/; classtype:trojan-activity;sid:84518047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654946)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.192.211.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654946/; classtype:trojan-activity;sid:84518046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654944)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"191.25.218.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654944/; classtype:trojan-activity;sid:84518044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654945)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"189.152.107.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654945/; classtype:trojan-activity;sid:84518045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654943)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168297/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654943/; classtype:trojan-activity;sid:84518043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654942)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654942/; classtype:trojan-activity;sid:84518042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654941)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210723-002/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654941/; classtype:trojan-activity;sid:84518041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654938)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"24.93.22.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654938/; classtype:trojan-activity;sid:84518038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654939)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.248.186.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654939/; classtype:trojan-activity;sid:84518039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654940)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-07-13/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654940/; classtype:trojan-activity;sid:84518040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654937)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/windows/gac/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654937/; classtype:trojan-activity;sid:84518037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654936)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"67.177.204.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654936/; classtype:trojan-activity;sid:84518036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654935)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"68.148.10.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654935/; classtype:trojan-activity;sid:84518035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654934)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/2052/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654934/; classtype:trojan-activity;sid:84518034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654933)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"66.108.238.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654933/; classtype:trojan-activity;sid:84518033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654932)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/com/res/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654932/; classtype:trojan-activity;sid:84518032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654930)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.247.88.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654930/; classtype:trojan-activity;sid:84518030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654931)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/1.8933demo/177278d1757f/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654931/; classtype:trojan-activity;sid:84518031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654929)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"84.201.4.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654929/; classtype:trojan-activity;sid:84518029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654928)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.170.103.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654928/; classtype:trojan-activity;sid:84518028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654927)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-10-08/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654927/; classtype:trojan-activity;sid:84518027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654926)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210817-043/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654926/; classtype:trojan-activity;sid:84518026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654924)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.32.254.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654924/; classtype:trojan-activity;sid:84518024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654925)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/sqlservr/100/shared/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654925/; classtype:trojan-activity;sid:84518025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654922)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.170.103.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654922/; classtype:trojan-activity;sid:84518022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654923)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"73.51.224.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654923/; classtype:trojan-activity;sid:84518023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654921)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654921/; classtype:trojan-activity;sid:84518021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654919)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.94.192.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654919/; classtype:trojan-activity;sid:84518019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654920)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/fonts/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654920/; classtype:trojan-activity;sid:84518020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654918)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"145.249.186.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654918/; classtype:trojan-activity;sid:84518018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654915)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"113.248.107.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654915/; classtype:trojan-activity;sid:84518015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654916)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.53.49.93"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654916/; classtype:trojan-activity;sid:84518016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654917)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.95.233.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654917/; classtype:trojan-activity;sid:84518017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654913)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"24.251.252.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654913/; classtype:trojan-activity;sid:84518013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654914)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"223.198.243.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654914/; classtype:trojan-activity;sid:84518014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654910)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000640/2024-05-21/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654910/; classtype:trojan-activity;sid:84518010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654911)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"152.0.25.96"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654911/; classtype:trojan-activity;sid:84518011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654912)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/ide/priassem/busproj/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654912/; classtype:trojan-activity;sid:84518012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654906)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"152.0.19.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654906/; classtype:trojan-activity;sid:84518006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654907)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"220.89.164.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654907/; classtype:trojan-activity;sid:84518007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654908)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"106.122.175.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654908/; classtype:trojan-activity;sid:84518008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654909)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-10-02/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654909/; classtype:trojan-activity;sid:84518009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654902)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"82.67.13.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654902/; classtype:trojan-activity;sid:84518002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654903)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-10-24/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654903/; classtype:trojan-activity;sid:84518003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654904)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"71.198.110.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654904/; classtype:trojan-activity;sid:84518004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654905)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210911-035/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654905/; classtype:trojan-activity;sid:84518005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654901)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/en/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654901/; classtype:trojan-activity;sid:84518001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654897)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"73.32.57.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654897/; classtype:trojan-activity;sid:84517997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654898)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"160.202.15.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654898/; classtype:trojan-activity;sid:84517998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654899)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-019/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654899/; classtype:trojan-activity;sid:84517999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654900)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/sqlservr/info.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654900/; classtype:trojan-activity;sid:84518000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654896)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-04-17/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654896/; classtype:trojan-activity;sid:84517996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654895)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/18296147000136/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654895/; classtype:trojan-activity;sid:84517995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654893)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"71.239.7.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654893/; classtype:trojan-activity;sid:84517993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654894)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654894/; classtype:trojan-activity;sid:84517994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654892)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.198.246.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654892/; classtype:trojan-activity;sid:84517992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654890)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"70.39.111.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654890/; classtype:trojan-activity;sid:84517990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654891)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.82.142.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654891/; classtype:trojan-activity;sid:84517991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654889)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/msnet/adomd.net/100/zh-chs/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654889/; classtype:trojan-activity;sid:84517989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654887)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/src/images/info.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654887/; classtype:trojan-activity;sid:84517987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654888)"; flow:established,from_client; content:"GET"; http_method; content:"/garm7"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"84.201.4.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654888/; classtype:trojan-activity;sid:84517988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654886)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.84.50.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654886/; classtype:trojan-activity;sid:84517986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654885)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250211-096/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654885/; classtype:trojan-activity;sid:84517985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654883)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/sdk/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654883/; classtype:trojan-activity;sid:84517983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654884)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.179.225.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654884/; classtype:trojan-activity;sid:84517984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654882)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654882/; classtype:trojan-activity;sid:84517982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654881)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165184/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654881/; classtype:trojan-activity;sid:84517981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654878)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/dotnetfx20/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654878/; classtype:trojan-activity;sid:84517978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654879)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-11-09/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654879/; classtype:trojan-activity;sid:84517979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654880)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"189.61.50.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654880/; classtype:trojan-activity;sid:84517980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654877)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/src/fonts/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654877/; classtype:trojan-activity;sid:84517977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654873)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171472/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654873/; classtype:trojan-activity;sid:84517973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654874)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"141.155.36.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654874/; classtype:trojan-activity;sid:84517974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654875)"; flow:established,from_client; content:"GET"; http_method; content:"/ye.google|3f|t=67igy0pi"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ny.khhu-8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654875/; classtype:trojan-activity;sid:84517975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654876)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.216.198.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654876/; classtype:trojan-activity;sid:84517976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654869)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"220.134.237.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654869/; classtype:trojan-activity;sid:84517969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654870)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/sdk/assembly/en/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654870/; classtype:trojan-activity;sid:84517970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654871)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654871/; classtype:trojan-activity;sid:84517971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654872)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.214.131.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654872/; classtype:trojan-activity;sid:84517972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654868)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"71.239.7.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654868/; classtype:trojan-activity;sid:84517968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654865)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetfx30/x64/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654865/; classtype:trojan-activity;sid:84517965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654866)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-007/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654866/; classtype:trojan-activity;sid:84517966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654867)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"107.128.101.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654867/; classtype:trojan-activity;sid:84517967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654864)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"154.29.148.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654864/; classtype:trojan-activity;sid:84517964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654861)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000640/2024-05-16/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654861/; classtype:trojan-activity;sid:84517961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654862)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/binn/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654862/; classtype:trojan-activity;sid:84517962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654863)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220421-042/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654863/; classtype:trojan-activity;sid:84517963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654859)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654859/; classtype:trojan-activity;sid:84517959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654860)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654860/; classtype:trojan-activity;sid:84517960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654856)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"75.42.36.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654856/; classtype:trojan-activity;sid:84517956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654857)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.72.159.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654857/; classtype:trojan-activity;sid:84517957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654858)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"68.108.119.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654858/; classtype:trojan-activity;sid:84517958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654854)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"73.155.237.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654854/; classtype:trojan-activity;sid:84517954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654855)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-036/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654855/; classtype:trojan-activity;sid:84517955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654853)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654853/; classtype:trojan-activity;sid:84517953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654852)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654852/; classtype:trojan-activity;sid:84517952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654851)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250603-136/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654851/; classtype:trojan-activity;sid:84517951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654850)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.36.80.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654850/; classtype:trojan-activity;sid:84517950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654849)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"74.105.18.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654849/; classtype:trojan-activity;sid:84517949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654847)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000640/2024-05-19/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654847/; classtype:trojan-activity;sid:84517947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654848)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.170.103.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654848/; classtype:trojan-activity;sid:84517948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654846)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"83.87.76.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654846/; classtype:trojan-activity;sid:84517946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654845)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.201.237.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654845/; classtype:trojan-activity;sid:84517945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654843)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"76.94.192.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654843/; classtype:trojan-activity;sid:84517943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654844)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/res/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654844/; classtype:trojan-activity;sid:84517944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654842)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"24.251.252.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654842/; classtype:trojan-activity;sid:84517942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654841)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"110.81.112.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654841/; classtype:trojan-activity;sid:84517941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654840)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"149.88.73.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654840/; classtype:trojan-activity;sid:84517940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654839)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171242/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654839/; classtype:trojan-activity;sid:84517939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654837)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.218.214.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654837/; classtype:trojan-activity;sid:84517937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654838)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"187.144.63.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654838/; classtype:trojan-activity;sid:84517938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654836)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.96.25.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654836/; classtype:trojan-activity;sid:84517936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654835)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.56.227.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654835/; classtype:trojan-activity;sid:84517935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654833)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"152.0.25.96"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654833/; classtype:trojan-activity;sid:84517933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654834)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"90.194.127.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654834/; classtype:trojan-activity;sid:84517934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654831)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.218.221.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654831/; classtype:trojan-activity;sid:84517931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654832)"; flow:established,from_client; content:"GET"; http_method; content:"/files/2122787556/12lbtcj.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654832/; classtype:trojan-activity;sid:84517932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654828)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"62.150.203.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654828/; classtype:trojan-activity;sid:84517928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654829)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"132.247.103.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654829/; classtype:trojan-activity;sid:84517929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654830)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.84.85.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654830/; classtype:trojan-activity;sid:84517930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654825)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000640/2024-06-02/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654825/; classtype:trojan-activity;sid:84517925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654826)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"156.200.99.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654826/; classtype:trojan-activity;sid:84517926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654827)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"14.162.129.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654827/; classtype:trojan-activity;sid:84517927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654821)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.207.184.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654821/; classtype:trojan-activity;sid:84517921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654822)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.84.85.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654822/; classtype:trojan-activity;sid:84517922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654823)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.227.5.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654823/; classtype:trojan-activity;sid:84517923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654824)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"182.227.5.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654824/; classtype:trojan-activity;sid:84517924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654820)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-006/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654820/; classtype:trojan-activity;sid:84517920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654819)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.59.97.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654819/; classtype:trojan-activity;sid:84517919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654818)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1033/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654818/; classtype:trojan-activity;sid:84517918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654817)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-031/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654817/; classtype:trojan-activity;sid:84517917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654816)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.116.226.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654816/; classtype:trojan-activity;sid:84517916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654814)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-02-04/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654814/; classtype:trojan-activity;sid:84517914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654815)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-12-28/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654815/; classtype:trojan-activity;sid:84517915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654813)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/com/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654813/; classtype:trojan-activity;sid:84517913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654812)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-057/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654812/; classtype:trojan-activity;sid:84517912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654811)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.89.102.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654811/; classtype:trojan-activity;sid:84517911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654810)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-020/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654810/; classtype:trojan-activity;sid:84517910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654808)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.179.225.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654808/; classtype:trojan-activity;sid:84517908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654809)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210817-043/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654809/; classtype:trojan-activity;sid:84517909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654807)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654807/; classtype:trojan-activity;sid:84517907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654806)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"72.132.64.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654806/; classtype:trojan-activity;sid:84517906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654804)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-05-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654804/; classtype:trojan-activity;sid:84517904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654805)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"75.42.36.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654805/; classtype:trojan-activity;sid:84517905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654802)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.248.107.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654802/; classtype:trojan-activity;sid:84517902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654803)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.234.95.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654803/; classtype:trojan-activity;sid:84517903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654801)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"107.128.101.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654801/; classtype:trojan-activity;sid:84517901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654799)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.209.67.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654799/; classtype:trojan-activity;sid:84517899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654800)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"74.12.85.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654800/; classtype:trojan-activity;sid:84517900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654798)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.85.36.173"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654798/; classtype:trojan-activity;sid:84517898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654796)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654796/; classtype:trojan-activity;sid:84517896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654797)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"71.239.7.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654797/; classtype:trojan-activity;sid:84517897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654795)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"2.193.69.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654795/; classtype:trojan-activity;sid:84517895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654794)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"69.28.85.199"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654794/; classtype:trojan-activity;sid:84517894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654791)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211208-061/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654791/; classtype:trojan-activity;sid:84517891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654792)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240328-046/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654792/; classtype:trojan-activity;sid:84517892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654793)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"32.219.189.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654793/; classtype:trojan-activity;sid:84517893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654790)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"175.207.184.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654790/; classtype:trojan-activity;sid:84517890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654789)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165116/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654789/; classtype:trojan-activity;sid:84517889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654787)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"182.227.5.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654787/; classtype:trojan-activity;sid:84517887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654788)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.203.254.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654788/; classtype:trojan-activity;sid:84517888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654785)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165480/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654785/; classtype:trojan-activity;sid:84517885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654786)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.77.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654786/; classtype:trojan-activity;sid:84517886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654783)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654783/; classtype:trojan-activity;sid:84517883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654784)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"118.68.94.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654784/; classtype:trojan-activity;sid:84517884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654782)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.152.73.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654782/; classtype:trojan-activity;sid:84517882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654781)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/ma/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654781/; classtype:trojan-activity;sid:84517881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654780)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.85.36.173"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654780/; classtype:trojan-activity;sid:84517880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654779)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.218.214.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654779/; classtype:trojan-activity;sid:84517879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654776)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211110-008/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654776/; classtype:trojan-activity;sid:84517876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654777)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"1.34.224.191"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654777/; classtype:trojan-activity;sid:84517877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654778)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.12.14.229"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654778/; classtype:trojan-activity;sid:84517878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654774)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"73.32.57.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654774/; classtype:trojan-activity;sid:84517874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654775)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210624-084/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654775/; classtype:trojan-activity;sid:84517875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654769)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"170.55.7.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654769/; classtype:trojan-activity;sid:84517869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654770)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210802-018/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654770/; classtype:trojan-activity;sid:84517870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654771)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-055/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654771/; classtype:trojan-activity;sid:84517871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654772)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210923-026/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654772/; classtype:trojan-activity;sid:84517872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654773)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/binn/dlltmp32/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654773/; classtype:trojan-activity;sid:84517873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654768)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/undw/undw60/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654768/; classtype:trojan-activity;sid:84517868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654767)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210809-047/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654767/; classtype:trojan-activity;sid:84517867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654766)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/x64/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654766/; classtype:trojan-activity;sid:84517866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654765)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1250/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654765/; classtype:trojan-activity;sid:84517865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654764)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"107.128.101.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654764/; classtype:trojan-activity;sid:84517864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654763)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210810-003/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654763/; classtype:trojan-activity;sid:84517863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654762)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-06-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654762/; classtype:trojan-activity;sid:84517862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654761)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220419-045/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654761/; classtype:trojan-activity;sid:84517861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654759)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.83.8.142"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654759/; classtype:trojan-activity;sid:84517859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654760)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:154; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654760/; classtype:trojan-activity;sid:84517860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654758)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"203.192.211.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654758/; classtype:trojan-activity;sid:84517858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654757)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/undw/undw70/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654757/; classtype:trojan-activity;sid:84517857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654756)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654756/; classtype:trojan-activity;sid:84517856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654755)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220618-010/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654755/; classtype:trojan-activity;sid:84517855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654754)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"115.215.242.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654754/; classtype:trojan-activity;sid:84517854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654753)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_msi/windows/gac/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654753/; classtype:trojan-activity;sid:84517853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654752)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.240.239.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654752/; classtype:trojan-activity;sid:84517852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654751)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"152.230.116.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654751/; classtype:trojan-activity;sid:84517851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654750)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/images/zhijia/info.zip"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654750/; classtype:trojan-activity;sid:84517850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654749)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"71.162.3.185"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654749/; classtype:trojan-activity;sid:84517849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654748)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.35.55.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654748/; classtype:trojan-activity;sid:84517848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654747)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"132.247.103.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654747/; classtype:trojan-activity;sid:84517847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654746)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.230.44.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654746/; classtype:trojan-activity;sid:84517846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654743)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211206-052/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654743/; classtype:trojan-activity;sid:84517843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654744)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.207.184.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654744/; classtype:trojan-activity;sid:84517844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654745)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-03-20/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654745/; classtype:trojan-activity;sid:84517845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654741)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166971/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654741/; classtype:trojan-activity;sid:84517841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654742)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-002/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654742/; classtype:trojan-activity;sid:84517842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654739)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"119.204.83.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654739/; classtype:trojan-activity;sid:84517839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654740)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"76.154.249.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654740/; classtype:trojan-activity;sid:84517840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654737)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.32.254.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654737/; classtype:trojan-activity;sid:84517837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654738)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72.219.74.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654738/; classtype:trojan-activity;sid:84517838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654736)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220528-019/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654736/; classtype:trojan-activity;sid:84517836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654735)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654735/; classtype:trojan-activity;sid:84517835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654734)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220217-062/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654734/; classtype:trojan-activity;sid:84517834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654732)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654732/; classtype:trojan-activity;sid:84517832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654733)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"76.94.192.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654733/; classtype:trojan-activity;sid:84517833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654731)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/com/res/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654731/; classtype:trojan-activity;sid:84517831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654729)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-02-15/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654729/; classtype:trojan-activity;sid:84517829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654730)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetfx20/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654730/; classtype:trojan-activity;sid:84517830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654728)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/msnet/adomd.net/100/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654728/; classtype:trojan-activity;sid:84517828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654727)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654727/; classtype:trojan-activity;sid:84517827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654724)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"161.97.147.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654724/; classtype:trojan-activity;sid:84517824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654725)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/images/zhijia-tuzhi/info.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654725/; classtype:trojan-activity;sid:84517825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654726)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-09-02/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654726/; classtype:trojan-activity;sid:84517826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654721)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.198.246.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654721/; classtype:trojan-activity;sid:84517821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654722)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.59.97.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654722/; classtype:trojan-activity;sid:84517822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654723)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"79.123.54.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654723/; classtype:trojan-activity;sid:84517823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654720)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/info.zip"; http_uri; depth:155; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654720/; classtype:trojan-activity;sid:84517820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654719)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.34.230.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654719/; classtype:trojan-activity;sid:84517819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654718)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250416-015/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654718/; classtype:trojan-activity;sid:84517818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654717)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"74.105.18.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654717/; classtype:trojan-activity;sid:84517817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654716)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210820-072/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654716/; classtype:trojan-activity;sid:84517816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654715)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/31082019084149/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654715/; classtype:trojan-activity;sid:84517815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654714)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-12-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654714/; classtype:trojan-activity;sid:84517814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654713)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.248.186.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654713/; classtype:trojan-activity;sid:84517813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654712)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/sdk/assembly/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654712/; classtype:trojan-activity;sid:84517812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654711)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171298/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654711/; classtype:trojan-activity;sid:84517811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654709)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"189.61.50.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654709/; classtype:trojan-activity;sid:84517809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654710)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.216.198.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654710/; classtype:trojan-activity;sid:84517810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654707)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.80.35.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654707/; classtype:trojan-activity;sid:84517807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654708)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.72.16.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654708/; classtype:trojan-activity;sid:84517808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654705)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.240.239.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654705/; classtype:trojan-activity;sid:84517805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654706)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/2052/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654706/; classtype:trojan-activity;sid:84517806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654704)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"75.42.36.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654704/; classtype:trojan-activity;sid:84517804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654702)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/zh-chs/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654702/; classtype:trojan-activity;sid:84517802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654703)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210816-051/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654703/; classtype:trojan-activity;sid:84517803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654701)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240111-062/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654701/; classtype:trojan-activity;sid:84517801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654698)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165644/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654698/; classtype:trojan-activity;sid:84517798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654699)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-003/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654699/; classtype:trojan-activity;sid:84517799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654700)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"145.249.186.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654700/; classtype:trojan-activity;sid:84517800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654697)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetfx35/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654697/; classtype:trojan-activity;sid:84517797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654696)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.81.161.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654696/; classtype:trojan-activity;sid:84517796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654694)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654694/; classtype:trojan-activity;sid:84517794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654695)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654695/; classtype:trojan-activity;sid:84517795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654693)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654693/; classtype:trojan-activity;sid:84517793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654692)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetmsp/x86/info.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654692/; classtype:trojan-activity;sid:84517792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654691)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211026-077/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654691/; classtype:trojan-activity;sid:84517791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654690)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-03-07/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654690/; classtype:trojan-activity;sid:84517790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654689)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"124.218.221.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654689/; classtype:trojan-activity;sid:84517789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654687)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-02-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654687/; classtype:trojan-activity;sid:84517787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654688)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/help/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654688/; classtype:trojan-activity;sid:84517788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654686)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/sqlservr/100/tools/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654686/; classtype:trojan-activity;sid:84517786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654685)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241211-068/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654685/; classtype:trojan-activity;sid:84517785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654684)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-051/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654684/; classtype:trojan-activity;sid:84517784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654683)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.38.217.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654683/; classtype:trojan-activity;sid:84517783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654682)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654682/; classtype:trojan-activity;sid:84517782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654680)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"223.198.243.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654680/; classtype:trojan-activity;sid:84517780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654681)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.213.91.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654681/; classtype:trojan-activity;sid:84517781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654679)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-040/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654679/; classtype:trojan-activity;sid:84517779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654677)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-08-12/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654677/; classtype:trojan-activity;sid:84517777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654678)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654678/; classtype:trojan-activity;sid:84517778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654675)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.213.91.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654675/; classtype:trojan-activity;sid:84517775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654676)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"91.53.49.93"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654676/; classtype:trojan-activity;sid:84517776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654673)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"222.252.31.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654673/; classtype:trojan-activity;sid:84517773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654674)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654674/; classtype:trojan-activity;sid:84517774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654672)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-10-23/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654672/; classtype:trojan-activity;sid:84517772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654671)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/shared/zh-chs/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654671/; classtype:trojan-activity;sid:84517771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654668)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654668/; classtype:trojan-activity;sid:84517768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654669)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"60.249.150.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654669/; classtype:trojan-activity;sid:84517769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654670)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/shared/1033/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654670/; classtype:trojan-activity;sid:84517770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654667)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"82.67.39.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654667/; classtype:trojan-activity;sid:84517767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654666)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"108.6.137.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654666/; classtype:trojan-activity;sid:84517766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654665)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-12-11/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654665/; classtype:trojan-activity;sid:84517765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654664)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"124.218.221.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654664/; classtype:trojan-activity;sid:84517764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654663)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/dotnetmsp/ia64/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654663/; classtype:trojan-activity;sid:84517763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654662)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250718-044/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654662/; classtype:trojan-activity;sid:84517762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654661)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.72.159.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654661/; classtype:trojan-activity;sid:84517761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654659)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.165.240.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654659/; classtype:trojan-activity;sid:84517759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654660)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"119.204.83.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654660/; classtype:trojan-activity;sid:84517760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654658)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211112-030/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654658/; classtype:trojan-activity;sid:84517758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654657)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"71.198.110.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654657/; classtype:trojan-activity;sid:84517757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654656)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"88.12.14.229"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654656/; classtype:trojan-activity;sid:84517756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654655)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.43.53.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654655/; classtype:trojan-activity;sid:84517755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654652)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220423-022/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654652/; classtype:trojan-activity;sid:84517752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654653)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654653/; classtype:trojan-activity;sid:84517753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654654)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.230.44.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654654/; classtype:trojan-activity;sid:84517754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654651)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.190.199.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654651/; classtype:trojan-activity;sid:84517751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654650)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"62.150.203.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654650/; classtype:trojan-activity;sid:84517750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654649)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654649/; classtype:trojan-activity;sid:84517749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654646)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"161.97.147.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654646/; classtype:trojan-activity;sid:84517746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654647)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"73.51.224.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654647/; classtype:trojan-activity;sid:84517747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654648)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.87.76.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654648/; classtype:trojan-activity;sid:84517748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654645)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.156.110.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654645/; classtype:trojan-activity;sid:84517745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654643)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-11-16/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654643/; classtype:trojan-activity;sid:84517743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654644)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171986/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654644/; classtype:trojan-activity;sid:84517744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654642)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220224-043/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654642/; classtype:trojan-activity;sid:84517742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654641)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.205.173.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654641/; classtype:trojan-activity;sid:84517741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654640)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1049/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654640/; classtype:trojan-activity;sid:84517740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654638)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/80/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654638/; classtype:trojan-activity;sid:84517738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654639)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"108.6.137.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654639/; classtype:trojan-activity;sid:84517739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654636)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"191.25.218.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654636/; classtype:trojan-activity;sid:84517736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654637)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.89.215.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654637/; classtype:trojan-activity;sid:84517737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654635)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167279/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654635/; classtype:trojan-activity;sid:84517735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654633)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"152.0.19.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654633/; classtype:trojan-activity;sid:84517733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654634)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654634/; classtype:trojan-activity;sid:84517734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654632)"; flow:established,from_client; content:"GET"; http_method; content:"/ramon/teste/microsoft%20office%202010%20professional%20plus%20x86/office64.pt-br/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654632/; classtype:trojan-activity;sid:84517732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654631)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.84.85.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654631/; classtype:trojan-activity;sid:84517731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654629)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"62.228.75.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654629/; classtype:trojan-activity;sid:84517729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654630)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-02-21/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654630/; classtype:trojan-activity;sid:84517730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654628)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000162883/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654628/; classtype:trojan-activity;sid:84517728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654627)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.134.237.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654627/; classtype:trojan-activity;sid:84517727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654626)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654626/; classtype:trojan-activity;sid:84517726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654625)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.123.123.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654625/; classtype:trojan-activity;sid:84517725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654624)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.162.129.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654624/; classtype:trojan-activity;sid:84517724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654623)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166887/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654623/; classtype:trojan-activity;sid:84517723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654621)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/com/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654621/; classtype:trojan-activity;sid:84517721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654622)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654622/; classtype:trojan-activity;sid:84517722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654619)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/sqltypes/info.zip"; http_uri; depth:160; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654619/; classtype:trojan-activity;sid:84517719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654620)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.56.227.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654620/; classtype:trojan-activity;sid:84517720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654617)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.80.35.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654617/; classtype:trojan-activity;sid:84517717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654618)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/connect/en/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654618/; classtype:trojan-activity;sid:84517718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654615)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/cfiles/msshared/sqldbg/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654615/; classtype:trojan-activity;sid:84517715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654616)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.83.8.142"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654616/; classtype:trojan-activity;sid:84517716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654613)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.218.214.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654613/; classtype:trojan-activity;sid:84517713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654614)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.229.164.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654614/; classtype:trojan-activity;sid:84517714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654610)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654610/; classtype:trojan-activity;sid:84517710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654611)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210807-008/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654611/; classtype:trojan-activity;sid:84517711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654612)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210814-005/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654612/; classtype:trojan-activity;sid:84517712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654609)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-061/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654609/; classtype:trojan-activity;sid:84517709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654607)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.82.62.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654607/; classtype:trojan-activity;sid:84517707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654608)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-12-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654608/; classtype:trojan-activity;sid:84517708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654605)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.152.73.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654605/; classtype:trojan-activity;sid:84517705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654606)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/1033/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654606/; classtype:trojan-activity;sid:84517706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654604)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/binn/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654604/; classtype:trojan-activity;sid:84517704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654603)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"98.191.121.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654603/; classtype:trojan-activity;sid:84517703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654602)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"175.246.7.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654602/; classtype:trojan-activity;sid:84517702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654601)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"124.218.221.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654601/; classtype:trojan-activity;sid:84517701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654600)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"50.65.169.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654600/; classtype:trojan-activity;sid:84517700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654599)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"47.50.167.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654599/; classtype:trojan-activity;sid:84517699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654598)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160619/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654598/; classtype:trojan-activity;sid:84517698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654597)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-01-22/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654597/; classtype:trojan-activity;sid:84517697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654596)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/2052/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654596/; classtype:trojan-activity;sid:84517696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654595)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250717-033/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654595/; classtype:trojan-activity;sid:84517695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654594)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.80.243.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654594/; classtype:trojan-activity;sid:84517694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654593)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2020-02-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654593/; classtype:trojan-activity;sid:84517693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654592)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/2052/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654592/; classtype:trojan-activity;sid:84517692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654590)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250208-067/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654590/; classtype:trojan-activity;sid:84517690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654591)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"74.105.18.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654591/; classtype:trojan-activity;sid:84517691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654588)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"71.239.7.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654588/; classtype:trojan-activity;sid:84517688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654589)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72.132.64.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654589/; classtype:trojan-activity;sid:84517689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654587)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.34.224.191"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654587/; classtype:trojan-activity;sid:84517687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654586)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.209.146.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654586/; classtype:trojan-activity;sid:84517686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654585)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654585/; classtype:trojan-activity;sid:84517685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654584)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.80.35.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654584/; classtype:trojan-activity;sid:84517684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654582)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221207-038/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654582/; classtype:trojan-activity;sid:84517682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654583)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/sdk/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654583/; classtype:trojan-activity;sid:84517683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654581)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/undw/undw80/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654581/; classtype:trojan-activity;sid:84517681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654579)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/res/2052/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654579/; classtype:trojan-activity;sid:84517679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654580)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"24.251.252.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654580/; classtype:trojan-activity;sid:84517680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654577)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654577/; classtype:trojan-activity;sid:84517677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654578)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.156.110.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654578/; classtype:trojan-activity;sid:84517678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654576)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"220.134.237.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654576/; classtype:trojan-activity;sid:84517676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654575)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654575/; classtype:trojan-activity;sid:84517675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654574)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/watson/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654574/; classtype:trojan-activity;sid:84517674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654572)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"177.212.247.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654572/; classtype:trojan-activity;sid:84517672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654573)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/options/info.zip"; http_uri; depth:164; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654573/; classtype:trojan-activity;sid:84517673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654571)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-030/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654571/; classtype:trojan-activity;sid:84517671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654570)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/msnet/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654570/; classtype:trojan-activity;sid:84517670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654569)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.33.7.47"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654569/; classtype:trojan-activity;sid:84517669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654568)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654568/; classtype:trojan-activity;sid:84517668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654567)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210810-022/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654567/; classtype:trojan-activity;sid:84517667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654565)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211228-022/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654565/; classtype:trojan-activity;sid:84517665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654566)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/bulkload/format/info.zip"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654566/; classtype:trojan-activity;sid:84517666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654564)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.53.49.93"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654564/; classtype:trojan-activity;sid:84517664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654562)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241113-091/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654562/; classtype:trojan-activity;sid:84517662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654563)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000596/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654563/; classtype:trojan-activity;sid:84517663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654559)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000159804/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654559/; classtype:trojan-activity;sid:84517659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654560)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"98.15.210.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654560/; classtype:trojan-activity;sid:84517660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654561)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"14.162.129.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654561/; classtype:trojan-activity;sid:84517661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654558)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-050/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654558/; classtype:trojan-activity;sid:84517658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654557)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241114-115/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654557/; classtype:trojan-activity;sid:84517657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654556)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210810-020/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654556/; classtype:trojan-activity;sid:84517656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654555)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.165.240.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654555/; classtype:trojan-activity;sid:84517655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654554)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"98.191.121.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654554/; classtype:trojan-activity;sid:84517654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654552)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.201.237.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654552/; classtype:trojan-activity;sid:84517652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654553)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654553/; classtype:trojan-activity;sid:84517653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654551)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.179.225.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654551/; classtype:trojan-activity;sid:84517651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654550)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"114.32.217.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654550/; classtype:trojan-activity;sid:84517650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654549)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-018/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654549/; classtype:trojan-activity;sid:84517649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654548)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211125-002/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654548/; classtype:trojan-activity;sid:84517648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654547)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:158; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654547/; classtype:trojan-activity;sid:84517647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654546)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654546/; classtype:trojan-activity;sid:84517646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654543)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"62.228.75.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654543/; classtype:trojan-activity;sid:84517643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654544)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/info.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654544/; classtype:trojan-activity;sid:84517644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654545)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1046/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654545/; classtype:trojan-activity;sid:84517645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654541)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"50.65.169.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654541/; classtype:trojan-activity;sid:84517641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654542)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"122.179.136.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654542/; classtype:trojan-activity;sid:84517642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654540)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"124.218.221.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654540/; classtype:trojan-activity;sid:84517640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654539)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-024/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654539/; classtype:trojan-activity;sid:84517639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654538)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"183.83.186.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654538/; classtype:trojan-activity;sid:84517638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654536)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654536/; classtype:trojan-activity;sid:84517636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654537)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"67.10.149.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654537/; classtype:trojan-activity;sid:84517637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654535)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210703-016/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654535/; classtype:trojan-activity;sid:84517635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654533)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"72.132.64.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654533/; classtype:trojan-activity;sid:84517633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654534)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-018/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654534/; classtype:trojan-activity;sid:84517634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654532)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.81.112.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654532/; classtype:trojan-activity;sid:84517632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654531)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.193.105.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654531/; classtype:trojan-activity;sid:84517631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654530)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/2052/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654530/; classtype:trojan-activity;sid:84517630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654529)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/shared/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654529/; classtype:trojan-activity;sid:84517629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654527)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.211.28.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654527/; classtype:trojan-activity;sid:84517627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654528)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"152.230.116.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654528/; classtype:trojan-activity;sid:84517628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654526)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654526/; classtype:trojan-activity;sid:84517626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654525)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-053/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654525/; classtype:trojan-activity;sid:84517625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654524)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.32.217.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654524/; classtype:trojan-activity;sid:84517624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654522)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-11-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654522/; classtype:trojan-activity;sid:84517622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654523)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.82.142.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654523/; classtype:trojan-activity;sid:84517623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654521)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.39.111.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654521/; classtype:trojan-activity;sid:84517621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654519)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.38.217.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654519/; classtype:trojan-activity;sid:84517619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654520)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"14.162.129.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654520/; classtype:trojan-activity;sid:84517620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654517)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/upgrade/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654517/; classtype:trojan-activity;sid:84517617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654518)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654518/; classtype:trojan-activity;sid:84517618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654516)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"75.42.36.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654516/; classtype:trojan-activity;sid:84517616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654515)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168551/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654515/; classtype:trojan-activity;sid:84517615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654513)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"222.252.31.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654513/; classtype:trojan-activity;sid:84517613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654514)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-04-15/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654514/; classtype:trojan-activity;sid:84517614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654512)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"14.162.129.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654512/; classtype:trojan-activity;sid:84517612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654511)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1050/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654511/; classtype:trojan-activity;sid:84517611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654510)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"74.105.123.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654510/; classtype:trojan-activity;sid:84517610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654509)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-07-23/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654509/; classtype:trojan-activity;sid:84517609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654508)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.36.80.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654508/; classtype:trojan-activity;sid:84517608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654507)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654507/; classtype:trojan-activity;sid:84517607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654506)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654506/; classtype:trojan-activity;sid:84517606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654504)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.43.53.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654504/; classtype:trojan-activity;sid:84517604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654505)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.89.215.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654505/; classtype:trojan-activity;sid:84517605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654499)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.172.14.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654499/; classtype:trojan-activity;sid:84517599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654500)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"145.249.186.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654500/; classtype:trojan-activity;sid:84517600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654501)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.204.232.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654501/; classtype:trojan-activity;sid:84517601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654502)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654502/; classtype:trojan-activity;sid:84517602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654503)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/windows/system32/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654503/; classtype:trojan-activity;sid:84517603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654498)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.59.134.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654498/; classtype:trojan-activity;sid:84517598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654494)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/res/1033/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654494/; classtype:trojan-activity;sid:84517594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654495)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"157.10.63.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654495/; classtype:trojan-activity;sid:84517595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654496)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/sdk/assembly/en/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654496/; classtype:trojan-activity;sid:84517596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654497)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/2052/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654497/; classtype:trojan-activity;sid:84517597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654493)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/sdk/assembly/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654493/; classtype:trojan-activity;sid:84517593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654492)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168749/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654492/; classtype:trojan-activity;sid:84517592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654491)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-06-30/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654491/; classtype:trojan-activity;sid:84517591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654490)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/windows/gac/zh-chs/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654490/; classtype:trojan-activity;sid:84517590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654488)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-09-08/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654488/; classtype:trojan-activity;sid:84517588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654489)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"62.228.75.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654489/; classtype:trojan-activity;sid:84517589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654486)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/%e8%a5%bf%e7%be%8e%e5%8d%b0%e5%88%b7%e7%94%9f%e4%ba%a7%e4%bb%93%e5%ba%93%e7%b3%bb%e7%bb%9f/setup/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654486/; classtype:trojan-activity;sid:84517586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654487)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654487/; classtype:trojan-activity;sid:84517587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654485)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.246.7.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654485/; classtype:trojan-activity;sid:84517585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654483)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/shared/1033/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654483/; classtype:trojan-activity;sid:84517583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654484)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.58.62.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654484/; classtype:trojan-activity;sid:84517584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654482)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"2.80.191.205"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654482/; classtype:trojan-activity;sid:84517582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654481)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654481/; classtype:trojan-activity;sid:84517581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654479)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pa/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654479/; classtype:trojan-activity;sid:84517579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654480)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"79.123.54.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654480/; classtype:trojan-activity;sid:84517580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654478)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.136.85.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654478/; classtype:trojan-activity;sid:84517578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654477)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.155.36.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654477/; classtype:trojan-activity;sid:84517577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654475)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/2052/info.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654475/; classtype:trojan-activity;sid:84517575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654476)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"74.64.155.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654476/; classtype:trojan-activity;sid:84517576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654474)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"157.10.63.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654474/; classtype:trojan-activity;sid:84517574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654473)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/2052/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654473/; classtype:trojan-activity;sid:84517573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654472)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/vs2008/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654472/; classtype:trojan-activity;sid:84517572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654471)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-10-22/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654471/; classtype:trojan-activity;sid:84517571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654470)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220114-001/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654470/; classtype:trojan-activity;sid:84517570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654464)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"66.108.238.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654464/; classtype:trojan-activity;sid:84517564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654465)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/info.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654465/; classtype:trojan-activity;sid:84517565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654466)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"1.34.224.191"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654466/; classtype:trojan-activity;sid:84517566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654467)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/tasks/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654467/; classtype:trojan-activity;sid:84517567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654468)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170894/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654468/; classtype:trojan-activity;sid:84517568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654469)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-020/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654469/; classtype:trojan-activity;sid:84517569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654463)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"98.191.121.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654463/; classtype:trojan-activity;sid:84517563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654460)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211224-005/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654460/; classtype:trojan-activity;sid:84517560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654461)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-046/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654461/; classtype:trojan-activity;sid:84517561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654462)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/msnet/adomd.net/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654462/; classtype:trojan-activity;sid:84517562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654459)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/07/dta/info.zip"; http_uri; depth:158; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654459/; classtype:trojan-activity;sid:84517559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654458)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.30.75.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654458/; classtype:trojan-activity;sid:84517558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654457)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654457/; classtype:trojan-activity;sid:84517557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654456)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"14.224.205.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654456/; classtype:trojan-activity;sid:84517556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654455)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.218.214.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654455/; classtype:trojan-activity;sid:84517555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654454)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.134.237.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654454/; classtype:trojan-activity;sid:84517554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654452)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/feenmer/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654452/; classtype:trojan-activity;sid:84517552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654453)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"71.162.3.185"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654453/; classtype:trojan-activity;sid:84517553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654451)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.202.15.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654451/; classtype:trojan-activity;sid:84517551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654450)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"71.239.7.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654450/; classtype:trojan-activity;sid:84517550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654449)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/dist/fonts/info.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654449/; classtype:trojan-activity;sid:84517549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654448)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/2052/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654448/; classtype:trojan-activity;sid:84517548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654447)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.165.240.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654447/; classtype:trojan-activity;sid:84517547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654446)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"73.155.237.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654446/; classtype:trojan-activity;sid:84517546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654444)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"14.224.205.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654444/; classtype:trojan-activity;sid:84517544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654445)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.247.242.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654445/; classtype:trojan-activity;sid:84517545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654442)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654442/; classtype:trojan-activity;sid:84517542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654443)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"68.148.10.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654443/; classtype:trojan-activity;sid:84517543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654440)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169527/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654440/; classtype:trojan-activity;sid:84517540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654441)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"68.225.217.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654441/; classtype:trojan-activity;sid:84517541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654437)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-026/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654437/; classtype:trojan-activity;sid:84517537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654438)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/msnet/adomd.net/100/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654438/; classtype:trojan-activity;sid:84517538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654439)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_msi/windows/system32/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654439/; classtype:trojan-activity;sid:84517539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654436)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.39.111.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654436/; classtype:trojan-activity;sid:84517536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654435)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-002/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654435/; classtype:trojan-activity;sid:84517535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654434)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/dotnetfx35/x64/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654434/; classtype:trojan-activity;sid:84517534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654433)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/vs2008/1033/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654433/; classtype:trojan-activity;sid:84517533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654432)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.80.35.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654432/; classtype:trojan-activity;sid:84517532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654431)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/1033/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654431/; classtype:trojan-activity;sid:84517531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654430)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164394/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654430/; classtype:trojan-activity;sid:84517530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654429)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/windows/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654429/; classtype:trojan-activity;sid:84517529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654427)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-019/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654427/; classtype:trojan-activity;sid:84517527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654428)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654428/; classtype:trojan-activity;sid:84517528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654426)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167339/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654426/; classtype:trojan-activity;sid:84517526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654424)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.200.95.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654424/; classtype:trojan-activity;sid:84517524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654425)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"74.105.18.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654425/; classtype:trojan-activity;sid:84517525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654422)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164510/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654422/; classtype:trojan-activity;sid:84517522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654423)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/2052/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654423/; classtype:trojan-activity;sid:84517523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654421)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167219/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654421/; classtype:trojan-activity;sid:84517521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654420)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"62.150.203.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654420/; classtype:trojan-activity;sid:84517520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654418)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160478/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654418/; classtype:trojan-activity;sid:84517518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654419)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.59.97.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654419/; classtype:trojan-activity;sid:84517519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654416)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/dotnetfx30/x86/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654416/; classtype:trojan-activity;sid:84517516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654417)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.152.73.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654417/; classtype:trojan-activity;sid:84517517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654414)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-08-13/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654414/; classtype:trojan-activity;sid:84517514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654415)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/res/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654415/; classtype:trojan-activity;sid:84517515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654412)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210730-024/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654412/; classtype:trojan-activity;sid:84517512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654413)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"60.249.150.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654413/; classtype:trojan-activity;sid:84517513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654409)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/info.zip"; http_uri; depth:162; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654409/; classtype:trojan-activity;sid:84517509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654410)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.200.95.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654410/; classtype:trojan-activity;sid:84517510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654411)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2006/11/events/info.zip"; http_uri; depth:160; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654411/; classtype:trojan-activity;sid:84517511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654408)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-10-30/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654408/; classtype:trojan-activity;sid:84517508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654407)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.11.228.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654407/; classtype:trojan-activity;sid:84517507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654406)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.153.137.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654406/; classtype:trojan-activity;sid:84517506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654403)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.209.146.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654403/; classtype:trojan-activity;sid:84517503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654404)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-047/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654404/; classtype:trojan-activity;sid:84517504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654405)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:148; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654405/; classtype:trojan-activity;sid:84517505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654402)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171016/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654402/; classtype:trojan-activity;sid:84517502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654401)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/images/info.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654401/; classtype:trojan-activity;sid:84517501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654400)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"152.0.19.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654400/; classtype:trojan-activity;sid:84517500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654399)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-054/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654399/; classtype:trojan-activity;sid:84517499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654396)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.12.14.229"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654396/; classtype:trojan-activity;sid:84517496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654397)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/90/shared/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654397/; classtype:trojan-activity;sid:84517497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654398)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.193.69.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654398/; classtype:trojan-activity;sid:84517498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654395)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240425-036/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654395/; classtype:trojan-activity;sid:84517495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654394)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-03-18/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654394/; classtype:trojan-activity;sid:84517494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654393)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165486/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654393/; classtype:trojan-activity;sid:84517493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654392)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"186.235.86.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654392/; classtype:trojan-activity;sid:84517492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654390)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.209.67.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654390/; classtype:trojan-activity;sid:84517490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654391)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654391/; classtype:trojan-activity;sid:84517491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654389)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"154.29.148.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654389/; classtype:trojan-activity;sid:84517489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654387)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/bulkload/format/info.zip"; http_uri; depth:164; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654387/; classtype:trojan-activity;sid:84517487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654388)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654388/; classtype:trojan-activity;sid:84517488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654386)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-041/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654386/; classtype:trojan-activity;sid:84517486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654385)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.89.102.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654385/; classtype:trojan-activity;sid:84517485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654383)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/2052/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654383/; classtype:trojan-activity;sid:84517483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654384)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-021/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654384/; classtype:trojan-activity;sid:84517484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654381)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-007/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654381/; classtype:trojan-activity;sid:84517481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654382)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000640/2024-06-01/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654382/; classtype:trojan-activity;sid:84517482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654380)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"75.42.36.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654380/; classtype:trojan-activity;sid:84517480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654379)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"172.251.160.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654379/; classtype:trojan-activity;sid:84517479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654378)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.154.249.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654378/; classtype:trojan-activity;sid:84517478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654375)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/07/showplan/info.zip"; http_uri; depth:160; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654375/; classtype:trojan-activity;sid:84517475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654376)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-015/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654376/; classtype:trojan-activity;sid:84517476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654377)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-053/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654377/; classtype:trojan-activity;sid:84517477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654374)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"190.153.137.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654374/; classtype:trojan-activity;sid:84517474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654372)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-06-05/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654372/; classtype:trojan-activity;sid:84517472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654373)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw0800/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654373/; classtype:trojan-activity;sid:84517473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654371)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210817-031/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654371/; classtype:trojan-activity;sid:84517471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654369)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"223.198.243.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654369/; classtype:trojan-activity;sid:84517469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654370)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"114.33.7.47"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654370/; classtype:trojan-activity;sid:84517470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654368)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"73.155.237.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654368/; classtype:trojan-activity;sid:84517468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654365)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/tools/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654365/; classtype:trojan-activity;sid:84517465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654366)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.72.203.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654366/; classtype:trojan-activity;sid:84517466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654367)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"149.88.73.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654367/; classtype:trojan-activity;sid:84517467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654364)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.216.198.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654364/; classtype:trojan-activity;sid:84517464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654363)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.80.243.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654363/; classtype:trojan-activity;sid:84517463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654362)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/mapfiles/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654362/; classtype:trojan-activity;sid:84517462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654361)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210909-018/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654361/; classtype:trojan-activity;sid:84517461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654360)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171858/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654360/; classtype:trojan-activity;sid:84517460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654359)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210907-038/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654359/; classtype:trojan-activity;sid:84517459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654357)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/undw/undw80/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654357/; classtype:trojan-activity;sid:84517457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654358)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.251.252.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654358/; classtype:trojan-activity;sid:84517458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654356)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"203.192.211.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654356/; classtype:trojan-activity;sid:84517456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654355)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/otherup/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654355/; classtype:trojan-activity;sid:84517455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654354)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210813-060/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654354/; classtype:trojan-activity;sid:84517454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654353)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/windows/syswow64/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654353/; classtype:trojan-activity;sid:84517453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654351)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/sdk/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654351/; classtype:trojan-activity;sid:84517451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654352)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-006/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654352/; classtype:trojan-activity;sid:84517452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654350)"; flow:established,from_client; content:"GET"; http_method; content:"/s6wver05rt.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"an.qjf-1-o.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654350/; classtype:trojan-activity;sid:84517450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654349)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/shared/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654349/; classtype:trojan-activity;sid:84517449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654347)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"67.10.149.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654347/; classtype:trojan-activity;sid:84517447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654348)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"62.150.203.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654348/; classtype:trojan-activity;sid:84517448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654346)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.209.146.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654346/; classtype:trojan-activity;sid:84517446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654345)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220421-042/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654345/; classtype:trojan-activity;sid:84517445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654344)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"69.28.85.199"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654344/; classtype:trojan-activity;sid:84517444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654343)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000162652/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654343/; classtype:trojan-activity;sid:84517443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654342)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"49.204.232.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654342/; classtype:trojan-activity;sid:84517442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654341)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/sqlservr/100/dts/binn/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654341/; classtype:trojan-activity;sid:84517441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654340)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetfx35/x64/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654340/; classtype:trojan-activity;sid:84517440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654338)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/plcomps/res/1033/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654338/; classtype:trojan-activity;sid:84517438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654339)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.136.85.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654339/; classtype:trojan-activity;sid:84517439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654336)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654336/; classtype:trojan-activity;sid:84517436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654337)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"50.65.169.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654337/; classtype:trojan-activity;sid:84517437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654334)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"222.252.31.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654334/; classtype:trojan-activity;sid:84517434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654335)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.248.186.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654335/; classtype:trojan-activity;sid:84517435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654333)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"188.82.127.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654333/; classtype:trojan-activity;sid:84517433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654332)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-018/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654332/; classtype:trojan-activity;sid:84517432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654331)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654331/; classtype:trojan-activity;sid:84517431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654329)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"62.150.203.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654329/; classtype:trojan-activity;sid:84517429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654330)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"108.6.137.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654330/; classtype:trojan-activity;sid:84517430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654328)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-09-08/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654328/; classtype:trojan-activity;sid:84517428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654327)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240521-004/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654327/; classtype:trojan-activity;sid:84517427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654326)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.59.134.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654326/; classtype:trojan-activity;sid:84517426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654324)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-012/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654324/; classtype:trojan-activity;sid:84517424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654325)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/1033/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654325/; classtype:trojan-activity;sid:84517425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654323)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.56.227.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654323/; classtype:trojan-activity;sid:84517423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654322)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/sdk/assembly/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654322/; classtype:trojan-activity;sid:84517422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654321)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.234.95.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654321/; classtype:trojan-activity;sid:84517421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654320)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654320/; classtype:trojan-activity;sid:84517420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654318)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"98.213.164.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654318/; classtype:trojan-activity;sid:84517418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654319)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.82.62.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654319/; classtype:trojan-activity;sid:84517419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654317)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/windows/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654317/; classtype:trojan-activity;sid:84517417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654316)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220809-080/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654316/; classtype:trojan-activity;sid:84517416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654315)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.80.243.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654315/; classtype:trojan-activity;sid:84517415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654314)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240830-004/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654314/; classtype:trojan-activity;sid:84517414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654313)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/es/conting%c3%aancia/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654313/; classtype:trojan-activity;sid:84517413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654312)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"111.235.143.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654312/; classtype:trojan-activity;sid:84517412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654311)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-10-31/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654311/; classtype:trojan-activity;sid:84517411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654309)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/res/1033/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654309/; classtype:trojan-activity;sid:84517409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654310)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.94.192.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654310/; classtype:trojan-activity;sid:84517410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654306)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168387/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654306/; classtype:trojan-activity;sid:84517406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654307)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.56.227.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654307/; classtype:trojan-activity;sid:84517407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654308)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654308/; classtype:trojan-activity;sid:84517408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654305)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"71.162.3.185"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654305/; classtype:trojan-activity;sid:84517405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654304)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-018/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654304/; classtype:trojan-activity;sid:84517404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654303)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.247.242.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654303/; classtype:trojan-activity;sid:84517403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654302)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/windows/gac_32/zh-chs/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654302/; classtype:trojan-activity;sid:84517402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654301)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.152.73.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654301/; classtype:trojan-activity;sid:84517401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654300)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2020-09-10/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654300/; classtype:trojan-activity;sid:84517400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654299)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654299/; classtype:trojan-activity;sid:84517399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654298)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210807-020/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654298/; classtype:trojan-activity;sid:84517398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654297)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-048/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654297/; classtype:trojan-activity;sid:84517397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654296)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.215.242.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654296/; classtype:trojan-activity;sid:84517396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654294)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"117.24.155.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654294/; classtype:trojan-activity;sid:84517394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654295)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"84.201.4.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654295/; classtype:trojan-activity;sid:84517395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654292)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654292/; classtype:trojan-activity;sid:84517392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654293)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230317-034/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654293/; classtype:trojan-activity;sid:84517393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654291)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-10-05/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654291/; classtype:trojan-activity;sid:84517391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654290)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"124.218.221.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654290/; classtype:trojan-activity;sid:84517390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654288)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.59.134.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654288/; classtype:trojan-activity;sid:84517388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654289)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.204.232.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654289/; classtype:trojan-activity;sid:84517389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654287)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.8.233.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654287/; classtype:trojan-activity;sid:84517387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654286)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"84.201.4.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654286/; classtype:trojan-activity;sid:84517386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654285)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"67.177.204.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654285/; classtype:trojan-activity;sid:84517385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654284)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.58.62.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654284/; classtype:trojan-activity;sid:84517384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654283)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654283/; classtype:trojan-activity;sid:84517383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654282)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168291/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654282/; classtype:trojan-activity;sid:84517382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654278)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"186.214.131.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654278/; classtype:trojan-activity;sid:84517378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654279)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210810-022/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654279/; classtype:trojan-activity;sid:84517379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654280)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.216.198.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654280/; classtype:trojan-activity;sid:84517380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654281)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"99.232.252.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654281/; classtype:trojan-activity;sid:84517381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654277)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210706-066/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654277/; classtype:trojan-activity;sid:84517377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654276)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.72.159.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654276/; classtype:trojan-activity;sid:84517376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654273)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"189.61.50.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654273/; classtype:trojan-activity;sid:84517373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654274)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"114.32.217.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654274/; classtype:trojan-activity;sid:84517374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654275)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:157; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654275/; classtype:trojan-activity;sid:84517375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654271)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.225.169.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654271/; classtype:trojan-activity;sid:84517371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654272)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-020/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654272/; classtype:trojan-activity;sid:84517372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654270)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654270/; classtype:trojan-activity;sid:84517370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654268)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654268/; classtype:trojan-activity;sid:84517368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654269)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.227.5.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654269/; classtype:trojan-activity;sid:84517369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654267)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-034/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654267/; classtype:trojan-activity;sid:84517367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654266)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-10-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654266/; classtype:trojan-activity;sid:84517366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654265)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171296/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654265/; classtype:trojan-activity;sid:84517365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654264)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210723-030/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654264/; classtype:trojan-activity;sid:84517364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654262)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000640/2024-09-25/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654262/; classtype:trojan-activity;sid:84517362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654263)"; flow:established,from_client; content:"GET"; http_method; content:"/4fxwqweq8y.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pz8.m-89a.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654263/; classtype:trojan-activity;sid:84517363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654260)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.11.228.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654260/; classtype:trojan-activity;sid:84517360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654261)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220729-016/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654261/; classtype:trojan-activity;sid:84517361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654259)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"67.10.149.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654259/; classtype:trojan-activity;sid:84517359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654258)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.230.44.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654258/; classtype:trojan-activity;sid:84517358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654257)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/windows/gac/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654257/; classtype:trojan-activity;sid:84517357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654256)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210804-020/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654256/; classtype:trojan-activity;sid:84517356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654255)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220117-019/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654255/; classtype:trojan-activity;sid:84517355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654254)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172470/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654254/; classtype:trojan-activity;sid:84517354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654251)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.229.164.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654251/; classtype:trojan-activity;sid:84517351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654252)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/res/2052/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654252/; classtype:trojan-activity;sid:84517352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654253)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.198.246.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654253/; classtype:trojan-activity;sid:84517353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654250)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/plcomps/res/1033/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654250/; classtype:trojan-activity;sid:84517350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654249)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"79.17.213.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654249/; classtype:trojan-activity;sid:84517349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654248)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"84.201.4.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654248/; classtype:trojan-activity;sid:84517348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654246)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210720-027/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654246/; classtype:trojan-activity;sid:84517346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654247)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654247/; classtype:trojan-activity;sid:84517347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654245)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"108.6.137.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654245/; classtype:trojan-activity;sid:84517345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654244)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.194.127.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654244/; classtype:trojan-activity;sid:84517344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654243)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.95.233.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654243/; classtype:trojan-activity;sid:84517343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654242)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/msnet/adomd.net/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654242/; classtype:trojan-activity;sid:84517342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654241)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"72.219.74.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654241/; classtype:trojan-activity;sid:84517341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654239)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654239/; classtype:trojan-activity;sid:84517339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654240)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"155.253.34.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654240/; classtype:trojan-activity;sid:84517340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654238)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171252/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654238/; classtype:trojan-activity;sid:84517338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654237)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-03-05/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654237/; classtype:trojan-activity;sid:84517337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654235)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1049/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654235/; classtype:trojan-activity;sid:84517335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654236)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"91.53.49.93"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654236/; classtype:trojan-activity;sid:84517336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654234)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"107.128.101.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654234/; classtype:trojan-activity;sid:84517334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654231)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171306/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654231/; classtype:trojan-activity;sid:84517331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654232)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"106.122.175.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654232/; classtype:trojan-activity;sid:84517332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654233)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654233/; classtype:trojan-activity;sid:84517333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654230)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.200.95.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654230/; classtype:trojan-activity;sid:84517330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654228)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-12-23/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654228/; classtype:trojan-activity;sid:84517328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654229)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/com/res/1033/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654229/; classtype:trojan-activity;sid:84517329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654224)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.87.76.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654224/; classtype:trojan-activity;sid:84517324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654225)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"90.194.127.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654225/; classtype:trojan-activity;sid:84517325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654226)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"74.105.123.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654226/; classtype:trojan-activity;sid:84517326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654227)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-03-22/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654227/; classtype:trojan-activity;sid:84517327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654221)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210807-023/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654221/; classtype:trojan-activity;sid:84517321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654222)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210910-072/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654222/; classtype:trojan-activity;sid:84517322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654223)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-037/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654223/; classtype:trojan-activity;sid:84517323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654218)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/msnet/adomd.net/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654218/; classtype:trojan-activity;sid:84517318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654219)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654219/; classtype:trojan-activity;sid:84517319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654220)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-022/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654220/; classtype:trojan-activity;sid:84517320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654217)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.225.169.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654217/; classtype:trojan-activity;sid:84517317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654215)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-070/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654215/; classtype:trojan-activity;sid:84517315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654216)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-04-07/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654216/; classtype:trojan-activity;sid:84517316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654213)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.216.198.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654213/; classtype:trojan-activity;sid:84517313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654214)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.84.85.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654214/; classtype:trojan-activity;sid:84517314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654211)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.8.233.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654211/; classtype:trojan-activity;sid:84517311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654212)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"2.193.69.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654212/; classtype:trojan-activity;sid:84517312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654208)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.170.103.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654208/; classtype:trojan-activity;sid:84517308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654209)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654209/; classtype:trojan-activity;sid:84517309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654210)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"152.0.25.96"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654210/; classtype:trojan-activity;sid:84517310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654207)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.144.63.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654207/; classtype:trojan-activity;sid:84517307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654206)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.225.169.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654206/; classtype:trojan-activity;sid:84517306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654205)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654205/; classtype:trojan-activity;sid:84517305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654203)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.8.164.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654203/; classtype:trojan-activity;sid:84517303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654204)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654204/; classtype:trojan-activity;sid:84517304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654201)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.50.167.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654201/; classtype:trojan-activity;sid:84517301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654202)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.58.62.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654202/; classtype:trojan-activity;sid:84517302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654200)"; flow:established,from_client; content:"GET"; http_method; content:"/update/%e8%a5%bf%e7%be%8e%e5%8d%b0%e5%88%b7%e7%94%9f%e4%ba%a7%e4%bb%93%e5%ba%93%e7%b3%bb%e7%bb%9f/info.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654200/; classtype:trojan-activity;sid:84517300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654199)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.152.73.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654199/; classtype:trojan-activity;sid:84517299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654197)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.89.102.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654197/; classtype:trojan-activity;sid:84517297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654198)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"88.28.218.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654198/; classtype:trojan-activity;sid:84517298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654196)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"2.193.69.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654196/; classtype:trojan-activity;sid:84517296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654195)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.179.136.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654195/; classtype:trojan-activity;sid:84517295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654194)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"115.96.25.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654194/; classtype:trojan-activity;sid:84517294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654192)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"178.198.246.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654192/; classtype:trojan-activity;sid:84517292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654193)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"157.10.63.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654193/; classtype:trojan-activity;sid:84517293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654191)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172872/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654191/; classtype:trojan-activity;sid:84517291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654190)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"175.207.184.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654190/; classtype:trojan-activity;sid:84517290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654188)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.225.169.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654188/; classtype:trojan-activity;sid:84517288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654189)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168303/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654189/; classtype:trojan-activity;sid:84517289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654187)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2023-10-17/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654187/; classtype:trojan-activity;sid:84517287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654186)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168278/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654186/; classtype:trojan-activity;sid:84517286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654183)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"74.105.18.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654183/; classtype:trojan-activity;sid:84517283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654184)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pe/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654184/; classtype:trojan-activity;sid:84517284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654185)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.179.225.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654185/; classtype:trojan-activity;sid:84517285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654178)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.218.214.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654178/; classtype:trojan-activity;sid:84517278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654179)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791001053/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654179/; classtype:trojan-activity;sid:84517279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654180)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"74.12.85.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654180/; classtype:trojan-activity;sid:84517280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654181)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.50.167.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654181/; classtype:trojan-activity;sid:84517281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654182)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.224.205.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654182/; classtype:trojan-activity;sid:84517282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654171)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"68.225.217.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654171/; classtype:trojan-activity;sid:84517271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654172)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-01-30/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654172/; classtype:trojan-activity;sid:84517272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654173)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.235.143.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654173/; classtype:trojan-activity;sid:84517273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654174)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"2.80.191.205"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654174/; classtype:trojan-activity;sid:84517274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654175)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171438/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654175/; classtype:trojan-activity;sid:84517275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654176)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/18296147000306/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654176/; classtype:trojan-activity;sid:84517276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654177)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"203.192.211.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654177/; classtype:trojan-activity;sid:84517277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654170)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"172.251.160.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654170/; classtype:trojan-activity;sid:84517270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654168)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"91.53.49.93"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654168/; classtype:trojan-activity;sid:84517268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654169)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.67.39.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654169/; classtype:trojan-activity;sid:84517269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654167)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-008/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654167/; classtype:trojan-activity;sid:84517267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654165)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-012/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654165/; classtype:trojan-activity;sid:84517265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654166)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"90.63.148.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654166/; classtype:trojan-activity;sid:84517266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654164)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165250/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654164/; classtype:trojan-activity;sid:84517264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654162)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.213.91.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654162/; classtype:trojan-activity;sid:84517262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654163)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-06-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654163/; classtype:trojan-activity;sid:84517263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654161)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.34.230.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654161/; classtype:trojan-activity;sid:84517261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654159)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220423-022/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654159/; classtype:trojan-activity;sid:84517259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654160)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-09-13/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654160/; classtype:trojan-activity;sid:84517260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654158)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.68.94.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654158/; classtype:trojan-activity;sid:84517258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654156)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"118.68.94.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654156/; classtype:trojan-activity;sid:84517256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654157)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"220.134.237.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654157/; classtype:trojan-activity;sid:84517257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654153)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/binn/template/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654153/; classtype:trojan-activity;sid:84517253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654154)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/com/res/1033/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654154/; classtype:trojan-activity;sid:84517254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654155)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/upgrdmap/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654155/; classtype:trojan-activity;sid:84517255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654152)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-041/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654152/; classtype:trojan-activity;sid:84517252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654151)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/msnet/adomd.net/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654151/; classtype:trojan-activity;sid:84517251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654150)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_msi/windows/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654150/; classtype:trojan-activity;sid:84517250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654149)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"76.154.249.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654149/; classtype:trojan-activity;sid:84517249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654148)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1000/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654148/; classtype:trojan-activity;sid:84517248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654146)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/dotnetmsp/ia64/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654146/; classtype:trojan-activity;sid:84517246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654147)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/sqlservr/100/shared/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654147/; classtype:trojan-activity;sid:84517247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654145)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/plcomps/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654145/; classtype:trojan-activity;sid:84517245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654144)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/windows/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654144/; classtype:trojan-activity;sid:84517244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654143)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/msnet/adomd.net/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654143/; classtype:trojan-activity;sid:84517243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654142)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2022-05-30/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654142/; classtype:trojan-activity;sid:84517242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654141)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.190.46.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654141/; classtype:trojan-activity;sid:84517241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654139)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240828-005/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654139/; classtype:trojan-activity;sid:84517239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654140)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210529-031/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654140/; classtype:trojan-activity;sid:84517240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654137)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/res/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654137/; classtype:trojan-activity;sid:84517237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654138)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"110.81.112.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654138/; classtype:trojan-activity;sid:84517238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654135)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-12-10/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654135/; classtype:trojan-activity;sid:84517235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654136)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.30.75.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654136/; classtype:trojan-activity;sid:84517236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654134)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211008-021/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654134/; classtype:trojan-activity;sid:84517234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654132)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171090/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654132/; classtype:trojan-activity;sid:84517232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654133)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-013/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654133/; classtype:trojan-activity;sid:84517233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654131)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"66.108.238.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654131/; classtype:trojan-activity;sid:84517231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654130)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.213.91.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654130/; classtype:trojan-activity;sid:84517230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654129)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170532/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654129/; classtype:trojan-activity;sid:84517229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654128)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-09-01/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654128/; classtype:trojan-activity;sid:84517228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654126)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1040/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654126/; classtype:trojan-activity;sid:84517226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654127)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/zh-chs/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654127/; classtype:trojan-activity;sid:84517227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654124)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.83.121.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654124/; classtype:trojan-activity;sid:84517224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654125)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654125/; classtype:trojan-activity;sid:84517225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654122)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.179.136.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654122/; classtype:trojan-activity;sid:84517222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654123)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.204.232.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654123/; classtype:trojan-activity;sid:84517223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654121)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211021-033/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654121/; classtype:trojan-activity;sid:84517221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654120)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.190.46.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654120/; classtype:trojan-activity;sid:84517220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654119)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654119/; classtype:trojan-activity;sid:84517219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654118)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654118/; classtype:trojan-activity;sid:84517218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654116)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-020/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654116/; classtype:trojan-activity;sid:84517216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654117)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654117/; classtype:trojan-activity;sid:84517217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654115)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"189.159.133.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654115/; classtype:trojan-activity;sid:84517215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654113)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"132.247.103.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654113/; classtype:trojan-activity;sid:84517213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654114)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654114/; classtype:trojan-activity;sid:84517214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654112)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168897/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654112/; classtype:trojan-activity;sid:84517212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654110)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210729-050/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654110/; classtype:trojan-activity;sid:84517210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654111)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"189.152.107.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654111/; classtype:trojan-activity;sid:84517211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654108)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.205.173.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654108/; classtype:trojan-activity;sid:84517208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654109)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/shared/zh-chs/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654109/; classtype:trojan-activity;sid:84517209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654103)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.38.217.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654103/; classtype:trojan-activity;sid:84517203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654104)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/com/res/2052/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654104/; classtype:trojan-activity;sid:84517204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654105)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-054/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654105/; classtype:trojan-activity;sid:84517205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654106)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171556/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654106/; classtype:trojan-activity;sid:84517206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654107)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/tasks/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654107/; classtype:trojan-activity;sid:84517207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654102)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171888/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654102/; classtype:trojan-activity;sid:84517202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654101)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654101/; classtype:trojan-activity;sid:84517201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654100)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211112-030/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654100/; classtype:trojan-activity;sid:84517200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654098)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.72.159.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654098/; classtype:trojan-activity;sid:84517198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654099)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240807-021/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654099/; classtype:trojan-activity;sid:84517199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654097)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654097/; classtype:trojan-activity;sid:84517197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654095)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211201-059/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654095/; classtype:trojan-activity;sid:84517195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654096)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250315-130/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654096/; classtype:trojan-activity;sid:84517196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654094)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-12-31/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654094/; classtype:trojan-activity;sid:84517194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654093)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.38.185.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654093/; classtype:trojan-activity;sid:84517193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654092)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-01-11/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654092/; classtype:trojan-activity;sid:84517192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654091)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-065/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654091/; classtype:trojan-activity;sid:84517191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654089)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/install/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654089/; classtype:trojan-activity;sid:84517189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654090)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-055/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654090/; classtype:trojan-activity;sid:84517190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654088)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654088/; classtype:trojan-activity;sid:84517188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654086)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"124.72.203.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654086/; classtype:trojan-activity;sid:84517186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654087)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654087/; classtype:trojan-activity;sid:84517187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654085)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-059/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654085/; classtype:trojan-activity;sid:84517185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654084)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-01-02/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654084/; classtype:trojan-activity;sid:84517184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654083)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654083/; classtype:trojan-activity;sid:84517183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654082)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654082/; classtype:trojan-activity;sid:84517182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654081)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/windows/system32/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654081/; classtype:trojan-activity;sid:84517181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654080)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw0505/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654080/; classtype:trojan-activity;sid:84517180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654079)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-034/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654079/; classtype:trojan-activity;sid:84517179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654078)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.165.240.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654078/; classtype:trojan-activity;sid:84517178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654077)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.205.173.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654077/; classtype:trojan-activity;sid:84517177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654076)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654076/; classtype:trojan-activity;sid:84517176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654075)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-08-06/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654075/; classtype:trojan-activity;sid:84517175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654073)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210907-038/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654073/; classtype:trojan-activity;sid:84517173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654074)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.190.199.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654074/; classtype:trojan-activity;sid:84517174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654072)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.211.28.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654072/; classtype:trojan-activity;sid:84517172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654070)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"98.15.210.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654070/; classtype:trojan-activity;sid:84517170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654071)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"74.64.155.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654071/; classtype:trojan-activity;sid:84517171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654069)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/en/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654069/; classtype:trojan-activity;sid:84517169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654068)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210807-023/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654068/; classtype:trojan-activity;sid:84517168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654067)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-020/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654067/; classtype:trojan-activity;sid:84517167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654066)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250305-083/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654066/; classtype:trojan-activity;sid:84517166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654065)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"50.65.169.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654065/; classtype:trojan-activity;sid:84517165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654059)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"71.239.7.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654059/; classtype:trojan-activity;sid:84517159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654060)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.240.239.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654060/; classtype:trojan-activity;sid:84517160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654061)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"124.72.203.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654061/; classtype:trojan-activity;sid:84517161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654062)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/07/dta/info.zip"; http_uri; depth:157; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654062/; classtype:trojan-activity;sid:84517162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654063)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.195.224.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654063/; classtype:trojan-activity;sid:84517163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654064)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.32.217.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654064/; classtype:trojan-activity;sid:84517164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654058)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210529-031/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654058/; classtype:trojan-activity;sid:84517158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654055)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"74.64.155.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654055/; classtype:trojan-activity;sid:84517155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654056)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211206-052/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654056/; classtype:trojan-activity;sid:84517156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654057)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/plcomps/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654057/; classtype:trojan-activity;sid:84517157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654053)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/help/info.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654053/; classtype:trojan-activity;sid:84517153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654054)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.72.16.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654054/; classtype:trojan-activity;sid:84517154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654052)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/keyfile/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654052/; classtype:trojan-activity;sid:84517152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654051)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/tasks/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654051/; classtype:trojan-activity;sid:84517151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654049)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/08102019085104/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654049/; classtype:trojan-activity;sid:84517149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654050)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211008-008/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654050/; classtype:trojan-activity;sid:84517150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654047)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654047/; classtype:trojan-activity;sid:84517147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654048)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210804-089/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654048/; classtype:trojan-activity;sid:84517148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654046)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211021-034/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654046/; classtype:trojan-activity;sid:84517146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654045)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230909-008/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654045/; classtype:trojan-activity;sid:84517145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654044)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"124.123.123.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654044/; classtype:trojan-activity;sid:84517144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654043)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"114.33.7.47"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654043/; classtype:trojan-activity;sid:84517143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654042)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220111-033/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654042/; classtype:trojan-activity;sid:84517142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654041)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.240.239.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654041/; classtype:trojan-activity;sid:84517141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654040)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654040/; classtype:trojan-activity;sid:84517140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654039)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"73.71.107.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654039/; classtype:trojan-activity;sid:84517139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654038)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"67.10.149.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654038/; classtype:trojan-activity;sid:84517138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654037)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-024/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654037/; classtype:trojan-activity;sid:84517137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654035)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/ide/priassem/busproj/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654035/; classtype:trojan-activity;sid:84517135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654036)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240127-019/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654036/; classtype:trojan-activity;sid:84517136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654034)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654034/; classtype:trojan-activity;sid:84517134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654033)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-05-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654033/; classtype:trojan-activity;sid:84517133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654032)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"70.95.233.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654032/; classtype:trojan-activity;sid:84517132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654031)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654031/; classtype:trojan-activity;sid:84517131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654030)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-029/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654030/; classtype:trojan-activity;sid:84517130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654029)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210802-018/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654029/; classtype:trojan-activity;sid:84517129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654027)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164262/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654027/; classtype:trojan-activity;sid:84517127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654028)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250724-113/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654028/; classtype:trojan-activity;sid:84517128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654026)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"98.213.164.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654026/; classtype:trojan-activity;sid:84517126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654025)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654025/; classtype:trojan-activity;sid:84517125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654024)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.203.254.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654024/; classtype:trojan-activity;sid:84517124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654023)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654023/; classtype:trojan-activity;sid:84517123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654022)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"76.136.85.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654022/; classtype:trojan-activity;sid:84517122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654021)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-05-15/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654021/; classtype:trojan-activity;sid:84517121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654019)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.205.173.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654019/; classtype:trojan-activity;sid:84517119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654020)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/info.zip"; http_uri; depth:150; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654020/; classtype:trojan-activity;sid:84517120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654018)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"170.55.7.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654018/; classtype:trojan-activity;sid:84517118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654017)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654017/; classtype:trojan-activity;sid:84517117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654016)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-03-12/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654016/; classtype:trojan-activity;sid:84517116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654015)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/shared/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654015/; classtype:trojan-activity;sid:84517115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654014)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220729-016/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654014/; classtype:trojan-activity;sid:84517114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654012)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-026/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654012/; classtype:trojan-activity;sid:84517112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654013)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"62.228.75.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654013/; classtype:trojan-activity;sid:84517113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654011)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-07-31/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654011/; classtype:trojan-activity;sid:84517111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654010)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654010/; classtype:trojan-activity;sid:84517110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654009)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.36.80.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654009/; classtype:trojan-activity;sid:84517109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654007)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210923-026/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654007/; classtype:trojan-activity;sid:84517107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654008)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqltran/info.zip"; http_uri; depth:169; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654008/; classtype:trojan-activity;sid:84517108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654006)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250701-032/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654006/; classtype:trojan-activity;sid:84517106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654005)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-08-17/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654005/; classtype:trojan-activity;sid:84517105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654004)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.215.242.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654004/; classtype:trojan-activity;sid:84517104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654003)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654003/; classtype:trojan-activity;sid:84517103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654002)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/info.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654002/; classtype:trojan-activity;sid:84517102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654001)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-023/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654001/; classtype:trojan-activity;sid:84517101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654000)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.35.55.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654000/; classtype:trojan-activity;sid:84517100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653999)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetmsp/x64/info.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653999/; classtype:trojan-activity;sid:84517099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653998)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/sqlservr/100/info.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653998/; classtype:trojan-activity;sid:84517098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653997)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.89.102.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653997/; classtype:trojan-activity;sid:84517097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653994)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240617-095/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653994/; classtype:trojan-activity;sid:84517094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653995)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"74.64.155.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653995/; classtype:trojan-activity;sid:84517095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653996)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/upgrdmap/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653996/; classtype:trojan-activity;sid:84517096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653992)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653992/; classtype:trojan-activity;sid:84517092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653993)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.81.112.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653993/; classtype:trojan-activity;sid:84517093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653991)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653991/; classtype:trojan-activity;sid:84517091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653989)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000640/2024-05-25/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653989/; classtype:trojan-activity;sid:84517089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653990)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/3082/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653990/; classtype:trojan-activity;sid:84517090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653987)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-08-30/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653987/; classtype:trojan-activity;sid:84517087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653988)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-01-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653988/; classtype:trojan-activity;sid:84517088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653986)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/windows/gac_32/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653986/; classtype:trojan-activity;sid:84517086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653985)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"67.177.204.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653985/; classtype:trojan-activity;sid:84517085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653984)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171284/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653984/; classtype:trojan-activity;sid:84517084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653982)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653982/; classtype:trojan-activity;sid:84517082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653983)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1028/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653983/; classtype:trojan-activity;sid:84517083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653981)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/windows/system32/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653981/; classtype:trojan-activity;sid:84517081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653980)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.38.185.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653980/; classtype:trojan-activity;sid:84517080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653979)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210103-001/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653979/; classtype:trojan-activity;sid:84517079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653978)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/connect/zh-chs/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653978/; classtype:trojan-activity;sid:84517078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653977)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"70.190.199.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653977/; classtype:trojan-activity;sid:84517077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653976)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653976/; classtype:trojan-activity;sid:84517076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653975)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"177.212.247.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653975/; classtype:trojan-activity;sid:84517075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653974)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"1.34.224.191"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653974/; classtype:trojan-activity;sid:84517074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653973)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"74.64.155.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653973/; classtype:trojan-activity;sid:84517073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653972)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653972/; classtype:trojan-activity;sid:84517072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653971)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160718/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653971/; classtype:trojan-activity;sid:84517071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653970)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165246/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653970/; classtype:trojan-activity;sid:84517070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653967)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-026/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653967/; classtype:trojan-activity;sid:84517067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653968)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220111-033/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653968/; classtype:trojan-activity;sid:84517068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653969)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"189.159.133.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653969/; classtype:trojan-activity;sid:84517069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653965)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-070/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653965/; classtype:trojan-activity;sid:84517065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653966)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/keyfile/2052/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653966/; classtype:trojan-activity;sid:84517066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653964)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.123.123.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653964/; classtype:trojan-activity;sid:84517064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653963)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"68.108.119.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653963/; classtype:trojan-activity;sid:84517063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653960)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"186.235.86.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653960/; classtype:trojan-activity;sid:84517060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653961)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"152.230.116.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653961/; classtype:trojan-activity;sid:84517061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653962)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653962/; classtype:trojan-activity;sid:84517062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653958)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653958/; classtype:trojan-activity;sid:84517058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653959)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.84.85.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653959/; classtype:trojan-activity;sid:84517059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653956)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/install/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653956/; classtype:trojan-activity;sid:84517056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653957)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-036/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653957/; classtype:trojan-activity;sid:84517057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653955)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211008-021/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653955/; classtype:trojan-activity;sid:84517055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653953)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250208-081/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653953/; classtype:trojan-activity;sid:84517053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653954)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"72.219.74.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653954/; classtype:trojan-activity;sid:84517054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653952)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"189.152.107.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653952/; classtype:trojan-activity;sid:84517052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653951)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"74.12.85.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653951/; classtype:trojan-activity;sid:84517051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653949)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"74.105.123.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653949/; classtype:trojan-activity;sid:84517049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653950)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.213.91.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653950/; classtype:trojan-activity;sid:84517050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653948)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/07/showplan/info.zip"; http_uri; depth:162; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653948/; classtype:trojan-activity;sid:84517048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653947)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653947/; classtype:trojan-activity;sid:84517047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653946)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.84.85.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653946/; classtype:trojan-activity;sid:84517046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653945)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/ide/priassem/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653945/; classtype:trojan-activity;sid:84517045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653944)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/src/sass/info.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653944/; classtype:trojan-activity;sid:84517044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653941)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.200.99.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653941/; classtype:trojan-activity;sid:84517041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653942)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-08-13/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653942/; classtype:trojan-activity;sid:84517042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653943)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653943/; classtype:trojan-activity;sid:84517043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653939)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"170.55.7.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653939/; classtype:trojan-activity;sid:84517039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653940)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/windows%20installer/x86/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653940/; classtype:trojan-activity;sid:84517040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653938)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210907-038/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653938/; classtype:trojan-activity;sid:84517038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653937)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.83.121.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653937/; classtype:trojan-activity;sid:84517037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653936)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.38.217.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653936/; classtype:trojan-activity;sid:84517036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653935)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"74.12.85.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653935/; classtype:trojan-activity;sid:84517035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653934)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168527/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653934/; classtype:trojan-activity;sid:84517034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653933)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250301-019/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653933/; classtype:trojan-activity;sid:84517033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653932)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"191.25.218.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653932/; classtype:trojan-activity;sid:84517032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653931)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.134.237.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653931/; classtype:trojan-activity;sid:84517031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653930)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"116.58.62.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653930/; classtype:trojan-activity;sid:84517030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653929)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.38.185.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653929/; classtype:trojan-activity;sid:84517029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653926)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/sqlservr/100/dts/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653926/; classtype:trojan-activity;sid:84517026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653927)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"90.194.127.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653927/; classtype:trojan-activity;sid:84517027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653928)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/mg/conting%c3%aancia/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653928/; classtype:trojan-activity;sid:84517028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653925)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/2052/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653925/; classtype:trojan-activity;sid:84517025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653924)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-009/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653924/; classtype:trojan-activity;sid:84517024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653923)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165020/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653923/; classtype:trojan-activity;sid:84517023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653921)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"60.249.150.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653921/; classtype:trojan-activity;sid:84517021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653922)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/msvs9/common7/ide/priassem/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653922/; classtype:trojan-activity;sid:84517022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653919)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164836/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653919/; classtype:trojan-activity;sid:84517019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653920)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-013/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653920/; classtype:trojan-activity;sid:84517020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653917)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.205.173.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653917/; classtype:trojan-activity;sid:84517017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653918)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.234.95.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653918/; classtype:trojan-activity;sid:84517018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653915)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653915/; classtype:trojan-activity;sid:84517015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653916)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.61.160.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653916/; classtype:trojan-activity;sid:84517016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653914)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653914/; classtype:trojan-activity;sid:84517014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653913)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211116-023/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653913/; classtype:trojan-activity;sid:84517013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653911)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220428-040/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653911/; classtype:trojan-activity;sid:84517011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653912)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.202.15.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653912/; classtype:trojan-activity;sid:84517012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653910)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.55.251.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653910/; classtype:trojan-activity;sid:84517010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653908)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653908/; classtype:trojan-activity;sid:84517008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653909)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/sqltypes/info.zip"; http_uri; depth:159; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653909/; classtype:trojan-activity;sid:84517009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653907)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-04-01/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653907/; classtype:trojan-activity;sid:84517007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653906)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172788/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653906/; classtype:trojan-activity;sid:84517006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653905)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653905/; classtype:trojan-activity;sid:84517005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653904)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2006/11/events/info.zip"; http_uri; depth:158; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653904/; classtype:trojan-activity;sid:84517004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653903)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653903/; classtype:trojan-activity;sid:84517003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653901)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210720-066/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653901/; classtype:trojan-activity;sid:84517001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653902)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"121.207.44.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653902/; classtype:trojan-activity;sid:84517002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653900)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.203.254.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653900/; classtype:trojan-activity;sid:84517000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653899)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"223.198.243.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653899/; classtype:trojan-activity;sid:84516999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653898)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241123-072/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653898/; classtype:trojan-activity;sid:84516998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653897)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"115.215.242.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653897/; classtype:trojan-activity;sid:84516997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653896)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240523-025/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653896/; classtype:trojan-activity;sid:84516996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653895)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653895/; classtype:trojan-activity;sid:84516995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653894)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160995/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653894/; classtype:trojan-activity;sid:84516994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653892)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653892/; classtype:trojan-activity;sid:84516992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653893)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"203.192.211.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653893/; classtype:trojan-activity;sid:84516993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653891)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/provdesc/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653891/; classtype:trojan-activity;sid:84516991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653890)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653890/; classtype:trojan-activity;sid:84516990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653889)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653889/; classtype:trojan-activity;sid:84516989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653888)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.58.62.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653888/; classtype:trojan-activity;sid:84516988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653887)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240724-070/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653887/; classtype:trojan-activity;sid:84516987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653886)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.209.146.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653886/; classtype:trojan-activity;sid:84516986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653885)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"32.219.189.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653885/; classtype:trojan-activity;sid:84516985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653882)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-04-19/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653882/; classtype:trojan-activity;sid:84516982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653883)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171458/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653883/; classtype:trojan-activity;sid:84516983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653884)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"68.108.119.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653884/; classtype:trojan-activity;sid:84516984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653880)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw0900/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653880/; classtype:trojan-activity;sid:84516980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653881)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220114-001/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653881/; classtype:trojan-activity;sid:84516981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653879)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.153.137.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653879/; classtype:trojan-activity;sid:84516979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653877)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"106.122.175.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653877/; classtype:trojan-activity;sid:84516977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653878)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.118.32.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653878/; classtype:trojan-activity;sid:84516978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653876)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.248.107.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653876/; classtype:trojan-activity;sid:84516976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653875)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-31/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653875/; classtype:trojan-activity;sid:84516975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653874)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653874/; classtype:trojan-activity;sid:84516974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653873)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170596/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653873/; classtype:trojan-activity;sid:84516973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653871)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.198.246.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653871/; classtype:trojan-activity;sid:84516971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653872)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/msnet/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653872/; classtype:trojan-activity;sid:84516972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653869)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211021-033/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653869/; classtype:trojan-activity;sid:84516969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653870)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.200.95.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653870/; classtype:trojan-activity;sid:84516970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653868)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"152.0.25.96"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653868/; classtype:trojan-activity;sid:84516968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653866)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"73.32.57.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653866/; classtype:trojan-activity;sid:84516966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653867)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.203.254.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653867/; classtype:trojan-activity;sid:84516967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653864)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-07-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653864/; classtype:trojan-activity;sid:84516964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653865)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240417-047/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653865/; classtype:trojan-activity;sid:84516965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653863)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653863/; classtype:trojan-activity;sid:84516963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653862)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/res/1033/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653862/; classtype:trojan-activity;sid:84516962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653861)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653861/; classtype:trojan-activity;sid:84516961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653859)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653859/; classtype:trojan-activity;sid:84516959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653860)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231206-014/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653860/; classtype:trojan-activity;sid:84516960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653858)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.172.14.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653858/; classtype:trojan-activity;sid:84516958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653857)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653857/; classtype:trojan-activity;sid:84516957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653856)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653856/; classtype:trojan-activity;sid:84516956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653855)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/watson/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653855/; classtype:trojan-activity;sid:84516955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653854)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.200.95.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653854/; classtype:trojan-activity;sid:84516954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653853)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.136.85.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653853/; classtype:trojan-activity;sid:84516953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653852)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653852/; classtype:trojan-activity;sid:84516952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653851)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-029/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653851/; classtype:trojan-activity;sid:84516951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653850)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165504/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653850/; classtype:trojan-activity;sid:84516950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653848)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"132.247.103.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653848/; classtype:trojan-activity;sid:84516948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653849)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653849/; classtype:trojan-activity;sid:84516949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653847)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.72.16.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653847/; classtype:trojan-activity;sid:84516947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653846)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"152.0.25.96"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653846/; classtype:trojan-activity;sid:84516946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653842)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-02-03/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653842/; classtype:trojan-activity;sid:84516942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653843)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"189.159.133.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653843/; classtype:trojan-activity;sid:84516943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653844)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210910-045/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653844/; classtype:trojan-activity;sid:84516944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653845)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"118.68.94.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653845/; classtype:trojan-activity;sid:84516945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653841)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-06-08/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653841/; classtype:trojan-activity;sid:84516941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653840)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"32.219.189.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653840/; classtype:trojan-activity;sid:84516940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653839)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-01-10/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653839/; classtype:trojan-activity;sid:84516939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653838)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"2.80.191.205"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653838/; classtype:trojan-activity;sid:84516938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653837)"; flow:established,from_client; content:"GET"; http_method; content:"/update/%e6%96%b0%e5%bb%ba%e6%96%87%e4%bb%b6%e5%a4%b9/_pb%20decompiler%20dws/bjgl.pbd/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653837/; classtype:trojan-activity;sid:84516937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653836)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653836/; classtype:trojan-activity;sid:84516936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653835)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"220.134.237.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653835/; classtype:trojan-activity;sid:84516935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653834)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653834/; classtype:trojan-activity;sid:84516934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653833)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/zh-chs/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653833/; classtype:trojan-activity;sid:84516933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653832)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/msvs9/info.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653832/; classtype:trojan-activity;sid:84516932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653831)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-04-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653831/; classtype:trojan-activity;sid:84516931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653830)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-020/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653830/; classtype:trojan-activity;sid:84516930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653829)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"98.213.164.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653829/; classtype:trojan-activity;sid:84516929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653828)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.89.102.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653828/; classtype:trojan-activity;sid:84516928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653827)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.230.44.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653827/; classtype:trojan-activity;sid:84516927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653826)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653826/; classtype:trojan-activity;sid:84516926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653824)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.190.199.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653824/; classtype:trojan-activity;sid:84516924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653825)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210923-026/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653825/; classtype:trojan-activity;sid:84516925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653823)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653823/; classtype:trojan-activity;sid:84516923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653821)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"191.25.218.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653821/; classtype:trojan-activity;sid:84516921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653822)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653822/; classtype:trojan-activity;sid:84516922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653820)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pdffactory_pro_setup/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653820/; classtype:trojan-activity;sid:84516920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653818)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653818/; classtype:trojan-activity;sid:84516918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653819)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-04-29/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653819/; classtype:trojan-activity;sid:84516919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653817)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"189.159.133.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653817/; classtype:trojan-activity;sid:84516917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653815)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-001/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653815/; classtype:trojan-activity;sid:84516915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653816)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.195.224.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653816/; classtype:trojan-activity;sid:84516916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653814)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"71.239.7.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653814/; classtype:trojan-activity;sid:84516914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653813)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"170.55.7.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653813/; classtype:trojan-activity;sid:84516913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653810)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171742/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653810/; classtype:trojan-activity;sid:84516910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653811)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.144.63.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653811/; classtype:trojan-activity;sid:84516911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653812)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165824/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653812/; classtype:trojan-activity;sid:84516912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653807)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"220.134.237.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653807/; classtype:trojan-activity;sid:84516907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653808)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170482/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653808/; classtype:trojan-activity;sid:84516908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653809)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-018/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653809/; classtype:trojan-activity;sid:84516909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653806)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.200.99.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653806/; classtype:trojan-activity;sid:84516906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653804)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-002/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653804/; classtype:trojan-activity;sid:84516904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653805)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1041/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653805/; classtype:trojan-activity;sid:84516905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653803)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/binn/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653803/; classtype:trojan-activity;sid:84516903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653802)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653802/; classtype:trojan-activity;sid:84516902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653799)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"156.200.99.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653799/; classtype:trojan-activity;sid:84516899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653800)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-019/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653800/; classtype:trojan-activity;sid:84516900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653801)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"47.195.224.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653801/; classtype:trojan-activity;sid:84516901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653796)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231113-028/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653796/; classtype:trojan-activity;sid:84516896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653797)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.144.63.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653797/; classtype:trojan-activity;sid:84516897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653798)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210810-020/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653798/; classtype:trojan-activity;sid:84516898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653794)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-08-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653794/; classtype:trojan-activity;sid:84516894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653795)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250630-059/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653795/; classtype:trojan-activity;sid:84516895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653792)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653792/; classtype:trojan-activity;sid:84516892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653793)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250301-019/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653793/; classtype:trojan-activity;sid:84516893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653791)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653791/; classtype:trojan-activity;sid:84516891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653789)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000640/2024-06-30/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653789/; classtype:trojan-activity;sid:84516889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653790)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-04-01/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653790/; classtype:trojan-activity;sid:84516890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653787)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"177.212.247.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653787/; classtype:trojan-activity;sid:84516887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653788)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1042/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653788/; classtype:trojan-activity;sid:84516888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653784)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240903-084/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653784/; classtype:trojan-activity;sid:84516884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653785)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653785/; classtype:trojan-activity;sid:84516885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653786)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653786/; classtype:trojan-activity;sid:84516886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653783)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/df/conting%c3%aancia/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653783/; classtype:trojan-activity;sid:84516883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653782)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653782/; classtype:trojan-activity;sid:84516882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653781)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"49.205.173.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653781/; classtype:trojan-activity;sid:84516881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653780)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-09-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653780/; classtype:trojan-activity;sid:84516880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653779)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.34.224.191"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653779/; classtype:trojan-activity;sid:84516879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653777)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/info.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653777/; classtype:trojan-activity;sid:84516877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653778)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653778/; classtype:trojan-activity;sid:84516878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653775)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqlrowct/info.zip"; http_uri; depth:170; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653775/; classtype:trojan-activity;sid:84516875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653776)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"191.25.218.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653776/; classtype:trojan-activity;sid:84516876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653774)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-03-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653774/; classtype:trojan-activity;sid:84516874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653773)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"73.32.57.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653773/; classtype:trojan-activity;sid:84516873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653771)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171302/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653771/; classtype:trojan-activity;sid:84516871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653772)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"73.51.224.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653772/; classtype:trojan-activity;sid:84516872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653768)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220317-085/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653768/; classtype:trojan-activity;sid:84516868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653769)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241219-043/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653769/; classtype:trojan-activity;sid:84516869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653770)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.36.80.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653770/; classtype:trojan-activity;sid:84516870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653767)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/shared/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653767/; classtype:trojan-activity;sid:84516867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653762)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"60.249.150.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653762/; classtype:trojan-activity;sid:84516862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653763)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211206-052/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653763/; classtype:trojan-activity;sid:84516863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653764)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210731-081/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653764/; classtype:trojan-activity;sid:84516864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653765)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2022-05-05/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653765/; classtype:trojan-activity;sid:84516865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653766)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"124.72.203.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653766/; classtype:trojan-activity;sid:84516866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653761)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-04-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653761/; classtype:trojan-activity;sid:84516861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653759)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-022/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653759/; classtype:trojan-activity;sid:84516859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653760)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-024/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653760/; classtype:trojan-activity;sid:84516860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653758)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653758/; classtype:trojan-activity;sid:84516858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653757)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"121.207.44.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653757/; classtype:trojan-activity;sid:84516857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653756)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"212.27.26.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653756/; classtype:trojan-activity;sid:84516856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653754)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.240.239.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653754/; classtype:trojan-activity;sid:84516854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653755)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653755/; classtype:trojan-activity;sid:84516855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653752)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw0800/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653752/; classtype:trojan-activity;sid:84516852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653753)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653753/; classtype:trojan-activity;sid:84516853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653750)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.24.155.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653750/; classtype:trojan-activity;sid:84516850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653751)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653751/; classtype:trojan-activity;sid:84516851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653749)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"187.247.242.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653749/; classtype:trojan-activity;sid:84516849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653748)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.59.134.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653748/; classtype:trojan-activity;sid:84516848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653747)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653747/; classtype:trojan-activity;sid:84516847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653746)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220916-031/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653746/; classtype:trojan-activity;sid:84516846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653745)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"170.55.7.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653745/; classtype:trojan-activity;sid:84516845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653744)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1036/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653744/; classtype:trojan-activity;sid:84516844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653743)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"186.235.86.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653743/; classtype:trojan-activity;sid:84516843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653742)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/msnet/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653742/; classtype:trojan-activity;sid:84516842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653741)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653741/; classtype:trojan-activity;sid:84516841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653740)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tx/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653740/; classtype:trojan-activity;sid:84516840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653739)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653739/; classtype:trojan-activity;sid:84516839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653737)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-06-17/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653737/; classtype:trojan-activity;sid:84516837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653738)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220715-064/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653738/; classtype:trojan-activity;sid:84516838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653736)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.212.247.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653736/; classtype:trojan-activity;sid:84516836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653735)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-061/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653735/; classtype:trojan-activity;sid:84516835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653734)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653734/; classtype:trojan-activity;sid:84516834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653733)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220217-058/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653733/; classtype:trojan-activity;sid:84516833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653732)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.61.160.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653732/; classtype:trojan-activity;sid:84516832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653730)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653730/; classtype:trojan-activity;sid:84516830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653731)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.249.150.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653731/; classtype:trojan-activity;sid:84516831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653729)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/binn/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653729/; classtype:trojan-activity;sid:84516829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653728)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653728/; classtype:trojan-activity;sid:84516828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653727)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"117.30.75.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653727/; classtype:trojan-activity;sid:84516827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653726)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166259/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653726/; classtype:trojan-activity;sid:84516826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653725)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-09-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653725/; classtype:trojan-activity;sid:84516825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653724)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-043/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653724/; classtype:trojan-activity;sid:84516824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653722)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653722/; classtype:trojan-activity;sid:84516822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653723)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.209.146.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653723/; classtype:trojan-activity;sid:84516823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653720)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/help/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653720/; classtype:trojan-activity;sid:84516820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653721)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210703-016/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653721/; classtype:trojan-activity;sid:84516821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653719)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/res/1033/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653719/; classtype:trojan-activity;sid:84516819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653718)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"190.153.137.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653718/; classtype:trojan-activity;sid:84516818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653717)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"32.219.189.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653717/; classtype:trojan-activity;sid:84516817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653716)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-045/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653716/; classtype:trojan-activity;sid:84516816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653715)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653715/; classtype:trojan-activity;sid:84516815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653713)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"76.136.85.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653713/; classtype:trojan-activity;sid:84516813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653714)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/zh-chs/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653714/; classtype:trojan-activity;sid:84516814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653712)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653712/; classtype:trojan-activity;sid:84516812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653711)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.80.191.205"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653711/; classtype:trojan-activity;sid:84516811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653710)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.83.121.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653710/; classtype:trojan-activity;sid:84516810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653709)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653709/; classtype:trojan-activity;sid:84516809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653708)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/powershell/x64/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653708/; classtype:trojan-activity;sid:84516808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653707)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-11-30/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653707/; classtype:trojan-activity;sid:84516807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653705)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653705/; classtype:trojan-activity;sid:84516805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653706)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240131-058/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653706/; classtype:trojan-activity;sid:84516806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653704)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-02-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653704/; classtype:trojan-activity;sid:84516804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653703)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"73.51.224.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653703/; classtype:trojan-activity;sid:84516803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653702)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653702/; classtype:trojan-activity;sid:84516802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653700)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.240.239.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653700/; classtype:trojan-activity;sid:84516800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653701)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"67.10.149.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653701/; classtype:trojan-activity;sid:84516801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653699)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.33.7.47"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653699/; classtype:trojan-activity;sid:84516799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653698)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/sqlservr/100/shared/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653698/; classtype:trojan-activity;sid:84516798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653697)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/msvs9/common7/ide/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653697/; classtype:trojan-activity;sid:84516797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653696)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-03-01/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653696/; classtype:trojan-activity;sid:84516796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653695)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653695/; classtype:trojan-activity;sid:84516795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653694)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/msnet/adomd.net/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653694/; classtype:trojan-activity;sid:84516794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653692)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160599/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653692/; classtype:trojan-activity;sid:84516792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653693)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653693/; classtype:trojan-activity;sid:84516793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653690)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"71.198.110.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653690/; classtype:trojan-activity;sid:84516790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653691)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"111.235.143.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653691/; classtype:trojan-activity;sid:84516791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653688)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168289/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653688/; classtype:trojan-activity;sid:84516788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653689)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.59.97.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653689/; classtype:trojan-activity;sid:84516789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653686)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220824-006/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653686/; classtype:trojan-activity;sid:84516786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653687)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220427-069/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653687/; classtype:trojan-activity;sid:84516787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653685)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653685/; classtype:trojan-activity;sid:84516785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653684)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-055/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653684/; classtype:trojan-activity;sid:84516784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653683)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653683/; classtype:trojan-activity;sid:84516783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653681)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653681/; classtype:trojan-activity;sid:84516781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653682)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240726-087/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653682/; classtype:trojan-activity;sid:84516782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653680)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/windows/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653680/; classtype:trojan-activity;sid:84516780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653679)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220427-069/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653679/; classtype:trojan-activity;sid:84516779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653678)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-05-20/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653678/; classtype:trojan-activity;sid:84516778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653676)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-036/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653676/; classtype:trojan-activity;sid:84516776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653677)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"220.134.237.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653677/; classtype:trojan-activity;sid:84516777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653675)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653675/; classtype:trojan-activity;sid:84516775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653673)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.190.46.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653673/; classtype:trojan-activity;sid:84516773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653674)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210706-066/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653674/; classtype:trojan-activity;sid:84516774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653672)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.230.44.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653672/; classtype:trojan-activity;sid:84516772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653670)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210723-026/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653670/; classtype:trojan-activity;sid:84516770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653671)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2023-11-09/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653671/; classtype:trojan-activity;sid:84516771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653669)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"67.177.204.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653669/; classtype:trojan-activity;sid:84516769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653668)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/ma/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653668/; classtype:trojan-activity;sid:84516768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653667)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000163666/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653667/; classtype:trojan-activity;sid:84516767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653664)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-007/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653664/; classtype:trojan-activity;sid:84516764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653665)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-03-17/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653665/; classtype:trojan-activity;sid:84516765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653666)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.190.199.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653666/; classtype:trojan-activity;sid:84516766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653662)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"188.82.127.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653662/; classtype:trojan-activity;sid:84516762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653663)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"82.67.13.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653663/; classtype:trojan-activity;sid:84516763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653661)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.61.160.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653661/; classtype:trojan-activity;sid:84516761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653660)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"64.38.185.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653660/; classtype:trojan-activity;sid:84516760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653659)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/binn/dlltmp32/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653659/; classtype:trojan-activity;sid:84516759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653656)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqlparam/info.zip"; http_uri; depth:171; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653656/; classtype:trojan-activity;sid:84516756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653657)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"66.108.238.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653657/; classtype:trojan-activity;sid:84516757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653658)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653658/; classtype:trojan-activity;sid:84516758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653655)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.179.136.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653655/; classtype:trojan-activity;sid:84516755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653653)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211021-034/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653653/; classtype:trojan-activity;sid:84516753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653654)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.93.22.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653654/; classtype:trojan-activity;sid:84516754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653649)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-05-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653649/; classtype:trojan-activity;sid:84516749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653650)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-04-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653650/; classtype:trojan-activity;sid:84516750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653651)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"189.61.50.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653651/; classtype:trojan-activity;sid:84516751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653652)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"1.64.40.207"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653652/; classtype:trojan-activity;sid:84516752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653647)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"71.198.110.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653647/; classtype:trojan-activity;sid:84516747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653648)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/images/famen/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653648/; classtype:trojan-activity;sid:84516748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653646)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.134.237.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653646/; classtype:trojan-activity;sid:84516746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653643)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"106.122.175.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653643/; classtype:trojan-activity;sid:84516743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653644)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-020/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653644/; classtype:trojan-activity;sid:84516744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653645)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210723-029/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653645/; classtype:trojan-activity;sid:84516745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653640)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.204.232.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653640/; classtype:trojan-activity;sid:84516740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653641)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170010/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653641/; classtype:trojan-activity;sid:84516741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653642)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"73.32.57.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653642/; classtype:trojan-activity;sid:84516742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653639)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"74.12.85.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653639/; classtype:trojan-activity;sid:84516739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653636)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-10-20/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653636/; classtype:trojan-activity;sid:84516736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653637)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-056/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653637/; classtype:trojan-activity;sid:84516737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653638)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/07/info.zip"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653638/; classtype:trojan-activity;sid:84516738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653635)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.249.150.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653635/; classtype:trojan-activity;sid:84516735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653633)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653633/; classtype:trojan-activity;sid:84516733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653634)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.234.95.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653634/; classtype:trojan-activity;sid:84516734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653632)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.55.251.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653632/; classtype:trojan-activity;sid:84516732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653631)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"110.81.112.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653631/; classtype:trojan-activity;sid:84516731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653629)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.64.40.207"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653629/; classtype:trojan-activity;sid:84516729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653630)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.248.107.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653630/; classtype:trojan-activity;sid:84516730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653627)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"188.82.127.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653627/; classtype:trojan-activity;sid:84516727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653628)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.38.185.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653628/; classtype:trojan-activity;sid:84516728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653625)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171294/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653625/; classtype:trojan-activity;sid:84516725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653626)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"2.80.191.205"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653626/; classtype:trojan-activity;sid:84516726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653624)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"187.59.97.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653624/; classtype:trojan-activity;sid:84516724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653623)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-01-28/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653623/; classtype:trojan-activity;sid:84516723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653619)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-07-10/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653619/; classtype:trojan-activity;sid:84516719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653620)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.200.99.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653620/; classtype:trojan-activity;sid:84516720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653621)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.200.99.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653621/; classtype:trojan-activity;sid:84516721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653622)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"82.67.13.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653622/; classtype:trojan-activity;sid:84516722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653618)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165072/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653618/; classtype:trojan-activity;sid:84516718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653617)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165850/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653617/; classtype:trojan-activity;sid:84516717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653615)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-07-06/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653615/; classtype:trojan-activity;sid:84516715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653616)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-05-05/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653616/; classtype:trojan-activity;sid:84516716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653613)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-02-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653613/; classtype:trojan-activity;sid:84516713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653614)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-03-12/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653614/; classtype:trojan-activity;sid:84516714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653608)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166237/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653608/; classtype:trojan-activity;sid:84516708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653609)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164804/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653609/; classtype:trojan-activity;sid:84516709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653610)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"62.228.75.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653610/; classtype:trojan-activity;sid:84516710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653611)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.203.254.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653611/; classtype:trojan-activity;sid:84516711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653612)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"1.64.40.207"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653612/; classtype:trojan-activity;sid:84516712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653606)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-06-10/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653606/; classtype:trojan-activity;sid:84516706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653607)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653607/; classtype:trojan-activity;sid:84516707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653605)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653605/; classtype:trojan-activity;sid:84516705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653604)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165090/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653604/; classtype:trojan-activity;sid:84516704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653603)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653603/; classtype:trojan-activity;sid:84516703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653602)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653602/; classtype:trojan-activity;sid:84516702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653601)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171246/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653601/; classtype:trojan-activity;sid:84516701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653599)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653599/; classtype:trojan-activity;sid:84516699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653600)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-045/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653600/; classtype:trojan-activity;sid:84516700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653598)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653598/; classtype:trojan-activity;sid:84516698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653597)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250421-008/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653597/; classtype:trojan-activity;sid:84516697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653596)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/connect/en/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653596/; classtype:trojan-activity;sid:84516696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653595)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-02-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653595/; classtype:trojan-activity;sid:84516695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653594)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211228-022/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653594/; classtype:trojan-activity;sid:84516694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653593)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-12-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653593/; classtype:trojan-activity;sid:84516693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653592)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250211-041/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653592/; classtype:trojan-activity;sid:84516692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653590)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000173466/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653590/; classtype:trojan-activity;sid:84516690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653591)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/9929/11032020101349/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653591/; classtype:trojan-activity;sid:84516691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653589)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/90/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653589/; classtype:trojan-activity;sid:84516689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653587)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-03-24/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653587/; classtype:trojan-activity;sid:84516687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653588)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653588/; classtype:trojan-activity;sid:84516688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653586)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-04-14/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653586/; classtype:trojan-activity;sid:84516686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653585)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653585/; classtype:trojan-activity;sid:84516685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653584)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653584/; classtype:trojan-activity;sid:84516684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653583)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160742/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653583/; classtype:trojan-activity;sid:84516683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653580)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-024/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653580/; classtype:trojan-activity;sid:84516680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653581)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210814-005/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653581/; classtype:trojan-activity;sid:84516681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653582)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/zh-chs/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653582/; classtype:trojan-activity;sid:84516682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653579)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-008/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653579/; classtype:trojan-activity;sid:84516679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653578)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2020-03-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653578/; classtype:trojan-activity;sid:84516678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653577)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653577/; classtype:trojan-activity;sid:84516677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653576)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653576/; classtype:trojan-activity;sid:84516676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653575)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-010/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653575/; classtype:trojan-activity;sid:84516675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653573)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/msvs9/common7/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653573/; classtype:trojan-activity;sid:84516673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653574)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-058/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653574/; classtype:trojan-activity;sid:84516674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653571)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241007-045/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653571/; classtype:trojan-activity;sid:84516671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653572)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211021-034/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653572/; classtype:trojan-activity;sid:84516672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653570)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/src/sass/info.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653570/; classtype:trojan-activity;sid:84516670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653569)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211230-002/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653569/; classtype:trojan-activity;sid:84516669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653567)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241008-082/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653567/; classtype:trojan-activity;sid:84516667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653568)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-040/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653568/; classtype:trojan-activity;sid:84516668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653566)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-046/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653566/; classtype:trojan-activity;sid:84516666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653565)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1100/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653565/; classtype:trojan-activity;sid:84516665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653564)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/images/zhijia-tuzhi/info.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653564/; classtype:trojan-activity;sid:84516664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653563)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210629-021/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653563/; classtype:trojan-activity;sid:84516663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653562)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/upgrade/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653562/; classtype:trojan-activity;sid:84516662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653560)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/keyfile/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653560/; classtype:trojan-activity;sid:84516660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653561)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250616-002/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653561/; classtype:trojan-activity;sid:84516661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653559)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/msvs9/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653559/; classtype:trojan-activity;sid:84516659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653558)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-024/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653558/; classtype:trojan-activity;sid:84516658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653556)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210909-018/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653556/; classtype:trojan-activity;sid:84516656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653557)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/07/info.zip"; http_uri; depth:153; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653557/; classtype:trojan-activity;sid:84516657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653555)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-08-26/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653555/; classtype:trojan-activity;sid:84516655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653554)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653554/; classtype:trojan-activity;sid:84516654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653553)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-061/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653553/; classtype:trojan-activity;sid:84516653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653551)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220804-012/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653551/; classtype:trojan-activity;sid:84516651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653552)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/ppw0200/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653552/; classtype:trojan-activity;sid:84516652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653550)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-08-17/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653550/; classtype:trojan-activity;sid:84516650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653549)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171358/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653549/; classtype:trojan-activity;sid:84516649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653548)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210804-082/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653548/; classtype:trojan-activity;sid:84516648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653547)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-06-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653547/; classtype:trojan-activity;sid:84516647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653546)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653546/; classtype:trojan-activity;sid:84516646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653544)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241130-012/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653544/; classtype:trojan-activity;sid:84516644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653545)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/en/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653545/; classtype:trojan-activity;sid:84516645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653543)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/res/1033/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653543/; classtype:trojan-activity;sid:84516643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653542)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-03-26/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653542/; classtype:trojan-activity;sid:84516642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653541)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-01-20/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653541/; classtype:trojan-activity;sid:84516641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653538)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/07/querypr/info.zip"; http_uri; depth:159; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653538/; classtype:trojan-activity;sid:84516638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653539)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/ide/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653539/; classtype:trojan-activity;sid:84516639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653540)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/en/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653540/; classtype:trojan-activity;sid:84516640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653537)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653537/; classtype:trojan-activity;sid:84516637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653534)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000640/2024-05-31/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653534/; classtype:trojan-activity;sid:84516634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653535)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-11-24/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653535/; classtype:trojan-activity;sid:84516635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653536)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-036/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653536/; classtype:trojan-activity;sid:84516636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653532)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210813-060/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653532/; classtype:trojan-activity;sid:84516632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653533)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210809-047/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653533/; classtype:trojan-activity;sid:84516633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653530)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653530/; classtype:trojan-activity;sid:84516630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653531)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210911-035/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653531/; classtype:trojan-activity;sid:84516631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653529)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/windows/gac/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653529/; classtype:trojan-activity;sid:84516629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653528)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-002/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653528/; classtype:trojan-activity;sid:84516628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653527)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169865/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653527/; classtype:trojan-activity;sid:84516627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653525)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-05-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653525/; classtype:trojan-activity;sid:84516625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653526)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653526/; classtype:trojan-activity;sid:84516626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653523)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/cfiles/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653523/; classtype:trojan-activity;sid:84516623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653524)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171304/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653524/; classtype:trojan-activity;sid:84516624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653522)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-001/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653522/; classtype:trojan-activity;sid:84516622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653520)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-04-14/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653520/; classtype:trojan-activity;sid:84516620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653521)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653521/; classtype:trojan-activity;sid:84516621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653519)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/dotnetfx35/ia64/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653519/; classtype:trojan-activity;sid:84516619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653518)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-08-03/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653518/; classtype:trojan-activity;sid:84516618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653517)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/binn/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653517/; classtype:trojan-activity;sid:84516617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653515)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-011/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653515/; classtype:trojan-activity;sid:84516615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653516)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165826/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653516/; classtype:trojan-activity;sid:84516616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653514)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211109-007/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653514/; classtype:trojan-activity;sid:84516614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653513)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653513/; classtype:trojan-activity;sid:84516613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653512)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166079/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653512/; classtype:trojan-activity;sid:84516612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653509)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/res/2052/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653509/; classtype:trojan-activity;sid:84516609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653510)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220503-020/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653510/; classtype:trojan-activity;sid:84516610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653511)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2006/info.zip"; http_uri; depth:148; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653511/; classtype:trojan-activity;sid:84516611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653506)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210723-026/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653506/; classtype:trojan-activity;sid:84516606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653507)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/plcomps/res/1033/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653507/; classtype:trojan-activity;sid:84516607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653508)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-12-11/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653508/; classtype:trojan-activity;sid:84516608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653505)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653505/; classtype:trojan-activity;sid:84516605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653504)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-007/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653504/; classtype:trojan-activity;sid:84516604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653503)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/zh-chs/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653503/; classtype:trojan-activity;sid:84516603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653502)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653502/; classtype:trojan-activity;sid:84516602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653500)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653500/; classtype:trojan-activity;sid:84516600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653501)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-021/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653501/; classtype:trojan-activity;sid:84516601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653499)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2025-01-06/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653499/; classtype:trojan-activity;sid:84516599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653498)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168293/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653498/; classtype:trojan-activity;sid:84516598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653497)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/shared/zh-chs/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653497/; classtype:trojan-activity;sid:84516597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653496)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210911-035/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653496/; classtype:trojan-activity;sid:84516596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653495)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-07-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653495/; classtype:trojan-activity;sid:84516595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653494)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-12-17/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653494/; classtype:trojan-activity;sid:84516594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653493)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/1033/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653493/; classtype:trojan-activity;sid:84516593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653492)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653492/; classtype:trojan-activity;sid:84516592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653490)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211230-002/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653490/; classtype:trojan-activity;sid:84516590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653491)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167445/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653491/; classtype:trojan-activity;sid:84516591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653489)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-01-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653489/; classtype:trojan-activity;sid:84516589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653488)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/sqlservr/100/com/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653488/; classtype:trojan-activity;sid:84516588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653487)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653487/; classtype:trojan-activity;sid:84516587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653486)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/tasks/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653486/; classtype:trojan-activity;sid:84516586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653485)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653485/; classtype:trojan-activity;sid:84516585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653484)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/keyfile/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653484/; classtype:trojan-activity;sid:84516584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653483)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-07-26/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653483/; classtype:trojan-activity;sid:84516583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653482)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-11-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653482/; classtype:trojan-activity;sid:84516582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653481)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/07/dta/info.zip"; http_uri; depth:155; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653481/; classtype:trojan-activity;sid:84516581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653480)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/windows/syswow64/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653480/; classtype:trojan-activity;sid:84516580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653479)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653479/; classtype:trojan-activity;sid:84516579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653478)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-023/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653478/; classtype:trojan-activity;sid:84516578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653477)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-033/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653477/; classtype:trojan-activity;sid:84516577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653476)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250110-100/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653476/; classtype:trojan-activity;sid:84516576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653474)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqlrowct/info.zip"; http_uri; depth:171; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653474/; classtype:trojan-activity;sid:84516574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653475)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/dotnetfx35/ia64/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653475/; classtype:trojan-activity;sid:84516575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653473)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653473/; classtype:trojan-activity;sid:84516573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653472)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-11-21/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653472/; classtype:trojan-activity;sid:84516572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653470)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/dotnetfx35/x86/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653470/; classtype:trojan-activity;sid:84516570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653471)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210813-060/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653471/; classtype:trojan-activity;sid:84516571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653468)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653468/; classtype:trojan-activity;sid:84516568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653469)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/tools/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653469/; classtype:trojan-activity;sid:84516569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653467)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653467/; classtype:trojan-activity;sid:84516567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653465)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-09-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653465/; classtype:trojan-activity;sid:84516565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653466)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-03-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653466/; classtype:trojan-activity;sid:84516566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653464)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-04-05/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653464/; classtype:trojan-activity;sid:84516564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653463)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw0900/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653463/; classtype:trojan-activity;sid:84516563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653460)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/images/saomiao/info.zip"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653460/; classtype:trojan-activity;sid:84516560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653461)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/windows/gac/info.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653461/; classtype:trojan-activity;sid:84516561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653462)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210729-089/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653462/; classtype:trojan-activity;sid:84516562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653459)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-028/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653459/; classtype:trojan-activity;sid:84516559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653458)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171702/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653458/; classtype:trojan-activity;sid:84516558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653457)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-020/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653457/; classtype:trojan-activity;sid:84516557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653454)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211030-056/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653454/; classtype:trojan-activity;sid:84516554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653455)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/dist/fonts/info.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653455/; classtype:trojan-activity;sid:84516555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653456)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241019-103/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653456/; classtype:trojan-activity;sid:84516556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653453)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-10-27/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653453/; classtype:trojan-activity;sid:84516553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653451)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/com/res/1033/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653451/; classtype:trojan-activity;sid:84516551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653452)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210814-005/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653452/; classtype:trojan-activity;sid:84516552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653450)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653450/; classtype:trojan-activity;sid:84516550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653448)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653448/; classtype:trojan-activity;sid:84516548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653449)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/shared/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653449/; classtype:trojan-activity;sid:84516549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653445)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/zh-chs/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653445/; classtype:trojan-activity;sid:84516545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653446)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1050/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653446/; classtype:trojan-activity;sid:84516546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653447)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-015/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653447/; classtype:trojan-activity;sid:84516547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653444)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/shared/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653444/; classtype:trojan-activity;sid:84516544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653443)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-033/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653443/; classtype:trojan-activity;sid:84516543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653442)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211008-021/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653442/; classtype:trojan-activity;sid:84516542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653440)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pa/conting%c3%aancia/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653440/; classtype:trojan-activity;sid:84516540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653441)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653441/; classtype:trojan-activity;sid:84516541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653438)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210723-030/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653438/; classtype:trojan-activity;sid:84516538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653439)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164122/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653439/; classtype:trojan-activity;sid:84516539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653435)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220210-142/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653435/; classtype:trojan-activity;sid:84516535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653436)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-060/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653436/; classtype:trojan-activity;sid:84516536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653437)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/upgrdmap/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653437/; classtype:trojan-activity;sid:84516537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653434)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/tasks/en/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653434/; classtype:trojan-activity;sid:84516534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653431)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211202-019/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653431/; classtype:trojan-activity;sid:84516531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653432)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160982/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653432/; classtype:trojan-activity;sid:84516532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653433)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653433/; classtype:trojan-activity;sid:84516533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653428)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-022/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653428/; classtype:trojan-activity;sid:84516528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653429)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/res/2052/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653429/; classtype:trojan-activity;sid:84516529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653430)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-013/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653430/; classtype:trojan-activity;sid:84516530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653427)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653427/; classtype:trojan-activity;sid:84516527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653426)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/windows/gac_32/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653426/; classtype:trojan-activity;sid:84516526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653425)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653425/; classtype:trojan-activity;sid:84516525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653422)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220317-085/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653422/; classtype:trojan-activity;sid:84516522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653423)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-057/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653423/; classtype:trojan-activity;sid:84516523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653424)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetfx30/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653424/; classtype:trojan-activity;sid:84516524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653419)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/cfiles/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653419/; classtype:trojan-activity;sid:84516519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653420)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/powershell/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653420/; classtype:trojan-activity;sid:84516520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653421)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/windows/gac/info.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653421/; classtype:trojan-activity;sid:84516521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653416)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250331-029/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653416/; classtype:trojan-activity;sid:84516516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653417)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-11-18/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653417/; classtype:trojan-activity;sid:84516517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653418)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653418/; classtype:trojan-activity;sid:84516518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653415)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-018/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653415/; classtype:trojan-activity;sid:84516515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653412)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/shared/zh-chs/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653412/; classtype:trojan-activity;sid:84516512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653413)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653413/; classtype:trojan-activity;sid:84516513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653414)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241105-102/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653414/; classtype:trojan-activity;sid:84516514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653411)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210629-021/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653411/; classtype:trojan-activity;sid:84516511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653409)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/dotnetmsp/x64/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653409/; classtype:trojan-activity;sid:84516509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653410)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211218-033/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653410/; classtype:trojan-activity;sid:84516510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653408)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-11-05/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653408/; classtype:trojan-activity;sid:84516508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653401)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/scd/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653401/; classtype:trojan-activity;sid:84516501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653402)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/fonts/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653402/; classtype:trojan-activity;sid:84516502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653403)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-074/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653403/; classtype:trojan-activity;sid:84516503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653404)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/zh-chs/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653404/; classtype:trojan-activity;sid:84516504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653405)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-05-04/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653405/; classtype:trojan-activity;sid:84516505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653406)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653406/; classtype:trojan-activity;sid:84516506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653407)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000640/2024-06-03/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653407/; classtype:trojan-activity;sid:84516507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653400)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-08-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653400/; classtype:trojan-activity;sid:84516500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653398)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-10-15/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653398/; classtype:trojan-activity;sid:84516498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653399)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-04-12/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653399/; classtype:trojan-activity;sid:84516499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653397)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw0700/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653397/; classtype:trojan-activity;sid:84516497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653393)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000640/2024-12-16/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653393/; classtype:trojan-activity;sid:84516493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653394)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-018/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653394/; classtype:trojan-activity;sid:84516494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653395)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-010/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653395/; classtype:trojan-activity;sid:84516495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653396)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-040/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653396/; classtype:trojan-activity;sid:84516496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653392)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/msnet/adomd.net/100/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653392/; classtype:trojan-activity;sid:84516492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653389)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-10-23/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653389/; classtype:trojan-activity;sid:84516489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653390)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220406-025/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653390/; classtype:trojan-activity;sid:84516490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653391)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-05-25/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653391/; classtype:trojan-activity;sid:84516491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653384)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-09-17/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653384/; classtype:trojan-activity;sid:84516484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653385)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-024/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653385/; classtype:trojan-activity;sid:84516485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653386)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/zh-chs/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653386/; classtype:trojan-activity;sid:84516486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653387)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165004/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653387/; classtype:trojan-activity;sid:84516487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653388)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-061/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653388/; classtype:trojan-activity;sid:84516488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653382)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/plcomps/res/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653382/; classtype:trojan-activity;sid:84516482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653383)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-07-13/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653383/; classtype:trojan-activity;sid:84516483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653380)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653380/; classtype:trojan-activity;sid:84516480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653381)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-033/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653381/; classtype:trojan-activity;sid:84516481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653377)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/com/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653377/; classtype:trojan-activity;sid:84516477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653378)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/res/1033/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653378/; classtype:trojan-activity;sid:84516478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653379)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/sdk/assembly/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653379/; classtype:trojan-activity;sid:84516479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653374)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-07-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653374/; classtype:trojan-activity;sid:84516474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653375)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241225-087/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653375/; classtype:trojan-activity;sid:84516475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653376)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210910-072/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653376/; classtype:trojan-activity;sid:84516476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653373)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653373/; classtype:trojan-activity;sid:84516473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653371)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168305/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653371/; classtype:trojan-activity;sid:84516471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653372)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241230-059/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653372/; classtype:trojan-activity;sid:84516472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653370)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653370/; classtype:trojan-activity;sid:84516470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653367)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2006/info.zip"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653367/; classtype:trojan-activity;sid:84516467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653368)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/ylcgd/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653368/; classtype:trojan-activity;sid:84516468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653369)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/windows/gac/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653369/; classtype:trojan-activity;sid:84516469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653366)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-07-20/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653366/; classtype:trojan-activity;sid:84516466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653365)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-09-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653365/; classtype:trojan-activity;sid:84516465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653363)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653363/; classtype:trojan-activity;sid:84516463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653364)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220223-034/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653364/; classtype:trojan-activity;sid:84516464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653358)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220528-019/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653358/; classtype:trojan-activity;sid:84516458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653359)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-029/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653359/; classtype:trojan-activity;sid:84516459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653360)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/sqlservr/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653360/; classtype:trojan-activity;sid:84516460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653361)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/2052/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653361/; classtype:trojan-activity;sid:84516461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653362)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/07/querypr/info.zip"; http_uri; depth:161; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653362/; classtype:trojan-activity;sid:84516462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653357)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210729-089/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653357/; classtype:trojan-activity;sid:84516457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653354)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211005-031/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653354/; classtype:trojan-activity;sid:84516454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653355)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653355/; classtype:trojan-activity;sid:84516455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653356)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210816-051/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653356/; classtype:trojan-activity;sid:84516456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653353)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/ppw0200/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653353/; classtype:trojan-activity;sid:84516453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653351)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171854/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653351/; classtype:trojan-activity;sid:84516451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653352)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653352/; classtype:trojan-activity;sid:84516452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653350)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653350/; classtype:trojan-activity;sid:84516450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653349)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653349/; classtype:trojan-activity;sid:84516449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653348)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220419-045/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653348/; classtype:trojan-activity;sid:84516448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653344)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-006/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653344/; classtype:trojan-activity;sid:84516444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653345)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/windows/gac_32/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653345/; classtype:trojan-activity;sid:84516445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653346)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/zh-chs/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653346/; classtype:trojan-activity;sid:84516446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653347)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-03-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653347/; classtype:trojan-activity;sid:84516447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653342)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000640/2024-11-09/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653342/; classtype:trojan-activity;sid:84516442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653343)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-12-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653343/; classtype:trojan-activity;sid:84516443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653336)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/connect/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653336/; classtype:trojan-activity;sid:84516436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653337)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653337/; classtype:trojan-activity;sid:84516437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653338)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-030/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653338/; classtype:trojan-activity;sid:84516438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653339)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-08-25/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653339/; classtype:trojan-activity;sid:84516439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653340)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqlmes/info.zip"; http_uri; depth:169; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653340/; classtype:trojan-activity;sid:84516440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653341)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210607-069/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653341/; classtype:trojan-activity;sid:84516441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653334)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653334/; classtype:trojan-activity;sid:84516434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653335)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/80/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653335/; classtype:trojan-activity;sid:84516435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653333)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-08-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653333/; classtype:trojan-activity;sid:84516433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653328)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653328/; classtype:trojan-activity;sid:84516428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653329)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230327-043/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653329/; classtype:trojan-activity;sid:84516429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653330)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/vs2008/1033/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653330/; classtype:trojan-activity;sid:84516430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653331)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653331/; classtype:trojan-activity;sid:84516431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653332)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240708-067/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653332/; classtype:trojan-activity;sid:84516432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653327)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210624-084/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653327/; classtype:trojan-activity;sid:84516427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653326)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653326/; classtype:trojan-activity;sid:84516426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653325)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/msnet/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653325/; classtype:trojan-activity;sid:84516425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653324)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/language/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653324/; classtype:trojan-activity;sid:84516424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653321)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-003/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653321/; classtype:trojan-activity;sid:84516421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653322)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-048/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653322/; classtype:trojan-activity;sid:84516422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653323)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-05-11/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653323/; classtype:trojan-activity;sid:84516423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653320)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-022/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653320/; classtype:trojan-activity;sid:84516420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653319)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250617-065/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653319/; classtype:trojan-activity;sid:84516419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653317)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/sqlservr/100/info.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653317/; classtype:trojan-activity;sid:84516417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653318)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653318/; classtype:trojan-activity;sid:84516418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653316)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241017-114/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653316/; classtype:trojan-activity;sid:84516416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653315)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/res/1033/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653315/; classtype:trojan-activity;sid:84516415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653314)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168365/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653314/; classtype:trojan-activity;sid:84516414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653313)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-10-25/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653313/; classtype:trojan-activity;sid:84516413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653310)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-12-19/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653310/; classtype:trojan-activity;sid:84516410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653311)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653311/; classtype:trojan-activity;sid:84516411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653312)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/plcomps/res/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653312/; classtype:trojan-activity;sid:84516412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653308)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/windows/gac_32/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653308/; classtype:trojan-activity;sid:84516408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653309)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-011/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653309/; classtype:trojan-activity;sid:84516409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653305)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pb/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653305/; classtype:trojan-activity;sid:84516405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653306)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw0700/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653306/; classtype:trojan-activity;sid:84516406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653307)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210529-031/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653307/; classtype:trojan-activity;sid:84516407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653303)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653303/; classtype:trojan-activity;sid:84516403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653304)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-10-10/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653304/; classtype:trojan-activity;sid:84516404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653302)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2019-09-25/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653302/; classtype:trojan-activity;sid:84516402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653300)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-02-27/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653300/; classtype:trojan-activity;sid:84516400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653301)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-10-11/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653301/; classtype:trojan-activity;sid:84516401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653295)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/feenmer/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653295/; classtype:trojan-activity;sid:84516395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653296)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2006/info.zip"; http_uri; depth:150; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653296/; classtype:trojan-activity;sid:84516396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653297)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653297/; classtype:trojan-activity;sid:84516397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653298)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220224-016/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653298/; classtype:trojan-activity;sid:84516398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653299)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210720-027/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653299/; classtype:trojan-activity;sid:84516399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653293)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653293/; classtype:trojan-activity;sid:84516393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653294)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-059/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653294/; classtype:trojan-activity;sid:84516394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653292)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210804-019/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653292/; classtype:trojan-activity;sid:84516392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653291)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230904-072/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653291/; classtype:trojan-activity;sid:84516391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653290)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653290/; classtype:trojan-activity;sid:84516390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653289)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-07-06/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653289/; classtype:trojan-activity;sid:84516389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653287)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653287/; classtype:trojan-activity;sid:84516387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653288)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-05-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653288/; classtype:trojan-activity;sid:84516388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653283)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/powershell/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653283/; classtype:trojan-activity;sid:84516383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653284)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211030-056/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653284/; classtype:trojan-activity;sid:84516384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653285)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/shared/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653285/; classtype:trojan-activity;sid:84516385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653286)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/res/2052/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653286/; classtype:trojan-activity;sid:84516386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653281)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653281/; classtype:trojan-activity;sid:84516381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653282)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/info.zip"; http_uri; depth:153; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653282/; classtype:trojan-activity;sid:84516382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653279)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-09-03/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653279/; classtype:trojan-activity;sid:84516379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653280)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211109-007/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653280/; classtype:trojan-activity;sid:84516380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653278)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-31/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653278/; classtype:trojan-activity;sid:84516378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653272)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-12-19/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653272/; classtype:trojan-activity;sid:84516372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653273)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210809-022/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653273/; classtype:trojan-activity;sid:84516373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653274)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160981/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653274/; classtype:trojan-activity;sid:84516374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653275)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653275/; classtype:trojan-activity;sid:84516375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653276)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250628-087/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653276/; classtype:trojan-activity;sid:84516376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653277)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240914-044/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653277/; classtype:trojan-activity;sid:84516377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653271)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653271/; classtype:trojan-activity;sid:84516371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653269)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-059/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653269/; classtype:trojan-activity;sid:84516369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653270)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/keyfile/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653270/; classtype:trojan-activity;sid:84516370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653268)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/vs2008/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653268/; classtype:trojan-activity;sid:84516368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653265)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220406-025/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653265/; classtype:trojan-activity;sid:84516365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653266)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-061/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653266/; classtype:trojan-activity;sid:84516366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653267)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000640/2024-06-10/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653267/; classtype:trojan-activity;sid:84516367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653264)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653264/; classtype:trojan-activity;sid:84516364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653262)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/res/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653262/; classtype:trojan-activity;sid:84516362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653263)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241017-088/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653263/; classtype:trojan-activity;sid:84516363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653261)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:153; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653261/; classtype:trojan-activity;sid:84516361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653260)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169465/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653260/; classtype:trojan-activity;sid:84516360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653259)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-029/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653259/; classtype:trojan-activity;sid:84516359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653258)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/keyfile/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653258/; classtype:trojan-activity;sid:84516358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653257)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-02-14/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653257/; classtype:trojan-activity;sid:84516357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653256)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653256/; classtype:trojan-activity;sid:84516356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653255)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/windows%20installer/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653255/; classtype:trojan-activity;sid:84516355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653253)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-075/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653253/; classtype:trojan-activity;sid:84516353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653254)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/powershell/ia64/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653254/; classtype:trojan-activity;sid:84516354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653252)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/windows/gac/info.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653252/; classtype:trojan-activity;sid:84516352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653251)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653251/; classtype:trojan-activity;sid:84516351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653247)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-019/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653247/; classtype:trojan-activity;sid:84516347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653248)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-07-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653248/; classtype:trojan-activity;sid:84516348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653249)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166183/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653249/; classtype:trojan-activity;sid:84516349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653250)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-02-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653250/; classtype:trojan-activity;sid:84516350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653244)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2023-11-23/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653244/; classtype:trojan-activity;sid:84516344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653245)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250610-009/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653245/; classtype:trojan-activity;sid:84516345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653246)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653246/; classtype:trojan-activity;sid:84516346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653242)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/bulkload/info.zip"; http_uri; depth:159; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653242/; classtype:trojan-activity;sid:84516342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653243)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653243/; classtype:trojan-activity;sid:84516343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653241)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240913-107/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653241/; classtype:trojan-activity;sid:84516341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653240)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-029/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653240/; classtype:trojan-activity;sid:84516340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653239)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220427-069/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653239/; classtype:trojan-activity;sid:84516339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653238)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653238/; classtype:trojan-activity;sid:84516338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653235)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/1033/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653235/; classtype:trojan-activity;sid:84516335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653236)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210720-027/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653236/; classtype:trojan-activity;sid:84516336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653237)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/language/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653237/; classtype:trojan-activity;sid:84516337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653232)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/shared/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653232/; classtype:trojan-activity;sid:84516332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653233)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/windows/gac/info.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653233/; classtype:trojan-activity;sid:84516333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653234)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653234/; classtype:trojan-activity;sid:84516334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653230)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/com/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653230/; classtype:trojan-activity;sid:84516330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653231)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:149; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653231/; classtype:trojan-activity;sid:84516331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653229)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-003/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653229/; classtype:trojan-activity;sid:84516329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653228)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/keyfile/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653228/; classtype:trojan-activity;sid:84516328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653226)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-07-29/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653226/; classtype:trojan-activity;sid:84516326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653227)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/vsshell/common7/ide/zh-chs/info.zip"; http_uri; depth:162; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653227/; classtype:trojan-activity;sid:84516327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653224)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-11-13/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653224/; classtype:trojan-activity;sid:84516324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653225)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241031-080/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653225/; classtype:trojan-activity;sid:84516325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653223)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172292/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653223/; classtype:trojan-activity;sid:84516323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653218)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-061/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653218/; classtype:trojan-activity;sid:84516318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653219)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/cfiles/msshared/sqldbg/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653219/; classtype:trojan-activity;sid:84516319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653220)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210918-075/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653220/; classtype:trojan-activity;sid:84516320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653221)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210901-059/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653221/; classtype:trojan-activity;sid:84516321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653222)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211202-019/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653222/; classtype:trojan-activity;sid:84516322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653216)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/msnet/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653216/; classtype:trojan-activity;sid:84516316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653217)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210804-020/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653217/; classtype:trojan-activity;sid:84516317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653215)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2022-06-04/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653215/; classtype:trojan-activity;sid:84516315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653214)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210730-004/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653214/; classtype:trojan-activity;sid:84516314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653212)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240111-044/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653212/; classtype:trojan-activity;sid:84516312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653213)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/windows/gac_32/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653213/; classtype:trojan-activity;sid:84516313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653210)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/upgrade%20advisor/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653210/; classtype:trojan-activity;sid:84516310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653211)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/undw/undw90/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653211/; classtype:trojan-activity;sid:84516311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653208)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653208/; classtype:trojan-activity;sid:84516308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653209)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-002/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653209/; classtype:trojan-activity;sid:84516309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653207)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172170/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653207/; classtype:trojan-activity;sid:84516307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653205)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653205/; classtype:trojan-activity;sid:84516305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653206)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171314/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653206/; classtype:trojan-activity;sid:84516306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653204)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653204/; classtype:trojan-activity;sid:84516304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653203)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220224-016/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653203/; classtype:trojan-activity;sid:84516303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653199)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqlmes/info.zip"; http_uri; depth:168; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653199/; classtype:trojan-activity;sid:84516299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653200)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240131-035/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653200/; classtype:trojan-activity;sid:84516300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653201)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/tasks/zh-chs/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653201/; classtype:trojan-activity;sid:84516301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653202)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653202/; classtype:trojan-activity;sid:84516302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653198)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/zh-chs/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653198/; classtype:trojan-activity;sid:84516298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653197)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171454/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653197/; classtype:trojan-activity;sid:84516297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653195)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/info.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653195/; classtype:trojan-activity;sid:84516295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653196)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169947/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653196/; classtype:trojan-activity;sid:84516296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653192)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241029-103/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653192/; classtype:trojan-activity;sid:84516292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653193)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210804-089/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653193/; classtype:trojan-activity;sid:84516293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653194)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210814-026/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653194/; classtype:trojan-activity;sid:84516294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653190)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231116-007/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653190/; classtype:trojan-activity;sid:84516290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653191)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/com/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653191/; classtype:trojan-activity;sid:84516291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653189)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/msnet/adomd.net/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653189/; classtype:trojan-activity;sid:84516289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653187)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqlresst/info.zip"; http_uri; depth:168; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653187/; classtype:trojan-activity;sid:84516287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653188)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/keyfile/2052/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653188/; classtype:trojan-activity;sid:84516288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653182)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/help/1033/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653182/; classtype:trojan-activity;sid:84516282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653183)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653183/; classtype:trojan-activity;sid:84516283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653184)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/watson/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653184/; classtype:trojan-activity;sid:84516284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653185)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653185/; classtype:trojan-activity;sid:84516285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653186)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-026/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653186/; classtype:trojan-activity;sid:84516286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653180)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/sqlservr/100/com/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653180/; classtype:trojan-activity;sid:84516280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653181)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653181/; classtype:trojan-activity;sid:84516281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653179)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-04-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653179/; classtype:trojan-activity;sid:84516279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653178)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-07-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653178/; classtype:trojan-activity;sid:84516278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653176)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-11-23/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653176/; classtype:trojan-activity;sid:84516276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653177)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-04-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653177/; classtype:trojan-activity;sid:84516277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653174)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250513-103/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653174/; classtype:trojan-activity;sid:84516274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653175)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2006/11/info.zip"; http_uri; depth:154; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653175/; classtype:trojan-activity;sid:84516275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653173)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653173/; classtype:trojan-activity;sid:84516273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653169)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-11-30/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653169/; classtype:trojan-activity;sid:84516269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653170)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171332/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653170/; classtype:trojan-activity;sid:84516270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653171)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653171/; classtype:trojan-activity;sid:84516271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653172)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653172/; classtype:trojan-activity;sid:84516272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653168)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171452/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653168/; classtype:trojan-activity;sid:84516268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653162)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/80/tools/binn/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653162/; classtype:trojan-activity;sid:84516262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653163)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-02-11/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653163/; classtype:trojan-activity;sid:84516263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653164)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/help/2052/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653164/; classtype:trojan-activity;sid:84516264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653165)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-01-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653165/; classtype:trojan-activity;sid:84516265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653166)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653166/; classtype:trojan-activity;sid:84516266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653167)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167423/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653167/; classtype:trojan-activity;sid:84516267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653159)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-01-10/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653159/; classtype:trojan-activity;sid:84516259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653160)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653160/; classtype:trojan-activity;sid:84516260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653161)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-22/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653161/; classtype:trojan-activity;sid:84516261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653156)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653156/; classtype:trojan-activity;sid:84516256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653157)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210802-018/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653157/; classtype:trojan-activity;sid:84516257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653158)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240903-046/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653158/; classtype:trojan-activity;sid:84516258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653154)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/com/en/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653154/; classtype:trojan-activity;sid:84516254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653155)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-10-16/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653155/; classtype:trojan-activity;sid:84516255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653153)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/mapfiles/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653153/; classtype:trojan-activity;sid:84516253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653152)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-31/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653152/; classtype:trojan-activity;sid:84516252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653151)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-01-19/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653151/; classtype:trojan-activity;sid:84516251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653150)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/res/1033/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653150/; classtype:trojan-activity;sid:84516250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653149)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653149/; classtype:trojan-activity;sid:84516249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653147)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653147/; classtype:trojan-activity;sid:84516247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653148)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-10-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653148/; classtype:trojan-activity;sid:84516248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653146)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-070/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653146/; classtype:trojan-activity;sid:84516246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653145)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/dotnetfx30/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653145/; classtype:trojan-activity;sid:84516245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653144)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-004/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653144/; classtype:trojan-activity;sid:84516244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653143)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-09-10/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653143/; classtype:trojan-activity;sid:84516243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653141)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240827-070/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653141/; classtype:trojan-activity;sid:84516241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653142)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653142/; classtype:trojan-activity;sid:84516242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653140)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653140/; classtype:trojan-activity;sid:84516240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653138)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/x86/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653138/; classtype:trojan-activity;sid:84516238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653139)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653139/; classtype:trojan-activity;sid:84516239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653137)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653137/; classtype:trojan-activity;sid:84516237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653135)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_msi/pfiles/info.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653135/; classtype:trojan-activity;sid:84516235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653136)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653136/; classtype:trojan-activity;sid:84516236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653134)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220916-031/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653134/; classtype:trojan-activity;sid:84516234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653133)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/xiangdan/info.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653133/; classtype:trojan-activity;sid:84516233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653132)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653132/; classtype:trojan-activity;sid:84516232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653130)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165248/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653130/; classtype:trojan-activity;sid:84516230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653131)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168329/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653131/; classtype:trojan-activity;sid:84516231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653129)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210723-030/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653129/; classtype:trojan-activity;sid:84516229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653128)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sbillno/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653128/; classtype:trojan-activity;sid:84516228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653126)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171194/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653126/; classtype:trojan-activity;sid:84516226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653127)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172165/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653127/; classtype:trojan-activity;sid:84516227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653122)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/js/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653122/; classtype:trojan-activity;sid:84516222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653123)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241024-033/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653123/; classtype:trojan-activity;sid:84516223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653124)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-002/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653124/; classtype:trojan-activity;sid:84516224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653125)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/binn/template/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653125/; classtype:trojan-activity;sid:84516225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653121)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-01-14/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653121/; classtype:trojan-activity;sid:84516221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653119)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220824-011/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653119/; classtype:trojan-activity;sid:84516219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653120)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653120/; classtype:trojan-activity;sid:84516220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653114)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653114/; classtype:trojan-activity;sid:84516214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653115)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/connect/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653115/; classtype:trojan-activity;sid:84516215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653116)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqltran/info.zip"; http_uri; depth:170; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653116/; classtype:trojan-activity;sid:84516216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653117)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/zh-chs/info.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653117/; classtype:trojan-activity;sid:84516217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653118)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169769/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653118/; classtype:trojan-activity;sid:84516218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653112)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210730-004/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653112/; classtype:trojan-activity;sid:84516212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653113)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/info.zip"; http_uri; depth:159; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653113/; classtype:trojan-activity;sid:84516213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653109)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/shared/2052/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653109/; classtype:trojan-activity;sid:84516209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653110)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/com/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653110/; classtype:trojan-activity;sid:84516210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653111)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-01-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653111/; classtype:trojan-activity;sid:84516211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653106)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169171/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653106/; classtype:trojan-activity;sid:84516206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653107)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653107/; classtype:trojan-activity;sid:84516207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653108)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250702-070/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653108/; classtype:trojan-activity;sid:84516208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653104)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653104/; classtype:trojan-activity;sid:84516204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653105)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/sqlservr/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653105/; classtype:trojan-activity;sid:84516205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653102)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/help/1033/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653102/; classtype:trojan-activity;sid:84516202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653103)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220618-010/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653103/; classtype:trojan-activity;sid:84516203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653101)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/zh-chs/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653101/; classtype:trojan-activity;sid:84516201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653100)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211228-039/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653100/; classtype:trojan-activity;sid:84516200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653099)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210910-045/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653099/; classtype:trojan-activity;sid:84516199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653097)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653097/; classtype:trojan-activity;sid:84516197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653098)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653098/; classtype:trojan-activity;sid:84516198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653095)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653095/; classtype:trojan-activity;sid:84516195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653096)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210731-081/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653096/; classtype:trojan-activity;sid:84516196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653093)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2022-12-07/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653093/; classtype:trojan-activity;sid:84516193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653094)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653094/; classtype:trojan-activity;sid:84516194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653091)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172670/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653091/; classtype:trojan-activity;sid:84516191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653092)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231008-073/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653092/; classtype:trojan-activity;sid:84516192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653090)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/windows/gac/zh-chs/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653090/; classtype:trojan-activity;sid:84516190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653087)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqlresst/info.zip"; http_uri; depth:170; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653087/; classtype:trojan-activity;sid:84516187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653088)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211228-039/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653088/; classtype:trojan-activity;sid:84516188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653089)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/x64/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653089/; classtype:trojan-activity;sid:84516189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653084)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1046/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653084/; classtype:trojan-activity;sid:84516184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653085)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250626-035/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653085/; classtype:trojan-activity;sid:84516185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653086)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/ide/priassem/busproj/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653086/; classtype:trojan-activity;sid:84516186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653083)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-03-02/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653083/; classtype:trojan-activity;sid:84516183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653082)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211218-033/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653082/; classtype:trojan-activity;sid:84516182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653081)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/80/tools/binn/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653081/; classtype:trojan-activity;sid:84516181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653080)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230712-107/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653080/; classtype:trojan-activity;sid:84516180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653079)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653079/; classtype:trojan-activity;sid:84516179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653078)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-002/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653078/; classtype:trojan-activity;sid:84516178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653076)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171240/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653076/; classtype:trojan-activity;sid:84516176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653077)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-036/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653077/; classtype:trojan-activity;sid:84516177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653074)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/sqlservr/100/shared/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653074/; classtype:trojan-activity;sid:84516174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653075)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166801/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653075/; classtype:trojan-activity;sid:84516175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653073)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653073/; classtype:trojan-activity;sid:84516173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653071)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetmsp/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653071/; classtype:trojan-activity;sid:84516171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653072)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-01-30/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653072/; classtype:trojan-activity;sid:84516172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653070)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220624-043/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653070/; classtype:trojan-activity;sid:84516170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653069)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-05-24/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653069/; classtype:trojan-activity;sid:84516169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653067)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/tools/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653067/; classtype:trojan-activity;sid:84516167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653068)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/images/zhijia-kancha/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653068/; classtype:trojan-activity;sid:84516168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653066)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653066/; classtype:trojan-activity;sid:84516166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653064)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/res/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653064/; classtype:trojan-activity;sid:84516164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653065)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171310/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653065/; classtype:trojan-activity;sid:84516165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653059)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170774/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653059/; classtype:trojan-activity;sid:84516159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653060)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/tasks/zh-chs/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653060/; classtype:trojan-activity;sid:84516160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653061)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/upgrade%20advisor/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653061/; classtype:trojan-activity;sid:84516161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653062)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653062/; classtype:trojan-activity;sid:84516162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653063)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653063/; classtype:trojan-activity;sid:84516163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653057)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetfx30/x86/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653057/; classtype:trojan-activity;sid:84516157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653058)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171064/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653058/; classtype:trojan-activity;sid:84516158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653056)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-10-04/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653056/; classtype:trojan-activity;sid:84516156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653054)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-02-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653054/; classtype:trojan-activity;sid:84516154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653055)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171318/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653055/; classtype:trojan-activity;sid:84516155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653050)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/feenmer/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653050/; classtype:trojan-activity;sid:84516150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653051)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-11-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653051/; classtype:trojan-activity;sid:84516151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653052)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653052/; classtype:trojan-activity;sid:84516152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653053)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167041/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653053/; classtype:trojan-activity;sid:84516153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653047)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-11-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653047/; classtype:trojan-activity;sid:84516147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653048)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220419-045/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653048/; classtype:trojan-activity;sid:84516148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653049)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-05-07/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653049/; classtype:trojan-activity;sid:84516149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653046)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-004/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653046/; classtype:trojan-activity;sid:84516146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653045)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/msnet/adomd.net/100/zh-chs/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653045/; classtype:trojan-activity;sid:84516145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653044)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653044/; classtype:trojan-activity;sid:84516144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653043)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-072/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653043/; classtype:trojan-activity;sid:84516143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653041)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653041/; classtype:trojan-activity;sid:84516141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653042)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-11-12/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653042/; classtype:trojan-activity;sid:84516142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653039)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000640/2023-10-13/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653039/; classtype:trojan-activity;sid:84516139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653040)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171256/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653040/; classtype:trojan-activity;sid:84516140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653036)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/options/info.zip"; http_uri; depth:163; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653036/; classtype:trojan-activity;sid:84516136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653037)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-04-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653037/; classtype:trojan-activity;sid:84516137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653038)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653038/; classtype:trojan-activity;sid:84516138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653033)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210624-084/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653033/; classtype:trojan-activity;sid:84516133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653034)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/binn/template/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653034/; classtype:trojan-activity;sid:84516134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653035)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220224-043/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653035/; classtype:trojan-activity;sid:84516135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653032)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/msnet/adomd.net/100/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653032/; classtype:trojan-activity;sid:84516132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653031)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171478/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653031/; classtype:trojan-activity;sid:84516131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653030)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166323/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653030/; classtype:trojan-activity;sid:84516130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653027)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240417-165/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653027/; classtype:trojan-activity;sid:84516127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653028)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1100_beta1/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653028/; classtype:trojan-activity;sid:84516128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653029)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-07-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653029/; classtype:trojan-activity;sid:84516129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653025)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653025/; classtype:trojan-activity;sid:84516125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653026)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-003/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653026/; classtype:trojan-activity;sid:84516126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653023)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-11-04/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653023/; classtype:trojan-activity;sid:84516123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653024)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-049/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653024/; classtype:trojan-activity;sid:84516124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653022)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168121/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653022/; classtype:trojan-activity;sid:84516122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653016)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-03-07/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653016/; classtype:trojan-activity;sid:84516116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653017)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166085/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653017/; classtype:trojan-activity;sid:84516117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653018)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-12-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653018/; classtype:trojan-activity;sid:84516118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653019)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220624-043/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653019/; classtype:trojan-activity;sid:84516119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653020)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1042/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653020/; classtype:trojan-activity;sid:84516120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653021)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653021/; classtype:trojan-activity;sid:84516121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653013)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-08-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653013/; classtype:trojan-activity;sid:84516113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653014)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/90/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653014/; classtype:trojan-activity;sid:84516114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653015)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/msnet/adomd.net/100/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653015/; classtype:trojan-activity;sid:84516115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653011)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2023-02-08/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653011/; classtype:trojan-activity;sid:84516111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653012)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/com/res/1033/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653012/; classtype:trojan-activity;sid:84516112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653009)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1200/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653009/; classtype:trojan-activity;sid:84516109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653010)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211112-030/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653010/; classtype:trojan-activity;sid:84516110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653007)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210901-059/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653007/; classtype:trojan-activity;sid:84516107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653008)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-03-08/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653008/; classtype:trojan-activity;sid:84516108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653006)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-12-02/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653006/; classtype:trojan-activity;sid:84516106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652999)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-04-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652999/; classtype:trojan-activity;sid:84516099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653000)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-024/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653000/; classtype:trojan-activity;sid:84516100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653001)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/07/querypr/info.zip"; http_uri; depth:162; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653001/; classtype:trojan-activity;sid:84516101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653002)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210729-089/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653002/; classtype:trojan-activity;sid:84516102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653003)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653003/; classtype:trojan-activity;sid:84516103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653004)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-04-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653004/; classtype:trojan-activity;sid:84516104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653005)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653005/; classtype:trojan-activity;sid:84516105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652998)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652998/; classtype:trojan-activity;sid:84516098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652997)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/consulta/2019-12-19/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652997/; classtype:trojan-activity;sid:84516097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652996)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/%e8%a5%bf%e7%be%8e%e5%8d%b0%e5%88%b7%e7%94%9f%e4%ba%a7%e4%bb%93%e5%ba%93%e7%b3%bb%e7%bb%9f/update/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652996/; classtype:trojan-activity;sid:84516096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652995)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210816-019/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652995/; classtype:trojan-activity;sid:84516095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652992)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/powershell/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652992/; classtype:trojan-activity;sid:84516092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652993)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-08-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652993/; classtype:trojan-activity;sid:84516093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652994)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652994/; classtype:trojan-activity;sid:84516094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652990)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-05-20/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652990/; classtype:trojan-activity;sid:84516090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652991)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-11-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652991/; classtype:trojan-activity;sid:84516091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652988)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-09-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652988/; classtype:trojan-activity;sid:84516088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652989)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652989/; classtype:trojan-activity;sid:84516089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652985)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652985/; classtype:trojan-activity;sid:84516085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652986)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211110-006/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652986/; classtype:trojan-activity;sid:84516086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652987)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210826-050/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652987/; classtype:trojan-activity;sid:84516087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652978)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/sqlservr/100/dts/binn/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652978/; classtype:trojan-activity;sid:84516078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652979)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/sqltypes/info.zip"; http_uri; depth:157; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652979/; classtype:trojan-activity;sid:84516079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652980)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-12-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652980/; classtype:trojan-activity;sid:84516080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652981)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000162637/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652981/; classtype:trojan-activity;sid:84516081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652982)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1036/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652982/; classtype:trojan-activity;sid:84516082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652983)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652983/; classtype:trojan-activity;sid:84516083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652984)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172576/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652984/; classtype:trojan-activity;sid:84516084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652976)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652976/; classtype:trojan-activity;sid:84516076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652977)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652977/; classtype:trojan-activity;sid:84516077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652974)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000640/2024-05-27/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652974/; classtype:trojan-activity;sid:84516074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652975)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/dist/js/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652975/; classtype:trojan-activity;sid:84516075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652973)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165014/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652973/; classtype:trojan-activity;sid:84516073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652970)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-01-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652970/; classtype:trojan-activity;sid:84516070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652971)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/1033/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652971/; classtype:trojan-activity;sid:84516071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652972)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-001/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652972/; classtype:trojan-activity;sid:84516072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652968)"; flow:established,from_client; content:"GET"; http_method; content:"/ramon/teste/microsoft%20office%202010%20professional%20plus%20x86/powerpoint.pt-br/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652968/; classtype:trojan-activity;sid:84516068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652969)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-003/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652969/; classtype:trojan-activity;sid:84516069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652963)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652963/; classtype:trojan-activity;sid:84516063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652964)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/1.8933demo/177278d1757f/41dae12595c9/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652964/; classtype:trojan-activity;sid:84516064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652965)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/en/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652965/; classtype:trojan-activity;sid:84516065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652966)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241106-151/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652966/; classtype:trojan-activity;sid:84516066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652967)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-10-13/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652967/; classtype:trojan-activity;sid:84516067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652962)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-29/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652962/; classtype:trojan-activity;sid:84516062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652961)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-030/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652961/; classtype:trojan-activity;sid:84516061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652960)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652960/; classtype:trojan-activity;sid:84516060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652958)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/ide/priassem/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652958/; classtype:trojan-activity;sid:84516058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652959)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172568/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652959/; classtype:trojan-activity;sid:84516059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652955)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-059/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652955/; classtype:trojan-activity;sid:84516055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652956)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-002/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652956/; classtype:trojan-activity;sid:84516056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652957)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652957/; classtype:trojan-activity;sid:84516057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652954)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652954/; classtype:trojan-activity;sid:84516054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652950)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/msvs9/common7/ide/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652950/; classtype:trojan-activity;sid:84516050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652951)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-006/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652951/; classtype:trojan-activity;sid:84516051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652952)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/90/shared/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652952/; classtype:trojan-activity;sid:84516052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652953)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-10-26/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652953/; classtype:trojan-activity;sid:84516053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652948)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652948/; classtype:trojan-activity;sid:84516048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652949)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000640/2024-06-12/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652949/; classtype:trojan-activity;sid:84516049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652946)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-05-29/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652946/; classtype:trojan-activity;sid:84516046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652947)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210820-072/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652947/; classtype:trojan-activity;sid:84516047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652943)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2022-06-10/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652943/; classtype:trojan-activity;sid:84516043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652944)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/info.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652944/; classtype:trojan-activity;sid:84516044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652945)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210901-059/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652945/; classtype:trojan-activity;sid:84516045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652940)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-09-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652940/; classtype:trojan-activity;sid:84516040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652941)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1031/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652941/; classtype:trojan-activity;sid:84516041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652942)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/1/9929/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652942/; classtype:trojan-activity;sid:84516042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652939)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-01-20/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652939/; classtype:trojan-activity;sid:84516039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652938)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/07/info.zip"; http_uri; depth:154; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652938/; classtype:trojan-activity;sid:84516038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652936)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/shared/1033/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652936/; classtype:trojan-activity;sid:84516036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652937)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210731-081/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652937/; classtype:trojan-activity;sid:84516037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652934)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/info.zip"; http_uri; depth:161; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652934/; classtype:trojan-activity;sid:84516034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652935)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-31/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652935/; classtype:trojan-activity;sid:84516035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652932)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652932/; classtype:trojan-activity;sid:84516032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652933)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652933/; classtype:trojan-activity;sid:84516033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652928)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241016-028/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652928/; classtype:trojan-activity;sid:84516028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652929)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/shared/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652929/; classtype:trojan-activity;sid:84516029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652930)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/windows/system32/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652930/; classtype:trojan-activity;sid:84516030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652931)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqlparam/info.zip"; http_uri; depth:170; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652931/; classtype:trojan-activity;sid:84516031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652927)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-050/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652927/; classtype:trojan-activity;sid:84516027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652926)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652926/; classtype:trojan-activity;sid:84516026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652925)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210809-022/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652925/; classtype:trojan-activity;sid:84516025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652922)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/en/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652922/; classtype:trojan-activity;sid:84516022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652923)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652923/; classtype:trojan-activity;sid:84516023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652924)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqltran/info.zip"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652924/; classtype:trojan-activity;sid:84516024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652921)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652921/; classtype:trojan-activity;sid:84516021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652919)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652919/; classtype:trojan-activity;sid:84516019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652920)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-02-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652920/; classtype:trojan-activity;sid:84516020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652915)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/ide/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652915/; classtype:trojan-activity;sid:84516015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652916)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/shared/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652916/; classtype:trojan-activity;sid:84516016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652917)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165772/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652917/; classtype:trojan-activity;sid:84516017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652918)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652918/; classtype:trojan-activity;sid:84516018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652914)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210730-024/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652914/; classtype:trojan-activity;sid:84516014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652913)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250410-075/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652913/; classtype:trojan-activity;sid:84516013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652912)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168881/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652912/; classtype:trojan-activity;sid:84516012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652911)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-033/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652911/; classtype:trojan-activity;sid:84516011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652906)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-076/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652906/; classtype:trojan-activity;sid:84516006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652907)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-03-01/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652907/; classtype:trojan-activity;sid:84516007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652908)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652908/; classtype:trojan-activity;sid:84516008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652909)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/sqlservr/100/com/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652909/; classtype:trojan-activity;sid:84516009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652910)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/msnet/adomd.net/100/zh-chs/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652910/; classtype:trojan-activity;sid:84516010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652905)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-054/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652905/; classtype:trojan-activity;sid:84516005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652904)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166243/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652904/; classtype:trojan-activity;sid:84516004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652902)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-046/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652902/; classtype:trojan-activity;sid:84516002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652903)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220114-001/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652903/; classtype:trojan-activity;sid:84516003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652901)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-049/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652901/; classtype:trojan-activity;sid:84516001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652898)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/remoteblobstore/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652898/; classtype:trojan-activity;sid:84515998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652899)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220421-042/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652899/; classtype:trojan-activity;sid:84515999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652900)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/sdk/assembly/zh-chs/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652900/; classtype:trojan-activity;sid:84516000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652896)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168553/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652896/; classtype:trojan-activity;sid:84515996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652897)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/1033/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652897/; classtype:trojan-activity;sid:84515997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652892)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/sqlservr/100/dts/binn/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652892/; classtype:trojan-activity;sid:84515992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652893)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/cfiles/msshared/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652893/; classtype:trojan-activity;sid:84515993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652894)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241128-012/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652894/; classtype:trojan-activity;sid:84515994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652895)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652895/; classtype:trojan-activity;sid:84515995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652889)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240625-008/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652889/; classtype:trojan-activity;sid:84515989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652890)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/dotnetfx30/x64/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652890/; classtype:trojan-activity;sid:84515990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652891)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-033/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652891/; classtype:trojan-activity;sid:84515991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652887)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-031/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652887/; classtype:trojan-activity;sid:84515987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652888)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/msnet/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652888/; classtype:trojan-activity;sid:84515988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652886)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/vsshell/common7/ide/zh-chs/info.zip"; http_uri; depth:165; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652886/; classtype:trojan-activity;sid:84515986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652885)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-001/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652885/; classtype:trojan-activity;sid:84515985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652883)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/dotnetmsp/x64/info.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652883/; classtype:trojan-activity;sid:84515983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652884)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210723-029/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652884/; classtype:trojan-activity;sid:84515984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652878)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250625-043/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652878/; classtype:trojan-activity;sid:84515978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652879)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/dist/css/info.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652879/; classtype:trojan-activity;sid:84515979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652880)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220428-040/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652880/; classtype:trojan-activity;sid:84515980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652881)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250613-039/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652881/; classtype:trojan-activity;sid:84515981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652882)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211008-008/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652882/; classtype:trojan-activity;sid:84515982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652875)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-036/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652875/; classtype:trojan-activity;sid:84515975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652876)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210817-043/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652876/; classtype:trojan-activity;sid:84515976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652877)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1041/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652877/; classtype:trojan-activity;sid:84515977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652873)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210814-028/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652873/; classtype:trojan-activity;sid:84515973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652874)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169013/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652874/; classtype:trojan-activity;sid:84515974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652871)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-076/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652871/; classtype:trojan-activity;sid:84515971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652872)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652872/; classtype:trojan-activity;sid:84515972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652869)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652869/; classtype:trojan-activity;sid:84515969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652870)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652870/; classtype:trojan-activity;sid:84515970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652868)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/res/1033/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652868/; classtype:trojan-activity;sid:84515968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652867)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220824-006/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652867/; classtype:trojan-activity;sid:84515967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652864)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-10-04/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652864/; classtype:trojan-activity;sid:84515964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652865)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652865/; classtype:trojan-activity;sid:84515965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652866)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211026-077/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652866/; classtype:trojan-activity;sid:84515966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652862)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210814-028/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652862/; classtype:trojan-activity;sid:84515962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652863)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-04-22/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652863/; classtype:trojan-activity;sid:84515963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652861)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220528-019/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652861/; classtype:trojan-activity;sid:84515961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652857)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160628/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652857/; classtype:trojan-activity;sid:84515957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652858)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2021-12-04/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652858/; classtype:trojan-activity;sid:84515958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652859)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/2.0/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652859/; classtype:trojan-activity;sid:84515959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652860)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/plcomps/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652860/; classtype:trojan-activity;sid:84515960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652855)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-057/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652855/; classtype:trojan-activity;sid:84515955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652856)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250604-042/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652856/; classtype:trojan-activity;sid:84515956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652846)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652846/; classtype:trojan-activity;sid:84515946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652847)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-019/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652847/; classtype:trojan-activity;sid:84515947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652848)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652848/; classtype:trojan-activity;sid:84515948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652849)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165999/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652849/; classtype:trojan-activity;sid:84515949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652850)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/xiangdan/210721-020/info.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652850/; classtype:trojan-activity;sid:84515950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652851)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652851/; classtype:trojan-activity;sid:84515951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652852)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000640/2024-05-30/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652852/; classtype:trojan-activity;sid:84515952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652853)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-020/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652853/; classtype:trojan-activity;sid:84515953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652854)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210723-002/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652854/; classtype:trojan-activity;sid:84515954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652844)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652844/; classtype:trojan-activity;sid:84515944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652845)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1031/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652845/; classtype:trojan-activity;sid:84515945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652841)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210807-008/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652841/; classtype:trojan-activity;sid:84515941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652842)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220809-080/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652842/; classtype:trojan-activity;sid:84515942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652843)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652843/; classtype:trojan-activity;sid:84515943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652839)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250214-089/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652839/; classtype:trojan-activity;sid:84515939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652840)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220423-022/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652840/; classtype:trojan-activity;sid:84515940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652838)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167509/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652838/; classtype:trojan-activity;sid:84515938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652832)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/windows/gac/zh-chs/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652832/; classtype:trojan-activity;sid:84515932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652833)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/1033/info.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652833/; classtype:trojan-activity;sid:84515933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652834)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-09-06/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652834/; classtype:trojan-activity;sid:84515934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652835)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-042/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652835/; classtype:trojan-activity;sid:84515935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652836)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/cfiles/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652836/; classtype:trojan-activity;sid:84515936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652837)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652837/; classtype:trojan-activity;sid:84515937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652829)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652829/; classtype:trojan-activity;sid:84515929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652830)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230629-126/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652830/; classtype:trojan-activity;sid:84515930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652831)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-047/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652831/; classtype:trojan-activity;sid:84515931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652824)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250410-009/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652824/; classtype:trojan-activity;sid:84515924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652825)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/windows%20installer/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652825/; classtype:trojan-activity;sid:84515925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652826)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250726-060/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652826/; classtype:trojan-activity;sid:84515926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652827)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/sqlservr/100/keyfile/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652827/; classtype:trojan-activity;sid:84515927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652828)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/src/sass/demo/helpers/info.zip"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652828/; classtype:trojan-activity;sid:84515928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652822)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167243/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652822/; classtype:trojan-activity;sid:84515922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652823)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220317-085/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652823/; classtype:trojan-activity;sid:84515923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652820)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-05-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652820/; classtype:trojan-activity;sid:84515920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652821)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652821/; classtype:trojan-activity;sid:84515921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652818)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171286/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652818/; classtype:trojan-activity;sid:84515918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652819)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/windows/gac_32/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652819/; classtype:trojan-activity;sid:84515919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652814)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2025-01-01/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652814/; classtype:trojan-activity;sid:84515914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652815)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652815/; classtype:trojan-activity;sid:84515915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652816)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-001/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652816/; classtype:trojan-activity;sid:84515916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652817)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167557/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652817/; classtype:trojan-activity;sid:84515917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652812)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/1.8933demo/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652812/; classtype:trojan-activity;sid:84515912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652813)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/com/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652813/; classtype:trojan-activity;sid:84515913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652810)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2022-04-27/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652810/; classtype:trojan-activity;sid:84515910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652811)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/msnet/adomd.net/100/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652811/; classtype:trojan-activity;sid:84515911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652806)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000162506/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652806/; classtype:trojan-activity;sid:84515906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652807)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250625-002/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652807/; classtype:trojan-activity;sid:84515907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652808)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/plcomps/res/2052/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652808/; classtype:trojan-activity;sid:84515908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652809)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241112-002/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652809/; classtype:trojan-activity;sid:84515909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652802)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/images/saomiao/info.zip"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652802/; classtype:trojan-activity;sid:84515902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652803)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652803/; classtype:trojan-activity;sid:84515903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652804)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250408-014/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652804/; classtype:trojan-activity;sid:84515904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652805)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652805/; classtype:trojan-activity;sid:84515905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652799)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166135/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652799/; classtype:trojan-activity;sid:84515899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652800)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/%e8%a5%bf%e7%be%8e%e5%8d%b0%e5%88%b7%e7%94%9f%e4%ba%a7%e4%bb%93%e5%ba%93%e7%b3%bb%e7%bb%9f/pbdll/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652800/; classtype:trojan-activity;sid:84515900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652801)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1100_beta1/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652801/; classtype:trojan-activity;sid:84515901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652798)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/windows/gac/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652798/; classtype:trojan-activity;sid:84515898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652797)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1150/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652797/; classtype:trojan-activity;sid:84515897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652795)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167451/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652795/; classtype:trojan-activity;sid:84515895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652796)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230327-016/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652796/; classtype:trojan-activity;sid:84515896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652794)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-026/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652794/; classtype:trojan-activity;sid:84515894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652790)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-058/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652790/; classtype:trojan-activity;sid:84515890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652791)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241205-027/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652791/; classtype:trojan-activity;sid:84515891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652792)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/info.zip"; http_uri; depth:156; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652792/; classtype:trojan-activity;sid:84515892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652793)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/binn/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652793/; classtype:trojan-activity;sid:84515893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652788)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652788/; classtype:trojan-activity;sid:84515888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652789)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-07-20/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652789/; classtype:trojan-activity;sid:84515889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652786)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210816-051/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652786/; classtype:trojan-activity;sid:84515886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652787)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250516-025/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652787/; classtype:trojan-activity;sid:84515887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652785)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-04-01/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652785/; classtype:trojan-activity;sid:84515885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652781)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164236/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652781/; classtype:trojan-activity;sid:84515881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652782)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000640/2024-05-29/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652782/; classtype:trojan-activity;sid:84515882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652783)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211125-002/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652783/; classtype:trojan-activity;sid:84515883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652784)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/windows/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652784/; classtype:trojan-activity;sid:84515884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652780)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210820-072/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652780/; classtype:trojan-activity;sid:84515880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652778)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240329-100/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652778/; classtype:trojan-activity;sid:84515878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652779)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/msnet/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652779/; classtype:trojan-activity;sid:84515879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652777)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-12-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652777/; classtype:trojan-activity;sid:84515877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652776)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652776/; classtype:trojan-activity;sid:84515876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652772)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652772/; classtype:trojan-activity;sid:84515872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652773)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/windows/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652773/; classtype:trojan-activity;sid:84515873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652774)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652774/; classtype:trojan-activity;sid:84515874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652775)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1000/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652775/; classtype:trojan-activity;sid:84515875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652771)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/windows%20installer/ia64/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652771/; classtype:trojan-activity;sid:84515871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652767)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-08-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652767/; classtype:trojan-activity;sid:84515867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652768)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652768/; classtype:trojan-activity;sid:84515868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652769)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171308/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652769/; classtype:trojan-activity;sid:84515869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652770)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/shared/zh-chs/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652770/; classtype:trojan-activity;sid:84515870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652766)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652766/; classtype:trojan-activity;sid:84515866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652764)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-06-11/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652764/; classtype:trojan-activity;sid:84515864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652765)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652765/; classtype:trojan-activity;sid:84515865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652761)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165200/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652761/; classtype:trojan-activity;sid:84515861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652762)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171402/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652762/; classtype:trojan-activity;sid:84515862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652763)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652763/; classtype:trojan-activity;sid:84515863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652751)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240919-102/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652751/; classtype:trojan-activity;sid:84515851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652752)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-007/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652752/; classtype:trojan-activity;sid:84515852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652753)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/tasks/en/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652753/; classtype:trojan-activity;sid:84515853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652754)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652754/; classtype:trojan-activity;sid:84515854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652755)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168299/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652755/; classtype:trojan-activity;sid:84515855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652756)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1100/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652756/; classtype:trojan-activity;sid:84515856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652757)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/1033/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652757/; classtype:trojan-activity;sid:84515857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652758)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220406-019/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652758/; classtype:trojan-activity;sid:84515858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652759)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250315-081/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652759/; classtype:trojan-activity;sid:84515859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652760)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/vsshell/common7/ide/zh-chs/info.zip"; http_uri; depth:164; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652760/; classtype:trojan-activity;sid:84515860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652750)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240608-095/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652750/; classtype:trojan-activity;sid:84515850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652749)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/windows/gac/zh-chs/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652749/; classtype:trojan-activity;sid:84515849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652747)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652747/; classtype:trojan-activity;sid:84515847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652748)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/dotnetmsp/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652748/; classtype:trojan-activity;sid:84515848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652745)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652745/; classtype:trojan-activity;sid:84515845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652746)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-009/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652746/; classtype:trojan-activity;sid:84515846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652742)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-06-25/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652742/; classtype:trojan-activity;sid:84515842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652743)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/connect/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652743/; classtype:trojan-activity;sid:84515843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652744)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652744/; classtype:trojan-activity;sid:84515844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652741)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220217-058/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652741/; classtype:trojan-activity;sid:84515841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652740)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-023/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652740/; classtype:trojan-activity;sid:84515840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652734)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652734/; classtype:trojan-activity;sid:84515834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652735)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-017/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652735/; classtype:trojan-activity;sid:84515835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652736)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1046/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652736/; classtype:trojan-activity;sid:84515836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652737)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/provdesc/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652737/; classtype:trojan-activity;sid:84515837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652738)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170378/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652738/; classtype:trojan-activity;sid:84515838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652739)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/res/2052/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652739/; classtype:trojan-activity;sid:84515839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652731)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220223-034/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652731/; classtype:trojan-activity;sid:84515831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652732)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/windows/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652732/; classtype:trojan-activity;sid:84515832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652733)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_msi/pfiles/sqlservr/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652733/; classtype:trojan-activity;sid:84515833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652729)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/src/images/info.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652729/; classtype:trojan-activity;sid:84515829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652730)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/vs2008/2052/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652730/; classtype:trojan-activity;sid:84515830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652727)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210810-003/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652727/; classtype:trojan-activity;sid:84515827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652728)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1033/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652728/; classtype:trojan-activity;sid:84515828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652726)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220406-019/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652726/; classtype:trojan-activity;sid:84515826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652725)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-01-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652725/; classtype:trojan-activity;sid:84515825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652723)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652723/; classtype:trojan-activity;sid:84515823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652724)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168063/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652724/; classtype:trojan-activity;sid:84515824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652722)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652722/; classtype:trojan-activity;sid:84515822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652718)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652718/; classtype:trojan-activity;sid:84515818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652719)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652719/; classtype:trojan-activity;sid:84515819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652720)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652720/; classtype:trojan-activity;sid:84515820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652721)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652721/; classtype:trojan-activity;sid:84515821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652716)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-31/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652716/; classtype:trojan-activity;sid:84515816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652717)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652717/; classtype:trojan-activity;sid:84515817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652713)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-061/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652713/; classtype:trojan-activity;sid:84515813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652714)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169927/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652714/; classtype:trojan-activity;sid:84515814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652715)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-09-26/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652715/; classtype:trojan-activity;sid:84515815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652705)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652705/; classtype:trojan-activity;sid:84515805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652706)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/powershell/x64/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652706/; classtype:trojan-activity;sid:84515806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652707)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652707/; classtype:trojan-activity;sid:84515807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652708)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/windows%20installer/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652708/; classtype:trojan-activity;sid:84515808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652709)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/binn/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652709/; classtype:trojan-activity;sid:84515809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652710)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/sqlservr/100/dts/binn/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652710/; classtype:trojan-activity;sid:84515810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652711)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211109-007/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652711/; classtype:trojan-activity;sid:84515811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652712)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210723-026/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652712/; classtype:trojan-activity;sid:84515812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652704)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652704/; classtype:trojan-activity;sid:84515804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652702)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-09-09/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652702/; classtype:trojan-activity;sid:84515802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652703)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211110-008/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652703/; classtype:trojan-activity;sid:84515803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652701)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000640/2024-06-15/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652701/; classtype:trojan-activity;sid:84515801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652700)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/info.zip"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652700/; classtype:trojan-activity;sid:84515800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652699)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1040/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652699/; classtype:trojan-activity;sid:84515799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652698)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqlresst/info.zip"; http_uri; depth:171; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652698/; classtype:trojan-activity;sid:84515798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652696)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652696/; classtype:trojan-activity;sid:84515796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652697)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-09-24/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652697/; classtype:trojan-activity;sid:84515797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652694)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/80/tools/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652694/; classtype:trojan-activity;sid:84515794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652695)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165935/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652695/; classtype:trojan-activity;sid:84515795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652693)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167601/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652693/; classtype:trojan-activity;sid:84515793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652688)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-11-11/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652688/; classtype:trojan-activity;sid:84515788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652689)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210804-019/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652689/; classtype:trojan-activity;sid:84515789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652690)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652690/; classtype:trojan-activity;sid:84515790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652691)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/windows/gac_32/zh-chs/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652691/; classtype:trojan-activity;sid:84515791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652692)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652692/; classtype:trojan-activity;sid:84515792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652687)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.86.112.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652687/; classtype:trojan-activity;sid:84515787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652686)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221130-089/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652686/; classtype:trojan-activity;sid:84515786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652685)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172094/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652685/; classtype:trojan-activity;sid:84515785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652684)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/2052/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652684/; classtype:trojan-activity;sid:84515784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652682)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210607-069/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652682/; classtype:trojan-activity;sid:84515782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652683)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652683/; classtype:trojan-activity;sid:84515783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652678)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-024/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652678/; classtype:trojan-activity;sid:84515778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652679)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/connect/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652679/; classtype:trojan-activity;sid:84515779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652680)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/2052/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652680/; classtype:trojan-activity;sid:84515780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652681)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220715-064/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652681/; classtype:trojan-activity;sid:84515781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652677)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652677/; classtype:trojan-activity;sid:84515777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652673)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/windows/system32/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652673/; classtype:trojan-activity;sid:84515773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652674)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/zh-chs/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652674/; classtype:trojan-activity;sid:84515774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652675)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652675/; classtype:trojan-activity;sid:84515775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652676)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/src/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652676/; classtype:trojan-activity;sid:84515776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652671)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652671/; classtype:trojan-activity;sid:84515771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652672)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171288/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652672/; classtype:trojan-activity;sid:84515772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652669)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210807-008/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652669/; classtype:trojan-activity;sid:84515769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652670)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240224-074/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652670/; classtype:trojan-activity;sid:84515770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652664)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-10-20/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652664/; classtype:trojan-activity;sid:84515764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652665)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2020-02-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652665/; classtype:trojan-activity;sid:84515765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652666)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-024/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652666/; classtype:trojan-activity;sid:84515766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652667)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/1033/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652667/; classtype:trojan-activity;sid:84515767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652668)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210816-019/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652668/; classtype:trojan-activity;sid:84515768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652662)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-060/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652662/; classtype:trojan-activity;sid:84515762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652663)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/windows/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652663/; classtype:trojan-activity;sid:84515763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652661)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-07-15/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652661/; classtype:trojan-activity;sid:84515761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652658)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/info.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652658/; classtype:trojan-activity;sid:84515758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652659)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240402-089/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652659/; classtype:trojan-activity;sid:84515759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652660)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-051/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652660/; classtype:trojan-activity;sid:84515760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652652)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250111-061/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652652/; classtype:trojan-activity;sid:84515752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652653)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/plcomps/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652653/; classtype:trojan-activity;sid:84515753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652654)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-034/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652654/; classtype:trojan-activity;sid:84515754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652655)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652655/; classtype:trojan-activity;sid:84515755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652656)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2021-10-31/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652656/; classtype:trojan-activity;sid:84515756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652657)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210804-082/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652657/; classtype:trojan-activity;sid:84515757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652651)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220210-142/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652651/; classtype:trojan-activity;sid:84515751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652649)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-008/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652649/; classtype:trojan-activity;sid:84515749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652650)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/src/sass/demo/info.zip"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652650/; classtype:trojan-activity;sid:84515750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652646)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/windows/gac_32/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652646/; classtype:trojan-activity;sid:84515746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652647)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211215-049/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652647/; classtype:trojan-activity;sid:84515747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652648)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210629-021/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652648/; classtype:trojan-activity;sid:84515748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652645)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-08-04/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652645/; classtype:trojan-activity;sid:84515745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652642)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/vs2008/1033/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652642/; classtype:trojan-activity;sid:84515742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652643)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2006/11/info.zip"; http_uri; depth:153; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652643/; classtype:trojan-activity;sid:84515743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652644)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-056/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652644/; classtype:trojan-activity;sid:84515744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652637)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-05-13/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652637/; classtype:trojan-activity;sid:84515737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652638)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/vs2008/2052/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652638/; classtype:trojan-activity;sid:84515738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652639)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210918-075/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652639/; classtype:trojan-activity;sid:84515739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652640)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-03-02/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652640/; classtype:trojan-activity;sid:84515740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652641)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/keyfile/2052/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652641/; classtype:trojan-activity;sid:84515741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652634)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/windows/gac_32/zh-chs/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652634/; classtype:trojan-activity;sid:84515734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652635)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/80/tools/binn/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652635/; classtype:trojan-activity;sid:84515735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652636)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-11-25/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652636/; classtype:trojan-activity;sid:84515736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652633)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167437/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652633/; classtype:trojan-activity;sid:84515733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652630)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164808/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652630/; classtype:trojan-activity;sid:84515730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652631)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-04-27/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652631/; classtype:trojan-activity;sid:84515731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652632)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/keyfile/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652632/; classtype:trojan-activity;sid:84515732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652629)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652629/; classtype:trojan-activity;sid:84515729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652626)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-024/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652626/; classtype:trojan-activity;sid:84515726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652627)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220111-033/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652627/; classtype:trojan-activity;sid:84515727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652628)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-057/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652628/; classtype:trojan-activity;sid:84515728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652623)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/info.zip"; http_uri; depth:148; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652623/; classtype:trojan-activity;sid:84515723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652624)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241123-018/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652624/; classtype:trojan-activity;sid:84515724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652625)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-059/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652625/; classtype:trojan-activity;sid:84515725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652619)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230918-056/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652619/; classtype:trojan-activity;sid:84515719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652620)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168275/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652620/; classtype:trojan-activity;sid:84515720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652621)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/zh-chs/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652621/; classtype:trojan-activity;sid:84515721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652622)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/help/1033/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652622/; classtype:trojan-activity;sid:84515722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652618)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652618/; classtype:trojan-activity;sid:84515718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652617)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652617/; classtype:trojan-activity;sid:84515717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652614)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/plcomps/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652614/; classtype:trojan-activity;sid:84515714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652615)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1042/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652615/; classtype:trojan-activity;sid:84515715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652616)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165244/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652616/; classtype:trojan-activity;sid:84515716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652608)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211224-005/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652608/; classtype:trojan-activity;sid:84515708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652609)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652609/; classtype:trojan-activity;sid:84515709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652610)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-015/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652610/; classtype:trojan-activity;sid:84515710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652611)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-002/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652611/; classtype:trojan-activity;sid:84515711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652612)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652612/; classtype:trojan-activity;sid:84515712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652613)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-037/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652613/; classtype:trojan-activity;sid:84515713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652605)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-043/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652605/; classtype:trojan-activity;sid:84515705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652606)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-045/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652606/; classtype:trojan-activity;sid:84515706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652607)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/sqlservr/100/dts/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652607/; classtype:trojan-activity;sid:84515707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652604)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-04-01/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652604/; classtype:trojan-activity;sid:84515704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652600)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652600/; classtype:trojan-activity;sid:84515700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652601)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210814-026/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652601/; classtype:trojan-activity;sid:84515701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652602)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/dotnetmsp/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652602/; classtype:trojan-activity;sid:84515702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652603)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/sqlservr/100/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652603/; classtype:trojan-activity;sid:84515703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652598)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240823-011/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652598/; classtype:trojan-activity;sid:84515698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652599)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211224-005/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652599/; classtype:trojan-activity;sid:84515699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652597)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210810-020/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652597/; classtype:trojan-activity;sid:84515697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652596)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/windows%20installer/x64/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652596/; classtype:trojan-activity;sid:84515696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652593)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-01-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652593/; classtype:trojan-activity;sid:84515693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652594)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211215-049/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652594/; classtype:trojan-activity;sid:84515694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652595)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/shared/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652595/; classtype:trojan-activity;sid:84515695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652591)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-01-30/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652591/; classtype:trojan-activity;sid:84515691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652592)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000640/2024-05-23/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652592/; classtype:trojan-activity;sid:84515692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652590)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/plcomps/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652590/; classtype:trojan-activity;sid:84515690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652587)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/3082/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652587/; classtype:trojan-activity;sid:84515687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652588)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1049/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652588/; classtype:trojan-activity;sid:84515688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652589)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-057/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652589/; classtype:trojan-activity;sid:84515689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652584)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211005-031/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652584/; classtype:trojan-activity;sid:84515684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652585)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-028/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652585/; classtype:trojan-activity;sid:84515685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652586)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/dist/css/info.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652586/; classtype:trojan-activity;sid:84515686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652583)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652583/; classtype:trojan-activity;sid:84515683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652581)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-06-19/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652581/; classtype:trojan-activity;sid:84515681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652582)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw0606/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652582/; classtype:trojan-activity;sid:84515682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652579)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-10-01/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652579/; classtype:trojan-activity;sid:84515679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652580)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652580/; classtype:trojan-activity;sid:84515680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652578)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-09-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652578/; classtype:trojan-activity;sid:84515678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652574)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210729-050/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652574/; classtype:trojan-activity;sid:84515674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652575)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652575/; classtype:trojan-activity;sid:84515675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652576)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220224-016/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652576/; classtype:trojan-activity;sid:84515676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652577)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/sdk/assembly/en/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652577/; classtype:trojan-activity;sid:84515677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652571)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652571/; classtype:trojan-activity;sid:84515671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652572)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210817-031/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652572/; classtype:trojan-activity;sid:84515672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652573)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-05-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652573/; classtype:trojan-activity;sid:84515673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652570)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171228/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652570/; classtype:trojan-activity;sid:84515670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652569)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000640/2024-06-08/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652569/; classtype:trojan-activity;sid:84515669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652568)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/com/res/2052/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652568/; classtype:trojan-activity;sid:84515668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652564)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652564/; classtype:trojan-activity;sid:84515664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652565)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210804-019/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652565/; classtype:trojan-activity;sid:84515665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652566)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168559/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652566/; classtype:trojan-activity;sid:84515666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652567)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/tasks/en/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652567/; classtype:trojan-activity;sid:84515667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652562)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000640/2024-12-07/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652562/; classtype:trojan-activity;sid:84515662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652563)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220224-043/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652563/; classtype:trojan-activity;sid:84515663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652559)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/sqlservr/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652559/; classtype:trojan-activity;sid:84515659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652560)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230818-065/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652560/; classtype:trojan-activity;sid:84515660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652561)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-017/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652561/; classtype:trojan-activity;sid:84515661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652556)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168281/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652556/; classtype:trojan-activity;sid:84515656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652557)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652557/; classtype:trojan-activity;sid:84515657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652558)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2020-08-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652558/; classtype:trojan-activity;sid:84515658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652554)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/xiangdan/210721-020/images/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652554/; classtype:trojan-activity;sid:84515654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652555)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/msnet/adomd.net/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652555/; classtype:trojan-activity;sid:84515655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652552)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652552/; classtype:trojan-activity;sid:84515652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652553)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/tools/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652553/; classtype:trojan-activity;sid:84515653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652549)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/ide/priassem/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652549/; classtype:trojan-activity;sid:84515649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652550)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652550/; classtype:trojan-activity;sid:84515650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652551)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652551/; classtype:trojan-activity;sid:84515651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652547)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-006/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652547/; classtype:trojan-activity;sid:84515647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652548)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/2052/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652548/; classtype:trojan-activity;sid:84515648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652542)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240907-061/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652542/; classtype:trojan-activity;sid:84515642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652543)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1031/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652543/; classtype:trojan-activity;sid:84515643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652544)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/res/1033/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652544/; classtype:trojan-activity;sid:84515644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652545)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250621-084/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652545/; classtype:trojan-activity;sid:84515645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652546)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/upgrade%20advisor/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652546/; classtype:trojan-activity;sid:84515646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652541)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160612/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652541/; classtype:trojan-activity;sid:84515641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652539)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/msnet/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652539/; classtype:trojan-activity;sid:84515639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652540)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250212-044/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652540/; classtype:trojan-activity;sid:84515640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652536)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/tools/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652536/; classtype:trojan-activity;sid:84515636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652537)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-055/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652537/; classtype:trojan-activity;sid:84515637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652538)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-017/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652538/; classtype:trojan-activity;sid:84515638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652531)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210809-022/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652531/; classtype:trojan-activity;sid:84515631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652532)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/windows/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652532/; classtype:trojan-activity;sid:84515632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652533)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210723-029/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652533/; classtype:trojan-activity;sid:84515633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652534)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-009/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652534/; classtype:trojan-activity;sid:84515634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652535)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/keyfile/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652535/; classtype:trojan-activity;sid:84515635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652530)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-058/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652530/; classtype:trojan-activity;sid:84515630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652527)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-12-13/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652527/; classtype:trojan-activity;sid:84515627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652528)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652528/; classtype:trojan-activity;sid:84515628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652529)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-10-03/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652529/; classtype:trojan-activity;sid:84515629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652524)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652524/; classtype:trojan-activity;sid:84515624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652525)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-10-09/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652525/; classtype:trojan-activity;sid:84515625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652526)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/zh-chs/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652526/; classtype:trojan-activity;sid:84515626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652521)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-060/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652521/; classtype:trojan-activity;sid:84515621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652522)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/dist/js/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652522/; classtype:trojan-activity;sid:84515622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652523)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/80/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652523/; classtype:trojan-activity;sid:84515623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652518)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/info.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652518/; classtype:trojan-activity;sid:84515618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652519)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1250/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652519/; classtype:trojan-activity;sid:84515619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652520)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/cfiles/msshared/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652520/; classtype:trojan-activity;sid:84515620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652514)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-020/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652514/; classtype:trojan-activity;sid:84515614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652515)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652515/; classtype:trojan-activity;sid:84515615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652516)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/msnet/adomd.net/100/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652516/; classtype:trojan-activity;sid:84515616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652517)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2006/11/events/info.zip"; http_uri; depth:161; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652517/; classtype:trojan-activity;sid:84515617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652509)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/remoteblobstore/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652509/; classtype:trojan-activity;sid:84515609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652510)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652510/; classtype:trojan-activity;sid:84515610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652511)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250709-015/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652511/; classtype:trojan-activity;sid:84515611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652512)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-053/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652512/; classtype:trojan-activity;sid:84515612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652513)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-024/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652513/; classtype:trojan-activity;sid:84515613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652508)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/com/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652508/; classtype:trojan-activity;sid:84515608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652503)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220217-062/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652503/; classtype:trojan-activity;sid:84515603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652504)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-019/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652504/; classtype:trojan-activity;sid:84515604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652505)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652505/; classtype:trojan-activity;sid:84515605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652506)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-030/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652506/; classtype:trojan-activity;sid:84515606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652507)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-022/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652507/; classtype:trojan-activity;sid:84515607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652501)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210910-045/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652501/; classtype:trojan-activity;sid:84515601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652502)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250403-102/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652502/; classtype:trojan-activity;sid:84515602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652500)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2022-06-26/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652500/; classtype:trojan-activity;sid:84515600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652496)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-04-24/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652496/; classtype:trojan-activity;sid:84515596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652497)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250429-048/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652497/; classtype:trojan-activity;sid:84515597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652498)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240718-019/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652498/; classtype:trojan-activity;sid:84515598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652499)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652499/; classtype:trojan-activity;sid:84515599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652493)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171248/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652493/; classtype:trojan-activity;sid:84515593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652494)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652494/; classtype:trojan-activity;sid:84515594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652495)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-031/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652495/; classtype:trojan-activity;sid:84515595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652491)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171244/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652491/; classtype:trojan-activity;sid:84515591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652492)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000640/2024-07-05/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652492/; classtype:trojan-activity;sid:84515592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652487)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171224/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652487/; classtype:trojan-activity;sid:84515587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652488)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164138/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652488/; classtype:trojan-activity;sid:84515588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652489)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171476/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652489/; classtype:trojan-activity;sid:84515589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652490)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172466/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652490/; classtype:trojan-activity;sid:84515590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652486)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652486/; classtype:trojan-activity;sid:84515586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652485)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-11-11/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652485/; classtype:trojan-activity;sid:84515585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652483)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652483/; classtype:trojan-activity;sid:84515583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652484)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652484/; classtype:trojan-activity;sid:84515584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652482)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/es/conting%c3%aancia/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652482/; classtype:trojan-activity;sid:84515582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652481)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pa/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652481/; classtype:trojan-activity;sid:84515581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652480)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652480/; classtype:trojan-activity;sid:84515580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652478)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652478/; classtype:trojan-activity;sid:84515578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652479)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652479/; classtype:trojan-activity;sid:84515579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652476)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-02-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652476/; classtype:trojan-activity;sid:84515576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652477)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230526-025/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652477/; classtype:trojan-activity;sid:84515577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652474)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-07-05/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652474/; classtype:trojan-activity;sid:84515574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652475)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-09-10/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652475/; classtype:trojan-activity;sid:84515575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652473)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-06-23/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652473/; classtype:trojan-activity;sid:84515573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652472)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-09-26/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652472/; classtype:trojan-activity;sid:84515572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652471)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652471/; classtype:trojan-activity;sid:84515571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652470)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652470/; classtype:trojan-activity;sid:84515570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652467)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-05-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652467/; classtype:trojan-activity;sid:84515567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652468)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-05-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652468/; classtype:trojan-activity;sid:84515568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652469)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652469/; classtype:trojan-activity;sid:84515569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652466)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231110-090/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652466/; classtype:trojan-activity;sid:84515566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652464)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652464/; classtype:trojan-activity;sid:84515564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652465)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-04-03/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652465/; classtype:trojan-activity;sid:84515565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652463)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652463/; classtype:trojan-activity;sid:84515563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652462)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652462/; classtype:trojan-activity;sid:84515562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652461)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652461/; classtype:trojan-activity;sid:84515561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652460)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-12-19/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652460/; classtype:trojan-activity;sid:84515560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652458)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-04-23/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652458/; classtype:trojan-activity;sid:84515558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652459)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652459/; classtype:trojan-activity;sid:84515559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652457)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652457/; classtype:trojan-activity;sid:84515557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652456)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-09-11/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652456/; classtype:trojan-activity;sid:84515556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652455)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652455/; classtype:trojan-activity;sid:84515555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652454)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-03-30/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652454/; classtype:trojan-activity;sid:84515554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652453)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-12-11/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652453/; classtype:trojan-activity;sid:84515553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652451)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-01-10/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652451/; classtype:trojan-activity;sid:84515551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652452)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-01-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652452/; classtype:trojan-activity;sid:84515552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652450)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221015-025/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652450/; classtype:trojan-activity;sid:84515550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652449)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652449/; classtype:trojan-activity;sid:84515549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652445)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652445/; classtype:trojan-activity;sid:84515545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652446)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652446/; classtype:trojan-activity;sid:84515546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652447)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652447/; classtype:trojan-activity;sid:84515547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652448)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652448/; classtype:trojan-activity;sid:84515548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652442)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-07-08/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652442/; classtype:trojan-activity;sid:84515542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652443)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240326-093/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652443/; classtype:trojan-activity;sid:84515543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652444)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652444/; classtype:trojan-activity;sid:84515544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652440)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/bookmark/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652440/; classtype:trojan-activity;sid:84515540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652441)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652441/; classtype:trojan-activity;sid:84515541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652439)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-01-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652439/; classtype:trojan-activity;sid:84515539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652437)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652437/; classtype:trojan-activity;sid:84515537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652438)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652438/; classtype:trojan-activity;sid:84515538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652436)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652436/; classtype:trojan-activity;sid:84515536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652435)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652435/; classtype:trojan-activity;sid:84515535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652434)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-09-14/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652434/; classtype:trojan-activity;sid:84515534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652433)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652433/; classtype:trojan-activity;sid:84515533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652432)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-05-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652432/; classtype:trojan-activity;sid:84515532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652431)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652431/; classtype:trojan-activity;sid:84515531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652430)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652430/; classtype:trojan-activity;sid:84515530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652429)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652429/; classtype:trojan-activity;sid:84515529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652427)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652427/; classtype:trojan-activity;sid:84515527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652428)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-10-19/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652428/; classtype:trojan-activity;sid:84515528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652426)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-09-29/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652426/; classtype:trojan-activity;sid:84515526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652425)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-02-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652425/; classtype:trojan-activity;sid:84515525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652424)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652424/; classtype:trojan-activity;sid:84515524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652423)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-06-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652423/; classtype:trojan-activity;sid:84515523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652421)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-04-26/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652421/; classtype:trojan-activity;sid:84515521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652422)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652422/; classtype:trojan-activity;sid:84515522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652419)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pe/normal/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652419/; classtype:trojan-activity;sid:84515519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652420)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-03-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652420/; classtype:trojan-activity;sid:84515520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652417)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652417/; classtype:trojan-activity;sid:84515517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652418)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652418/; classtype:trojan-activity;sid:84515518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652415)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652415/; classtype:trojan-activity;sid:84515515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652416)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-12-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652416/; classtype:trojan-activity;sid:84515516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652414)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652414/; classtype:trojan-activity;sid:84515514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652413)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652413/; classtype:trojan-activity;sid:84515513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652412)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652412/; classtype:trojan-activity;sid:84515512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652411)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/df/normal/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652411/; classtype:trojan-activity;sid:84515511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652409)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/logic/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652409/; classtype:trojan-activity;sid:84515509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652410)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221118-098/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652410/; classtype:trojan-activity;sid:84515510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652408)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-12-13/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652408/; classtype:trojan-activity;sid:84515508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652404)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652404/; classtype:trojan-activity;sid:84515504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652405)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240912-107/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652405/; classtype:trojan-activity;sid:84515505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652406)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/js/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652406/; classtype:trojan-activity;sid:84515506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652407)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-03-31/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652407/; classtype:trojan-activity;sid:84515507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652402)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652402/; classtype:trojan-activity;sid:84515502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652403)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652403/; classtype:trojan-activity;sid:84515503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652401)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652401/; classtype:trojan-activity;sid:84515501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652399)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652399/; classtype:trojan-activity;sid:84515499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652400)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652400/; classtype:trojan-activity;sid:84515500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652397)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652397/; classtype:trojan-activity;sid:84515497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652398)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652398/; classtype:trojan-activity;sid:84515498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652395)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652395/; classtype:trojan-activity;sid:84515495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652396)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-07-29/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652396/; classtype:trojan-activity;sid:84515496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652393)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221130-018/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652393/; classtype:trojan-activity;sid:84515493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652394)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/otherup/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652394/; classtype:trojan-activity;sid:84515494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652391)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-01-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652391/; classtype:trojan-activity;sid:84515491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652392)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/ma/conting%c3%aancia/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652392/; classtype:trojan-activity;sid:84515492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652390)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652390/; classtype:trojan-activity;sid:84515490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652388)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/undw/undw60/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652388/; classtype:trojan-activity;sid:84515488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652389)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652389/; classtype:trojan-activity;sid:84515489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652386)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652386/; classtype:trojan-activity;sid:84515486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652387)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652387/; classtype:trojan-activity;sid:84515487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652384)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-11-08/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652384/; classtype:trojan-activity;sid:84515484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652385)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221118-019/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652385/; classtype:trojan-activity;sid:84515485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652383)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-08-11/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652383/; classtype:trojan-activity;sid:84515483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652379)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/1.8933demo/177278d1757f/41dae12595c9/e3ee6be74f9a/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652379/; classtype:trojan-activity;sid:84515479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652380)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-09-29/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652380/; classtype:trojan-activity;sid:84515480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652381)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652381/; classtype:trojan-activity;sid:84515481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652382)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652382/; classtype:trojan-activity;sid:84515482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652377)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652377/; classtype:trojan-activity;sid:84515477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652378)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652378/; classtype:trojan-activity;sid:84515478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652376)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-12-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652376/; classtype:trojan-activity;sid:84515476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652375)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652375/; classtype:trojan-activity;sid:84515475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652373)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652373/; classtype:trojan-activity;sid:84515473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652374)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652374/; classtype:trojan-activity;sid:84515474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652372)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-05-17/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652372/; classtype:trojan-activity;sid:84515472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652371)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652371/; classtype:trojan-activity;sid:84515471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652370)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652370/; classtype:trojan-activity;sid:84515470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652368)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-01-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652368/; classtype:trojan-activity;sid:84515468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652369)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652369/; classtype:trojan-activity;sid:84515469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652367)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-02-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652367/; classtype:trojan-activity;sid:84515467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652366)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652366/; classtype:trojan-activity;sid:84515466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652365)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652365/; classtype:trojan-activity;sid:84515465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652363)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-12-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652363/; classtype:trojan-activity;sid:84515463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652364)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652364/; classtype:trojan-activity;sid:84515464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652362)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221201-071/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652362/; classtype:trojan-activity;sid:84515462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652361)"; flow:established,from_client; content:"GET"; http_method; content:"/update/%e6%96%b0%e5%bb%ba%e6%96%87%e4%bb%b6%e5%a4%b9/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652361/; classtype:trojan-activity;sid:84515461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652360)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-10-13/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652360/; classtype:trojan-activity;sid:84515460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652359)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-23/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652359/; classtype:trojan-activity;sid:84515459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652358)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-09-09/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652358/; classtype:trojan-activity;sid:84515458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652357)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-10-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652357/; classtype:trojan-activity;sid:84515457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652355)"; flow:established,from_client; content:"GET"; http_method; content:"/update/%e8%a5%bf%e7%be%8e%e5%8d%b0%e5%88%b7%e7%94%9f%e4%ba%a7%e4%bb%93%e5%ba%93%e7%b3%bb%e7%bb%9f/setup/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652355/; classtype:trojan-activity;sid:84515455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652356)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652356/; classtype:trojan-activity;sid:84515456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652353)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652353/; classtype:trojan-activity;sid:84515453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652354)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-11-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652354/; classtype:trojan-activity;sid:84515454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652349)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-07-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652349/; classtype:trojan-activity;sid:84515449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652350)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240701-062/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652350/; classtype:trojan-activity;sid:84515450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652351)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652351/; classtype:trojan-activity;sid:84515451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652352)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652352/; classtype:trojan-activity;sid:84515452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652347)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652347/; classtype:trojan-activity;sid:84515447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652348)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652348/; classtype:trojan-activity;sid:84515448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652346)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652346/; classtype:trojan-activity;sid:84515446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652342)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-10-19/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652342/; classtype:trojan-activity;sid:84515442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652343)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652343/; classtype:trojan-activity;sid:84515443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652344)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652344/; classtype:trojan-activity;sid:84515444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652345)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652345/; classtype:trojan-activity;sid:84515445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652341)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/notanalyze/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652341/; classtype:trojan-activity;sid:84515441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652340)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652340/; classtype:trojan-activity;sid:84515440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652336)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652336/; classtype:trojan-activity;sid:84515436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652337)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652337/; classtype:trojan-activity;sid:84515437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652338)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652338/; classtype:trojan-activity;sid:84515438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652339)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652339/; classtype:trojan-activity;sid:84515439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652335)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652335/; classtype:trojan-activity;sid:84515435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652334)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230705-085/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652334/; classtype:trojan-activity;sid:84515434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652333)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-04-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652333/; classtype:trojan-activity;sid:84515433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652332)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/js/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652332/; classtype:trojan-activity;sid:84515432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652331)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-12-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652331/; classtype:trojan-activity;sid:84515431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652326)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652326/; classtype:trojan-activity;sid:84515426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652327)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-01-08/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652327/; classtype:trojan-activity;sid:84515427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652328)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652328/; classtype:trojan-activity;sid:84515428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652329)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652329/; classtype:trojan-activity;sid:84515429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652330)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-11-08/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652330/; classtype:trojan-activity;sid:84515430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652325)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652325/; classtype:trojan-activity;sid:84515425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652324)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-09-30/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652324/; classtype:trojan-activity;sid:84515424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652323)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652323/; classtype:trojan-activity;sid:84515423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652322)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652322/; classtype:trojan-activity;sid:84515422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652320)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652320/; classtype:trojan-activity;sid:84515420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652321)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-03-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652321/; classtype:trojan-activity;sid:84515421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652318)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-12-09/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652318/; classtype:trojan-activity;sid:84515418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652319)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652319/; classtype:trojan-activity;sid:84515419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652317)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652317/; classtype:trojan-activity;sid:84515417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652316)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-04-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652316/; classtype:trojan-activity;sid:84515416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652315)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240708-046/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652315/; classtype:trojan-activity;sid:84515415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652314)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-31/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652314/; classtype:trojan-activity;sid:84515414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652312)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pa/conting%c3%aancia/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652312/; classtype:trojan-activity;sid:84515412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652313)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-06-04/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652313/; classtype:trojan-activity;sid:84515413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652311)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230403-031/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652311/; classtype:trojan-activity;sid:84515411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652310)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-01-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652310/; classtype:trojan-activity;sid:84515410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652309)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652309/; classtype:trojan-activity;sid:84515409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652308)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/info.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652308/; classtype:trojan-activity;sid:84515408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652307)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652307/; classtype:trojan-activity;sid:84515407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652305)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-10-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652305/; classtype:trojan-activity;sid:84515405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652306)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-07-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652306/; classtype:trojan-activity;sid:84515406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652304)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-10-31/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652304/; classtype:trojan-activity;sid:84515404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652303)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652303/; classtype:trojan-activity;sid:84515403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652300)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652300/; classtype:trojan-activity;sid:84515400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652301)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-06-28/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652301/; classtype:trojan-activity;sid:84515401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652302)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652302/; classtype:trojan-activity;sid:84515402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652299)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240617-013/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652299/; classtype:trojan-activity;sid:84515399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652298)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-07-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652298/; classtype:trojan-activity;sid:84515398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652297)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231114-038/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652297/; classtype:trojan-activity;sid:84515397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652296)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-04-19/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652296/; classtype:trojan-activity;sid:84515396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652294)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652294/; classtype:trojan-activity;sid:84515394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652295)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652295/; classtype:trojan-activity;sid:84515395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652293)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652293/; classtype:trojan-activity;sid:84515393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652292)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-01-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652292/; classtype:trojan-activity;sid:84515392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652291)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-08-25/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652291/; classtype:trojan-activity;sid:84515391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652290)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-04-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652290/; classtype:trojan-activity;sid:84515390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652289)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-11-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652289/; classtype:trojan-activity;sid:84515389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652288)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652288/; classtype:trojan-activity;sid:84515388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652287)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pe/normal/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652287/; classtype:trojan-activity;sid:84515387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652286)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652286/; classtype:trojan-activity;sid:84515386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652285)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-07-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652285/; classtype:trojan-activity;sid:84515385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652284)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-11-19/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652284/; classtype:trojan-activity;sid:84515384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652282)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652282/; classtype:trojan-activity;sid:84515382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652283)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652283/; classtype:trojan-activity;sid:84515383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652280)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-12-13/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652280/; classtype:trojan-activity;sid:84515380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652281)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-07-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652281/; classtype:trojan-activity;sid:84515381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652279)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-01-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652279/; classtype:trojan-activity;sid:84515379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652277)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652277/; classtype:trojan-activity;sid:84515377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652278)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652278/; classtype:trojan-activity;sid:84515378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652275)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652275/; classtype:trojan-activity;sid:84515375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652276)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-31/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652276/; classtype:trojan-activity;sid:84515376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652273)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652273/; classtype:trojan-activity;sid:84515373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652274)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-08-18/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652274/; classtype:trojan-activity;sid:84515374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652272)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-11-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652272/; classtype:trojan-activity;sid:84515372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652271)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220825-055/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652271/; classtype:trojan-activity;sid:84515371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652270)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652270/; classtype:trojan-activity;sid:84515370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652269)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-01-29/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652269/; classtype:trojan-activity;sid:84515369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652268)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652268/; classtype:trojan-activity;sid:84515368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652267)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/1.8933demo/177278d1757f/41dae12595c9/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652267/; classtype:trojan-activity;sid:84515367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652266)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231016-103/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652266/; classtype:trojan-activity;sid:84515366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652265)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-10-27/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652265/; classtype:trojan-activity;sid:84515365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652264)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-04-16/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652264/; classtype:trojan-activity;sid:84515364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652263)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-09-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652263/; classtype:trojan-activity;sid:84515363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652262)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-10-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652262/; classtype:trojan-activity;sid:84515362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652261)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652261/; classtype:trojan-activity;sid:84515361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652259)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-01-20/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652259/; classtype:trojan-activity;sid:84515359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652260)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652260/; classtype:trojan-activity;sid:84515360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652258)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230817-051/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652258/; classtype:trojan-activity;sid:84515358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652257)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652257/; classtype:trojan-activity;sid:84515357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652256)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-03-29/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652256/; classtype:trojan-activity;sid:84515356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652255)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652255/; classtype:trojan-activity;sid:84515355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652251)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652251/; classtype:trojan-activity;sid:84515351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652250)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-11-25/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652250/; classtype:trojan-activity;sid:84515350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652247)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652247/; classtype:trojan-activity;sid:84515347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652248)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652248/; classtype:trojan-activity;sid:84515348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652249)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652249/; classtype:trojan-activity;sid:84515349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652246)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-12-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652246/; classtype:trojan-activity;sid:84515346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652245)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652245/; classtype:trojan-activity;sid:84515345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652244)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-09-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652244/; classtype:trojan-activity;sid:84515344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652243)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-09-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652243/; classtype:trojan-activity;sid:84515343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652241)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652241/; classtype:trojan-activity;sid:84515341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652242)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652242/; classtype:trojan-activity;sid:84515342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652239)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-08-10/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652239/; classtype:trojan-activity;sid:84515339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652240)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652240/; classtype:trojan-activity;sid:84515340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652238)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652238/; classtype:trojan-activity;sid:84515338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652237)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652237/; classtype:trojan-activity;sid:84515337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652236)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2023-07-17/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652236/; classtype:trojan-activity;sid:84515336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652235)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652235/; classtype:trojan-activity;sid:84515335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652234)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-03-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652234/; classtype:trojan-activity;sid:84515334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652232)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-08-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652232/; classtype:trojan-activity;sid:84515332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652233)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652233/; classtype:trojan-activity;sid:84515333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652230)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652230/; classtype:trojan-activity;sid:84515330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652231)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-01-27/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652231/; classtype:trojan-activity;sid:84515331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652227)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231110-108/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652227/; classtype:trojan-activity;sid:84515327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652228)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652228/; classtype:trojan-activity;sid:84515328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652229)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-02-12/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652229/; classtype:trojan-activity;sid:84515329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652226)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230728-087/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652226/; classtype:trojan-activity;sid:84515326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652224)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652224/; classtype:trojan-activity;sid:84515324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652225)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-06-25/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652225/; classtype:trojan-activity;sid:84515325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652223)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-12-12/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652223/; classtype:trojan-activity;sid:84515323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652221)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652221/; classtype:trojan-activity;sid:84515321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652222)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652222/; classtype:trojan-activity;sid:84515322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652219)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652219/; classtype:trojan-activity;sid:84515319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652220)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652220/; classtype:trojan-activity;sid:84515320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652218)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652218/; classtype:trojan-activity;sid:84515318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652217)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-12-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652217/; classtype:trojan-activity;sid:84515317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652216)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652216/; classtype:trojan-activity;sid:84515316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652214)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652214/; classtype:trojan-activity;sid:84515314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652215)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-02-01/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652215/; classtype:trojan-activity;sid:84515315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652213)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652213/; classtype:trojan-activity;sid:84515313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652212)"; flow:established,from_client; content:"GET"; http_method; content:"/aspjpeg_setup%e5%9b%be%e7%89%87%e5%a4%84%e7%90%86%e7%bb%84%e4%bb%b6/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652212/; classtype:trojan-activity;sid:84515312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652211)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652211/; classtype:trojan-activity;sid:84515311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652210)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652210/; classtype:trojan-activity;sid:84515310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652209)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-02-22/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652209/; classtype:trojan-activity;sid:84515309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652208)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652208/; classtype:trojan-activity;sid:84515308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652206)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-03-17/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652206/; classtype:trojan-activity;sid:84515306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652207)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652207/; classtype:trojan-activity;sid:84515307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652205)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652205/; classtype:trojan-activity;sid:84515305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652204)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652204/; classtype:trojan-activity;sid:84515304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652202)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652202/; classtype:trojan-activity;sid:84515302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652203)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652203/; classtype:trojan-activity;sid:84515303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652201)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652201/; classtype:trojan-activity;sid:84515301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652198)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-08-29/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652198/; classtype:trojan-activity;sid:84515298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652199)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/1.8933demo/177278d1757f/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652199/; classtype:trojan-activity;sid:84515299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652200)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-31/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652200/; classtype:trojan-activity;sid:84515300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652197)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/ma/normal/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652197/; classtype:trojan-activity;sid:84515297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652195)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231120-099/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652195/; classtype:trojan-activity;sid:84515295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652196)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652196/; classtype:trojan-activity;sid:84515296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652193)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652193/; classtype:trojan-activity;sid:84515293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652194)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-08-08/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652194/; classtype:trojan-activity;sid:84515294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652192)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652192/; classtype:trojan-activity;sid:84515292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652186)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pe/conting%c3%aancia/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652186/; classtype:trojan-activity;sid:84515286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652187)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652187/; classtype:trojan-activity;sid:84515287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652188)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652188/; classtype:trojan-activity;sid:84515288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652189)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652189/; classtype:trojan-activity;sid:84515289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652190)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-08-28/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652190/; classtype:trojan-activity;sid:84515290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652191)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652191/; classtype:trojan-activity;sid:84515291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652185)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652185/; classtype:trojan-activity;sid:84515285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652184)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652184/; classtype:trojan-activity;sid:84515284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652183)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652183/; classtype:trojan-activity;sid:84515283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652182)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240803-024/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652182/; classtype:trojan-activity;sid:84515282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652181)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-05-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652181/; classtype:trojan-activity;sid:84515281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652180)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652180/; classtype:trojan-activity;sid:84515280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652179)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-04-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652179/; classtype:trojan-activity;sid:84515279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652176)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652176/; classtype:trojan-activity;sid:84515276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652177)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652177/; classtype:trojan-activity;sid:84515277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652178)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-11-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652178/; classtype:trojan-activity;sid:84515278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652175)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652175/; classtype:trojan-activity;sid:84515275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652174)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-05-04/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652174/; classtype:trojan-activity;sid:84515274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652173)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-12-13/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652173/; classtype:trojan-activity;sid:84515273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652171)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652171/; classtype:trojan-activity;sid:84515271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652172)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230307-014/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652172/; classtype:trojan-activity;sid:84515272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652169)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652169/; classtype:trojan-activity;sid:84515269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652170)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652170/; classtype:trojan-activity;sid:84515270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652168)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/1.8933demo/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652168/; classtype:trojan-activity;sid:84515268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652167)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652167/; classtype:trojan-activity;sid:84515267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652166)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652166/; classtype:trojan-activity;sid:84515266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652165)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652165/; classtype:trojan-activity;sid:84515265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652164)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652164/; classtype:trojan-activity;sid:84515264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652163)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652163/; classtype:trojan-activity;sid:84515263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652162)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-24/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652162/; classtype:trojan-activity;sid:84515262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652161)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652161/; classtype:trojan-activity;sid:84515261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652160)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652160/; classtype:trojan-activity;sid:84515260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652157)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652157/; classtype:trojan-activity;sid:84515257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652158)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652158/; classtype:trojan-activity;sid:84515258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652159)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652159/; classtype:trojan-activity;sid:84515259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652156)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652156/; classtype:trojan-activity;sid:84515256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652155)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240315-095/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652155/; classtype:trojan-activity;sid:84515255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652154)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652154/; classtype:trojan-activity;sid:84515254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652152)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-08-16/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652152/; classtype:trojan-activity;sid:84515252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652153)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652153/; classtype:trojan-activity;sid:84515253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652151)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652151/; classtype:trojan-activity;sid:84515251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652150)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-06-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652150/; classtype:trojan-activity;sid:84515250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652147)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-08-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652147/; classtype:trojan-activity;sid:84515247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652148)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652148/; classtype:trojan-activity;sid:84515248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652149)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652149/; classtype:trojan-activity;sid:84515249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652144)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-01-20/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652144/; classtype:trojan-activity;sid:84515244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652145)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652145/; classtype:trojan-activity;sid:84515245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652146)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652146/; classtype:trojan-activity;sid:84515246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652141)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652141/; classtype:trojan-activity;sid:84515241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652142)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231113-030/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652142/; classtype:trojan-activity;sid:84515242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652143)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-10-14/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652143/; classtype:trojan-activity;sid:84515243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652138)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-09-15/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652138/; classtype:trojan-activity;sid:84515238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652139)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/logic/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652139/; classtype:trojan-activity;sid:84515239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652140)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652140/; classtype:trojan-activity;sid:84515240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652136)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652136/; classtype:trojan-activity;sid:84515236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652137)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652137/; classtype:trojan-activity;sid:84515237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652135)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652135/; classtype:trojan-activity;sid:84515235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652132)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652132/; classtype:trojan-activity;sid:84515232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652133)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652133/; classtype:trojan-activity;sid:84515233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652134)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652134/; classtype:trojan-activity;sid:84515234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652128)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652128/; classtype:trojan-activity;sid:84515228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652129)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652129/; classtype:trojan-activity;sid:84515229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652130)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-04-19/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652130/; classtype:trojan-activity;sid:84515230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652131)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652131/; classtype:trojan-activity;sid:84515231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652125)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/cpbz/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652125/; classtype:trojan-activity;sid:84515225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652126)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652126/; classtype:trojan-activity;sid:84515226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652127)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240122-018/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652127/; classtype:trojan-activity;sid:84515227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652122)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652122/; classtype:trojan-activity;sid:84515222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652123)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652123/; classtype:trojan-activity;sid:84515223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652124)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-10-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652124/; classtype:trojan-activity;sid:84515224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652121)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-03-24/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652121/; classtype:trojan-activity;sid:84515221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652120)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652120/; classtype:trojan-activity;sid:84515220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652119)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652119/; classtype:trojan-activity;sid:84515219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652112)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652112/; classtype:trojan-activity;sid:84515212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652113)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-05-31/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652113/; classtype:trojan-activity;sid:84515213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652114)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-10-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652114/; classtype:trojan-activity;sid:84515214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652115)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652115/; classtype:trojan-activity;sid:84515215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652116)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-23/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652116/; classtype:trojan-activity;sid:84515216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652117)"; flow:established,from_client; content:"GET"; http_method; content:"/update/%e6%96%b0%e5%bb%ba%e6%96%87%e4%bb%b6%e5%a4%b9/_pb%20decompiler%20dws/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652117/; classtype:trojan-activity;sid:84515217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652118)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652118/; classtype:trojan-activity;sid:84515218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652108)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652108/; classtype:trojan-activity;sid:84515208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652109)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-06-09/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652109/; classtype:trojan-activity;sid:84515209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652110)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-11-30/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652110/; classtype:trojan-activity;sid:84515210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652111)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652111/; classtype:trojan-activity;sid:84515211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652107)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652107/; classtype:trojan-activity;sid:84515207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652105)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652105/; classtype:trojan-activity;sid:84515205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652106)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652106/; classtype:trojan-activity;sid:84515206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652102)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652102/; classtype:trojan-activity;sid:84515202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652103)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-04-16/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652103/; classtype:trojan-activity;sid:84515203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652104)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652104/; classtype:trojan-activity;sid:84515204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652101)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-12-19/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652101/; classtype:trojan-activity;sid:84515201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652099)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-10-13/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652099/; classtype:trojan-activity;sid:84515199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652100)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652100/; classtype:trojan-activity;sid:84515200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652098)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652098/; classtype:trojan-activity;sid:84515198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652097)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652097/; classtype:trojan-activity;sid:84515197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652096)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230829-067/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652096/; classtype:trojan-activity;sid:84515196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652095)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-05-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652095/; classtype:trojan-activity;sid:84515195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652094)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2023-04-24/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652094/; classtype:trojan-activity;sid:84515194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652091)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652091/; classtype:trojan-activity;sid:84515191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652092)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652092/; classtype:trojan-activity;sid:84515192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652093)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652093/; classtype:trojan-activity;sid:84515193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652090)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-08-05/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652090/; classtype:trojan-activity;sid:84515190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652084)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-01-07/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652084/; classtype:trojan-activity;sid:84515184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652085)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230719-034/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652085/; classtype:trojan-activity;sid:84515185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652086)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-05-24/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652086/; classtype:trojan-activity;sid:84515186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652087)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652087/; classtype:trojan-activity;sid:84515187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652088)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-12-27/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652088/; classtype:trojan-activity;sid:84515188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652089)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-02-04/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652089/; classtype:trojan-activity;sid:84515189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652081)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652081/; classtype:trojan-activity;sid:84515181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652082)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-08-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652082/; classtype:trojan-activity;sid:84515182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652083)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652083/; classtype:trojan-activity;sid:84515183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652078)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652078/; classtype:trojan-activity;sid:84515178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652079)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-03-17/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652079/; classtype:trojan-activity;sid:84515179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652080)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240618-124/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652080/; classtype:trojan-activity;sid:84515180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652074)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240717-061/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652074/; classtype:trojan-activity;sid:84515174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652075)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-04-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652075/; classtype:trojan-activity;sid:84515175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652076)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652076/; classtype:trojan-activity;sid:84515176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652077)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652077/; classtype:trojan-activity;sid:84515177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652072)"; flow:established,from_client; content:"GET"; http_method; content:"/aspjpeg_setup%e5%9b%be%e7%89%87%e5%a4%84%e7%90%86%e7%bb%84%e4%bb%b6/aspjpeg_setup/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652072/; classtype:trojan-activity;sid:84515172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652073)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230310-087/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652073/; classtype:trojan-activity;sid:84515173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652070)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652070/; classtype:trojan-activity;sid:84515170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652071)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652071/; classtype:trojan-activity;sid:84515171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652067)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2023-11-23/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652067/; classtype:trojan-activity;sid:84515167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652068)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652068/; classtype:trojan-activity;sid:84515168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652069)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230309-021/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652069/; classtype:trojan-activity;sid:84515169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652059)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220917-046/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652059/; classtype:trojan-activity;sid:84515159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652060)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652060/; classtype:trojan-activity;sid:84515160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652061)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-10-24/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652061/; classtype:trojan-activity;sid:84515161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652062)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250523-124/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652062/; classtype:trojan-activity;sid:84515162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652063)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-12-27/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652063/; classtype:trojan-activity;sid:84515163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652064)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652064/; classtype:trojan-activity;sid:84515164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652065)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2023-11-09/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652065/; classtype:trojan-activity;sid:84515165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652066)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652066/; classtype:trojan-activity;sid:84515166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652057)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-04-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652057/; classtype:trojan-activity;sid:84515157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652058)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-06-08/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652058/; classtype:trojan-activity;sid:84515158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652056)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240312-072/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652056/; classtype:trojan-activity;sid:84515156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652053)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-03-29/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652053/; classtype:trojan-activity;sid:84515153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652054)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652054/; classtype:trojan-activity;sid:84515154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652055)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230826-084/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652055/; classtype:trojan-activity;sid:84515155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652047)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230406-086/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652047/; classtype:trojan-activity;sid:84515147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652048)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-08-19/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652048/; classtype:trojan-activity;sid:84515148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652049)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652049/; classtype:trojan-activity;sid:84515149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652050)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652050/; classtype:trojan-activity;sid:84515150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652051)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652051/; classtype:trojan-activity;sid:84515151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652052)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652052/; classtype:trojan-activity;sid:84515152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652045)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-02-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652045/; classtype:trojan-activity;sid:84515145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652046)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-06-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652046/; classtype:trojan-activity;sid:84515146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652042)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652042/; classtype:trojan-activity;sid:84515142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652043)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652043/; classtype:trojan-activity;sid:84515143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652044)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240219-116/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652044/; classtype:trojan-activity;sid:84515144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652041)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-15/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652041/; classtype:trojan-activity;sid:84515141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652039)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652039/; classtype:trojan-activity;sid:84515139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652040)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-07-30/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652040/; classtype:trojan-activity;sid:84515140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652035)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221227-001/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652035/; classtype:trojan-activity;sid:84515135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652036)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-12-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652036/; classtype:trojan-activity;sid:84515136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652037)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-05-10/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652037/; classtype:trojan-activity;sid:84515137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652038)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-01-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652038/; classtype:trojan-activity;sid:84515138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652033)"; flow:established,from_client; content:"GET"; http_method; content:"/update/%e8%a5%bf%e7%be%8e%e5%8d%b0%e5%88%b7%e7%94%9f%e4%ba%a7%e4%bb%93%e5%ba%93%e7%b3%bb%e7%bb%9f/pbdll/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652033/; classtype:trojan-activity;sid:84515133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652034)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-12-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652034/; classtype:trojan-activity;sid:84515134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652025)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652025/; classtype:trojan-activity;sid:84515125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652026)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652026/; classtype:trojan-activity;sid:84515126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652027)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652027/; classtype:trojan-activity;sid:84515127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652028)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652028/; classtype:trojan-activity;sid:84515128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652029)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652029/; classtype:trojan-activity;sid:84515129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652030)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652030/; classtype:trojan-activity;sid:84515130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652031)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652031/; classtype:trojan-activity;sid:84515131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652032)"; flow:established,from_client; content:"GET"; http_method; content:"/update/%e8%a5%bf%e7%be%8e%e5%8d%b0%e5%88%b7%e7%94%9f%e4%ba%a7%e4%bb%93%e5%ba%93%e7%b3%bb%e7%bb%9f/sysdll/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652032/; classtype:trojan-activity;sid:84515132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652024)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-07-06/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652024/; classtype:trojan-activity;sid:84515124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652023)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652023/; classtype:trojan-activity;sid:84515123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652022)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652022/; classtype:trojan-activity;sid:84515122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652021)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-09-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652021/; classtype:trojan-activity;sid:84515121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652014)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-09-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652014/; classtype:trojan-activity;sid:84515114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652015)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652015/; classtype:trojan-activity;sid:84515115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652016)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652016/; classtype:trojan-activity;sid:84515116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652017)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652017/; classtype:trojan-activity;sid:84515117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652018)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-06-14/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652018/; classtype:trojan-activity;sid:84515118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652019)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652019/; classtype:trojan-activity;sid:84515119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652020)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652020/; classtype:trojan-activity;sid:84515120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652012)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-11-18/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652012/; classtype:trojan-activity;sid:84515112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652013)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652013/; classtype:trojan-activity;sid:84515113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652007)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652007/; classtype:trojan-activity;sid:84515107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652008)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652008/; classtype:trojan-activity;sid:84515108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652009)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-04-22/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652009/; classtype:trojan-activity;sid:84515109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652010)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-04-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652010/; classtype:trojan-activity;sid:84515110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652011)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-07-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652011/; classtype:trojan-activity;sid:84515111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652004)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221125-039/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652004/; classtype:trojan-activity;sid:84515104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652005)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652005/; classtype:trojan-activity;sid:84515105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652006)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-03-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652006/; classtype:trojan-activity;sid:84515106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652003)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652003/; classtype:trojan-activity;sid:84515103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652001)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/css/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652001/; classtype:trojan-activity;sid:84515101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652002)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652002/; classtype:trojan-activity;sid:84515102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652000)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-04-11/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652000/; classtype:trojan-activity;sid:84515100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651998)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651998/; classtype:trojan-activity;sid:84515098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651999)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651999/; classtype:trojan-activity;sid:84515099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651993)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651993/; classtype:trojan-activity;sid:84515093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651994)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651994/; classtype:trojan-activity;sid:84515094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651995)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-05-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651995/; classtype:trojan-activity;sid:84515095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651996)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651996/; classtype:trojan-activity;sid:84515096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651997)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-07-11/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651997/; classtype:trojan-activity;sid:84515097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651991)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651991/; classtype:trojan-activity;sid:84515091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651992)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651992/; classtype:trojan-activity;sid:84515092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651989)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651989/; classtype:trojan-activity;sid:84515089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651990)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651990/; classtype:trojan-activity;sid:84515090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651987)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-09-09/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651987/; classtype:trojan-activity;sid:84515087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651988)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651988/; classtype:trojan-activity;sid:84515088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651981)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-02-11/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651981/; classtype:trojan-activity;sid:84515081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651982)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-09-02/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651982/; classtype:trojan-activity;sid:84515082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651983)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-07-10/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651983/; classtype:trojan-activity;sid:84515083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651984)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/css/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651984/; classtype:trojan-activity;sid:84515084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651985)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-03-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651985/; classtype:trojan-activity;sid:84515085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651986)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-08-17/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651986/; classtype:trojan-activity;sid:84515086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651978)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651978/; classtype:trojan-activity;sid:84515078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651979)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221017-053/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651979/; classtype:trojan-activity;sid:84515079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651980)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-12-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651980/; classtype:trojan-activity;sid:84515080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651969)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2023-03-07/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651969/; classtype:trojan-activity;sid:84515069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651970)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651970/; classtype:trojan-activity;sid:84515070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651971)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-07-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651971/; classtype:trojan-activity;sid:84515071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651972)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-02-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651972/; classtype:trojan-activity;sid:84515072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651973)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-31/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651973/; classtype:trojan-activity;sid:84515073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651974)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-05-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651974/; classtype:trojan-activity;sid:84515074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651975)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651975/; classtype:trojan-activity;sid:84515075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651976)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651976/; classtype:trojan-activity;sid:84515076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651977)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-03-03/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651977/; classtype:trojan-activity;sid:84515077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651967)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651967/; classtype:trojan-activity;sid:84515067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651968)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-09-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651968/; classtype:trojan-activity;sid:84515068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651965)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651965/; classtype:trojan-activity;sid:84515065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651966)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-02-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651966/; classtype:trojan-activity;sid:84515066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651963)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-10-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651963/; classtype:trojan-activity;sid:84515063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651964)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-09-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651964/; classtype:trojan-activity;sid:84515064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651959)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651959/; classtype:trojan-activity;sid:84515059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651960)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651960/; classtype:trojan-activity;sid:84515060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651961)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651961/; classtype:trojan-activity;sid:84515061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651962)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651962/; classtype:trojan-activity;sid:84515062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651958)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-04-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651958/; classtype:trojan-activity;sid:84515058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651956)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-09-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651956/; classtype:trojan-activity;sid:84515056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651957)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-09-20/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651957/; classtype:trojan-activity;sid:84515057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651955)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651955/; classtype:trojan-activity;sid:84515055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651954)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651954/; classtype:trojan-activity;sid:84515054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651952)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651952/; classtype:trojan-activity;sid:84515052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651953)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651953/; classtype:trojan-activity;sid:84515053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651951)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651951/; classtype:trojan-activity;sid:84515051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651949)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-05-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651949/; classtype:trojan-activity;sid:84515049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651950)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651950/; classtype:trojan-activity;sid:84515050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651944)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pa/normal/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651944/; classtype:trojan-activity;sid:84515044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651945)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651945/; classtype:trojan-activity;sid:84515045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651946)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/1/9929/11032020101348/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651946/; classtype:trojan-activity;sid:84515046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651947)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-09-27/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651947/; classtype:trojan-activity;sid:84515047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651948)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651948/; classtype:trojan-activity;sid:84515048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651943)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651943/; classtype:trojan-activity;sid:84515043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651942)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-12-11/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651942/; classtype:trojan-activity;sid:84515042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651937)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651937/; classtype:trojan-activity;sid:84515037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651938)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651938/; classtype:trojan-activity;sid:84515038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651939)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651939/; classtype:trojan-activity;sid:84515039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651940)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651940/; classtype:trojan-activity;sid:84515040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651941)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651941/; classtype:trojan-activity;sid:84515041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651933)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651933/; classtype:trojan-activity;sid:84515033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651934)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-10-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651934/; classtype:trojan-activity;sid:84515034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651935)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-07-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651935/; classtype:trojan-activity;sid:84515035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651936)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-01-09/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651936/; classtype:trojan-activity;sid:84515036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651931)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651931/; classtype:trojan-activity;sid:84515031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651932)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-10-20/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651932/; classtype:trojan-activity;sid:84515032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651930)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pe/conting%c3%aancia/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651930/; classtype:trojan-activity;sid:84515030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651928)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651928/; classtype:trojan-activity;sid:84515028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651929)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pb/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651929/; classtype:trojan-activity;sid:84515029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651926)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-03-18/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651926/; classtype:trojan-activity;sid:84515026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651927)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651927/; classtype:trojan-activity;sid:84515027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651921)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651921/; classtype:trojan-activity;sid:84515021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651922)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651922/; classtype:trojan-activity;sid:84515022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651923)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-07-29/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651923/; classtype:trojan-activity;sid:84515023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651924)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651924/; classtype:trojan-activity;sid:84515024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651925)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651925/; classtype:trojan-activity;sid:84515025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651919)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651919/; classtype:trojan-activity;sid:84515019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651920)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250603-130/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651920/; classtype:trojan-activity;sid:84515020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651915)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651915/; classtype:trojan-activity;sid:84515015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651916)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-05-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651916/; classtype:trojan-activity;sid:84515016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651917)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651917/; classtype:trojan-activity;sid:84515017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651918)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240803-025/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651918/; classtype:trojan-activity;sid:84515018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651913)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651913/; classtype:trojan-activity;sid:84515013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651914)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651914/; classtype:trojan-activity;sid:84515014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651909)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-12-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651909/; classtype:trojan-activity;sid:84515009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651910)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-06-22/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651910/; classtype:trojan-activity;sid:84515010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651911)"; flow:established,from_client; content:"GET"; http_method; content:"/update/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651911/; classtype:trojan-activity;sid:84515011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651912)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-03-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651912/; classtype:trojan-activity;sid:84515012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651904)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240525-082/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651904/; classtype:trojan-activity;sid:84515004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651905)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651905/; classtype:trojan-activity;sid:84515005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651906)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651906/; classtype:trojan-activity;sid:84515006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651907)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651907/; classtype:trojan-activity;sid:84515007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651908)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/bookmark/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651908/; classtype:trojan-activity;sid:84515008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651901)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651901/; classtype:trojan-activity;sid:84515001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651902)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-11-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651902/; classtype:trojan-activity;sid:84515002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651903)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651903/; classtype:trojan-activity;sid:84515003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651899)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651899/; classtype:trojan-activity;sid:84514999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651900)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651900/; classtype:trojan-activity;sid:84515000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651896)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-09-08/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651896/; classtype:trojan-activity;sid:84514996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651897)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651897/; classtype:trojan-activity;sid:84514997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651898)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651898/; classtype:trojan-activity;sid:84514998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651894)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651894/; classtype:trojan-activity;sid:84514994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651895)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651895/; classtype:trojan-activity;sid:84514995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651892)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160618/td00000000000000159843/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651892/; classtype:trojan-activity;sid:84514992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651893)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651893/; classtype:trojan-activity;sid:84514993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651890)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651890/; classtype:trojan-activity;sid:84514990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651891)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651891/; classtype:trojan-activity;sid:84514991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651886)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/dist/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651886/; classtype:trojan-activity;sid:84514986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651887)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-22/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651887/; classtype:trojan-activity;sid:84514987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651888)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/ma/normal/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651888/; classtype:trojan-activity;sid:84514988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651889)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651889/; classtype:trojan-activity;sid:84514989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651883)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651883/; classtype:trojan-activity;sid:84514983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651884)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651884/; classtype:trojan-activity;sid:84514984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651885)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-07-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651885/; classtype:trojan-activity;sid:84514985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651880)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240308-027/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651880/; classtype:trojan-activity;sid:84514980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651881)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651881/; classtype:trojan-activity;sid:84514981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651882)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651882/; classtype:trojan-activity;sid:84514982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651877)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651877/; classtype:trojan-activity;sid:84514977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651878)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-02-22/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651878/; classtype:trojan-activity;sid:84514978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651879)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-11-13/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651879/; classtype:trojan-activity;sid:84514979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651874)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651874/; classtype:trojan-activity;sid:84514974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651875)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-10-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651875/; classtype:trojan-activity;sid:84514975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651876)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651876/; classtype:trojan-activity;sid:84514976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651867)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-12-10/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651867/; classtype:trojan-activity;sid:84514967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651868)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651868/; classtype:trojan-activity;sid:84514968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651869)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651869/; classtype:trojan-activity;sid:84514969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651870)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-04-20/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651870/; classtype:trojan-activity;sid:84514970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651871)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651871/; classtype:trojan-activity;sid:84514971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651872)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651872/; classtype:trojan-activity;sid:84514972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651873)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651873/; classtype:trojan-activity;sid:84514973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651866)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-12-27/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651866/; classtype:trojan-activity;sid:84514966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651865)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651865/; classtype:trojan-activity;sid:84514965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651861)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651861/; classtype:trojan-activity;sid:84514961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651862)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651862/; classtype:trojan-activity;sid:84514962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651863)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-02-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651863/; classtype:trojan-activity;sid:84514963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651864)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651864/; classtype:trojan-activity;sid:84514964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651859)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651859/; classtype:trojan-activity;sid:84514959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651860)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651860/; classtype:trojan-activity;sid:84514960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651858)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/undw/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651858/; classtype:trojan-activity;sid:84514958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651857)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-11-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651857/; classtype:trojan-activity;sid:84514957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651855)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651855/; classtype:trojan-activity;sid:84514955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651856)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220913-021/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651856/; classtype:trojan-activity;sid:84514956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651854)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-22/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651854/; classtype:trojan-activity;sid:84514954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651852)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651852/; classtype:trojan-activity;sid:84514952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651853)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651853/; classtype:trojan-activity;sid:84514953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651849)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651849/; classtype:trojan-activity;sid:84514949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651850)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651850/; classtype:trojan-activity;sid:84514950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651851)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-03-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651851/; classtype:trojan-activity;sid:84514951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651848)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-08-31/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651848/; classtype:trojan-activity;sid:84514948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651847)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651847/; classtype:trojan-activity;sid:84514947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651845)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651845/; classtype:trojan-activity;sid:84514945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651846)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651846/; classtype:trojan-activity;sid:84514946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651844)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pb/conting%c3%aancia/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651844/; classtype:trojan-activity;sid:84514944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651843)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651843/; classtype:trojan-activity;sid:84514943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651836)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651836/; classtype:trojan-activity;sid:84514936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651837)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651837/; classtype:trojan-activity;sid:84514937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651838)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651838/; classtype:trojan-activity;sid:84514938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651839)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-05-13/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651839/; classtype:trojan-activity;sid:84514939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651840)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-03-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651840/; classtype:trojan-activity;sid:84514940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651841)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651841/; classtype:trojan-activity;sid:84514941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651842)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651842/; classtype:trojan-activity;sid:84514942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651834)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-11-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651834/; classtype:trojan-activity;sid:84514934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651835)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-04-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651835/; classtype:trojan-activity;sid:84514935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651832)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651832/; classtype:trojan-activity;sid:84514932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651833)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651833/; classtype:trojan-activity;sid:84514933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651828)"; flow:established,from_client; content:"GET"; http_method; content:"/dddrupdate/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651828/; classtype:trojan-activity;sid:84514928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651829)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-07-01/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651829/; classtype:trojan-activity;sid:84514929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651830)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-12-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651830/; classtype:trojan-activity;sid:84514930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651831)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240403-056/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651831/; classtype:trojan-activity;sid:84514931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651827)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-11-23/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651827/; classtype:trojan-activity;sid:84514927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651822)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651822/; classtype:trojan-activity;sid:84514922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651823)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651823/; classtype:trojan-activity;sid:84514923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651824)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651824/; classtype:trojan-activity;sid:84514924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651825)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-03-11/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651825/; classtype:trojan-activity;sid:84514925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651826)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651826/; classtype:trojan-activity;sid:84514926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651820)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-05-27/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651820/; classtype:trojan-activity;sid:84514920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651821)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/es/normal/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651821/; classtype:trojan-activity;sid:84514921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651819)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651819/; classtype:trojan-activity;sid:84514919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651813)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651813/; classtype:trojan-activity;sid:84514913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651814)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651814/; classtype:trojan-activity;sid:84514914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651815)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-01-08/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651815/; classtype:trojan-activity;sid:84514915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651816)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651816/; classtype:trojan-activity;sid:84514916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651817)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-02-23/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651817/; classtype:trojan-activity;sid:84514917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651818)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-09-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651818/; classtype:trojan-activity;sid:84514918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651810)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651810/; classtype:trojan-activity;sid:84514910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651811)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651811/; classtype:trojan-activity;sid:84514911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651812)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-10-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651812/; classtype:trojan-activity;sid:84514912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651809)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221213-037/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651809/; classtype:trojan-activity;sid:84514909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651808)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-04-29/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651808/; classtype:trojan-activity;sid:84514908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651806)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-07-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651806/; classtype:trojan-activity;sid:84514906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651807)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-10-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651807/; classtype:trojan-activity;sid:84514907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651802)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-06-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651802/; classtype:trojan-activity;sid:84514902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651803)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-06-18/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651803/; classtype:trojan-activity;sid:84514903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651804)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651804/; classtype:trojan-activity;sid:84514904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651805)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651805/; classtype:trojan-activity;sid:84514905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651800)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230415-045/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651800/; classtype:trojan-activity;sid:84514900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651801)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651801/; classtype:trojan-activity;sid:84514901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651798)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-01-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651798/; classtype:trojan-activity;sid:84514898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651799)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651799/; classtype:trojan-activity;sid:84514899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651796)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651796/; classtype:trojan-activity;sid:84514896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651797)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-02-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651797/; classtype:trojan-activity;sid:84514897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651794)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230511-051/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651794/; classtype:trojan-activity;sid:84514894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651795)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230629-022/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651795/; classtype:trojan-activity;sid:84514895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651790)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651790/; classtype:trojan-activity;sid:84514890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651791)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230414-050/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651791/; classtype:trojan-activity;sid:84514891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651792)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-08-11/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651792/; classtype:trojan-activity;sid:84514892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651793)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230508-048/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651793/; classtype:trojan-activity;sid:84514893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651788)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221219-024/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651788/; classtype:trojan-activity;sid:84514888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651789)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168897/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651789/; classtype:trojan-activity;sid:84514889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651787)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/sp/conting%c3%aancia/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651787/; classtype:trojan-activity;sid:84514887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651782)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-05-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651782/; classtype:trojan-activity;sid:84514882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651783)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-10-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651783/; classtype:trojan-activity;sid:84514883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651784)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230922-167/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651784/; classtype:trojan-activity;sid:84514884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651785)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651785/; classtype:trojan-activity;sid:84514885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651786)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-31/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651786/; classtype:trojan-activity;sid:84514886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651777)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pa/normal/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651777/; classtype:trojan-activity;sid:84514877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651778)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-06-16/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651778/; classtype:trojan-activity;sid:84514878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651779)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240527-035/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651779/; classtype:trojan-activity;sid:84514879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651780)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651780/; classtype:trojan-activity;sid:84514880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651781)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651781/; classtype:trojan-activity;sid:84514881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651774)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651774/; classtype:trojan-activity;sid:84514874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651775)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-11-22/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651775/; classtype:trojan-activity;sid:84514875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651776)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651776/; classtype:trojan-activity;sid:84514876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651770)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-10-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651770/; classtype:trojan-activity;sid:84514870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651771)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651771/; classtype:trojan-activity;sid:84514871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651772)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651772/; classtype:trojan-activity;sid:84514872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651773)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651773/; classtype:trojan-activity;sid:84514873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651768)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-11-11/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651768/; classtype:trojan-activity;sid:84514868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651769)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651769/; classtype:trojan-activity;sid:84514869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651766)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651766/; classtype:trojan-activity;sid:84514866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651767)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651767/; classtype:trojan-activity;sid:84514867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651763)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-03-15/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651763/; classtype:trojan-activity;sid:84514863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651764)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-11-27/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651764/; classtype:trojan-activity;sid:84514864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651765)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651765/; classtype:trojan-activity;sid:84514865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651760)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-02-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651760/; classtype:trojan-activity;sid:84514860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651761)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-04-01/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651761/; classtype:trojan-activity;sid:84514861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651762)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-09-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651762/; classtype:trojan-activity;sid:84514862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651755)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-10-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651755/; classtype:trojan-activity;sid:84514855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651756)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-05-06/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651756/; classtype:trojan-activity;sid:84514856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651757)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-31/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651757/; classtype:trojan-activity;sid:84514857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651758)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/sp/normal/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651758/; classtype:trojan-activity;sid:84514858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651759)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651759/; classtype:trojan-activity;sid:84514859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651753)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-09-13/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651753/; classtype:trojan-activity;sid:84514853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651754)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-09-15/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651754/; classtype:trojan-activity;sid:84514854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651751)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651751/; classtype:trojan-activity;sid:84514851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651752)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651752/; classtype:trojan-activity;sid:84514852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651750)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651750/; classtype:trojan-activity;sid:84514850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651741)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651741/; classtype:trojan-activity;sid:84514841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651742)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651742/; classtype:trojan-activity;sid:84514842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651743)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pbdll/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651743/; classtype:trojan-activity;sid:84514843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651744)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651744/; classtype:trojan-activity;sid:84514844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651745)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651745/; classtype:trojan-activity;sid:84514845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651746)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651746/; classtype:trojan-activity;sid:84514846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651747)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651747/; classtype:trojan-activity;sid:84514847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651748)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pa/conting%c3%aancia/homologa%c3%a7%c3%a3o/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651748/; classtype:trojan-activity;sid:84514848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651749)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/dist/js/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651749/; classtype:trojan-activity;sid:84514849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651740)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651740/; classtype:trojan-activity;sid:84514840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651734)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-06-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651734/; classtype:trojan-activity;sid:84514834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651735)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651735/; classtype:trojan-activity;sid:84514835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651736)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-08-28/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651736/; classtype:trojan-activity;sid:84514836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651737)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-12-31/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651737/; classtype:trojan-activity;sid:84514837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651738)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651738/; classtype:trojan-activity;sid:84514838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651739)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651739/; classtype:trojan-activity;sid:84514839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651733)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231213-078/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651733/; classtype:trojan-activity;sid:84514833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651730)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-08-13/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651730/; classtype:trojan-activity;sid:84514830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651731)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651731/; classtype:trojan-activity;sid:84514831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651732)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-11-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651732/; classtype:trojan-activity;sid:84514832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651729)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-02-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651729/; classtype:trojan-activity;sid:84514829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651728)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651728/; classtype:trojan-activity;sid:84514828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651726)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-12-13/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651726/; classtype:trojan-activity;sid:84514826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651727)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-01-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651727/; classtype:trojan-activity;sid:84514827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651725)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-12-23/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651725/; classtype:trojan-activity;sid:84514825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651720)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651720/; classtype:trojan-activity;sid:84514820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651721)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-08-08/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651721/; classtype:trojan-activity;sid:84514821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651722)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651722/; classtype:trojan-activity;sid:84514822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651723)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-04-27/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651723/; classtype:trojan-activity;sid:84514823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651724)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651724/; classtype:trojan-activity;sid:84514824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651719)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/goods/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651719/; classtype:trojan-activity;sid:84514819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651717)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651717/; classtype:trojan-activity;sid:84514817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651718)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-01-08/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651718/; classtype:trojan-activity;sid:84514818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651716)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pb/normal/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651716/; classtype:trojan-activity;sid:84514816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651715)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651715/; classtype:trojan-activity;sid:84514815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651713)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-04-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651713/; classtype:trojan-activity;sid:84514813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651714)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-11-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651714/; classtype:trojan-activity;sid:84514814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651710)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-18/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651710/; classtype:trojan-activity;sid:84514810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651711)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651711/; classtype:trojan-activity;sid:84514811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651712)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231026-003/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651712/; classtype:trojan-activity;sid:84514812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651709)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651709/; classtype:trojan-activity;sid:84514809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651707)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651707/; classtype:trojan-activity;sid:84514807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651708)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651708/; classtype:trojan-activity;sid:84514808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651704)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/images/info.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651704/; classtype:trojan-activity;sid:84514804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651705)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-04-13/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651705/; classtype:trojan-activity;sid:84514805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651706)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-18/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651706/; classtype:trojan-activity;sid:84514806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651698)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230607-012/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651698/; classtype:trojan-activity;sid:84514798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651699)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-06-27/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651699/; classtype:trojan-activity;sid:84514799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651700)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-12-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651700/; classtype:trojan-activity;sid:84514800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651701)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-04-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651701/; classtype:trojan-activity;sid:84514801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651702)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pb/conting%c3%aancia/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651702/; classtype:trojan-activity;sid:84514802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651703)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651703/; classtype:trojan-activity;sid:84514803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651695)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651695/; classtype:trojan-activity;sid:84514795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651696)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651696/; classtype:trojan-activity;sid:84514796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651697)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651697/; classtype:trojan-activity;sid:84514797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651693)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-15/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651693/; classtype:trojan-activity;sid:84514793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651694)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651694/; classtype:trojan-activity;sid:84514794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651691)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-05-12/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651691/; classtype:trojan-activity;sid:84514791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651692)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-11-17/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651692/; classtype:trojan-activity;sid:84514792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651686)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651686/; classtype:trojan-activity;sid:84514786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651687)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651687/; classtype:trojan-activity;sid:84514787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651688)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651688/; classtype:trojan-activity;sid:84514788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651689)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651689/; classtype:trojan-activity;sid:84514789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651690)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651690/; classtype:trojan-activity;sid:84514790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651685)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-07-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651685/; classtype:trojan-activity;sid:84514785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651682)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-07-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651682/; classtype:trojan-activity;sid:84514782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651683)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651683/; classtype:trojan-activity;sid:84514783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651684)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651684/; classtype:trojan-activity;sid:84514784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651681)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651681/; classtype:trojan-activity;sid:84514781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651680)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-02-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651680/; classtype:trojan-activity;sid:84514780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651679)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-22/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651679/; classtype:trojan-activity;sid:84514779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651678)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651678/; classtype:trojan-activity;sid:84514778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651673)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pbdll/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651673/; classtype:trojan-activity;sid:84514773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651674)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240722-081/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651674/; classtype:trojan-activity;sid:84514774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651675)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-04-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651675/; classtype:trojan-activity;sid:84514775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651676)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651676/; classtype:trojan-activity;sid:84514776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651677)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651677/; classtype:trojan-activity;sid:84514777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651668)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-03-22/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651668/; classtype:trojan-activity;sid:84514768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651669)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/df/conting%c3%aancia/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651669/; classtype:trojan-activity;sid:84514769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651670)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-02-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651670/; classtype:trojan-activity;sid:84514770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651671)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651671/; classtype:trojan-activity;sid:84514771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651672)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230213-066/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651672/; classtype:trojan-activity;sid:84514772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651667)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-12-04/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651667/; classtype:trojan-activity;sid:84514767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651663)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-08-05/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651663/; classtype:trojan-activity;sid:84514763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651664)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651664/; classtype:trojan-activity;sid:84514764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651665)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-11-12/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651665/; classtype:trojan-activity;sid:84514765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651666)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-08-07/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651666/; classtype:trojan-activity;sid:84514766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651662)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/notanalyze/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651662/; classtype:trojan-activity;sid:84514762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651655)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651655/; classtype:trojan-activity;sid:84514755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651656)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-02-23/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651656/; classtype:trojan-activity;sid:84514756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651657)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651657/; classtype:trojan-activity;sid:84514757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651658)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651658/; classtype:trojan-activity;sid:84514758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651659)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651659/; classtype:trojan-activity;sid:84514759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651660)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/undw/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651660/; classtype:trojan-activity;sid:84514760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651661)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-10-25/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651661/; classtype:trojan-activity;sid:84514761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651650)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-05-10/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651650/; classtype:trojan-activity;sid:84514750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651651)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-06-24/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651651/; classtype:trojan-activity;sid:84514751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651652)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-04-09/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651652/; classtype:trojan-activity;sid:84514752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651653)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-05-10/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651653/; classtype:trojan-activity;sid:84514753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651654)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651654/; classtype:trojan-activity;sid:84514754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651645)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651645/; classtype:trojan-activity;sid:84514745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651646)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651646/; classtype:trojan-activity;sid:84514746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651647)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-09-29/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651647/; classtype:trojan-activity;sid:84514747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651648)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-12-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651648/; classtype:trojan-activity;sid:84514748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651649)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651649/; classtype:trojan-activity;sid:84514749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651639)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651639/; classtype:trojan-activity;sid:84514739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651640)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651640/; classtype:trojan-activity;sid:84514740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651641)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651641/; classtype:trojan-activity;sid:84514741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651642)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651642/; classtype:trojan-activity;sid:84514742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651643)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651643/; classtype:trojan-activity;sid:84514743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651644)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-05-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651644/; classtype:trojan-activity;sid:84514744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651632)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-09-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651632/; classtype:trojan-activity;sid:84514732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651633)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-07-16/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651633/; classtype:trojan-activity;sid:84514733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651634)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-01-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651634/; classtype:trojan-activity;sid:84514734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651635)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651635/; classtype:trojan-activity;sid:84514735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651636)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-05-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651636/; classtype:trojan-activity;sid:84514736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651637)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651637/; classtype:trojan-activity;sid:84514737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651638)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651638/; classtype:trojan-activity;sid:84514738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651629)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651629/; classtype:trojan-activity;sid:84514729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651630)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-06-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651630/; classtype:trojan-activity;sid:84514730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651631)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651631/; classtype:trojan-activity;sid:84514731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651628)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-09-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651628/; classtype:trojan-activity;sid:84514728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651622)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651622/; classtype:trojan-activity;sid:84514722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651623)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-07-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651623/; classtype:trojan-activity;sid:84514723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651624)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651624/; classtype:trojan-activity;sid:84514724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651625)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-04-05/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651625/; classtype:trojan-activity;sid:84514725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651626)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241205-082/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651626/; classtype:trojan-activity;sid:84514726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651627)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651627/; classtype:trojan-activity;sid:84514727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651620)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651620/; classtype:trojan-activity;sid:84514720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651621)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651621/; classtype:trojan-activity;sid:84514721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651619)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651619/; classtype:trojan-activity;sid:84514719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651617)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651617/; classtype:trojan-activity;sid:84514717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651618)"; flow:established,from_client; content:"GET"; http_method; content:"/update/%e8%a5%bf%e7%be%8e%e5%8d%b0%e5%88%b7%e7%94%9f%e4%ba%a7%e4%bb%93%e5%ba%93%e7%b3%bb%e7%bb%9f/pic/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651618/; classtype:trojan-activity;sid:84514718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651616)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651616/; classtype:trojan-activity;sid:84514716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651615)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651615/; classtype:trojan-activity;sid:84514715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651614)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-23/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651614/; classtype:trojan-activity;sid:84514714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651613)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-03-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651613/; classtype:trojan-activity;sid:84514713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651611)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651611/; classtype:trojan-activity;sid:84514711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651612)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/images/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651612/; classtype:trojan-activity;sid:84514712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651610)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230323-001/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651610/; classtype:trojan-activity;sid:84514710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651607)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221019-077/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651607/; classtype:trojan-activity;sid:84514707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651608)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-08-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651608/; classtype:trojan-activity;sid:84514708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651609)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651609/; classtype:trojan-activity;sid:84514709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651606)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/undw/undw90/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651606/; classtype:trojan-activity;sid:84514706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651605)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-11-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651605/; classtype:trojan-activity;sid:84514705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651603)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651603/; classtype:trojan-activity;sid:84514703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651604)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-08-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651604/; classtype:trojan-activity;sid:84514704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651598)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651598/; classtype:trojan-activity;sid:84514698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651599)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-05-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651599/; classtype:trojan-activity;sid:84514699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651600)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-10-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651600/; classtype:trojan-activity;sid:84514700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651601)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-11-09/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651601/; classtype:trojan-activity;sid:84514701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651602)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-04-14/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651602/; classtype:trojan-activity;sid:84514702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651591)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651591/; classtype:trojan-activity;sid:84514691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651592)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-01-08/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651592/; classtype:trojan-activity;sid:84514692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651593)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-07-07/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651593/; classtype:trojan-activity;sid:84514693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651594)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-10-16/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651594/; classtype:trojan-activity;sid:84514694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651595)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651595/; classtype:trojan-activity;sid:84514695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651596)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221207-040/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651596/; classtype:trojan-activity;sid:84514696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651597)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-02-04/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651597/; classtype:trojan-activity;sid:84514697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651587)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/otherup/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651587/; classtype:trojan-activity;sid:84514687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651588)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-08-06/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651588/; classtype:trojan-activity;sid:84514688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651589)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/ma/conting%c3%aancia/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651589/; classtype:trojan-activity;sid:84514689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651590)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651590/; classtype:trojan-activity;sid:84514690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651583)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651583/; classtype:trojan-activity;sid:84514683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651584)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-08-25/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651584/; classtype:trojan-activity;sid:84514684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651585)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651585/; classtype:trojan-activity;sid:84514685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651586)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651586/; classtype:trojan-activity;sid:84514686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651582)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-01-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651582/; classtype:trojan-activity;sid:84514682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651580)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651580/; classtype:trojan-activity;sid:84514680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651581)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651581/; classtype:trojan-activity;sid:84514681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651579)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-04-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651579/; classtype:trojan-activity;sid:84514679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651577)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651577/; classtype:trojan-activity;sid:84514677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651578)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-09-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651578/; classtype:trojan-activity;sid:84514678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651573)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-08-18/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651573/; classtype:trojan-activity;sid:84514673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651574)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651574/; classtype:trojan-activity;sid:84514674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651575)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651575/; classtype:trojan-activity;sid:84514675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651576)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651576/; classtype:trojan-activity;sid:84514676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651570)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-06-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651570/; classtype:trojan-activity;sid:84514670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651571)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651571/; classtype:trojan-activity;sid:84514671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651572)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230310-090/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651572/; classtype:trojan-activity;sid:84514672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651567)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-08-02/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651567/; classtype:trojan-activity;sid:84514667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651568)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651568/; classtype:trojan-activity;sid:84514668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651569)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230503-049/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651569/; classtype:trojan-activity;sid:84514669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651565)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-05-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651565/; classtype:trojan-activity;sid:84514665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651566)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-05-11/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651566/; classtype:trojan-activity;sid:84514666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651564)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-11-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651564/; classtype:trojan-activity;sid:84514664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651562)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651562/; classtype:trojan-activity;sid:84514662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651563)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-23/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651563/; classtype:trojan-activity;sid:84514663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651560)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651560/; classtype:trojan-activity;sid:84514660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651561)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651561/; classtype:trojan-activity;sid:84514661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651558)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-10-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651558/; classtype:trojan-activity;sid:84514658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651559)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-02-20/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651559/; classtype:trojan-activity;sid:84514659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651553)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651553/; classtype:trojan-activity;sid:84514653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651554)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-01-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651554/; classtype:trojan-activity;sid:84514654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651555)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651555/; classtype:trojan-activity;sid:84514655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651556)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/%e8%a5%bf%e7%be%8e%e5%8d%b0%e5%88%b7%e7%94%9f%e4%ba%a7%e4%bb%93%e5%ba%93%e7%b3%bb%e7%bb%9f/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651556/; classtype:trojan-activity;sid:84514656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651557)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651557/; classtype:trojan-activity;sid:84514657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651548)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651548/; classtype:trojan-activity;sid:84514648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651549)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651549/; classtype:trojan-activity;sid:84514649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651550)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170596/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651550/; classtype:trojan-activity;sid:84514650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651551)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-07-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651551/; classtype:trojan-activity;sid:84514651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651552)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651552/; classtype:trojan-activity;sid:84514652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651547)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240619-028/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651547/; classtype:trojan-activity;sid:84514647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651545)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-07-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651545/; classtype:trojan-activity;sid:84514645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651546)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-04-02/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651546/; classtype:trojan-activity;sid:84514646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651539)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651539/; classtype:trojan-activity;sid:84514639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651540)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220929-056/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651540/; classtype:trojan-activity;sid:84514640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651541)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240531-095/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651541/; classtype:trojan-activity;sid:84514641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651542)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651542/; classtype:trojan-activity;sid:84514642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651543)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240523-018/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651543/; classtype:trojan-activity;sid:84514643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651544)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651544/; classtype:trojan-activity;sid:84514644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651532)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651532/; classtype:trojan-activity;sid:84514632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651533)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651533/; classtype:trojan-activity;sid:84514633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651534)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-11-25/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651534/; classtype:trojan-activity;sid:84514634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651535)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-07-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651535/; classtype:trojan-activity;sid:84514635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651536)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651536/; classtype:trojan-activity;sid:84514636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651537)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240329-083/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651537/; classtype:trojan-activity;sid:84514637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651538)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221209-001/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651538/; classtype:trojan-activity;sid:84514638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651530)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-12-05/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651530/; classtype:trojan-activity;sid:84514630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651531)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651531/; classtype:trojan-activity;sid:84514631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651528)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/src/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651528/; classtype:trojan-activity;sid:84514628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651529)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-06-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651529/; classtype:trojan-activity;sid:84514629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651527)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651527/; classtype:trojan-activity;sid:84514627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651526)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651526/; classtype:trojan-activity;sid:84514626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651525)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-02-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651525/; classtype:trojan-activity;sid:84514625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651524)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pe/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651524/; classtype:trojan-activity;sid:84514624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651521)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-01-26/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651521/; classtype:trojan-activity;sid:84514621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651522)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-11-04/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651522/; classtype:trojan-activity;sid:84514622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651523)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-11-12/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651523/; classtype:trojan-activity;sid:84514623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651520)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-05-11/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651520/; classtype:trojan-activity;sid:84514620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651519)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-06-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651519/; classtype:trojan-activity;sid:84514619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651516)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-01-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651516/; classtype:trojan-activity;sid:84514616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651517)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-06-01/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651517/; classtype:trojan-activity;sid:84514617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651518)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-04-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651518/; classtype:trojan-activity;sid:84514618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651515)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-04-16/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651515/; classtype:trojan-activity;sid:84514615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651512)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-08-20/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651512/; classtype:trojan-activity;sid:84514612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651513)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2023-11-27/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651513/; classtype:trojan-activity;sid:84514613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651514)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-02-22/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651514/; classtype:trojan-activity;sid:84514614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651511)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-09-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651511/; classtype:trojan-activity;sid:84514611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651509)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-09-15/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651509/; classtype:trojan-activity;sid:84514609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651510)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-01-15/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651510/; classtype:trojan-activity;sid:84514610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651506)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-01-03/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651506/; classtype:trojan-activity;sid:84514606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651507)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-12-18/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651507/; classtype:trojan-activity;sid:84514607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651508)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-08-26/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651508/; classtype:trojan-activity;sid:84514608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651504)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651504/; classtype:trojan-activity;sid:84514604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651505)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-03-14/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651505/; classtype:trojan-activity;sid:84514605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651502)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-12-16/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651502/; classtype:trojan-activity;sid:84514602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651503)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-05-06/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651503/; classtype:trojan-activity;sid:84514603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651501)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.165.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651501/; classtype:trojan-activity;sid:84514601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651500)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.247.88.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651500/; classtype:trojan-activity;sid:84514600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651499)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"106.40.65.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651499/; classtype:trojan-activity;sid:84514599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651498)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.6.132"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651498/; classtype:trojan-activity;sid:84514598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651497)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.165.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651497/; classtype:trojan-activity;sid:84514597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651496)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.89.215.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651496/; classtype:trojan-activity;sid:84514596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651494)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"107.128.101.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651494/; classtype:trojan-activity;sid:84514594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651495)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.118.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651495/; classtype:trojan-activity;sid:84514595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651493)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"152.0.25.96"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651493/; classtype:trojan-activity;sid:84514593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651492)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"88.12.14.229"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651492/; classtype:trojan-activity;sid:84514592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651491)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"99.232.252.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651491/; classtype:trojan-activity;sid:84514591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651490)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.229.196.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651490/; classtype:trojan-activity;sid:84514590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651489)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"74.105.123.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651489/; classtype:trojan-activity;sid:84514589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651488)"; flow:established,from_client; content:"GET"; http_method; content:"/sosten.vbs"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"njcolombia8590.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651488/; classtype:trojan-activity;sid:84514588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651487)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"190.153.137.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651487/; classtype:trojan-activity;sid:84514587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651485)"; flow:established,from_client; content:"GET"; http_method; content:"/proceso.vbs"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"sosten38999.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651485/; classtype:trojan-activity;sid:84514585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651486)"; flow:established,from_client; content:"GET"; http_method; content:"/sostener.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"njcolombia8590.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651486/; classtype:trojan-activity;sid:84514586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651482)"; flow:established,from_client; content:"GET"; http_method; content:"/proceso.vbs"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"njcolombia8590.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651482/; classtype:trojan-activity;sid:84514582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651483)"; flow:established,from_client; content:"GET"; http_method; content:"/sosten.vbs"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"sosten38999.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651483/; classtype:trojan-activity;sid:84514583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651484)"; flow:established,from_client; content:"GET"; http_method; content:"/sostener.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"sosten38999.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651484/; classtype:trojan-activity;sid:84514584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651481)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"67.177.204.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651481/; classtype:trojan-activity;sid:84514581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651480)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"220.89.164.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651480/; classtype:trojan-activity;sid:84514580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651479)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"98.15.210.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651479/; classtype:trojan-activity;sid:84514579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651477)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"132.247.103.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651477/; classtype:trojan-activity;sid:84514577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651478)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"152.0.25.96"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651478/; classtype:trojan-activity;sid:84514578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651476)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.172.14.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651476/; classtype:trojan-activity;sid:84514576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651475)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"82.67.39.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651475/; classtype:trojan-activity;sid:84514575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651473)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.203.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651473/; classtype:trojan-activity;sid:84514573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651474)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.179.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651474/; classtype:trojan-activity;sid:84514574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651471)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.123.219.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651471/; classtype:trojan-activity;sid:84514571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651472)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.105.76.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651472/; classtype:trojan-activity;sid:84514572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651470)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"74.12.85.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651470/; classtype:trojan-activity;sid:84514570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651469)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.133.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651469/; classtype:trojan-activity;sid:84514569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651468)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.40.65.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651468/; classtype:trojan-activity;sid:84514568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651467)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"157.20.32.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651467/; classtype:trojan-activity;sid:84514567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651466)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.152.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651466/; classtype:trojan-activity;sid:84514566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651465)"; flow:established,from_client; content:"GET"; http_method; content:"/v91v3nid5c.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"an.qjf-1-o.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651465/; classtype:trojan-activity;sid:84514565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651464)"; flow:established,from_client; content:"GET"; http_method; content:"/7e.google|3f|t=kmk5sa6r"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ly.khhu-8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651464/; classtype:trojan-activity;sid:84514564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651463)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.229.196.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651463/; classtype:trojan-activity;sid:84514563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651461)"; flow:established,from_client; content:"GET"; http_method; content:"/envifa.vbs"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"2seguro2025.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651461/; classtype:trojan-activity;sid:84514561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651462)"; flow:established,from_client; content:"GET"; http_method; content:"/sostener2.vbs"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"2seguro2025.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651462/; classtype:trojan-activity;sid:84514562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651460)"; flow:established,from_client; content:"GET"; http_method; content:"/andre.vbs"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"xworm0106.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651460/; classtype:trojan-activity;sid:84514560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651459)"; flow:established,from_client; content:"GET"; http_method; content:"/andre.vbs"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"186.169.89.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651459/; classtype:trojan-activity;sid:84514559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651458)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.188.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651458/; classtype:trojan-activity;sid:84514558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651456)"; flow:established,from_client; content:"GET"; http_method; content:"/dllchichi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"xworm0106.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651456/; classtype:trojan-activity;sid:84514556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651457)"; flow:established,from_client; content:"GET"; http_method; content:"/dllchichi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"rem0925.duckdns.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651457/; classtype:trojan-activity;sid:84514557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651454)"; flow:established,from_client; content:"GET"; http_method; content:"/31agosto.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"xworm0106.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651454/; classtype:trojan-activity;sid:84514554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651455)"; flow:established,from_client; content:"GET"; http_method; content:"/sostener.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"xworm0106.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651455/; classtype:trojan-activity;sid:84514555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651453)"; flow:established,from_client; content:"GET"; http_method; content:"/sostener.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"186.169.89.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651453/; classtype:trojan-activity;sid:84514553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651449)"; flow:established,from_client; content:"GET"; http_method; content:"/pchichi.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"rem0925.duckdns.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651449/; classtype:trojan-activity;sid:84514549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651450)"; flow:established,from_client; content:"GET"; http_method; content:"/pchichi.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"186.169.89.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651450/; classtype:trojan-activity;sid:84514550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651451)"; flow:established,from_client; content:"GET"; http_method; content:"/31agosto.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"186.169.89.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651451/; classtype:trojan-activity;sid:84514551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651452)"; flow:established,from_client; content:"GET"; http_method; content:"/pchichi.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"xworm0106.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651452/; classtype:trojan-activity;sid:84514552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651448)"; flow:established,from_client; content:"GET"; http_method; content:"/dllchichi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"186.169.89.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651448/; classtype:trojan-activity;sid:84514548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651447)"; flow:established,from_client; content:"GET"; http_method; content:"/avkjjnq0sp.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"w4.m-89a.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651447/; classtype:trojan-activity;sid:84514547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651446)"; flow:established,from_client; content:"GET"; http_method; content:"/7e.google|3f|t=46ovsmla"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ly.khhu-8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651446/; classtype:trojan-activity;sid:84514546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651445)"; flow:established,from_client; content:"GET"; http_method; content:"/dllchichi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"sostexampp.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651445/; classtype:trojan-activity;sid:84514545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651444)"; flow:established,from_client; content:"GET"; http_method; content:"/pchichi.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"sostexampp.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651444/; classtype:trojan-activity;sid:84514544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651443)"; flow:established,from_client; content:"GET"; http_method; content:"/31agosto.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.rem0925.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651443/; classtype:trojan-activity;sid:84514543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651441)"; flow:established,from_client; content:"GET"; http_method; content:"/pchichi.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"remdefrem.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651441/; classtype:trojan-activity;sid:84514541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651442)"; flow:established,from_client; content:"GET"; http_method; content:"/dllchichi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.rem0925.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651442/; classtype:trojan-activity;sid:84514542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651440)"; flow:established,from_client; content:"GET"; http_method; content:"/andre.vbs"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.rem0925.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651440/; classtype:trojan-activity;sid:84514540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651437)"; flow:established,from_client; content:"GET"; http_method; content:"/dllchichi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"remdefrem.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651437/; classtype:trojan-activity;sid:84514537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651438)"; flow:established,from_client; content:"GET"; http_method; content:"/sostener.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.rem0925.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651438/; classtype:trojan-activity;sid:84514538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651439)"; flow:established,from_client; content:"GET"; http_method; content:"/pchichi.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.rem0925.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651439/; classtype:trojan-activity;sid:84514539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651436)"; flow:established,from_client; content:"GET"; http_method; content:"/envifa.vbs"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"46.246.86.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651436/; classtype:trojan-activity;sid:84514536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651435)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.141.128.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651435/; classtype:trojan-activity;sid:84514535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651434)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.192.231.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651434/; classtype:trojan-activity;sid:84514534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651433)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.133.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651433/; classtype:trojan-activity;sid:84514533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651432)"; flow:established,from_client; content:"GET"; http_method; content:"/zjwzuv_padded_sign.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.96.75.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651432/; classtype:trojan-activity;sid:84514532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651431)"; flow:established,from_client; content:"GET"; http_method; content:"/rpdfon.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.96.75.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651431/; classtype:trojan-activity;sid:84514531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651430)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.120.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651430/; classtype:trojan-activity;sid:84514530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651429)"; flow:established,from_client; content:"GET"; http_method; content:"/222.bin"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.96.75.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651429/; classtype:trojan-activity;sid:84514529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651428)"; flow:established,from_client; content:"GET"; http_method; content:"/xl6.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.96.75.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651428/; classtype:trojan-activity;sid:84514528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651427)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.192.231.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651427/; classtype:trojan-activity;sid:84514527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651426)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.193.129.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651426/; classtype:trojan-activity;sid:84514526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651424)"; flow:established,from_client; content:"GET"; http_method; content:"/ttj7xmhf07.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"an.qjf-1-o.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651424/; classtype:trojan-activity;sid:84514524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651425)"; flow:established,from_client; content:"GET"; http_method; content:"/nltr5st5ms.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"d.m-89a.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651425/; classtype:trojan-activity;sid:84514525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651423)"; flow:established,from_client; content:"GET"; http_method; content:"/mm6.check|3f|t=x0adhejv"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"lu.khhu-8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651423/; classtype:trojan-activity;sid:84514523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651422)"; flow:established,from_client; content:"GET"; http_method; content:"/mm6.check|3f|t=1lc0va66"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"lu.khhu-8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651422/; classtype:trojan-activity;sid:84514522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651421)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.230.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651421/; classtype:trojan-activity;sid:84514521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651420)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.120.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651420/; classtype:trojan-activity;sid:84514520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651419)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.227.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651419/; classtype:trojan-activity;sid:84514519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651418)"; flow:established,from_client; content:"GET"; http_method; content:"/1oe.google|3f|t=o5wyuttv"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"le.nxno-7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651418/; classtype:trojan-activity;sid:84514518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651417)"; flow:established,from_client; content:"GET"; http_method; content:"/i5umcrrxqy.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"hm.c-01e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651417/; classtype:trojan-activity;sid:84514517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651416)"; flow:established,from_client; content:"GET"; http_method; content:"/1oe.google|3f|t=d9uober2"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"le.nxno-7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651416/; classtype:trojan-activity;sid:84514516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651415)"; flow:established,from_client; content:"GET"; http_method; content:"/n3xpxcq7xh.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"an.qjf-1-o.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651415/; classtype:trojan-activity;sid:84514515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651414)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.242.239.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651414/; classtype:trojan-activity;sid:84514514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651413)"; flow:established,from_client; content:"GET"; http_method; content:"/055as7tra3.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"an.qjf-1-o.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651413/; classtype:trojan-activity;sid:84514513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651412)"; flow:established,from_client; content:"GET"; http_method; content:"/25s.check|3f|t=070t3k4t"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ky.nxno-7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651412/; classtype:trojan-activity;sid:84514512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651411)"; flow:established,from_client; content:"GET"; http_method; content:"/o62u951wxw.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t1.c-01e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651411/; classtype:trojan-activity;sid:84514511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651410)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.6.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651410/; classtype:trojan-activity;sid:84514510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651409)"; flow:established,from_client; content:"GET"; http_method; content:"/25s.check|3f|t=q6g739da"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ky.nxno-7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651409/; classtype:trojan-activity;sid:84514509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651408)"; flow:established,from_client; content:"GET"; http_method; content:"/sr54fo0qcn.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t1.c-01e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651408/; classtype:trojan-activity;sid:84514508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651407)"; flow:established,from_client; content:"GET"; http_method; content:"/ta.check|3f|t=utrxomul"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ku.nxno-7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651407/; classtype:trojan-activity;sid:84514507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651406)"; flow:established,from_client; content:"GET"; http_method; content:"/zn7s84xgmy.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"an.qjf-1-o.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651406/; classtype:trojan-activity;sid:84514506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651405)"; flow:established,from_client; content:"GET"; http_method; content:"/ta.check|3f|t=k29mksid"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ku.nxno-7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651405/; classtype:trojan-activity;sid:84514505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651404)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.85.189.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651404/; classtype:trojan-activity;sid:84514504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651402)"; flow:established,from_client; content:"GET"; http_method; content:"/ede.google|3f|t=axukb0kz"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ko.nxno-7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651402/; classtype:trojan-activity;sid:84514502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651403)"; flow:established,from_client; content:"GET"; http_method; content:"/iavne9l3s7.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"an.qjf-1-o.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651403/; classtype:trojan-activity;sid:84514503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651401)"; flow:established,from_client; content:"GET"; http_method; content:"/h1be7yhxk2.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qz9.c-01e.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651401/; classtype:trojan-activity;sid:84514501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651400)"; flow:established,from_client; content:"GET"; http_method; content:"/ede.google|3f|t=ojil5jwg"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ko.nxno-7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651400/; classtype:trojan-activity;sid:84514500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651399)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.94.199.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651399/; classtype:trojan-activity;sid:84514499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651398)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.169.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651398/; classtype:trojan-activity;sid:84514498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651397)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.238.15.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651397/; classtype:trojan-activity;sid:84514497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651396)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.64.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651396/; classtype:trojan-activity;sid:84514496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651395)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.214.152.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651395/; classtype:trojan-activity;sid:84514495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651394)"; flow:established,from_client; content:"GET"; http_method; content:"/oe6am9lqwc.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"an.qjf-1-o.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651394/; classtype:trojan-activity;sid:84514494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651393)"; flow:established,from_client; content:"GET"; http_method; content:"/7x2.google|3f|t=gl4b5vod"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ke.nxno-7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651393/; classtype:trojan-activity;sid:84514493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651392)"; flow:established,from_client; content:"GET"; http_method; content:"/06h3l527ch.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2.c-01e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651392/; classtype:trojan-activity;sid:84514492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651391)"; flow:established,from_client; content:"GET"; http_method; content:"/7x2.google|3f|t=wiyzbm35"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ke.nxno-7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651391/; classtype:trojan-activity;sid:84514491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651390)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.149.67.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651390/; classtype:trojan-activity;sid:84514490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651389)"; flow:established,from_client; content:"GET"; http_method; content:"/ytbdko61qm.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"an.qjf-1-o.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651389/; classtype:trojan-activity;sid:84514489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651388)"; flow:established,from_client; content:"GET"; http_method; content:"/mm.google|3f|t=z5a9kd3q"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"jy.lkci-1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651388/; classtype:trojan-activity;sid:84514488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651387)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.247.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651387/; classtype:trojan-activity;sid:84514487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651386)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.96.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651386/; classtype:trojan-activity;sid:84514486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651385)"; flow:established,from_client; content:"GET"; http_method; content:"/jgjwu08omn.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k.c-01e.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651385/; classtype:trojan-activity;sid:84514485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651384)"; flow:established,from_client; content:"GET"; http_method; content:"/ae.check|3f|t=nvutg067"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ju.lkci-1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651384/; classtype:trojan-activity;sid:84514484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651383)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.247.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651383/; classtype:trojan-activity;sid:84514483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651382)"; flow:established,from_client; content:"GET"; http_method; content:"/h44bkg3sz0.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"an.qjf-1-o.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651382/; classtype:trojan-activity;sid:84514482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651381)"; flow:established,from_client; content:"GET"; http_method; content:"/ae.check|3f|t=itjontoo"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ju.lkci-1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651381/; classtype:trojan-activity;sid:84514481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651380)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.169.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651380/; classtype:trojan-activity;sid:84514480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651379)"; flow:established,from_client; content:"GET"; http_method; content:"/ybowkgqs2m.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"an.qjf-1-o.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651379/; classtype:trojan-activity;sid:84514479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651378)"; flow:established,from_client; content:"GET"; http_method; content:"/do9.check|3f|t=xrwc92zn"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ji.lkci-1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651378/; classtype:trojan-activity;sid:84514478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651377)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.96.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651377/; classtype:trojan-activity;sid:84514477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651376)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.206.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651376/; classtype:trojan-activity;sid:84514476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651375)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.84.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651375/; classtype:trojan-activity;sid:84514475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651374)"; flow:established,from_client; content:"GET"; http_method; content:"/5rk41xg1as.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k.xzb-6-i.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651374/; classtype:trojan-activity;sid:84514474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651373)"; flow:established,from_client; content:"GET"; http_method; content:"/do9.check|3f|t=kfs9is5h"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ji.lkci-1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651373/; classtype:trojan-activity;sid:84514473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651372)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651372/; classtype:trojan-activity;sid:84514472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651371)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.43.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651371/; classtype:trojan-activity;sid:84514471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651370)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.53.128.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651370/; classtype:trojan-activity;sid:84514470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651369)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.213.199.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651369/; classtype:trojan-activity;sid:84514469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651368)"; flow:established,from_client; content:"GET"; http_method; content:"/5t2.google|3f|t=me34l0gr"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"je.lkci-1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651368/; classtype:trojan-activity;sid:84514468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651367)"; flow:established,from_client; content:"GET"; http_method; content:"/9x149rqzah.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"am.qjf-1-o.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651367/; classtype:trojan-activity;sid:84514467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651366)"; flow:established,from_client; content:"GET"; http_method; content:"/1snz58b7j0.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2.xzb-6-i.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651366/; classtype:trojan-activity;sid:84514466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651365)"; flow:established,from_client; content:"GET"; http_method; content:"/5t2.google|3f|t=gj6d3xx9"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"je.lkci-1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651365/; classtype:trojan-activity;sid:84514465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651364)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.115.207.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651364/; classtype:trojan-activity;sid:84514464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651363)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.43.44"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651363/; classtype:trojan-activity;sid:84514463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651362)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.176.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651362/; classtype:trojan-activity;sid:84514462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651360)"; flow:established,from_client; content:"GET"; http_method; content:"/bcmg3bm9bs.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"al.qjf-1-o.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651360/; classtype:trojan-activity;sid:84514460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651361)"; flow:established,from_client; content:"GET"; http_method; content:"/f5.check|3f|t=8nrlnybz"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ja.lkci-1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651361/; classtype:trojan-activity;sid:84514461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651359)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.176.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651359/; classtype:trojan-activity;sid:84514459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651358)"; flow:established,from_client; content:"GET"; http_method; content:"/f5.check|3f|t=syshab41"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ja.lkci-1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651358/; classtype:trojan-activity;sid:84514458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651357)"; flow:established,from_client; content:"GET"; http_method; content:"/5jvv3itj4b.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qz9.xzb-6-i.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651357/; classtype:trojan-activity;sid:84514457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651356)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.182.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651356/; classtype:trojan-activity;sid:84514456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651355)"; flow:established,from_client; content:"GET"; http_method; content:"/wu5zb7u00k.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ai.qqd-6-e.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651355/; classtype:trojan-activity;sid:84514455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651354)"; flow:established,from_client; content:"GET"; http_method; content:"/ga.google|3f|t=slmhk2fh"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"hy.jnfe-1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651354/; classtype:trojan-activity;sid:84514454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651353)"; flow:established,from_client; content:"GET"; http_method; content:"/bab.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"51.161.34.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651353/; classtype:trojan-activity;sid:84514453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651347)"; flow:established,from_client; content:"GET"; http_method; content:"/bios.bat"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"51.161.34.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651347/; classtype:trojan-activity;sid:84514447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651348)"; flow:established,from_client; content:"GET"; http_method; content:"/startupppppp.bat"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"51.161.34.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651348/; classtype:trojan-activity;sid:84514448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651349)"; flow:established,from_client; content:"GET"; http_method; content:"/newx.bat"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"51.161.34.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651349/; classtype:trojan-activity;sid:84514449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651350)"; flow:established,from_client; content:"GET"; http_method; content:"/ftspm.zip"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"51.161.34.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651350/; classtype:trojan-activity;sid:84514450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651351)"; flow:established,from_client; content:"GET"; http_method; content:"/ftspx.zip"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"51.161.34.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651351/; classtype:trojan-activity;sid:84514451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651352)"; flow:established,from_client; content:"GET"; http_method; content:"/startupppppppppp.bat"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"51.161.34.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651352/; classtype:trojan-activity;sid:84514452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651346)"; flow:established,from_client; content:"GET"; http_method; content:"/cam.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"51.161.34.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651346/; classtype:trojan-activity;sid:84514446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651344)"; flow:established,from_client; content:"GET"; http_method; content:"/ama.tar"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tiger-checkout-draws-basketball.trycloudflare.com"; http_host; depth:49; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651344/; classtype:trojan-activity;sid:84514444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651345)"; flow:established,from_client; content:"GET"; http_method; content:"/test_calc.wll"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.43.31.142"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651345/; classtype:trojan-activity;sid:84514445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651341)"; flow:established,from_client; content:"GET"; http_method; content:"/ftsp.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"51.161.34.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651341/; classtype:trojan-activity;sid:84514441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651342)"; flow:established,from_client; content:"GET"; http_method; content:"/shoopify.bat"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"51.161.34.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651342/; classtype:trojan-activity;sid:84514442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651343)"; flow:established,from_client; content:"GET"; http_method; content:"/tp.bat"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tiger-checkout-draws-basketball.trycloudflare.com"; http_host; depth:49; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651343/; classtype:trojan-activity;sid:84514443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651336)"; flow:established,from_client; content:"GET"; http_method; content:"/euo.bat"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"51.161.34.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651336/; classtype:trojan-activity;sid:84514436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651337)"; flow:established,from_client; content:"GET"; http_method; content:"/fthbc.zip"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"51.161.34.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651337/; classtype:trojan-activity;sid:84514437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651338)"; flow:established,from_client; content:"GET"; http_method; content:"/ftpeth.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"51.161.34.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651338/; classtype:trojan-activity;sid:84514438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651339)"; flow:established,from_client; content:"GET"; http_method; content:"/new.bat"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"51.161.34.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651339/; classtype:trojan-activity;sid:84514439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651340)"; flow:established,from_client; content:"GET"; http_method; content:"/bab.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"51.161.34.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651340/; classtype:trojan-activity;sid:84514440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651335)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.213.199.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651335/; classtype:trojan-activity;sid:84514435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651334)"; flow:established,from_client; content:"GET"; http_method; content:"/hug.google|3f|t=xdx66l2l"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"hu.jnfe-1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651334/; classtype:trojan-activity;sid:84514434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651333)"; flow:established,from_client; content:"GET"; http_method; content:"/raqinm5roz.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t1.xzb-6-i.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651333/; classtype:trojan-activity;sid:84514433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651332)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.224.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651332/; classtype:trojan-activity;sid:84514432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651330)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.43.44"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651330/; classtype:trojan-activity;sid:84514430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651331)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.5.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651331/; classtype:trojan-activity;sid:84514431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651329)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.115.207.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651329/; classtype:trojan-activity;sid:84514429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651328)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.197.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651328/; classtype:trojan-activity;sid:84514428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651327)"; flow:established,from_client; content:"GET"; http_method; content:"/9u8n.js"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tylorperry.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651327/; classtype:trojan-activity;sid:84514427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651326)"; flow:established,from_client; content:"GET"; http_method; content:"/js.php"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tylorperry.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651326/; classtype:trojan-activity;sid:84514426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651325)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.95.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651325/; classtype:trojan-activity;sid:84514425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651322)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.114.161.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651322/; classtype:trojan-activity;sid:84514422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651323)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.114.161.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651323/; classtype:trojan-activity;sid:84514423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651324)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.85.112.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651324/; classtype:trojan-activity;sid:84514424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651321)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"194.180.158.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651321/; classtype:trojan-activity;sid:84514421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651320)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"84.201.4.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651320/; classtype:trojan-activity;sid:84514420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651317)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.74.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651317/; classtype:trojan-activity;sid:84514417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651318)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.38.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651318/; classtype:trojan-activity;sid:84514418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651319)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.39.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651319/; classtype:trojan-activity;sid:84514419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651314)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"161.97.147.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651314/; classtype:trojan-activity;sid:84514414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651315)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"161.97.147.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651315/; classtype:trojan-activity;sid:84514415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651316)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"161.97.147.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651316/; classtype:trojan-activity;sid:84514416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651313)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.55.98.253"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651313/; classtype:trojan-activity;sid:84514413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651312)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.82.142.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651312/; classtype:trojan-activity;sid:84514412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651311)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.80.35.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651311/; classtype:trojan-activity;sid:84514411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651308)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.116.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651308/; classtype:trojan-activity;sid:84514408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651309)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.163.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651309/; classtype:trojan-activity;sid:84514409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651307)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.102.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651307/; classtype:trojan-activity;sid:84514407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651306)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.81.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651306/; classtype:trojan-activity;sid:84514406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651305)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.178.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651305/; classtype:trojan-activity;sid:84514405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651304)"; flow:established,from_client; content:"GET"; http_method; content:"/download/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"47.104.31.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651304/; classtype:trojan-activity;sid:84514404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651303)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.5.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651303/; classtype:trojan-activity;sid:84514403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651302)"; flow:established,from_client; content:"GET"; http_method; content:"/test.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"193.112.251.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651302/; classtype:trojan-activity;sid:84514402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651298)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.230.127.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651298/; classtype:trojan-activity;sid:84514398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651299)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.83.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651299/; classtype:trojan-activity;sid:84514399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651300)"; flow:established,from_client; content:"GET"; http_method; content:"/mimikatz/x64/mimikatz.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"193.112.251.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651300/; classtype:trojan-activity;sid:84514400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651301)"; flow:established,from_client; content:"GET"; http_method; content:"/beacon_x86.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"193.112.251.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651301/; classtype:trojan-activity;sid:84514401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651297)"; flow:established,from_client; content:"GET"; http_method; content:"/srbminer-multi-2-8-3-linux.tar.gz"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"155.133.23.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651297/; classtype:trojan-activity;sid:84514397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651294)"; flow:established,from_client; content:"GET"; http_method; content:"/reverse-ssh-windows-amd64.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"176.57.213.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651294/; classtype:trojan-activity;sid:84514394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651295)"; flow:established,from_client; content:"GET"; http_method; content:"/tcp_windows_amd64.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"38.162.112.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651295/; classtype:trojan-activity;sid:84514395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651296)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig/xmrig_win32"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"139.162.195.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651296/; classtype:trojan-activity;sid:84514396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651291)"; flow:established,from_client; content:"GET"; http_method; content:"/tcp_linux_amd64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"38.162.112.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651291/; classtype:trojan-activity;sid:84514391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651292)"; flow:established,from_client; content:"GET"; http_method; content:"/reverse-ssh-windows-amd64.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"194.87.74.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651292/; classtype:trojan-activity;sid:84514392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651293)"; flow:established,from_client; content:"GET"; http_method; content:"/cron.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"155.133.23.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651293/; classtype:trojan-activity;sid:84514393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651290)"; flow:established,from_client; content:"GET"; http_method; content:"/reverse-ssh-linux-amd64"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"176.57.213.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651290/; classtype:trojan-activity;sid:84514390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651289)"; flow:established,from_client; content:"GET"; http_method; content:"/bf8zfpodoo.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ah.qqd-6-e.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651289/; classtype:trojan-activity;sid:84514389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651282)"; flow:established,from_client; content:"GET"; http_method; content:"/payloads/pgy.py"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"139.162.195.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651282/; classtype:trojan-activity;sid:84514382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651283)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig/xmrig_linux2"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"139.162.195.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651283/; classtype:trojan-activity;sid:84514383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651284)"; flow:established,from_client; content:"GET"; http_method; content:"/icloud.py"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"139.162.195.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651284/; classtype:trojan-activity;sid:84514384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651285)"; flow:established,from_client; content:"GET"; http_method; content:"/escalate.py"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"139.162.195.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651285/; classtype:trojan-activity;sid:84514385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651286)"; flow:established,from_client; content:"GET"; http_method; content:"/reverse-ssh-macos-arm64"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"194.87.74.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651286/; classtype:trojan-activity;sid:84514386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651287)"; flow:established,from_client; content:"GET"; http_method; content:"/reverse-ssh-linux-amd64"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"194.87.74.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651287/; classtype:trojan-activity;sid:84514387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651288)"; flow:established,from_client; content:"GET"; http_method; content:"/mimikatz_trunk.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"113.45.225.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651288/; classtype:trojan-activity;sid:84514388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651277)"; flow:established,from_client; content:"GET"; http_method; content:"/stagers/vam.py"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"139.162.195.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651277/; classtype:trojan-activity;sid:84514377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651278)"; flow:established,from_client; content:"GET"; http_method; content:"/process.py"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"139.162.195.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651278/; classtype:trojan-activity;sid:84514378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651279)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.116.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651279/; classtype:trojan-activity;sid:84514379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651280)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig/xmrig_darwin"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"139.162.195.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651280/; classtype:trojan-activity;sid:84514380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651281)"; flow:established,from_client; content:"GET"; http_method; content:"/reverse-ssh-macos-arm64"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"176.57.213.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651281/; classtype:trojan-activity;sid:84514381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651276)"; flow:established,from_client; content:"GET"; http_method; content:"/postgres.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"155.133.23.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651276/; classtype:trojan-activity;sid:84514376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651270)"; flow:established,from_client; content:"GET"; http_method; content:"/copy%20of%20shell.aspx"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"38.162.112.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651270/; classtype:trojan-activity;sid:84514370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651271)"; flow:established,from_client; content:"GET"; http_method; content:"/backdoorbak.sct"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"101.43.22.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651271/; classtype:trojan-activity;sid:84514371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651272)"; flow:established,from_client; content:"GET"; http_method; content:"/mimikatz/mimicom.idl"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"193.112.251.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651272/; classtype:trojan-activity;sid:84514372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651273)"; flow:established,from_client; content:"GET"; http_method; content:"/invoke-portscan.ps1"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"193.112.251.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651273/; classtype:trojan-activity;sid:84514373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651274)"; flow:established,from_client; content:"GET"; http_method; content:"/beacon_x64.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"193.112.251.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651274/; classtype:trojan-activity;sid:84514374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651275)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig-x86_64-static"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"155.133.23.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651275/; classtype:trojan-activity;sid:84514375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651264)"; flow:established,from_client; content:"GET"; http_method; content:"/nanodumpinject.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"18.171.32.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651264/; classtype:trojan-activity;sid:84514364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651265)"; flow:established,from_client; content:"GET"; http_method; content:"/stagers/g7o.py"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"139.162.195.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651265/; classtype:trojan-activity;sid:84514365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651266)"; flow:established,from_client; content:"GET"; http_method; content:"/payloads/g7o.py"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"139.162.195.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651266/; classtype:trojan-activity;sid:84514366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651267)"; flow:established,from_client; content:"GET"; http_method; content:"/stagers/tod.py"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"139.162.195.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651267/; classtype:trojan-activity;sid:84514367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651268)"; flow:established,from_client; content:"GET"; http_method; content:"/persistence.py"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"139.162.195.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651268/; classtype:trojan-activity;sid:84514368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651269)"; flow:established,from_client; content:"GET"; http_method; content:"/keylogger.py"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"139.162.195.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651269/; classtype:trojan-activity;sid:84514369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651254)"; flow:established,from_client; content:"GET"; http_method; content:"/util.py"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"139.162.195.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651254/; classtype:trojan-activity;sid:84514354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651255)"; flow:established,from_client; content:"GET"; http_method; content:"/outlook.py"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"139.162.195.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651255/; classtype:trojan-activity;sid:84514355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651256)"; flow:established,from_client; content:"GET"; http_method; content:"/tokenvator1.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"18.171.32.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651256/; classtype:trojan-activity;sid:84514356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651257)"; flow:established,from_client; content:"GET"; http_method; content:"/syscallbypass.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"18.171.32.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651257/; classtype:trojan-activity;sid:84514357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651258)"; flow:established,from_client; content:"GET"; http_method; content:"/tcp_windows_i386.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"38.162.112.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651258/; classtype:trojan-activity;sid:84514358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651259)"; flow:established,from_client; content:"GET"; http_method; content:"/etw64.dll"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"18.171.32.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651259/; classtype:trojan-activity;sid:84514359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651260)"; flow:established,from_client; content:"GET"; http_method; content:"/screenshot.py"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"139.162.195.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651260/; classtype:trojan-activity;sid:84514360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651261)"; flow:established,from_client; content:"GET"; http_method; content:"/payloads/tod.py"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"139.162.195.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651261/; classtype:trojan-activity;sid:84514361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651262)"; flow:established,from_client; content:"GET"; http_method; content:"/payloads/vam.py"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"139.162.195.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651262/; classtype:trojan-activity;sid:84514362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651263)"; flow:established,from_client; content:"GET"; http_method; content:"/stagers/pgy.py"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"139.162.195.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651263/; classtype:trojan-activity;sid:84514363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651252)"; flow:established,from_client; content:"GET"; http_method; content:"/xlg.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"155.133.23.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651252/; classtype:trojan-activity;sid:84514352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651253)"; flow:established,from_client; content:"GET"; http_method; content:"/udume2427c.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m6.xzb-6-i.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651253/; classtype:trojan-activity;sid:84514353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651249)"; flow:established,from_client; content:"GET"; http_method; content:"/gotoo.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"38.162.112.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651249/; classtype:trojan-activity;sid:84514349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651250)"; flow:established,from_client; content:"GET"; http_method; content:"/tcp_linux_i386"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"38.162.112.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651250/; classtype:trojan-activity;sid:84514350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651251)"; flow:established,from_client; content:"GET"; http_method; content:"/ck.check|3f|t=f9cnod2r"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"gy.jnfe-1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651251/; classtype:trojan-activity;sid:84514351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651248)"; flow:established,from_client; content:"GET"; http_method; content:"/ck.check|3f|t=vimdvb71"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"gy.jnfe-1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651248/; classtype:trojan-activity;sid:84514348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651244)"; flow:established,from_client; content:"GET"; http_method; content:"/shell.ps1"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"38.162.112.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651244/; classtype:trojan-activity;sid:84514344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651245)"; flow:established,from_client; content:"GET"; http_method; content:"/wrndw.aspx"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"38.162.112.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651245/; classtype:trojan-activity;sid:84514345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651246)"; flow:established,from_client; content:"GET"; http_method; content:"/shell.aspx"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"38.162.112.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651246/; classtype:trojan-activity;sid:84514346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651247)"; flow:established,from_client; content:"GET"; http_method; content:"/info.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"38.162.112.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651247/; classtype:trojan-activity;sid:84514347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651243)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.102.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651243/; classtype:trojan-activity;sid:84514343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651242)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.178.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651242/; classtype:trojan-activity;sid:84514342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651241)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"138.255.176.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651241/; classtype:trojan-activity;sid:84514341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651239)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.28.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651239/; classtype:trojan-activity;sid:84514339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651240)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.118.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651240/; classtype:trojan-activity;sid:84514340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651238)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/01/info.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651238/; classtype:trojan-activity;sid:84514338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651237)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/plcomps/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651237/; classtype:trojan-activity;sid:84514337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651236)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/res/2052/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651236/; classtype:trojan-activity;sid:84514336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651235)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210810-020/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651235/; classtype:trojan-activity;sid:84514335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651234)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211201-059/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651234/; classtype:trojan-activity;sid:84514334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651232)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210607-069/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651232/; classtype:trojan-activity;sid:84514332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651233)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/plcomps/res/1033/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651233/; classtype:trojan-activity;sid:84514333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651231)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/remoteblobstore/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651231/; classtype:trojan-activity;sid:84514331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651230)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/sqlservr/100/com/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651230/; classtype:trojan-activity;sid:84514330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651229)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/dotnetfx35/x86/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651229/; classtype:trojan-activity;sid:84514329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651228)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqlresst/info.zip"; http_uri; depth:171; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651228/; classtype:trojan-activity;sid:84514328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651227)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"145.249.186.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651227/; classtype:trojan-activity;sid:84514327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651226)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210804-089/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651226/; classtype:trojan-activity;sid:84514326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651225)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651225/; classtype:trojan-activity;sid:84514325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651224)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220423-022/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651224/; classtype:trojan-activity;sid:84514324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651223)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/1033/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651223/; classtype:trojan-activity;sid:84514323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651222)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/vsshell/common7/ide/zh-chs/info.zip"; http_uri; depth:165; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651222/; classtype:trojan-activity;sid:84514322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651221)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651221/; classtype:trojan-activity;sid:84514321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651220)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210820-072/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651220/; classtype:trojan-activity;sid:84514320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651219)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/tasks/en/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651219/; classtype:trojan-activity;sid:84514319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651218)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/provdesc/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651218/; classtype:trojan-activity;sid:84514318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651217)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651217/; classtype:trojan-activity;sid:84514317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651216)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220528-019/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651216/; classtype:trojan-activity;sid:84514316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651215)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-036/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651215/; classtype:trojan-activity;sid:84514315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651214)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651214/; classtype:trojan-activity;sid:84514314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651213)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqlparam/info.zip"; http_uri; depth:168; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651213/; classtype:trojan-activity;sid:84514313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651212)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/info.zip"; http_uri; depth:159; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651212/; classtype:trojan-activity;sid:84514312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651211)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/07/querypr/info.zip"; http_uri; depth:159; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651211/; classtype:trojan-activity;sid:84514311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651210)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/dotnetfx30/x64/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651210/; classtype:trojan-activity;sid:84514310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651209)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651209/; classtype:trojan-activity;sid:84514309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651208)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651208/; classtype:trojan-activity;sid:84514308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651206)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-019/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651206/; classtype:trojan-activity;sid:84514306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651207)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/plcomps/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651207/; classtype:trojan-activity;sid:84514307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651205)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/cfiles/msshared/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651205/; classtype:trojan-activity;sid:84514305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651204)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/sqlservr/100/shared/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651204/; classtype:trojan-activity;sid:84514304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651203)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651203/; classtype:trojan-activity;sid:84514303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651202)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.59.134.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651202/; classtype:trojan-activity;sid:84514302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651201)"; flow:established,from_client; content:"GET"; http_method; content:"/desktopgoose.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"193.233.113.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651201/; classtype:trojan-activity;sid:84514301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651200)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqltran/info.zip"; http_uri; depth:169; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651200/; classtype:trojan-activity;sid:84514300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651199)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-033/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651199/; classtype:trojan-activity;sid:84514299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651198)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210814-005/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651198/; classtype:trojan-activity;sid:84514298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651196)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-01-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651196/; classtype:trojan-activity;sid:84514296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651197)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651197/; classtype:trojan-activity;sid:84514297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651195)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000566431/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651195/; classtype:trojan-activity;sid:84514295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651194)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000839/2024-06-26/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651194/; classtype:trojan-activity;sid:84514294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651192)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651192/; classtype:trojan-activity;sid:84514292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651193)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651193/; classtype:trojan-activity;sid:84514293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651191)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.139.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651191/; classtype:trojan-activity;sid:84514291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651190)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-018/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651190/; classtype:trojan-activity;sid:84514290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651188)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-04-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651188/; classtype:trojan-activity;sid:84514288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651189)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220824-011/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651189/; classtype:trojan-activity;sid:84514289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651187)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211224-005/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651187/; classtype:trojan-activity;sid:84514287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651186)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-001/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651186/; classtype:trojan-activity;sid:84514286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651185)"; flow:established,from_client; content:"GET"; http_method; content:"/shellcode.bin"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"118.178.187.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651185/; classtype:trojan-activity;sid:84514285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651184)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1042/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651184/; classtype:trojan-activity;sid:84514284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651180)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000633209/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651180/; classtype:trojan-activity;sid:84514280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651181)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/install/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651181/; classtype:trojan-activity;sid:84514281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651182)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651182/; classtype:trojan-activity;sid:84514282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651183)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000225745/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651183/; classtype:trojan-activity;sid:84514283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651177)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"74.12.85.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651177/; classtype:trojan-activity;sid:84514277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651178)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1031/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651178/; classtype:trojan-activity;sid:84514278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651179)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-030/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651179/; classtype:trojan-activity;sid:84514279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651175)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220406-025/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651175/; classtype:trojan-activity;sid:84514275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651176)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/07/info.zip"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651176/; classtype:trojan-activity;sid:84514276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651174)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000223167/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651174/; classtype:trojan-activity;sid:84514274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651173)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/info.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651173/; classtype:trojan-activity;sid:84514273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651172)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/windows/gac_32/zh-chs/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651172/; classtype:trojan-activity;sid:84514272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651171)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651171/; classtype:trojan-activity;sid:84514271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651170)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/images/saomiao/info.zip"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651170/; classtype:trojan-activity;sid:84514270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651168)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000585574/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651168/; classtype:trojan-activity;sid:84514268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651169)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567168/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651169/; classtype:trojan-activity;sid:84514269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651166)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.209.104.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651166/; classtype:trojan-activity;sid:84514266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651167)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171472/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651167/; classtype:trojan-activity;sid:84514267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651165)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170010/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651165/; classtype:trojan-activity;sid:84514265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651164)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-04-11/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651164/; classtype:trojan-activity;sid:84514264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651163)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/cfiles/msshared/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651163/; classtype:trojan-activity;sid:84514263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651161)"; flow:established,from_client; content:"GET"; http_method; content:"/agent.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"39.100.71.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651161/; classtype:trojan-activity;sid:84514261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651162)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/watson/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651162/; classtype:trojan-activity;sid:84514262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651160)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-25/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651160/; classtype:trojan-activity;sid:84514260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651158)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651158/; classtype:trojan-activity;sid:84514258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651159)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-01-09/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651159/; classtype:trojan-activity;sid:84514259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651156)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-09-20/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651156/; classtype:trojan-activity;sid:84514256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651157)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/plcomps/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651157/; classtype:trojan-activity;sid:84514257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651155)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-03-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651155/; classtype:trojan-activity;sid:84514255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651153)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000746890/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651153/; classtype:trojan-activity;sid:84514253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651154)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-05-12/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651154/; classtype:trojan-activity;sid:84514254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651152)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.139.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651152/; classtype:trojan-activity;sid:84514252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651151)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165772/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651151/; classtype:trojan-activity;sid:84514251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651149)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-05-20/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651149/; classtype:trojan-activity;sid:84514249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651150)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-03-17/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651150/; classtype:trojan-activity;sid:84514250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651148)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.112.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651148/; classtype:trojan-activity;sid:84514248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651146)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/plcomps/res/2052/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651146/; classtype:trojan-activity;sid:84514246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651147)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/images/zhijia/info.zip"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651147/; classtype:trojan-activity;sid:84514247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651145)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/src/sass/demo/helpers/info.zip"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651145/; classtype:trojan-activity;sid:84514245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651144)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220618-010/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651144/; classtype:trojan-activity;sid:84514244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651143)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000584370/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651143/; classtype:trojan-activity;sid:84514243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651139)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170922/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651139/; classtype:trojan-activity;sid:84514239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651140)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000587212/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651140/; classtype:trojan-activity;sid:84514240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651141)"; flow:established,from_client; content:"GET"; http_method; content:"/ic.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.233.113.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651141/; classtype:trojan-activity;sid:84514241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651142)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651142/; classtype:trojan-activity;sid:84514242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651137)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651137/; classtype:trojan-activity;sid:84514237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651138)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000222522/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651138/; classtype:trojan-activity;sid:84514238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651135)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000603094/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651135/; classtype:trojan-activity;sid:84514235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651136)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171064/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651136/; classtype:trojan-activity;sid:84514236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651133)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651133/; classtype:trojan-activity;sid:84514233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651134)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000223167/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651134/; classtype:trojan-activity;sid:84514234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651126)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"74.105.18.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651126/; classtype:trojan-activity;sid:84514226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651127)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651127/; classtype:trojan-activity;sid:84514227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651128)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/com/res/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651128/; classtype:trojan-activity;sid:84514228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651129)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220223-034/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651129/; classtype:trojan-activity;sid:84514229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651130)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/3082/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651130/; classtype:trojan-activity;sid:84514230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651131)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211116-023/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651131/; classtype:trojan-activity;sid:84514231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651132)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/msnet/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651132/; classtype:trojan-activity;sid:84514232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651125)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000603095/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651125/; classtype:trojan-activity;sid:84514225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651124)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651124/; classtype:trojan-activity;sid:84514224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651123)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000208170/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651123/; classtype:trojan-activity;sid:84514223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651122)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-04-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651122/; classtype:trojan-activity;sid:84514222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651121)"; flow:established,from_client; content:"GET"; http_method; content:"/updatexs.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"193.233.113.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651121/; classtype:trojan-activity;sid:84514221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651120)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651120/; classtype:trojan-activity;sid:84514220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651117)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000553613/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651117/; classtype:trojan-activity;sid:84514217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651118)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-07-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651118/; classtype:trojan-activity;sid:84514218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651119)"; flow:established,from_client; content:"GET"; http_method; content:"/chr.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.233.113.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651119/; classtype:trojan-activity;sid:84514219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651115)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/sdk/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651115/; classtype:trojan-activity;sid:84514215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651116)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/shared/2052/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651116/; classtype:trojan-activity;sid:84514216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651114)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/info.zip"; http_uri; depth:162; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651114/; classtype:trojan-activity;sid:84514214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651113)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetfx30/x64/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651113/; classtype:trojan-activity;sid:84514213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651111)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210730-004/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651111/; classtype:trojan-activity;sid:84514211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651112)"; flow:established,from_client; content:"GET"; http_method; content:"/output.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"193.233.113.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651112/; classtype:trojan-activity;sid:84514212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651110)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"114.33.7.47"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651110/; classtype:trojan-activity;sid:84514210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651109)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651109/; classtype:trojan-activity;sid:84514209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651108)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/zh-chs/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651108/; classtype:trojan-activity;sid:84514208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651107)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/90/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651107/; classtype:trojan-activity;sid:84514207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651106)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-03-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651106/; classtype:trojan-activity;sid:84514206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651105)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/src/images/info.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651105/; classtype:trojan-activity;sid:84514205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651104)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/connect/zh-chs/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651104/; classtype:trojan-activity;sid:84514204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651102)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/sdk/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651102/; classtype:trojan-activity;sid:84514202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651103)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/windows/gac/info.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651103/; classtype:trojan-activity;sid:84514203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651101)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"69.28.85.199"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651101/; classtype:trojan-activity;sid:84514201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651100)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000677/2021-10-07/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651100/; classtype:trojan-activity;sid:84514200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651099)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-12-11/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651099/; classtype:trojan-activity;sid:84514199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651097)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.56.227.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651097/; classtype:trojan-activity;sid:84514197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651098)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651098/; classtype:trojan-activity;sid:84514198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651095)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171016/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651095/; classtype:trojan-activity;sid:84514195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651096)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651096/; classtype:trojan-activity;sid:84514196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651094)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-03-17/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651094/; classtype:trojan-activity;sid:84514194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651093)"; flow:established,from_client; content:"GET"; http_method; content:"/%d0%9c%d1%83%d1%85%d0%b8.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"193.233.113.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651093/; classtype:trojan-activity;sid:84514193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651092)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-07-06/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651092/; classtype:trojan-activity;sid:84514192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651090)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000253230/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651090/; classtype:trojan-activity;sid:84514190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651091)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000562134/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651091/; classtype:trojan-activity;sid:84514191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651089)"; flow:established,from_client; content:"GET"; http_method; content:"/updater.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"193.233.113.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651089/; classtype:trojan-activity;sid:84514189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651085)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-05-16/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651085/; classtype:trojan-activity;sid:84514185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651086)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651086/; classtype:trojan-activity;sid:84514186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651087)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000677/2020-02-08/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651087/; classtype:trojan-activity;sid:84514187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651088)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171252/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651088/; classtype:trojan-activity;sid:84514188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651083)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"152.0.25.96"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651083/; classtype:trojan-activity;sid:84514183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651084)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"132.247.103.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651084/; classtype:trojan-activity;sid:84514184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651080)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000552326/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651080/; classtype:trojan-activity;sid:84514180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651081)"; flow:established,from_client; content:"GET"; http_method; content:"/metasploit-framework/bin/msfvenom"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"34.168.160.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651081/; classtype:trojan-activity;sid:84514181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651082)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"70.39.111.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651082/; classtype:trojan-activity;sid:84514182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651078)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000189793/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651078/; classtype:trojan-activity;sid:84514178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651079)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-07-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651079/; classtype:trojan-activity;sid:84514179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651076)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"77.172.14.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651076/; classtype:trojan-activity;sid:84514176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651077)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-04-30/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651077/; classtype:trojan-activity;sid:84514177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651072)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.207.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651072/; classtype:trojan-activity;sid:84514172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651073)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.219.31.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651073/; classtype:trojan-activity;sid:84514173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651074)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000556239/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651074/; classtype:trojan-activity;sid:84514174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651075)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.36.80.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651075/; classtype:trojan-activity;sid:84514175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651069)"; flow:established,from_client; content:"GET"; http_method; content:"/redlocker.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"193.233.113.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651069/; classtype:trojan-activity;sid:84514169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651070)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000230418/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651070/; classtype:trojan-activity;sid:84514170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651071)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604320/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651071/; classtype:trojan-activity;sid:84514171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651068)"; flow:established,from_client; content:"GET"; http_method; content:"/check.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.233.113.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651068/; classtype:trojan-activity;sid:84514168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651066)"; flow:established,from_client; content:"GET"; http_method; content:"/system.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"193.233.113.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651066/; classtype:trojan-activity;sid:84514166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651067)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-03-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651067/; classtype:trojan-activity;sid:84514167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651063)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"193.233.113.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651063/; classtype:trojan-activity;sid:84514163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651064)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"154.29.148.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651064/; classtype:trojan-activity;sid:84514164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651065)"; flow:established,from_client; content:"GET"; http_method; content:"/updatex.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"193.233.113.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651065/; classtype:trojan-activity;sid:84514165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651060)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2024-03-15/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651060/; classtype:trojan-activity;sid:84514160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651061)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000758/2024-05-31/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651061/; classtype:trojan-activity;sid:84514161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651062)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000609592/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651062/; classtype:trojan-activity;sid:84514162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651057)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2019-06-08/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651057/; classtype:trojan-activity;sid:84514157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651058)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000621599/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651058/; classtype:trojan-activity;sid:84514158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651059)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567168/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651059/; classtype:trojan-activity;sid:84514159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651056)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651056/; classtype:trojan-activity;sid:84514156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651055)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210909-018/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651055/; classtype:trojan-activity;sid:84514155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651054)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210814-026/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651054/; classtype:trojan-activity;sid:84514154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651052)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000606634/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651052/; classtype:trojan-activity;sid:84514152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651053)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/upgrade/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651053/; classtype:trojan-activity;sid:84514153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651051)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220427-035/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651051/; classtype:trojan-activity;sid:84514151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651050)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"79.17.213.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651050/; classtype:trojan-activity;sid:84514150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651049)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"124.218.221.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651049/; classtype:trojan-activity;sid:84514149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651048)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/info.zip"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651048/; classtype:trojan-activity;sid:84514148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651047)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651047/; classtype:trojan-activity;sid:84514147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651046)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/shared/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651046/; classtype:trojan-activity;sid:84514146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651045)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/windows/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651045/; classtype:trojan-activity;sid:84514145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651044)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-01-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651044/; classtype:trojan-activity;sid:84514144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651043)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651043/; classtype:trojan-activity;sid:84514143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651042)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000224648/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651042/; classtype:trojan-activity;sid:84514142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651040)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-11-17/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651040/; classtype:trojan-activity;sid:84514140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651041)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000232289/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651041/; classtype:trojan-activity;sid:84514141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651038)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/help/2052/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651038/; classtype:trojan-activity;sid:84514138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651039)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-003/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651039/; classtype:trojan-activity;sid:84514139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651037)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2021-01-13/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651037/; classtype:trojan-activity;sid:84514137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651036)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/vs2008/2052/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651036/; classtype:trojan-activity;sid:84514136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651035)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651035/; classtype:trojan-activity;sid:84514135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651034)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-029/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651034/; classtype:trojan-activity;sid:84514134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651033)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-12-01/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651033/; classtype:trojan-activity;sid:84514133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651032)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/msnet/adomd.net/100/zh-chs/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651032/; classtype:trojan-activity;sid:84514132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651031)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-11-16/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651031/; classtype:trojan-activity;sid:84514131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651030)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-024/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651030/; classtype:trojan-activity;sid:84514130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651029)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651029/; classtype:trojan-activity;sid:84514129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651028)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-12-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651028/; classtype:trojan-activity;sid:84514128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651027)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/zh-chs/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651027/; classtype:trojan-activity;sid:84514127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651026)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000187451/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651026/; classtype:trojan-activity;sid:84514126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651025)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-020/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651025/; classtype:trojan-activity;sid:84514125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651024)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/ide/priassem/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651024/; classtype:trojan-activity;sid:84514124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651023)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651023/; classtype:trojan-activity;sid:84514123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651022)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-11-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651022/; classtype:trojan-activity;sid:84514122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651021)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/images/zhijia-kancha/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651021/; classtype:trojan-activity;sid:84514121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651020)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651020/; classtype:trojan-activity;sid:84514120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651019)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210813-060/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651019/; classtype:trojan-activity;sid:84514119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651018)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"114.32.217.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651018/; classtype:trojan-activity;sid:84514118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651017)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/en/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651017/; classtype:trojan-activity;sid:84514117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651016)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000186186/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651016/; classtype:trojan-activity;sid:84514116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651012)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164262/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651012/; classtype:trojan-activity;sid:84514112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651013)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651013/; classtype:trojan-activity;sid:84514113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651014)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220421-042/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651014/; classtype:trojan-activity;sid:84514114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651015)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169167/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651015/; classtype:trojan-activity;sid:84514115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651010)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/df/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651010/; classtype:trojan-activity;sid:84514110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651011)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000683762/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651011/; classtype:trojan-activity;sid:84514111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651009)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetmsp/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651009/; classtype:trojan-activity;sid:84514109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651008)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-06-04/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651008/; classtype:trojan-activity;sid:84514108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651005)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000629918/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651005/; classtype:trojan-activity;sid:84514105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651006)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168339/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651006/; classtype:trojan-activity;sid:84514106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651007)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/zh-chs/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651007/; classtype:trojan-activity;sid:84514107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651004)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651004/; classtype:trojan-activity;sid:84514104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651001)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pa/normal/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651001/; classtype:trojan-activity;sid:84514101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651002)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000546233/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651002/; classtype:trojan-activity;sid:84514102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651003)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/sqlservr/100/keyfile/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651003/; classtype:trojan-activity;sid:84514103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651000)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-050/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651000/; classtype:trojan-activity;sid:84514100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650999)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-04-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650999/; classtype:trojan-activity;sid:84514099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650998)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168881/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650998/; classtype:trojan-activity;sid:84514098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650996)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/sqlservr/100/dts/binn/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650996/; classtype:trojan-activity;sid:84514096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650997)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210901-059/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650997/; classtype:trojan-activity;sid:84514097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650995)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000602407/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650995/; classtype:trojan-activity;sid:84514095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650993)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000626337/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650993/; classtype:trojan-activity;sid:84514093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650994)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"193.248.186.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650994/; classtype:trojan-activity;sid:84514094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650991)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-12-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650991/; classtype:trojan-activity;sid:84514091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650992)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000606633/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650992/; classtype:trojan-activity;sid:84514092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650989)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/sqlservr/100/dts/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650989/; classtype:trojan-activity;sid:84514089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650990)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/msvs9/common7/ide/priassem/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650990/; classtype:trojan-activity;sid:84514090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650988)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000564863/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650988/; classtype:trojan-activity;sid:84514088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650987)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/dotnetmsp/x64/info.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650987/; classtype:trojan-activity;sid:84514087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650986)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000565438/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650986/; classtype:trojan-activity;sid:84514086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650985)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqlrowct/info.zip"; http_uri; depth:170; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650985/; classtype:trojan-activity;sid:84514085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650984)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/sdk/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650984/; classtype:trojan-activity;sid:84514084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650983)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/80/tools/binn/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650983/; classtype:trojan-activity;sid:84514083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650981)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/info.zip"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650981/; classtype:trojan-activity;sid:84514081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650982)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220804-012/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650982/; classtype:trojan-activity;sid:84514082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650980)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-030/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650980/; classtype:trojan-activity;sid:84514080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650979)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000566420/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650979/; classtype:trojan-activity;sid:84514079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650978)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-06-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650978/; classtype:trojan-activity;sid:84514078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650977)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650977/; classtype:trojan-activity;sid:84514077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650976)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-12-27/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650976/; classtype:trojan-activity;sid:84514076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650975)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqlparam/info.zip"; http_uri; depth:171; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650975/; classtype:trojan-activity;sid:84514075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650974)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/ia64/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650974/; classtype:trojan-activity;sid:84514074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650973)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000721/2019-12-15/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650973/; classtype:trojan-activity;sid:84514073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650972)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650972/; classtype:trojan-activity;sid:84514072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650971)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/sqlservr/100/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650971/; classtype:trojan-activity;sid:84514071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650970)"; flow:established,from_client; content:"GET"; http_method; content:"/aspnet_client/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"96.11.145.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650970/; classtype:trojan-activity;sid:84514070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650969)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-09-11/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650969/; classtype:trojan-activity;sid:84514069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650968)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000619269/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650968/; classtype:trojan-activity;sid:84514068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650967)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650967/; classtype:trojan-activity;sid:84514067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650966)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_msi/pfiles/info.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650966/; classtype:trojan-activity;sid:84514066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650965)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"98.15.210.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650965/; classtype:trojan-activity;sid:84514065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650964)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000677/2023-12-18/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650964/; classtype:trojan-activity;sid:84514064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650963)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169465/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650963/; classtype:trojan-activity;sid:84514063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650961)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-01-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650961/; classtype:trojan-activity;sid:84514061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650962)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211228-022/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650962/; classtype:trojan-activity;sid:84514062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650960)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"106.122.175.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650960/; classtype:trojan-activity;sid:84514060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650959)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160983/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650959/; classtype:trojan-activity;sid:84514059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650958)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000179610/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650958/; classtype:trojan-activity;sid:84514058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650957)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-01-07/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650957/; classtype:trojan-activity;sid:84514057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650956)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/dotnetmsp/x86/info.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650956/; classtype:trojan-activity;sid:84514056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650955)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165004/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650955/; classtype:trojan-activity;sid:84514055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650954)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210807-023/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650954/; classtype:trojan-activity;sid:84514054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650951)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210814-026/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650951/; classtype:trojan-activity;sid:84514051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650952)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000629919/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650952/; classtype:trojan-activity;sid:84514052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650953)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165794/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650953/; classtype:trojan-activity;sid:84514053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650950)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/windows/gac_32/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650950/; classtype:trojan-activity;sid:84514050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650948)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650948/; classtype:trojan-activity;sid:84514048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650949)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-04-12/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650949/; classtype:trojan-activity;sid:84514049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650947)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/connect/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650947/; classtype:trojan-activity;sid:84514047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650945)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-12-11/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650945/; classtype:trojan-activity;sid:84514045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650946)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650946/; classtype:trojan-activity;sid:84514046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650944)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/zh-chs/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650944/; classtype:trojan-activity;sid:84514044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650943)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000600294/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650943/; classtype:trojan-activity;sid:84514043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650942)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650942/; classtype:trojan-activity;sid:84514042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650941)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650941/; classtype:trojan-activity;sid:84514041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650940)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000589083/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650940/; classtype:trojan-activity;sid:84514040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650939)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169469/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650939/; classtype:trojan-activity;sid:84514039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650938)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"172.251.160.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650938/; classtype:trojan-activity;sid:84514038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650937)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/vs2008/1033/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650937/; classtype:trojan-activity;sid:84514037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650936)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/sqlservr/100/tools/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650936/; classtype:trojan-activity;sid:84514036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650935)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000553198/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650935/; classtype:trojan-activity;sid:84514035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650933)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000624763/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650933/; classtype:trojan-activity;sid:84514033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650934)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167445/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650934/; classtype:trojan-activity;sid:84514034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650932)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650932/; classtype:trojan-activity;sid:84514032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650930)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/bulkload/format/info.zip"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650930/; classtype:trojan-activity;sid:84514030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650931)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-002/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650931/; classtype:trojan-activity;sid:84514031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650929)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000253230/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650929/; classtype:trojan-activity;sid:84514029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650928)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000608221/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650928/; classtype:trojan-activity;sid:84514028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650927)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.169.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650927/; classtype:trojan-activity;sid:84514027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650926)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-002/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650926/; classtype:trojan-activity;sid:84514026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650925)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/res/1033/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650925/; classtype:trojan-activity;sid:84514025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650924)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168559/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650924/; classtype:trojan-activity;sid:84514024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650922)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650922/; classtype:trojan-activity;sid:84514022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650923)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.83.8.142"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650923/; classtype:trojan-activity;sid:84514023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650921)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000600544/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650921/; classtype:trojan-activity;sid:84514021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650919)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650919/; classtype:trojan-activity;sid:84514019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650920)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000237372/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650920/; classtype:trojan-activity;sid:84514020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650918)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000677/2020-04-15/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650918/; classtype:trojan-activity;sid:84514018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650916)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-009/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650916/; classtype:trojan-activity;sid:84514016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650917)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1042/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650917/; classtype:trojan-activity;sid:84514017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650915)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000767154/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650915/; classtype:trojan-activity;sid:84514015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650914)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"90.194.127.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650914/; classtype:trojan-activity;sid:84514014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650912)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169966/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650912/; classtype:trojan-activity;sid:84514012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650913)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650913/; classtype:trojan-activity;sid:84514013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650909)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-03-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650909/; classtype:trojan-activity;sid:84514009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650910)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-024/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650910/; classtype:trojan-activity;sid:84514010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650911)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000625549/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650911/; classtype:trojan-activity;sid:84514011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650907)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.53.49.93"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650907/; classtype:trojan-activity;sid:84514007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650908)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.229.164.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650908/; classtype:trojan-activity;sid:84514008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650906)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/windows/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650906/; classtype:trojan-activity;sid:84514006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650905)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000549109/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650905/; classtype:trojan-activity;sid:84514005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650901)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000585436/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650901/; classtype:trojan-activity;sid:84514001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650902)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000625892/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650902/; classtype:trojan-activity;sid:84514002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650903)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-08-11/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650903/; classtype:trojan-activity;sid:84514003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650904)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-05-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650904/; classtype:trojan-activity;sid:84514004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650899)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000551813/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650899/; classtype:trojan-activity;sid:84513999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650900)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/app_error/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650900/; classtype:trojan-activity;sid:84514000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650897)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-11-14/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650897/; classtype:trojan-activity;sid:84513997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650898)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-006/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650898/; classtype:trojan-activity;sid:84513998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650896)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/2052/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650896/; classtype:trojan-activity;sid:84513996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650895)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000631756/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650895/; classtype:trojan-activity;sid:84513995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650894)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000625429/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650894/; classtype:trojan-activity;sid:84513994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650893)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/01/info.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650893/; classtype:trojan-activity;sid:84513993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650892)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqlresst/info.zip"; http_uri; depth:168; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650892/; classtype:trojan-activity;sid:84513992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650891)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"81.38.217.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650891/; classtype:trojan-activity;sid:84513991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650890)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000186186/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650890/; classtype:trojan-activity;sid:84513990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650889)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650889/; classtype:trojan-activity;sid:84513989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650888)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/src/js/info.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650888/; classtype:trojan-activity;sid:84513988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650887)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160599/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650887/; classtype:trojan-activity;sid:84513987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650884)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166747/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650884/; classtype:trojan-activity;sid:84513984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650885)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/res/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650885/; classtype:trojan-activity;sid:84513985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650886)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171986/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650886/; classtype:trojan-activity;sid:84513986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650883)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000465109/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650883/; classtype:trojan-activity;sid:84513983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650880)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000555504/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650880/; classtype:trojan-activity;sid:84513980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650881)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000765366/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650881/; classtype:trojan-activity;sid:84513981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650882)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-010/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650882/; classtype:trojan-activity;sid:84513982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650878)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/df/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650878/; classtype:trojan-activity;sid:84513978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650879)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000546513/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650879/; classtype:trojan-activity;sid:84513979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650875)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604673/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650875/; classtype:trojan-activity;sid:84513975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650876)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/1/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650876/; classtype:trojan-activity;sid:84513976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650877)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000625326/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650877/; classtype:trojan-activity;sid:84513977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650874)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/dotnetfx35/ia64/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650874/; classtype:trojan-activity;sid:84513974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650873)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650873/; classtype:trojan-activity;sid:84513973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650871)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210804-020/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650871/; classtype:trojan-activity;sid:84513971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650872)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650872/; classtype:trojan-activity;sid:84513972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650870)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604319/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650870/; classtype:trojan-activity;sid:84513970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650869)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-07-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650869/; classtype:trojan-activity;sid:84513969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650868)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171330/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650868/; classtype:trojan-activity;sid:84513968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650867)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-05-13/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650867/; classtype:trojan-activity;sid:84513967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650866)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/windows%20installer/ia64/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650866/; classtype:trojan-activity;sid:84513966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650864)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220114-001/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650864/; classtype:trojan-activity;sid:84513964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650865)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650865/; classtype:trojan-activity;sid:84513965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650863)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-11-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650863/; classtype:trojan-activity;sid:84513963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650862)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-23/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650862/; classtype:trojan-activity;sid:84513962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650861)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"122.170.103.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650861/; classtype:trojan-activity;sid:84513961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650860)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210909-018/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650860/; classtype:trojan-activity;sid:84513960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650859)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-11-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650859/; classtype:trojan-activity;sid:84513959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650858)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000626337/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650858/; classtype:trojan-activity;sid:84513958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650857)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"1.64.40.207"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650857/; classtype:trojan-activity;sid:84513957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650856)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000621738/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650856/; classtype:trojan-activity;sid:84513956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650855)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165010/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650855/; classtype:trojan-activity;sid:84513955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650854)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-31/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650854/; classtype:trojan-activity;sid:84513954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650853)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/07/dta/info.zip"; http_uri; depth:157; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650853/; classtype:trojan-activity;sid:84513953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650851)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.203.254.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650851/; classtype:trojan-activity;sid:84513951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650852)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650852/; classtype:trojan-activity;sid:84513952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650847)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000677/2024-11-21/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650847/; classtype:trojan-activity;sid:84513947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650848)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000601171/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650848/; classtype:trojan-activity;sid:84513948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650849)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/powershell/x64/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650849/; classtype:trojan-activity;sid:84513949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650850)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168303/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650850/; classtype:trojan-activity;sid:84513950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650846)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"68.148.10.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650846/; classtype:trojan-activity;sid:84513946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650845)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000585614/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650845/; classtype:trojan-activity;sid:84513945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650843)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/07/dta/info.zip"; http_uri; depth:155; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650843/; classtype:trojan-activity;sid:84513943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650844)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/sdk/assembly/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650844/; classtype:trojan-activity;sid:84513944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650841)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650841/; classtype:trojan-activity;sid:84513941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650842)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-007/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650842/; classtype:trojan-activity;sid:84513942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650840)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-09-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650840/; classtype:trojan-activity;sid:84513940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650839)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000546512/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650839/; classtype:trojan-activity;sid:84513939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650838)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"73.32.57.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650838/; classtype:trojan-activity;sid:84513938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650836)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-03-24/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650836/; classtype:trojan-activity;sid:84513936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650837)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"47.216.198.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650837/; classtype:trojan-activity;sid:84513937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650834)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000391039/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650834/; classtype:trojan-activity;sid:84513934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650835)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-061/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650835/; classtype:trojan-activity;sid:84513935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650833)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-06-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650833/; classtype:trojan-activity;sid:84513933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650832)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/info.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650832/; classtype:trojan-activity;sid:84513932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650830)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210804-019/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650830/; classtype:trojan-activity;sid:84513930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650831)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-11-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650831/; classtype:trojan-activity;sid:84513931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650829)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/sdk/assembly/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650829/; classtype:trojan-activity;sid:84513929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650827)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/powershell/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650827/; classtype:trojan-activity;sid:84513927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650828)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-04-01/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650828/; classtype:trojan-activity;sid:84513928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650825)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220916-031/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650825/; classtype:trojan-activity;sid:84513925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650826)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/binn/dlltmp32/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650826/; classtype:trojan-activity;sid:84513926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650824)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-08-05/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650824/; classtype:trojan-activity;sid:84513924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650823)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-31/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650823/; classtype:trojan-activity;sid:84513923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650821)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-04-15/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650821/; classtype:trojan-activity;sid:84513921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650822)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-018/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650822/; classtype:trojan-activity;sid:84513922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650820)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000391039/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650820/; classtype:trojan-activity;sid:84513920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650819)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650819/; classtype:trojan-activity;sid:84513919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650817)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"82.67.39.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650817/; classtype:trojan-activity;sid:84513917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650818)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000574637/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650818/; classtype:trojan-activity;sid:84513918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650814)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/msnet/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650814/; classtype:trojan-activity;sid:84513914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650815)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/info.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650815/; classtype:trojan-activity;sid:84513915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650816)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/info.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650816/; classtype:trojan-activity;sid:84513916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650812)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/80/tools/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650812/; classtype:trojan-activity;sid:84513912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650813)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-024/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650813/; classtype:trojan-activity;sid:84513913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650811)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"189.61.50.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650811/; classtype:trojan-activity;sid:84513911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650810)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"64.234.95.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650810/; classtype:trojan-activity;sid:84513910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650808)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-10-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650808/; classtype:trojan-activity;sid:84513908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650809)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/connect/en/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650809/; classtype:trojan-activity;sid:84513909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650805)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650805/; classtype:trojan-activity;sid:84513905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650806)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/df/normal/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650806/; classtype:trojan-activity;sid:84513906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650807)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220428-040/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650807/; classtype:trojan-activity;sid:84513907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650804)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211021-034/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650804/; classtype:trojan-activity;sid:84513904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650798)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567145/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650798/; classtype:trojan-activity;sid:84513898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650799)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000595439/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650799/; classtype:trojan-activity;sid:84513899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650800)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/upgrade%20advisor/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650800/; classtype:trojan-activity;sid:84513900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650801)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-05-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650801/; classtype:trojan-activity;sid:84513901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650802)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-057/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650802/; classtype:trojan-activity;sid:84513902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650803)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"83.87.76.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650803/; classtype:trojan-activity;sid:84513903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650795)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"117.24.155.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650795/; classtype:trojan-activity;sid:84513895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650796)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211224-005/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650796/; classtype:trojan-activity;sid:84513896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650797)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650797/; classtype:trojan-activity;sid:84513897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650793)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650793/; classtype:trojan-activity;sid:84513893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650794)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/keyfile/2052/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650794/; classtype:trojan-activity;sid:84513894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650790)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000625325/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650790/; classtype:trojan-activity;sid:84513890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650791)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000601712/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650791/; classtype:trojan-activity;sid:84513891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650792)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/help/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650792/; classtype:trojan-activity;sid:84513892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650788)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000839/2023-07-06/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650788/; classtype:trojan-activity;sid:84513888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650789)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211030-056/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650789/; classtype:trojan-activity;sid:84513889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650787)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-019/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650787/; classtype:trojan-activity;sid:84513887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650786)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"80.11.228.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650786/; classtype:trojan-activity;sid:84513886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650785)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.67.9.93"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650785/; classtype:trojan-activity;sid:84513885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650783)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-04-01/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650783/; classtype:trojan-activity;sid:84513883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650784)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.67.9.93"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650784/; classtype:trojan-activity;sid:84513884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650782)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-22/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650782/; classtype:trojan-activity;sid:84513882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650781)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-06-25/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650781/; classtype:trojan-activity;sid:84513881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650780)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"27.152.73.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650780/; classtype:trojan-activity;sid:84513880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650777)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-018/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650777/; classtype:trojan-activity;sid:84513877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650778)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/windows/system32/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650778/; classtype:trojan-activity;sid:84513878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650779)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164804/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650779/; classtype:trojan-activity;sid:84513879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650776)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/sqlservr/100/dts/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650776/; classtype:trojan-activity;sid:84513876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650774)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220211-036/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650774/; classtype:trojan-activity;sid:84513874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650775)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/windows%20installer/x64/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650775/; classtype:trojan-activity;sid:84513875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650773)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650773/; classtype:trojan-activity;sid:84513873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650772)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetfx35/x86/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650772/; classtype:trojan-activity;sid:84513872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650770)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000591478/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650770/; classtype:trojan-activity;sid:84513870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650771)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-026/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650771/; classtype:trojan-activity;sid:84513871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650769)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/07/querypr/info.zip"; http_uri; depth:161; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650769/; classtype:trojan-activity;sid:84513869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650767)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/shared/zh-chs/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650767/; classtype:trojan-activity;sid:84513867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650768)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165246/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650768/; classtype:trojan-activity;sid:84513868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650765)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1046/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650765/; classtype:trojan-activity;sid:84513865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650766)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000765366/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650766/; classtype:trojan-activity;sid:84513866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650764)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000546234/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650764/; classtype:trojan-activity;sid:84513864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650762)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2022-10-13/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650762/; classtype:trojan-activity;sid:84513862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650763)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/windows/gac/zh-chs/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650763/; classtype:trojan-activity;sid:84513863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650761)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000562903/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650761/; classtype:trojan-activity;sid:84513861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650760)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/info.zip"; http_uri; depth:156; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650760/; classtype:trojan-activity;sid:84513860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650758)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-07-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650758/; classtype:trojan-activity;sid:84513858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650759)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000591547/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650759/; classtype:trojan-activity;sid:84513859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650756)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/watson/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650756/; classtype:trojan-activity;sid:84513856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650757)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000619269/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650757/; classtype:trojan-activity;sid:84513857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650753)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/dotnetmsp/ia64/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650753/; classtype:trojan-activity;sid:84513853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650754)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/windows%20installer/x64/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650754/; classtype:trojan-activity;sid:84513854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650755)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650755/; classtype:trojan-activity;sid:84513855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650751)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-01-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650751/; classtype:trojan-activity;sid:84513851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650752)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650752/; classtype:trojan-activity;sid:84513852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650750)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/sdk/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650750/; classtype:trojan-activity;sid:84513850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650749)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650749/; classtype:trojan-activity;sid:84513849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650747)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210810-022/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650747/; classtype:trojan-activity;sid:84513847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650748)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000631756/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650748/; classtype:trojan-activity;sid:84513848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650745)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"90.146.57.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650745/; classtype:trojan-activity;sid:84513845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650746)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-04-15/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650746/; classtype:trojan-activity;sid:84513846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650744)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167557/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650744/; classtype:trojan-activity;sid:84513844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650743)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650743/; classtype:trojan-activity;sid:84513843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650741)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-12-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650741/; classtype:trojan-activity;sid:84513841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650742)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-10-20/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650742/; classtype:trojan-activity;sid:84513842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650740)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/info.zip"; http_uri; depth:148; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650740/; classtype:trojan-activity;sid:84513840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650737)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/keyfile/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650737/; classtype:trojan-activity;sid:84513837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650738)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/sqlservr/100/com/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650738/; classtype:trojan-activity;sid:84513838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650739)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2023-07-17/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650739/; classtype:trojan-activity;sid:84513839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650735)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000232287/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650735/; classtype:trojan-activity;sid:84513835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650736)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650736/; classtype:trojan-activity;sid:84513836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650733)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/sdk/assembly/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650733/; classtype:trojan-activity;sid:84513833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650734)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/zh-chs/info.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650734/; classtype:trojan-activity;sid:84513834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650731)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650731/; classtype:trojan-activity;sid:84513831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650732)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000556238/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650732/; classtype:trojan-activity;sid:84513832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650730)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-05-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650730/; classtype:trojan-activity;sid:84513830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650727)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/zh-chs/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650727/; classtype:trojan-activity;sid:84513827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650728)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/x86/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650728/; classtype:trojan-activity;sid:84513828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650729)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000607873/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650729/; classtype:trojan-activity;sid:84513829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650724)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/src/js/info.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650724/; classtype:trojan-activity;sid:84513824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650725)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000583934/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650725/; classtype:trojan-activity;sid:84513825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650726)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166887/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650726/; classtype:trojan-activity;sid:84513826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650723)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210804-082/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650723/; classtype:trojan-activity;sid:84513823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650722)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-022/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650722/; classtype:trojan-activity;sid:84513822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650721)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000553612/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650721/; classtype:trojan-activity;sid:84513821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650720)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000162883/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650720/; classtype:trojan-activity;sid:84513820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650719)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000680913/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650719/; classtype:trojan-activity;sid:84513819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650718)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000625326/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650718/; classtype:trojan-activity;sid:84513818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650713)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220224-016/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650713/; classtype:trojan-activity;sid:84513813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650714)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-05-09/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650714/; classtype:trojan-activity;sid:84513814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650715)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-055/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650715/; classtype:trojan-activity;sid:84513815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650716)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000680914/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650716/; classtype:trojan-activity;sid:84513816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650717)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604662/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650717/; classtype:trojan-activity;sid:84513817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650712)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167443/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650712/; classtype:trojan-activity;sid:84513812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650710)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/tasks/en/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650710/; classtype:trojan-activity;sid:84513810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650711)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"67.177.204.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650711/; classtype:trojan-activity;sid:84513811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650709)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650709/; classtype:trojan-activity;sid:84513809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650708)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-03-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650708/; classtype:trojan-activity;sid:84513808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650704)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-06-10/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650704/; classtype:trojan-activity;sid:84513804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650705)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650705/; classtype:trojan-activity;sid:84513805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650706)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650706/; classtype:trojan-activity;sid:84513806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650707)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/res/2052/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650707/; classtype:trojan-activity;sid:84513807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650703)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000566429/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650703/; classtype:trojan-activity;sid:84513803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650701)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2021-01-14/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650701/; classtype:trojan-activity;sid:84513801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650702)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/connect/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650702/; classtype:trojan-activity;sid:84513802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650700)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210817-043/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650700/; classtype:trojan-activity;sid:84513800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650698)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"77.211.28.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650698/; classtype:trojan-activity;sid:84513798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650699)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/image/userimage/info.zip"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650699/; classtype:trojan-activity;sid:84513799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650697)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/sqlservr/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650697/; classtype:trojan-activity;sid:84513797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650696)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/zh-chs/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650696/; classtype:trojan-activity;sid:84513796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650695)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000595439/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650695/; classtype:trojan-activity;sid:84513795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650694)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210809-022/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650694/; classtype:trojan-activity;sid:84513794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650693)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166105/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650693/; classtype:trojan-activity;sid:84513793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650692)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/sqlservr/100/dts/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650692/; classtype:trojan-activity;sid:84513792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650691)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210730-004/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650691/; classtype:trojan-activity;sid:84513791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650690)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171466/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650690/; classtype:trojan-activity;sid:84513790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650688)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-047/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650688/; classtype:trojan-activity;sid:84513788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650689)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164836/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650689/; classtype:trojan-activity;sid:84513789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650686)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000758/2021-10-24/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650686/; classtype:trojan-activity;sid:84513786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650687)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.35.55.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650687/; classtype:trojan-activity;sid:84513787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650685)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqltran/info.zip"; http_uri; depth:170; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650685/; classtype:trojan-activity;sid:84513785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650683)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165072/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650683/; classtype:trojan-activity;sid:84513783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650684)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220211-036/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650684/; classtype:trojan-activity;sid:84513784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650682)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"47.216.198.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650682/; classtype:trojan-activity;sid:84513782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650680)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000555504/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650680/; classtype:trojan-activity;sid:84513780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650681)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-12-27/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650681/; classtype:trojan-activity;sid:84513781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650678)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000457040/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650678/; classtype:trojan-activity;sid:84513778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650679)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.8.164.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650679/; classtype:trojan-activity;sid:84513779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650676)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000218874/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650676/; classtype:trojan-activity;sid:84513776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650677)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000585561/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650677/; classtype:trojan-activity;sid:84513777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650673)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/res/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650673/; classtype:trojan-activity;sid:84513773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650674)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650674/; classtype:trojan-activity;sid:84513774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650675)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/shared/zh-chs/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650675/; classtype:trojan-activity;sid:84513775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650672)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650672/; classtype:trojan-activity;sid:84513772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650671)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650671/; classtype:trojan-activity;sid:84513771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650670)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/cfiles/msshared/sqldbg/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650670/; classtype:trojan-activity;sid:84513770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650669)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567163/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650669/; classtype:trojan-activity;sid:84513769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650667)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171556/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650667/; classtype:trojan-activity;sid:84513767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650668)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567166/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650668/; classtype:trojan-activity;sid:84513768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650664)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000224647/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650664/; classtype:trojan-activity;sid:84513764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650665)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165656/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650665/; classtype:trojan-activity;sid:84513765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650666)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000566395/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650666/; classtype:trojan-activity;sid:84513766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650662)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/2052/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650662/; classtype:trojan-activity;sid:84513762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650663)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220729-016/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650663/; classtype:trojan-activity;sid:84513763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650661)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000677/2024-05-22/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650661/; classtype:trojan-activity;sid:84513761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650660)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000677/2020-03-22/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650660/; classtype:trojan-activity;sid:84513760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650658)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000683762/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650658/; classtype:trojan-activity;sid:84513758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650659)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650659/; classtype:trojan-activity;sid:84513759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650657)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/res/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650657/; classtype:trojan-activity;sid:84513757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650655)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000603149/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650655/; classtype:trojan-activity;sid:84513755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650656)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604318/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650656/; classtype:trojan-activity;sid:84513756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650654)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/xiangdan/210721-020/images/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650654/; classtype:trojan-activity;sid:84513754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650653)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-10-19/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650653/; classtype:trojan-activity;sid:84513753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650650)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-03-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650650/; classtype:trojan-activity;sid:84513750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650651)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000595438/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650651/; classtype:trojan-activity;sid:84513751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650652)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-12-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650652/; classtype:trojan-activity;sid:84513752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650648)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.82.62.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650648/; classtype:trojan-activity;sid:84513748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650649)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171224/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650649/; classtype:trojan-activity;sid:84513749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650647)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650647/; classtype:trojan-activity;sid:84513747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650645)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/windows/gac_32/zh-chs/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650645/; classtype:trojan-activity;sid:84513745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650646)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-072/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650646/; classtype:trojan-activity;sid:84513746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650644)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/sqlservr/100/com/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650644/; classtype:trojan-activity;sid:84513744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650643)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"220.89.164.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650643/; classtype:trojan-activity;sid:84513743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650642)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/1033/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650642/; classtype:trojan-activity;sid:84513742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650641)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650641/; classtype:trojan-activity;sid:84513741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650640)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000187451/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650640/; classtype:trojan-activity;sid:84513740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650638)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170836/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650638/; classtype:trojan-activity;sid:84513738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650639)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/mapfiles/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650639/; classtype:trojan-activity;sid:84513739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650636)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetmsp/x86/info.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650636/; classtype:trojan-activity;sid:84513736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650637)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/shared/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650637/; classtype:trojan-activity;sid:84513737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650635)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650635/; classtype:trojan-activity;sid:84513735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650634)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000624762/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650634/; classtype:trojan-activity;sid:84513734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650633)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-06-04/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650633/; classtype:trojan-activity;sid:84513733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650632)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210807-023/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650632/; classtype:trojan-activity;sid:84513732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650631)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-05-04/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650631/; classtype:trojan-activity;sid:84513731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650629)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/sdk/assembly/en/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650629/; classtype:trojan-activity;sid:84513729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650630)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/res/1033/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650630/; classtype:trojan-activity;sid:84513730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650627)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000585574/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650627/; classtype:trojan-activity;sid:84513727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650628)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604491/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650628/; classtype:trojan-activity;sid:84513728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650624)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"98.213.164.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650624/; classtype:trojan-activity;sid:84513724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650625)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/upgrdmap/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650625/; classtype:trojan-activity;sid:84513725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650626)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/cfiles/msshared/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650626/; classtype:trojan-activity;sid:84513726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650623)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-11-25/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650623/; classtype:trojan-activity;sid:84513723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650622)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171296/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650622/; classtype:trojan-activity;sid:84513722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650621)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000426238/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650621/; classtype:trojan-activity;sid:84513721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650619)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/com/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650619/; classtype:trojan-activity;sid:84513719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650620)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650620/; classtype:trojan-activity;sid:84513720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650618)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/res/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650618/; classtype:trojan-activity;sid:84513718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650617)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-10-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650617/; classtype:trojan-activity;sid:84513717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650616)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"88.28.218.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650616/; classtype:trojan-activity;sid:84513716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650615)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210723-002/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650615/; classtype:trojan-activity;sid:84513715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650614)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"cpe90-146-57-238.liwest.at"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650614/; classtype:trojan-activity;sid:84513714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650613)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000591547/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650613/; classtype:trojan-activity;sid:84513713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650611)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/info.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650611/; classtype:trojan-activity;sid:84513711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650612)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-05-20/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650612/; classtype:trojan-activity;sid:84513712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650610)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/2052/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650610/; classtype:trojan-activity;sid:84513710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650609)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604318/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650609/; classtype:trojan-activity;sid:84513709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650608)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/windows/gac_32/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650608/; classtype:trojan-activity;sid:84513708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650607)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211202-019/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650607/; classtype:trojan-activity;sid:84513707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650606)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/options/info.zip"; http_uri; depth:161; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650606/; classtype:trojan-activity;sid:84513706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650605)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/07/querypr/info.zip"; http_uri; depth:162; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650605/; classtype:trojan-activity;sid:84513705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650604)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:148; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650604/; classtype:trojan-activity;sid:84513704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650603)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-05-10/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650603/; classtype:trojan-activity;sid:84513703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650602)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-05-06/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650602/; classtype:trojan-activity;sid:84513702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650600)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000677/2024-06-19/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650600/; classtype:trojan-activity;sid:84513700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650601)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650601/; classtype:trojan-activity;sid:84513701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650599)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pa/normal/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650599/; classtype:trojan-activity;sid:84513699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650598)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-06-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650598/; classtype:trojan-activity;sid:84513698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650596)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-10-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650596/; classtype:trojan-activity;sid:84513696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650597)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-09-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650597/; classtype:trojan-activity;sid:84513697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650595)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000426238/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650595/; classtype:trojan-activity;sid:84513695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650593)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-08-05/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650593/; classtype:trojan-activity;sid:84513693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650594)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-01-16/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650594/; classtype:trojan-activity;sid:84513694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650591)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-01-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650591/; classtype:trojan-activity;sid:84513691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650592)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/sqlservr/100/tools/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650592/; classtype:trojan-activity;sid:84513692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650588)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"156.200.99.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650588/; classtype:trojan-activity;sid:84513688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650589)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/info.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650589/; classtype:trojan-activity;sid:84513689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650590)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-04-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650590/; classtype:trojan-activity;sid:84513690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650583)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000212326/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650583/; classtype:trojan-activity;sid:84513683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650584)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000624763/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650584/; classtype:trojan-activity;sid:84513684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650585)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172470/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650585/; classtype:trojan-activity;sid:84513685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650586)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168287/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650586/; classtype:trojan-activity;sid:84513686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650587)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000263120/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650587/; classtype:trojan-activity;sid:84513687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650582)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"89.190.46.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650582/; classtype:trojan-activity;sid:84513682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650575)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000585436/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650575/; classtype:trojan-activity;sid:84513675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650576)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/shared/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650576/; classtype:trojan-activity;sid:84513676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650577)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000546513/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650577/; classtype:trojan-activity;sid:84513677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650578)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/plcomps/res/1033/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650578/; classtype:trojan-activity;sid:84513678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650579)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000565438/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650579/; classtype:trojan-activity;sid:84513679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650580)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"115.96.25.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650580/; classtype:trojan-activity;sid:84513680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650581)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/res/1033/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650581/; classtype:trojan-activity;sid:84513681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650571)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-012/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650571/; classtype:trojan-activity;sid:84513671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650572)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000617432/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650572/; classtype:trojan-activity;sid:84513672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650573)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171288/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650573/; classtype:trojan-activity;sid:84513673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650574)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000677/2023-12-11/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650574/; classtype:trojan-activity;sid:84513674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650570)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"14.224.205.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650570/; classtype:trojan-activity;sid:84513670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650568)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000176793/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650568/; classtype:trojan-activity;sid:84513668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650569)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000213545/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650569/; classtype:trojan-activity;sid:84513669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650566)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/zh-chs/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650566/; classtype:trojan-activity;sid:84513666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650567)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/windows/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650567/; classtype:trojan-activity;sid:84513667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650565)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167279/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650565/; classtype:trojan-activity;sid:84513665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650563)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-08-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650563/; classtype:trojan-activity;sid:84513663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650564)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-030/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650564/; classtype:trojan-activity;sid:84513664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650562)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650562/; classtype:trojan-activity;sid:84513662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650560)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/windows/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650560/; classtype:trojan-activity;sid:84513660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650561)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167437/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650561/; classtype:trojan-activity;sid:84513661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650558)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-07-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650558/; classtype:trojan-activity;sid:84513658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650559)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"116.72.16.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650559/; classtype:trojan-activity;sid:84513659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650557)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000552709/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650557/; classtype:trojan-activity;sid:84513657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650554)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000606633/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650554/; classtype:trojan-activity;sid:84513654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650555)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/msvs9/info.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650555/; classtype:trojan-activity;sid:84513655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650556)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000264706/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650556/; classtype:trojan-activity;sid:84513656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650552)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650552/; classtype:trojan-activity;sid:84513652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650553)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:149; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650553/; classtype:trojan-activity;sid:84513653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650551)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167071/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650551/; classtype:trojan-activity;sid:84513651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650550)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-06-03/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650550/; classtype:trojan-activity;sid:84513650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650549)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172576/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650549/; classtype:trojan-activity;sid:84513649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650548)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/com/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650548/; classtype:trojan-activity;sid:84513648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650547)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/shared/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650547/; classtype:trojan-activity;sid:84513647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650546)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-03-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650546/; classtype:trojan-activity;sid:84513646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650544)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/shared/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650544/; classtype:trojan-activity;sid:84513644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650545)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210723-029/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650545/; classtype:trojan-activity;sid:84513645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650543)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/help/2052/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650543/; classtype:trojan-activity;sid:84513643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650542)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-036/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650542/; classtype:trojan-activity;sid:84513642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650541)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/info.zip"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650541/; classtype:trojan-activity;sid:84513641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650539)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220317-085/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650539/; classtype:trojan-activity;sid:84513639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650540)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/help/1033/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650540/; classtype:trojan-activity;sid:84513640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650537)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000224648/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650537/; classtype:trojan-activity;sid:84513637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650538)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/res/1033/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650538/; classtype:trojan-activity;sid:84513638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650535)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2024-10-23/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650535/; classtype:trojan-activity;sid:84513635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650536)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-31/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650536/; classtype:trojan-activity;sid:84513636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650533)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604501/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650533/; classtype:trojan-activity;sid:84513633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650534)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000224647/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650534/; classtype:trojan-activity;sid:84513634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650532)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/80/tools/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650532/; classtype:trojan-activity;sid:84513632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650531)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/src/images/info.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650531/; classtype:trojan-activity;sid:84513631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650530)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1049/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650530/; classtype:trojan-activity;sid:84513630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650529)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171304/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650529/; classtype:trojan-activity;sid:84513629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650527)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/msnet/adomd.net/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650527/; classtype:trojan-activity;sid:84513627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650528)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-08-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650528/; classtype:trojan-activity;sid:84513628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650526)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650526/; classtype:trojan-activity;sid:84513626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650525)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-007/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650525/; classtype:trojan-activity;sid:84513625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650524)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2020-09-18/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650524/; classtype:trojan-activity;sid:84513624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650522)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-10-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650522/; classtype:trojan-activity;sid:84513622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650523)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"175.246.7.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650523/; classtype:trojan-activity;sid:84513623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650520)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-11-04/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650520/; classtype:trojan-activity;sid:84513620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650521)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-10-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650521/; classtype:trojan-activity;sid:84513621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650518)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650518/; classtype:trojan-activity;sid:84513618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650519)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-09-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650519/; classtype:trojan-activity;sid:84513619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650517)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-04-30/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650517/; classtype:trojan-activity;sid:84513617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650516)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-02-16/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650516/; classtype:trojan-activity;sid:84513616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650515)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-07-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650515/; classtype:trojan-activity;sid:84513615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650514)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000558592/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650514/; classtype:trojan-activity;sid:84513614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650513)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2020-11-19/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650513/; classtype:trojan-activity;sid:84513613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650512)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166971/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650512/; classtype:trojan-activity;sid:84513612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650510)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000265246/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650510/; classtype:trojan-activity;sid:84513610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650511)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-25/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650511/; classtype:trojan-activity;sid:84513611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650509)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000225745/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650509/; classtype:trojan-activity;sid:84513609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650508)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164808/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650508/; classtype:trojan-activity;sid:84513608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650507)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-01-14/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650507/; classtype:trojan-activity;sid:84513607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650503)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650503/; classtype:trojan-activity;sid:84513603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650504)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170482/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650504/; classtype:trojan-activity;sid:84513604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650505)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000546512/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650505/; classtype:trojan-activity;sid:84513605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650506)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165644/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650506/; classtype:trojan-activity;sid:84513606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650493)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000264706/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650493/; classtype:trojan-activity;sid:84513593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650494)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000562134/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650494/; classtype:trojan-activity;sid:84513594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650495)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-11-12/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650495/; classtype:trojan-activity;sid:84513595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650496)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000618093/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650496/; classtype:trojan-activity;sid:84513596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650497)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000602407/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650497/; classtype:trojan-activity;sid:84513597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650498)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000680914/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650498/; classtype:trojan-activity;sid:84513598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650499)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169171/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650499/; classtype:trojan-activity;sid:84513599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650500)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-07-06/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650500/; classtype:trojan-activity;sid:84513600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650501)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000683761/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650501/; classtype:trojan-activity;sid:84513601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650502)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-11-30/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650502/; classtype:trojan-activity;sid:84513602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650492)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"72.132.64.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650492/; classtype:trojan-activity;sid:84513592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650490)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210907-038/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650490/; classtype:trojan-activity;sid:84513590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650491)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/2023-11-28/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650491/; classtype:trojan-activity;sid:84513591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650489)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/connect/zh-chs/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650489/; classtype:trojan-activity;sid:84513589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650488)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"108.6.137.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650488/; classtype:trojan-activity;sid:84513588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650487)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-05-06/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650487/; classtype:trojan-activity;sid:84513587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650485)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160983/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650485/; classtype:trojan-activity;sid:84513585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650486)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/windows/gac/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650486/; classtype:trojan-activity;sid:84513586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650484)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000232287/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650484/; classtype:trojan-activity;sid:84513584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650482)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165020/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650482/; classtype:trojan-activity;sid:84513582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650483)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-11-13/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650483/; classtype:trojan-activity;sid:84513583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650481)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-018/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650481/; classtype:trojan-activity;sid:84513581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650480)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171284/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650480/; classtype:trojan-activity;sid:84513580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650478)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650478/; classtype:trojan-activity;sid:84513578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650479)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160618/td00000000000000159843/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650479/; classtype:trojan-activity;sid:84513579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650477)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-02-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650477/; classtype:trojan-activity;sid:84513577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650475)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650475/; classtype:trojan-activity;sid:84513575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650476)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650476/; classtype:trojan-activity;sid:84513576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650473)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.179.225.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650473/; classtype:trojan-activity;sid:84513573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650474)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000677/2024-02-23/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650474/; classtype:trojan-activity;sid:84513574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650472)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604651/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650472/; classtype:trojan-activity;sid:84513572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650471)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqlrowct/info.zip"; http_uri; depth:171; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650471/; classtype:trojan-activity;sid:84513571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650469)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650469/; classtype:trojan-activity;sid:84513569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650470)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.207.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650470/; classtype:trojan-activity;sid:84513570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650468)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-11-12/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650468/; classtype:trojan-activity;sid:84513568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650467)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-01-22/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650467/; classtype:trojan-activity;sid:84513567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650465)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166079/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650465/; classtype:trojan-activity;sid:84513565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650466)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-22/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650466/; classtype:trojan-activity;sid:84513566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650463)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/com/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650463/; classtype:trojan-activity;sid:84513563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650464)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/res/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650464/; classtype:trojan-activity;sid:84513564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650462)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000595438/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650462/; classtype:trojan-activity;sid:84513562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650461)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-06-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650461/; classtype:trojan-activity;sid:84513561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650460)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/shared/zh-chs/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650460/; classtype:trojan-activity;sid:84513560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650458)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1041/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650458/; classtype:trojan-activity;sid:84513558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650459)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/2052/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650459/; classtype:trojan-activity;sid:84513559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650457)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000601171/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650457/; classtype:trojan-activity;sid:84513557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650455)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/watson/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650455/; classtype:trojan-activity;sid:84513555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650456)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-01-26/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650456/; classtype:trojan-activity;sid:84513556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650453)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-07-14/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650453/; classtype:trojan-activity;sid:84513553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650454)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000677/2024-01-02/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650454/; classtype:trojan-activity;sid:84513554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650452)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-10-31/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650452/; classtype:trojan-activity;sid:84513552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650450)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000159804/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650450/; classtype:trojan-activity;sid:84513550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650451)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210729-089/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650451/; classtype:trojan-activity;sid:84513551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650449)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/binn/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650449/; classtype:trojan-activity;sid:84513549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650446)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650446/; classtype:trojan-activity;sid:84513546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650447)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-08-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650447/; classtype:trojan-activity;sid:84513547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650448)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000767154/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650448/; classtype:trojan-activity;sid:84513548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650445)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"66.108.238.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650445/; classtype:trojan-activity;sid:84513545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650443)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000566428/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650443/; classtype:trojan-activity;sid:84513543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650444)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-02-09/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650444/; classtype:trojan-activity;sid:84513544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650441)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168305/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650441/; classtype:trojan-activity;sid:84513541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650442)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.8.233.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650442/; classtype:trojan-activity;sid:84513542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650440)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/src/sass/demo/info.zip"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650440/; classtype:trojan-activity;sid:84513540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650439)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170516/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650439/; classtype:trojan-activity;sid:84513539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650437)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000625325/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650437/; classtype:trojan-activity;sid:84513537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650438)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/windows/system32/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650438/; classtype:trojan-activity;sid:84513538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650435)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000603149/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650435/; classtype:trojan-activity;sid:84513535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650436)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"187.225.169.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650436/; classtype:trojan-activity;sid:84513536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650434)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650434/; classtype:trojan-activity;sid:84513534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650431)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000163666/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650431/; classtype:trojan-activity;sid:84513531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650432)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/dotnetfx30/x86/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650432/; classtype:trojan-activity;sid:84513532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650433)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210910-072/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650433/; classtype:trojan-activity;sid:84513533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650428)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1046/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650428/; classtype:trojan-activity;sid:84513528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650429)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650429/; classtype:trojan-activity;sid:84513529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650430)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000601753/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650430/; classtype:trojan-activity;sid:84513530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650426)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/res/1033/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650426/; classtype:trojan-activity;sid:84513526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650427)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604319/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650427/; classtype:trojan-activity;sid:84513527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650424)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/tasks/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650424/; classtype:trojan-activity;sid:84513524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650425)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/remoteblobstore/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650425/; classtype:trojan-activity;sid:84513525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650423)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000629919/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650423/; classtype:trojan-activity;sid:84513523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650420)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetfx30/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650420/; classtype:trojan-activity;sid:84513520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650421)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/sqlservr/100/shared/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650421/; classtype:trojan-activity;sid:84513521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650422)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000263120/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650422/; classtype:trojan-activity;sid:84513522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650419)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-09-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650419/; classtype:trojan-activity;sid:84513519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650418)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/1033/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650418/; classtype:trojan-activity;sid:84513518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650417)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/es/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650417/; classtype:trojan-activity;sid:84513517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650415)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650415/; classtype:trojan-activity;sid:84513515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650416)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650416/; classtype:trojan-activity;sid:84513516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650414)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-03-19/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650414/; classtype:trojan-activity;sid:84513514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650412)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000237372/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650412/; classtype:trojan-activity;sid:84513512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650413)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"50.65.169.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650413/; classtype:trojan-activity;sid:84513513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650410)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1031/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650410/; classtype:trojan-activity;sid:84513510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650411)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000677/2021-02-18/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650411/; classtype:trojan-activity;sid:84513511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650408)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220916-031/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650408/; classtype:trojan-activity;sid:84513508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650409)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000585574/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650409/; classtype:trojan-activity;sid:84513509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650406)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/windows/gac/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650406/; classtype:trojan-activity;sid:84513506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650407)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210729-089/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650407/; classtype:trojan-activity;sid:84513507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650405)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/07/showplan/info.zip"; http_uri; depth:162; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650405/; classtype:trojan-activity;sid:84513505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650403)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000187451/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650403/; classtype:trojan-activity;sid:84513503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650404)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/sqlservr/100/shared/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650404/; classtype:trojan-activity;sid:84513504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650402)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/msnet/adomd.net/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650402/; classtype:trojan-activity;sid:84513502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650401)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567168/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650401/; classtype:trojan-activity;sid:84513501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650400)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-06-25/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650400/; classtype:trojan-activity;sid:84513500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650399)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/shared/zh-chs/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650399/; classtype:trojan-activity;sid:84513499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650398)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"79.123.54.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650398/; classtype:trojan-activity;sid:84513498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650397)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-10-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650397/; classtype:trojan-activity;sid:84513497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650395)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211021-033/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650395/; classtype:trojan-activity;sid:84513495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650396)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-04-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650396/; classtype:trojan-activity;sid:84513496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650393)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/dist/css/info.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650393/; classtype:trojan-activity;sid:84513493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650394)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-06-10/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650394/; classtype:trojan-activity;sid:84513494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650392)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-015/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650392/; classtype:trojan-activity;sid:84513492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650391)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/es/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650391/; classtype:trojan-activity;sid:84513491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650390)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000555505/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650390/; classtype:trojan-activity;sid:84513490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650389)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-06-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650389/; classtype:trojan-activity;sid:84513489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650388)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-05-19/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650388/; classtype:trojan-activity;sid:84513488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650386)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169865/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650386/; classtype:trojan-activity;sid:84513486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650387)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-11-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650387/; classtype:trojan-activity;sid:84513487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650385)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-06-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650385/; classtype:trojan-activity;sid:84513485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650382)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000566428/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650382/; classtype:trojan-activity;sid:84513482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650383)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172466/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650383/; classtype:trojan-activity;sid:84513483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650384)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-07-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650384/; classtype:trojan-activity;sid:84513484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650380)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"119.204.83.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650380/; classtype:trojan-activity;sid:84513480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650381)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171312/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650381/; classtype:trojan-activity;sid:84513481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650378)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567162/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650378/; classtype:trojan-activity;sid:84513478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650379)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-10-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650379/; classtype:trojan-activity;sid:84513479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650375)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650375/; classtype:trojan-activity;sid:84513475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650376)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000586305/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650376/; classtype:trojan-activity;sid:84513476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650377)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/1033/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650377/; classtype:trojan-activity;sid:84513477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650374)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169769/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650374/; classtype:trojan-activity;sid:84513474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650364)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000573133/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650364/; classtype:trojan-activity;sid:84513464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650365)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2020-11-17/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650365/; classtype:trojan-activity;sid:84513465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650366)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000606636/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650366/; classtype:trojan-activity;sid:84513466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650367)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/tasks/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650367/; classtype:trojan-activity;sid:84513467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650368)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650368/; classtype:trojan-activity;sid:84513468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650369)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211026-077/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650369/; classtype:trojan-activity;sid:84513469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650370)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-01-30/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650370/; classtype:trojan-activity;sid:84513470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650371)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000546234/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650371/; classtype:trojan-activity;sid:84513471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650372)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/windows/system32/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650372/; classtype:trojan-activity;sid:84513472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650373)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.34.230.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650373/; classtype:trojan-activity;sid:84513473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650362)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000586306/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650362/; classtype:trojan-activity;sid:84513462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650363)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-31/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650363/; classtype:trojan-activity;sid:84513463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650361)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210910-045/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650361/; classtype:trojan-activity;sid:84513461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650358)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170378/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650358/; classtype:trojan-activity;sid:84513458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650359)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/msnet/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650359/; classtype:trojan-activity;sid:84513459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650360)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/tasks/zh-chs/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650360/; classtype:trojan-activity;sid:84513460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650357)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604442/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650357/; classtype:trojan-activity;sid:84513457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650355)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000564863/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650355/; classtype:trojan-activity;sid:84513455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650356)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-01-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650356/; classtype:trojan-activity;sid:84513456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650353)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000232287/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650353/; classtype:trojan-activity;sid:84513453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650354)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000542542/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650354/; classtype:trojan-activity;sid:84513454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650351)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"71.198.110.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650351/; classtype:trojan-activity;sid:84513451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650352)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-12-11/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650352/; classtype:trojan-activity;sid:84513452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650350)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220618-010/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650350/; classtype:trojan-activity;sid:84513450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650348)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160995/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650348/; classtype:trojan-activity;sid:84513448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650349)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/ide/priassem/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650349/; classtype:trojan-activity;sid:84513449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650344)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"187.209.146.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650344/; classtype:trojan-activity;sid:84513444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650345)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000600310/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650345/; classtype:trojan-activity;sid:84513445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650346)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqlresst/info.zip"; http_uri; depth:170; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650346/; classtype:trojan-activity;sid:84513446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650347)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-11-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650347/; classtype:trojan-activity;sid:84513447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650343)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"93.43.53.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650343/; classtype:trojan-activity;sid:84513443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650342)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/msnet/adomd.net/100/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650342/; classtype:trojan-activity;sid:84513442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650341)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/msvs9/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650341/; classtype:trojan-activity;sid:84513441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650336)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000591279/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650336/; classtype:trojan-activity;sid:84513436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650337)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168278/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650337/; classtype:trojan-activity;sid:84513437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650338)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170774/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650338/; classtype:trojan-activity;sid:84513438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650339)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/msnet/adomd.net/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650339/; classtype:trojan-activity;sid:84513439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650340)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000633210/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650340/; classtype:trojan-activity;sid:84513440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650335)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/binn/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650335/; classtype:trojan-activity;sid:84513435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650330)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210809-047/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650330/; classtype:trojan-activity;sid:84513430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650331)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000224648/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650331/; classtype:trojan-activity;sid:84513431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650332)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165504/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650332/; classtype:trojan-activity;sid:84513432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650333)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/info.zip"; http_uri; depth:150; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650333/; classtype:trojan-activity;sid:84513433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650334)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/com/zh-chs/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650334/; classtype:trojan-activity;sid:84513434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650325)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604442/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650325/; classtype:trojan-activity;sid:84513425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650326)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650326/; classtype:trojan-activity;sid:84513426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650327)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-09-20/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650327/; classtype:trojan-activity;sid:84513427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650328)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650328/; classtype:trojan-activity;sid:84513428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650329)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/windows/system32/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650329/; classtype:trojan-activity;sid:84513429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650321)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2022-10-15/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650321/; classtype:trojan-activity;sid:84513421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650322)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2023-07-25/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650322/; classtype:trojan-activity;sid:84513422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650323)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/bulkload/format/info.zip"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650323/; classtype:trojan-activity;sid:84513423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650324)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/sqlservr/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650324/; classtype:trojan-activity;sid:84513424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650316)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqlmes/info.zip"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650316/; classtype:trojan-activity;sid:84513416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650317)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"187.32.254.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650317/; classtype:trojan-activity;sid:84513417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650318)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"47.50.167.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650318/; classtype:trojan-activity;sid:84513418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650319)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"138.36.2.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650319/; classtype:trojan-activity;sid:84513419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650320)"; flow:established,from_client; content:"GET"; http_method; content:"/github-file-info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"20.243.236.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650320/; classtype:trojan-activity;sid:84513420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650312)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/res/1033/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650312/; classtype:trojan-activity;sid:84513412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650313)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/src/sass/info.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650313/; classtype:trojan-activity;sid:84513413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650314)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/ide/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650314/; classtype:trojan-activity;sid:84513414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650315)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/com/res/1033/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650315/; classtype:trojan-activity;sid:84513415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650311)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/msnet/adomd.net/100/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650311/; classtype:trojan-activity;sid:84513411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650309)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/keyfile/2052/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650309/; classtype:trojan-activity;sid:84513409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650310)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650310/; classtype:trojan-activity;sid:84513410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650308)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211218-033/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650308/; classtype:trojan-activity;sid:84513408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650307)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.89.102.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650307/; classtype:trojan-activity;sid:84513407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650304)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000585614/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650304/; classtype:trojan-activity;sid:84513404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650305)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000566428/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650305/; classtype:trojan-activity;sid:84513405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650306)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220423-022/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650306/; classtype:trojan-activity;sid:84513406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650302)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-050/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650302/; classtype:trojan-activity;sid:84513402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650303)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/mapfiles/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650303/; classtype:trojan-activity;sid:84513403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650299)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"109.193.105.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650299/; classtype:trojan-activity;sid:84513399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650300)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166309/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650300/; classtype:trojan-activity;sid:84513400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650301)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-021/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650301/; classtype:trojan-activity;sid:84513401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650297)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-021/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650297/; classtype:trojan-activity;sid:84513397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650298)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650298/; classtype:trojan-activity;sid:84513398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650295)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/binn/template/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650295/; classtype:trojan-activity;sid:84513395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650296)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-075/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650296/; classtype:trojan-activity;sid:84513396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650293)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000600441/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650293/; classtype:trojan-activity;sid:84513393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650294)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/90/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650294/; classtype:trojan-activity;sid:84513394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650292)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650292/; classtype:trojan-activity;sid:84513392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650290)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-058/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650290/; classtype:trojan-activity;sid:84513390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650291)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650291/; classtype:trojan-activity;sid:84513391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650288)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"190.153.137.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650288/; classtype:trojan-activity;sid:84513388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650289)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/shared/1033/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650289/; classtype:trojan-activity;sid:84513389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650287)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/com/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650287/; classtype:trojan-activity;sid:84513387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650286)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000546495/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650286/; classtype:trojan-activity;sid:84513386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650285)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000209999/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650285/; classtype:trojan-activity;sid:84513385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650282)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650282/; classtype:trojan-activity;sid:84513382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650283)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000765367/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650283/; classtype:trojan-activity;sid:84513383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650284)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/windows/gac/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650284/; classtype:trojan-activity;sid:84513384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650280)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650280/; classtype:trojan-activity;sid:84513380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650281)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650281/; classtype:trojan-activity;sid:84513381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650279)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2023-07-28/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650279/; classtype:trojan-activity;sid:84513379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650276)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000553612/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650276/; classtype:trojan-activity;sid:84513376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650277)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210816-051/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650277/; classtype:trojan-activity;sid:84513377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650278)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/80/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650278/; classtype:trojan-activity;sid:84513378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650270)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169947/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650270/; classtype:trojan-activity;sid:84513370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650271)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165200/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650271/; classtype:trojan-activity;sid:84513371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650272)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000586306/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650272/; classtype:trojan-activity;sid:84513372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650273)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/windows/gac/info.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650273/; classtype:trojan-activity;sid:84513373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650274)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000677/2024-10-09/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650274/; classtype:trojan-activity;sid:84513374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650275)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.53.49.93"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650275/; classtype:trojan-activity;sid:84513375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650269)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/01/consulta%20n%c3%a3o%20encerrado/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650269/; classtype:trojan-activity;sid:84513369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650263)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"107.128.101.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650263/; classtype:trojan-activity;sid:84513363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650264)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/msnet/adomd.net/100/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650264/; classtype:trojan-activity;sid:84513364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650265)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/07/info.zip"; http_uri; depth:154; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650265/; classtype:trojan-activity;sid:84513365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650266)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-10-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650266/; classtype:trojan-activity;sid:84513366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650267)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210826-050/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650267/; classtype:trojan-activity;sid:84513367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650268)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/zh-chs/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650268/; classtype:trojan-activity;sid:84513368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650261)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650261/; classtype:trojan-activity;sid:84513361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650262)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-12-19/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650262/; classtype:trojan-activity;sid:84513362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650259)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2021-02-16/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650259/; classtype:trojan-activity;sid:84513359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650260)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000600294/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650260/; classtype:trojan-activity;sid:84513360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650258)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168295/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650258/; classtype:trojan-activity;sid:84513358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650256)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/windows/gac/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650256/; classtype:trojan-activity;sid:84513356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650257)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/sqlservr/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650257/; classtype:trojan-activity;sid:84513357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650254)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604321/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650254/; classtype:trojan-activity;sid:84513354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650255)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650255/; classtype:trojan-activity;sid:84513355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650253)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000585560/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650253/; classtype:trojan-activity;sid:84513353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650250)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.80.243.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650250/; classtype:trojan-activity;sid:84513350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650251)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/2023-11-29/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650251/; classtype:trojan-activity;sid:84513351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650252)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/zh-chs/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650252/; classtype:trojan-activity;sid:84513352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650248)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650248/; classtype:trojan-activity;sid:84513348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650249)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"186.214.131.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650249/; classtype:trojan-activity;sid:84513349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650246)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000601712/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650246/; classtype:trojan-activity;sid:84513346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650247)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"74.105.123.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650247/; classtype:trojan-activity;sid:84513347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650244)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604650/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650244/; classtype:trojan-activity;sid:84513344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650245)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210816-051/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650245/; classtype:trojan-activity;sid:84513345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650243)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604662/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650243/; classtype:trojan-activity;sid:84513343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650242)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-07-30/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650242/; classtype:trojan-activity;sid:84513342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650241)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650241/; classtype:trojan-activity;sid:84513341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650240)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"182.227.5.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650240/; classtype:trojan-activity;sid:84513340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650234)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2019-06-12/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650234/; classtype:trojan-activity;sid:84513334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650235)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/msnet/adomd.net/100/zh-chs/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650235/; classtype:trojan-activity;sid:84513335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650236)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-03-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650236/; classtype:trojan-activity;sid:84513336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650237)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1040/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650237/; classtype:trojan-activity;sid:84513337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650238)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-006/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650238/; classtype:trojan-activity;sid:84513338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650239)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650239/; classtype:trojan-activity;sid:84513339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650233)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-08-17/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650233/; classtype:trojan-activity;sid:84513333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650230)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-07-11/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650230/; classtype:trojan-activity;sid:84513330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650231)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000566395/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650231/; classtype:trojan-activity;sid:84513331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650232)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000566431/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650232/; classtype:trojan-activity;sid:84513332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650224)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/msvs9/common7/ide/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650224/; classtype:trojan-activity;sid:84513324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650225)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/bulkload/info.zip"; http_uri; depth:160; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650225/; classtype:trojan-activity;sid:84513325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650226)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650226/; classtype:trojan-activity;sid:84513326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650227)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000680913/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650227/; classtype:trojan-activity;sid:84513327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650228)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetfx35/x64/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650228/; classtype:trojan-activity;sid:84513328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650229)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/app_error/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650229/; classtype:trojan-activity;sid:84513329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650223)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/feenmer/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650223/; classtype:trojan-activity;sid:84513323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650222)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168293/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650222/; classtype:trojan-activity;sid:84513322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650220)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/upgrdmap/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650220/; classtype:trojan-activity;sid:84513320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650221)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210809-022/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650221/; classtype:trojan-activity;sid:84513321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650219)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-06-25/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650219/; classtype:trojan-activity;sid:84513319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650218)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-08-08/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650218/; classtype:trojan-activity;sid:84513318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650217)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"88.12.14.229"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650217/; classtype:trojan-activity;sid:84513317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650216)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171468/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650216/; classtype:trojan-activity;sid:84513316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650215)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000162637/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650215/; classtype:trojan-activity;sid:84513315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650214)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000600441/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650214/; classtype:trojan-activity;sid:84513314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650213)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000584368/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650213/; classtype:trojan-activity;sid:84513313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650211)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2020-11-06/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650211/; classtype:trojan-activity;sid:84513311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650212)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650212/; classtype:trojan-activity;sid:84513312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650209)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000721/2019-11-11/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650209/; classtype:trojan-activity;sid:84513309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650210)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000562134/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650210/; classtype:trojan-activity;sid:84513310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650208)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"71.162.3.185"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650208/; classtype:trojan-activity;sid:84513308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650204)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000607873/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650204/; classtype:trojan-activity;sid:84513304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650205)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/dotnetmsp/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650205/; classtype:trojan-activity;sid:84513305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650206)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210723-002/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650206/; classtype:trojan-activity;sid:84513306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650207)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetfx30/x86/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650207/; classtype:trojan-activity;sid:84513307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650203)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/com/zh-chs/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650203/; classtype:trojan-activity;sid:84513303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650202)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/info.zip"; http_uri; depth:153; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650202/; classtype:trojan-activity;sid:84513302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650200)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-08-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650200/; classtype:trojan-activity;sid:84513300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650201)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165935/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650201/; classtype:trojan-activity;sid:84513301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650199)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/windows/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650199/; classtype:trojan-activity;sid:84513299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650197)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/ide/priassem/busproj/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650197/; classtype:trojan-activity;sid:84513297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650198)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650198/; classtype:trojan-activity;sid:84513298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650195)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-10-28/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650195/; classtype:trojan-activity;sid:84513295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650196)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-11-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650196/; classtype:trojan-activity;sid:84513296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650194)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqlparam/info.zip"; http_uri; depth:170; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650194/; classtype:trojan-activity;sid:84513294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650193)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.209.67.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650193/; classtype:trojan-activity;sid:84513293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650192)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000601753/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650192/; classtype:trojan-activity;sid:84513292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650191)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000179593/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650191/; classtype:trojan-activity;sid:84513291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650190)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-12-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650190/; classtype:trojan-activity;sid:84513290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650188)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210804-019/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650188/; classtype:trojan-activity;sid:84513288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650189)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220419-045/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650189/; classtype:trojan-activity;sid:84513289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650187)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-01-19/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650187/; classtype:trojan-activity;sid:84513287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650186)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/en/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650186/; classtype:trojan-activity;sid:84513286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650185)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000624761/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650185/; classtype:trojan-activity;sid:84513285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650183)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650183/; classtype:trojan-activity;sid:84513283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650184)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/windows/gac_32/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650184/; classtype:trojan-activity;sid:84513284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650181)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-12-27/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650181/; classtype:trojan-activity;sid:84513281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650182)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-007/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650182/; classtype:trojan-activity;sid:84513282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650180)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/provdesc/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650180/; classtype:trojan-activity;sid:84513280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650178)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2024-06-03/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650178/; classtype:trojan-activity;sid:84513278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650179)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/en/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650179/; classtype:trojan-activity;sid:84513279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650177)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650177/; classtype:trojan-activity;sid:84513277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650174)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/install/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650174/; classtype:trojan-activity;sid:84513274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650175)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/res/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650175/; classtype:trojan-activity;sid:84513275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650176)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2023-11-09/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650176/; classtype:trojan-activity;sid:84513276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650173)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/x64/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650173/; classtype:trojan-activity;sid:84513273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650172)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220427-035/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650172/; classtype:trojan-activity;sid:84513272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650171)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-002/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650171/; classtype:trojan-activity;sid:84513271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650170)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000222522/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650170/; classtype:trojan-activity;sid:84513270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650167)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650167/; classtype:trojan-activity;sid:84513267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650168)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/cfiles/msshared/sqldbg/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650168/; classtype:trojan-activity;sid:84513268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650169)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650169/; classtype:trojan-activity;sid:84513269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650165)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/binn/template/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650165/; classtype:trojan-activity;sid:84513265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650166)"; flow:established,from_client; content:"GET"; http_method; content:"/lvoeifwit7.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ag.qqd-6-e.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650166/; classtype:trojan-activity;sid:84513266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650163)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/binn/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650163/; classtype:trojan-activity;sid:84513263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650164)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000589083/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650164/; classtype:trojan-activity;sid:84513264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650162)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166869/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650162/; classtype:trojan-activity;sid:84513262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650160)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000566150/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650160/; classtype:trojan-activity;sid:84513260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650161)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000546495/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650161/; classtype:trojan-activity;sid:84513261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650158)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-05-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650158/; classtype:trojan-activity;sid:84513258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650159)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-03-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650159/; classtype:trojan-activity;sid:84513259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650156)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-11-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650156/; classtype:trojan-activity;sid:84513256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650157)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/binn/dlltmp64/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650157/; classtype:trojan-activity;sid:84513257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650155)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/windows/gac/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650155/; classtype:trojan-activity;sid:84513255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650153)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650153/; classtype:trojan-activity;sid:84513253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650154)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/windows/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650154/; classtype:trojan-activity;sid:84513254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650151)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/tasks/zh-chs/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650151/; classtype:trojan-activity;sid:84513251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650152)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"62.150.203.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650152/; classtype:trojan-activity;sid:84513252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650150)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000555505/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650150/; classtype:trojan-activity;sid:84513250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650149)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650149/; classtype:trojan-activity;sid:84513249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650148)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/connect/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650148/; classtype:trojan-activity;sid:84513248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650146)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164138/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650146/; classtype:trojan-activity;sid:84513246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650147)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/remoteblobstore/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650147/; classtype:trojan-activity;sid:84513247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650145)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/vs2008/1033/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650145/; classtype:trojan-activity;sid:84513245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650143)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/msnet/adomd.net/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650143/; classtype:trojan-activity;sid:84513243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650144)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-012/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650144/; classtype:trojan-activity;sid:84513244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650142)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"99.232.252.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650142/; classtype:trojan-activity;sid:84513242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650140)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000566420/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650140/; classtype:trojan-activity;sid:84513240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650141)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-07-11/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650141/; classtype:trojan-activity;sid:84513241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650137)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164253/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650137/; classtype:trojan-activity;sid:84513237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650138)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/2023-12-22/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650138/; classtype:trojan-activity;sid:84513238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650139)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-01-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650139/; classtype:trojan-activity;sid:84513239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650134)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/msnet/adomd.net/100/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650134/; classtype:trojan-activity;sid:84513234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650135)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604442/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650135/; classtype:trojan-activity;sid:84513235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650136)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-09-03/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650136/; classtype:trojan-activity;sid:84513236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650133)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/res/2052/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650133/; classtype:trojan-activity;sid:84513233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650132)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000426237/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650132/; classtype:trojan-activity;sid:84513232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650131)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/sqlservr/100/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650131/; classtype:trojan-activity;sid:84513231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650130)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170520/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650130/; classtype:trojan-activity;sid:84513230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650129)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-10-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650129/; classtype:trojan-activity;sid:84513229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650127)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171256/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650127/; classtype:trojan-activity;sid:84513227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650128)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220528-019/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650128/; classtype:trojan-activity;sid:84513228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650123)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172428/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650123/; classtype:trojan-activity;sid:84513223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650124)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-05-10/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650124/; classtype:trojan-activity;sid:84513224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650125)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-020/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650125/; classtype:trojan-activity;sid:84513225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650126)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-01-09/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650126/; classtype:trojan-activity;sid:84513226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650121)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567164/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650121/; classtype:trojan-activity;sid:84513221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650122)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000553463/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650122/; classtype:trojan-activity;sid:84513222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650119)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650119/; classtype:trojan-activity;sid:84513219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650120)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-060/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650120/; classtype:trojan-activity;sid:84513220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650116)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000586306/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650116/; classtype:trojan-activity;sid:84513216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650117)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000677/2023-11-14/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650117/; classtype:trojan-activity;sid:84513217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650118)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165900/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650118/; classtype:trojan-activity;sid:84513218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650113)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650113/; classtype:trojan-activity;sid:84513213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650114)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-04-30/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650114/; classtype:trojan-activity;sid:84513214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650115)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-08-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650115/; classtype:trojan-activity;sid:84513215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650112)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000566395/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650112/; classtype:trojan-activity;sid:84513212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650111)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-08-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650111/; classtype:trojan-activity;sid:84513211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650109)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-019/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650109/; classtype:trojan-activity;sid:84513209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650110)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"113.156.110.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650110/; classtype:trojan-activity;sid:84513210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650108)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/2052/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650108/; classtype:trojan-activity;sid:84513208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650107)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171314/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650107/; classtype:trojan-activity;sid:84513207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650105)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-10-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650105/; classtype:trojan-activity;sid:84513205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650106)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650106/; classtype:trojan-activity;sid:84513206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650104)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567163/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650104/; classtype:trojan-activity;sid:84513204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650103)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211206-052/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650103/; classtype:trojan-activity;sid:84513203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650102)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"113.218.214.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650102/; classtype:trojan-activity;sid:84513202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650101)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650101/; classtype:trojan-activity;sid:84513201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650100)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210901-059/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650100/; classtype:trojan-activity;sid:84513200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650099)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/msvs9/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650099/; classtype:trojan-activity;sid:84513199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650098)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/msnet/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650098/; classtype:trojan-activity;sid:84513198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650096)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650096/; classtype:trojan-activity;sid:84513196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650097)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211228-039/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650097/; classtype:trojan-activity;sid:84513197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650093)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171298/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650093/; classtype:trojan-activity;sid:84513193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650094)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650094/; classtype:trojan-activity;sid:84513194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650095)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000633210/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650095/; classtype:trojan-activity;sid:84513195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650092)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168275/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650092/; classtype:trojan-activity;sid:84513192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650089)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/shared/zh-chs/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650089/; classtype:trojan-activity;sid:84513189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650090)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000606633/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650090/; classtype:trojan-activity;sid:84513190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650091)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210813-060/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650091/; classtype:trojan-activity;sid:84513191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650086)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-09-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650086/; classtype:trojan-activity;sid:84513186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650087)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-03-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650087/; classtype:trojan-activity;sid:84513187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650088)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2006/info.zip"; http_uri; depth:150; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650088/; classtype:trojan-activity;sid:84513188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650085)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650085/; classtype:trojan-activity;sid:84513185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650083)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-03-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650083/; classtype:trojan-activity;sid:84513183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650084)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/zh-chs/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650084/; classtype:trojan-activity;sid:84513184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650082)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/2023-11-24/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650082/; classtype:trojan-activity;sid:84513182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650079)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166259/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650079/; classtype:trojan-activity;sid:84513179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650080)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-02-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650080/; classtype:trojan-activity;sid:84513180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650081)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/catalog/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650081/; classtype:trojan-activity;sid:84513181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650075)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000237372/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650075/; classtype:trojan-activity;sid:84513175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650076)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000208170/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650076/; classtype:trojan-activity;sid:84513176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650077)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211112-030/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650077/; classtype:trojan-activity;sid:84513177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650078)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165824/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650078/; classtype:trojan-activity;sid:84513178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650073)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-029/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650073/; classtype:trojan-activity;sid:84513173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650074)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2006/info.zip"; http_uri; depth:148; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650074/; classtype:trojan-activity;sid:84513174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650071)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650071/; classtype:trojan-activity;sid:84513171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650072)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/com/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650072/; classtype:trojan-activity;sid:84513172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650070)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000677/2023-12-14/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650070/; classtype:trojan-activity;sid:84513170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650069)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/dotnetfx30/x64/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650069/; classtype:trojan-activity;sid:84513169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650066)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"152.0.25.96"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650066/; classtype:trojan-activity;sid:84513166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650067)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000600293/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650067/; classtype:trojan-activity;sid:84513167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650068)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2023-11-23/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650068/; classtype:trojan-activity;sid:84513168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650064)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000226537/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650064/; classtype:trojan-activity;sid:84513164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650065)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:157; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650065/; classtype:trojan-activity;sid:84513165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650062)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/upgrade%20advisor/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650062/; classtype:trojan-activity;sid:84513162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650063)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/dotnetfx35/x64/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650063/; classtype:trojan-activity;sid:84513163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650058)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567166/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650058/; classtype:trojan-activity;sid:84513158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650059)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-017/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650059/; classtype:trojan-activity;sid:84513159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650060)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/binn/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650060/; classtype:trojan-activity;sid:84513160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650061)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"70.95.233.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650061/; classtype:trojan-activity;sid:84513161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650057)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/windows/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650057/; classtype:trojan-activity;sid:84513157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650055)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-10-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650055/; classtype:trojan-activity;sid:84513155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650056)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-08-25/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650056/; classtype:trojan-activity;sid:84513156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650053)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/powershell/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650053/; classtype:trojan-activity;sid:84513153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650054)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-11-25/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650054/; classtype:trojan-activity;sid:84513154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650050)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000548123/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650050/; classtype:trojan-activity;sid:84513150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650051)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567145/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650051/; classtype:trojan-activity;sid:84513151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650052)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-002/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650052/; classtype:trojan-activity;sid:84513152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650049)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650049/; classtype:trojan-activity;sid:84513149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650045)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000680914/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650045/; classtype:trojan-activity;sid:84513145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650046)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/3082/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650046/; classtype:trojan-activity;sid:84513146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650047)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-05-04/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650047/; classtype:trojan-activity;sid:84513147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650048)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-03-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650048/; classtype:trojan-activity;sid:84513148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650044)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"111.235.143.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650044/; classtype:trojan-activity;sid:84513144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650043)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-058/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650043/; classtype:trojan-activity;sid:84513143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650041)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000601171/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650041/; classtype:trojan-activity;sid:84513141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650042)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-053/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650042/; classtype:trojan-activity;sid:84513142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650040)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000549109/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650040/; classtype:trojan-activity;sid:84513140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650037)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000573133/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650037/; classtype:trojan-activity;sid:84513137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650038)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2021-08-19/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650038/; classtype:trojan-activity;sid:84513138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650039)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/com/res/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650039/; classtype:trojan-activity;sid:84513139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650034)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000426237/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650034/; classtype:trojan-activity;sid:84513134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650035)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-03-08/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650035/; classtype:trojan-activity;sid:84513135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650036)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167243/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650036/; classtype:trojan-activity;sid:84513136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650033)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210918-075/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650033/; classtype:trojan-activity;sid:84513133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650030)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-061/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650030/; classtype:trojan-activity;sid:84513130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650031)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000677/2024-11-14/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650031/; classtype:trojan-activity;sid:84513131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650032)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000264645/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650032/; classtype:trojan-activity;sid:84513132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650029)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/images/saomiao/info.zip"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650029/; classtype:trojan-activity;sid:84513129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650028)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169473/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650028/; classtype:trojan-activity;sid:84513128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650027)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/windows/gac/info.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650027/; classtype:trojan-activity;sid:84513127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650026)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171454/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650026/; classtype:trojan-activity;sid:84513126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650025)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000839/2023-06-15/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650025/; classtype:trojan-activity;sid:84513125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650021)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000565438/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650021/; classtype:trojan-activity;sid:84513121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650022)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000179610/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650022/; classtype:trojan-activity;sid:84513122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650023)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170532/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650023/; classtype:trojan-activity;sid:84513123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650024)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/sqlservr/100/keyfile/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650024/; classtype:trojan-activity;sid:84513124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650020)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-12-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650020/; classtype:trojan-activity;sid:84513120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650013)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/dist/js/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650013/; classtype:trojan-activity;sid:84513113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650014)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220217-058/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650014/; classtype:trojan-activity;sid:84513114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650015)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211215-049/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650015/; classtype:trojan-activity;sid:84513115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650016)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/help/2052/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650016/; classtype:trojan-activity;sid:84513116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650017)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/cfiles/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650017/; classtype:trojan-activity;sid:84513117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650018)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210723-026/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650018/; classtype:trojan-activity;sid:84513118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650019)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-06-16/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650019/; classtype:trojan-activity;sid:84513119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650012)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"124.218.221.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650012/; classtype:trojan-activity;sid:84513112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650011)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/2052/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650011/; classtype:trojan-activity;sid:84513111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650010)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/images/zhijia-tuzhi/info.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650010/; classtype:trojan-activity;sid:84513110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650008)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-001/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650008/; classtype:trojan-activity;sid:84513108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650009)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210907-038/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650009/; classtype:trojan-activity;sid:84513109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650007)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-09-11/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650007/; classtype:trojan-activity;sid:84513107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650006)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-061/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650006/; classtype:trojan-activity;sid:84513106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650005)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000677/2019-06-17/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650005/; classtype:trojan-activity;sid:84513105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650004)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000543689/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650004/; classtype:trojan-activity;sid:84513104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650001)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000633209/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650001/; classtype:trojan-activity;sid:84513101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650002)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000553612/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650002/; classtype:trojan-activity;sid:84513102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650003)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650003/; classtype:trojan-activity;sid:84513103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649999)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000677/2021-09-11/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649999/; classtype:trojan-activity;sid:84513099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650000)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/80/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650000/; classtype:trojan-activity;sid:84513100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649998)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-011/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649998/; classtype:trojan-activity;sid:84513098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649997)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-04-05/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649997/; classtype:trojan-activity;sid:84513097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649996)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000546233/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649996/; classtype:trojan-activity;sid:84513096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649994)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649994/; classtype:trojan-activity;sid:84513094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649995)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000173466/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649995/; classtype:trojan-activity;sid:84513095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649993)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-10-10/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649993/; classtype:trojan-activity;sid:84513093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649991)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/sqlservr/100/info.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649991/; classtype:trojan-activity;sid:84513091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649992)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000585575/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649992/; classtype:trojan-activity;sid:84513092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649985)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-10-19/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649985/; classtype:trojan-activity;sid:84513085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649986)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171194/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649986/; classtype:trojan-activity;sid:84513086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649987)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172163/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649987/; classtype:trojan-activity;sid:84513087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649988)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-08-05/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649988/; classtype:trojan-activity;sid:84513088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649989)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649989/; classtype:trojan-activity;sid:84513089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649990)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220406-019/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649990/; classtype:trojan-activity;sid:84513090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649984)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"160.202.15.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649984/; classtype:trojan-activity;sid:84513084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649983)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/msnet/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649983/; classtype:trojan-activity;sid:84513083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649977)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/msnet/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649977/; classtype:trojan-activity;sid:84513077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649978)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000189793/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649978/; classtype:trojan-activity;sid:84513078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649979)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/sqlservr/100/dts/binn/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649979/; classtype:trojan-activity;sid:84513079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649980)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000586961/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649980/; classtype:trojan-activity;sid:84513080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649981)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000609592/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649981/; classtype:trojan-activity;sid:84513081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649982)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-049/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649982/; classtype:trojan-activity;sid:84513082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649976)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/cfiles/msshared/sqldbg/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649976/; classtype:trojan-activity;sid:84513076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649974)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220804-012/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649974/; classtype:trojan-activity;sid:84513074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649975)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"27.72.159.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649975/; classtype:trojan-activity;sid:84513075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649970)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-09-30/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649970/; classtype:trojan-activity;sid:84513070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649971)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000213545/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649971/; classtype:trojan-activity;sid:84513071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649972)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/windows/gac/zh-chs/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649972/; classtype:trojan-activity;sid:84513072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649973)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-040/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649973/; classtype:trojan-activity;sid:84513073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649968)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"107.128.101.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649968/; classtype:trojan-activity;sid:84513068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649969)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/en/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649969/; classtype:trojan-activity;sid:84513069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649967)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000566150/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649967/; classtype:trojan-activity;sid:84513067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649966)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/com/en/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649966/; classtype:trojan-activity;sid:84513066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649965)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211215-049/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649965/; classtype:trojan-activity;sid:84513065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649964)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-03-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649964/; classtype:trojan-activity;sid:84513064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649963)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-22/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649963/; classtype:trojan-activity;sid:84513063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649962)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/dotnetmsp/x86/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649962/; classtype:trojan-activity;sid:84513062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649961)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-02-09/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649961/; classtype:trojan-activity;sid:84513061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649960)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000189793/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649960/; classtype:trojan-activity;sid:84513060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649957)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567165/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649957/; classtype:trojan-activity;sid:84513057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649958)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649958/; classtype:trojan-activity;sid:84513058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649959)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172788/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649959/; classtype:trojan-activity;sid:84513059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649956)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000237371/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649956/; classtype:trojan-activity;sid:84513056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649953)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000566429/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649953/; classtype:trojan-activity;sid:84513053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649954)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000606636/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649954/; classtype:trojan-activity;sid:84513054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649955)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:153; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649955/; classtype:trojan-activity;sid:84513055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649950)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"76.94.192.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649950/; classtype:trojan-activity;sid:84513050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649951)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210911-035/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649951/; classtype:trojan-activity;sid:84513051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649952)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000552709/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649952/; classtype:trojan-activity;sid:84513052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649948)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/zh-chs/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649948/; classtype:trojan-activity;sid:84513048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649949)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649949/; classtype:trojan-activity;sid:84513049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649947)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/shared/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649947/; classtype:trojan-activity;sid:84513047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649946)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649946/; classtype:trojan-activity;sid:84513046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649945)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000625892/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649945/; classtype:trojan-activity;sid:84513045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649944)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168509/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649944/; classtype:trojan-activity;sid:84513044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649941)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210923-026/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649941/; classtype:trojan-activity;sid:84513041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649942)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/help/1033/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649942/; classtype:trojan-activity;sid:84513042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649943)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000683761/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649943/; classtype:trojan-activity;sid:84513043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649938)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"187.201.237.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649938/; classtype:trojan-activity;sid:84513038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649939)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/msnet/adomd.net/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649939/; classtype:trojan-activity;sid:84513039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649940)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/windows/gac/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649940/; classtype:trojan-activity;sid:84513040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649936)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/feenmer/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649936/; classtype:trojan-activity;sid:84513036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649937)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-07-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649937/; classtype:trojan-activity;sid:84513037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649935)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649935/; classtype:trojan-activity;sid:84513035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649933)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-060/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649933/; classtype:trojan-activity;sid:84513033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649934)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-055/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649934/; classtype:trojan-activity;sid:84513034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649932)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567164/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649932/; classtype:trojan-activity;sid:84513032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649930)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171888/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649930/; classtype:trojan-activity;sid:84513030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649931)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165116/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649931/; classtype:trojan-activity;sid:84513031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649929)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-07-16/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649929/; classtype:trojan-activity;sid:84513029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649928)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-22/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649928/; classtype:trojan-activity;sid:84513028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649927)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"152.230.116.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649927/; classtype:trojan-activity;sid:84513027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649926)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604650/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649926/; classtype:trojan-activity;sid:84513026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649922)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649922/; classtype:trojan-activity;sid:84513022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649923)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000208170/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649923/; classtype:trojan-activity;sid:84513023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649924)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000237371/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649924/; classtype:trojan-activity;sid:84513024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649925)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220715-064/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649925/; classtype:trojan-activity;sid:84513025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649921)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-074/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649921/; classtype:trojan-activity;sid:84513021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649920)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"73.71.107.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649920/; classtype:trojan-activity;sid:84513020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649918)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000215215/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649918/; classtype:trojan-activity;sid:84513018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649919)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000264645/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649919/; classtype:trojan-activity;sid:84513019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649917)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220111-033/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649917/; classtype:trojan-activity;sid:84513017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649915)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/com/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649915/; classtype:trojan-activity;sid:84513015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649916)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2023-11-09/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649916/; classtype:trojan-activity;sid:84513016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649914)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-08-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649914/; classtype:trojan-activity;sid:84513014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649913)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-12-11/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649913/; classtype:trojan-activity;sid:84513013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649909)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567145/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649909/; classtype:trojan-activity;sid:84513009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649910)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171458/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649910/; classtype:trojan-activity;sid:84513010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649911)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/res/2052/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649911/; classtype:trojan-activity;sid:84513011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649912)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/1/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649912/; classtype:trojan-activity;sid:84513012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649906)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/zh-chs/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649906/; classtype:trojan-activity;sid:84513006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649907)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/com/res/1033/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649907/; classtype:trojan-activity;sid:84513007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649908)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-11-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649908/; classtype:trojan-activity;sid:84513008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649904)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-10-19/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649904/; classtype:trojan-activity;sid:84513004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649905)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000608221/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649905/; classtype:trojan-activity;sid:84513005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649902)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"149.88.73.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649902/; classtype:trojan-activity;sid:84513002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649903)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/msnet/adomd.net/100/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649903/; classtype:trojan-activity;sid:84513003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649900)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000617432/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649900/; classtype:trojan-activity;sid:84513000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649901)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-11-22/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649901/; classtype:trojan-activity;sid:84513001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649897)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-08-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649897/; classtype:trojan-activity;sid:84512997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649898)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2023-06-22/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649898/; classtype:trojan-activity;sid:84512998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649899)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-04-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649899/; classtype:trojan-activity;sid:84512999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649896)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000624762/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649896/; classtype:trojan-activity;sid:84512996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649895)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000265247/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649895/; classtype:trojan-activity;sid:84512995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649893)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649893/; classtype:trojan-activity;sid:84512993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649894)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649894/; classtype:trojan-activity;sid:84512994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649889)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-036/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649889/; classtype:trojan-activity;sid:84512989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649890)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"24.251.252.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649890/; classtype:trojan-activity;sid:84512990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649891)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/msnet/adomd.net/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649891/; classtype:trojan-activity;sid:84512991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649892)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649892/; classtype:trojan-activity;sid:84512992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649888)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165014/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649888/; classtype:trojan-activity;sid:84512988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649887)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/binn/template/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649887/; classtype:trojan-activity;sid:84512987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649885)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165090/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649885/; classtype:trojan-activity;sid:84512985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649886)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168749/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649886/; classtype:trojan-activity;sid:84512986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649884)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172574/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649884/; classtype:trojan-activity;sid:84512984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649882)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/dotnetfx30/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649882/; classtype:trojan-activity;sid:84512982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649883)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/pfiles/info.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649883/; classtype:trojan-activity;sid:84512983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649881)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167339/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649881/; classtype:trojan-activity;sid:84512981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649880)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220421-042/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649880/; classtype:trojan-activity;sid:84512980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649876)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/vs2008/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649876/; classtype:trojan-activity;sid:84512976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649877)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/images/zhijia-kancha/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649877/; classtype:trojan-activity;sid:84512977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649878)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000212326/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649878/; classtype:trojan-activity;sid:84512978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649879)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-053/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649879/; classtype:trojan-activity;sid:84512979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649873)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210723-030/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649873/; classtype:trojan-activity;sid:84512973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649874)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000603747/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649874/; classtype:trojan-activity;sid:84512974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649875)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649875/; classtype:trojan-activity;sid:84512975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649872)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/pfiles/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649872/; classtype:trojan-activity;sid:84512972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649871)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210723-029/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649871/; classtype:trojan-activity;sid:84512971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649870)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000746890/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649870/; classtype:trojan-activity;sid:84512970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649867)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160628/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649867/; classtype:trojan-activity;sid:84512967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649868)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171452/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649868/; classtype:trojan-activity;sid:84512968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649869)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-06-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649869/; classtype:trojan-activity;sid:84512969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649866)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649866/; classtype:trojan-activity;sid:84512966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649865)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"75.42.36.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649865/; classtype:trojan-activity;sid:84512965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649864)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164253/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649864/; classtype:trojan-activity;sid:84512964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649863)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000426237/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649863/; classtype:trojan-activity;sid:84512963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649862)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/sqlservr/100/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649862/; classtype:trojan-activity;sid:84512962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649860)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000586961/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649860/; classtype:trojan-activity;sid:84512960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649861)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-02-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649861/; classtype:trojan-activity;sid:84512961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649858)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-08-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649858/; classtype:trojan-activity;sid:84512958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649859)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-058/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649859/; classtype:trojan-activity;sid:84512959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649855)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210729-050/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649855/; classtype:trojan-activity;sid:84512955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649856)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649856/; classtype:trojan-activity;sid:84512956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649857)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/windows/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649857/; classtype:trojan-activity;sid:84512957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649854)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.85.36.173"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649854/; classtype:trojan-activity;sid:84512954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649853)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000552326/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649853/; classtype:trojan-activity;sid:84512953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649852)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165820/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649852/; classtype:trojan-activity;sid:84512952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649849)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2023-07-17/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649849/; classtype:trojan-activity;sid:84512949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649850)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-04-29/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649850/; classtype:trojan-activity;sid:84512950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649851)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/2052/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649851/; classtype:trojan-activity;sid:84512951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649847)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-003/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649847/; classtype:trojan-activity;sid:84512947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649848)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-04-02/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649848/; classtype:trojan-activity;sid:84512948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649846)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000600441/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649846/; classtype:trojan-activity;sid:84512946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649845)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/info.zip"; http_uri; depth:161; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649845/; classtype:trojan-activity;sid:84512945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649844)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-10-20/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649844/; classtype:trojan-activity;sid:84512944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649843)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2024-01-30/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649843/; classtype:trojan-activity;sid:84512943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649842)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/dotnetfx30/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649842/; classtype:trojan-activity;sid:84512942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649841)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649841/; classtype:trojan-activity;sid:84512941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649840)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-03-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649840/; classtype:trojan-activity;sid:84512940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649839)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170894/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649839/; classtype:trojan-activity;sid:84512939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649837)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"70.190.199.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649837/; classtype:trojan-activity;sid:84512937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649838)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/tools/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649838/; classtype:trojan-activity;sid:84512938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649836)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000603094/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649836/; classtype:trojan-activity;sid:84512936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649835)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"177.116.226.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649835/; classtype:trojan-activity;sid:84512935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649833)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171742/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649833/; classtype:trojan-activity;sid:84512933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649834)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000489/2024-10-10/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649834/; classtype:trojan-activity;sid:84512934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649829)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-001/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649829/; classtype:trojan-activity;sid:84512929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649830)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/windows/gac_32/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649830/; classtype:trojan-activity;sid:84512930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649831)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/sqltypes/info.zip"; http_uri; depth:159; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649831/; classtype:trojan-activity;sid:84512931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649832)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649832/; classtype:trojan-activity;sid:84512932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649827)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649827/; classtype:trojan-activity;sid:84512927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649828)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/sdk/assembly/zh-chs/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649828/; classtype:trojan-activity;sid:84512928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649825)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/upgrade%20advisor/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649825/; classtype:trojan-activity;sid:84512925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649826)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2006/11/info.zip"; http_uri; depth:154; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649826/; classtype:trojan-activity;sid:84512926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649823)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/shared/2052/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649823/; classtype:trojan-activity;sid:84512923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649824)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210802-018/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649824/; classtype:trojan-activity;sid:84512924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649822)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2006/11/events/info.zip"; http_uri; depth:161; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649822/; classtype:trojan-activity;sid:84512922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649821)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171248/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649821/; classtype:trojan-activity;sid:84512921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649820)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649820/; classtype:trojan-activity;sid:84512920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649819)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/bulkload/info.zip"; http_uri; depth:159; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649819/; classtype:trojan-activity;sid:84512919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649818)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/com/res/2052/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649818/; classtype:trojan-activity;sid:84512918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649817)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649817/; classtype:trojan-activity;sid:84512917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649816)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/dotnetfx30/x86/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649816/; classtype:trojan-activity;sid:84512916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649815)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/info.zip"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649815/; classtype:trojan-activity;sid:84512915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649814)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-017/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649814/; classtype:trojan-activity;sid:84512914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649813)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211110-008/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649813/; classtype:trojan-activity;sid:84512913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649812)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-02-04/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649812/; classtype:trojan-activity;sid:84512912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649811)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-07-08/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649811/; classtype:trojan-activity;sid:84512911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649809)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/cfiles/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649809/; classtype:trojan-activity;sid:84512909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649810)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/sqlservr/100/dts/binn/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649810/; classtype:trojan-activity;sid:84512910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649808)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/1033/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649808/; classtype:trojan-activity;sid:84512908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649807)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/binn/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649807/; classtype:trojan-activity;sid:84512907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649806)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-03-17/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649806/; classtype:trojan-activity;sid:84512906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649804)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-018/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649804/; classtype:trojan-activity;sid:84512904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649805)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/80/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649805/; classtype:trojan-activity;sid:84512905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649803)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220223-034/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649803/; classtype:trojan-activity;sid:84512903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649802)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-02-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649802/; classtype:trojan-activity;sid:84512902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649801)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000465109/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649801/; classtype:trojan-activity;sid:84512901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649800)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetfx20/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649800/; classtype:trojan-activity;sid:84512900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649799)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/help/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649799/; classtype:trojan-activity;sid:84512899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649798)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000553463/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649798/; classtype:trojan-activity;sid:84512898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649797)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604319/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649797/; classtype:trojan-activity;sid:84512897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649796)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211008-008/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649796/; classtype:trojan-activity;sid:84512896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649795)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/powershell/ia64/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649795/; classtype:trojan-activity;sid:84512895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649793)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-02-04/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649793/; classtype:trojan-activity;sid:84512893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649794)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-028/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649794/; classtype:trojan-activity;sid:84512894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649792)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1036/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649792/; classtype:trojan-activity;sid:84512892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649791)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqlmes/info.zip"; http_uri; depth:169; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649791/; classtype:trojan-activity;sid:84512891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649790)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172568/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649790/; classtype:trojan-activity;sid:84512890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649789)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220217-058/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649789/; classtype:trojan-activity;sid:84512889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649788)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-07-20/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649788/; classtype:trojan-activity;sid:84512888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649787)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-070/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649787/; classtype:trojan-activity;sid:84512887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649785)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000625892/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649785/; classtype:trojan-activity;sid:84512885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649786)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-053/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649786/; classtype:trojan-activity;sid:84512886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649783)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000226537/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649783/; classtype:trojan-activity;sid:84512883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649784)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.84.50.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649784/; classtype:trojan-activity;sid:84512884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649782)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"98.191.121.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649782/; classtype:trojan-activity;sid:84512882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649781)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"179.89.215.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649781/; classtype:trojan-activity;sid:84512881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649780)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2022-02-16/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649780/; classtype:trojan-activity;sid:84512880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649777)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-07-28/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649777/; classtype:trojan-activity;sid:84512877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649778)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/keyfile/2052/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649778/; classtype:trojan-activity;sid:84512878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649779)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2020-08-23/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649779/; classtype:trojan-activity;sid:84512879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649774)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000457040/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649774/; classtype:trojan-activity;sid:84512874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649775)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-08-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649775/; classtype:trojan-activity;sid:84512875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649776)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/sdk/assembly/zh-chs/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649776/; classtype:trojan-activity;sid:84512876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649773)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220117-019/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649773/; classtype:trojan-activity;sid:84512873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649771)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166135/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649771/; classtype:trojan-activity;sid:84512871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649772)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_msi/windows/system32/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649772/; classtype:trojan-activity;sid:84512872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649769)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649769/; classtype:trojan-activity;sid:84512869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649770)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/80/tools/binn/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649770/; classtype:trojan-activity;sid:84512870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649768)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-06-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649768/; classtype:trojan-activity;sid:84512868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649765)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649765/; classtype:trojan-activity;sid:84512865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649766)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/msnet/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649766/; classtype:trojan-activity;sid:84512866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649767)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649767/; classtype:trojan-activity;sid:84512867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649763)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2019-04-28/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649763/; classtype:trojan-activity;sid:84512863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649764)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1033/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649764/; classtype:trojan-activity;sid:84512864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649762)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000583935/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649762/; classtype:trojan-activity;sid:84512862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649759)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/sqlservr/100/dts/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649759/; classtype:trojan-activity;sid:84512859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649760)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-06-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649760/; classtype:trojan-activity;sid:84512860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649761)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171246/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649761/; classtype:trojan-activity;sid:84512861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649758)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/msnet/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649758/; classtype:trojan-activity;sid:84512858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649757)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210802-018/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649757/; classtype:trojan-activity;sid:84512857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649756)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210814-028/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649756/; classtype:trojan-activity;sid:84512856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649754)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/windows/gac_32/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649754/; classtype:trojan-activity;sid:84512854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649755)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"117.30.75.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649755/; classtype:trojan-activity;sid:84512855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649753)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/res/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649753/; classtype:trojan-activity;sid:84512853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649752)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604650/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649752/; classtype:trojan-activity;sid:84512852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649751)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165999/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649751/; classtype:trojan-activity;sid:84512851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649750)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1041/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649750/; classtype:trojan-activity;sid:84512850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649749)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649749/; classtype:trojan-activity;sid:84512849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649748)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210804-089/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649748/; classtype:trojan-activity;sid:84512848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649746)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210820-072/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649746/; classtype:trojan-activity;sid:84512846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649747)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000573133/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649747/; classtype:trojan-activity;sid:84512847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649743)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/windows%20installer/ia64/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649743/; classtype:trojan-activity;sid:84512843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649744)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-03-08/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649744/; classtype:trojan-activity;sid:84512844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649745)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649745/; classtype:trojan-activity;sid:84512845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649742)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"155.253.34.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649742/; classtype:trojan-activity;sid:84512842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649738)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/2024-07-06/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649738/; classtype:trojan-activity;sid:84512838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649739)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-020/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649739/; classtype:trojan-activity;sid:84512839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649740)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/windows%20installer/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649740/; classtype:trojan-activity;sid:84512840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649741)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-057/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649741/; classtype:trojan-activity;sid:84512841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649737)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"2.80.191.205"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649737/; classtype:trojan-activity;sid:84512837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649735)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210814-028/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649735/; classtype:trojan-activity;sid:84512835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649736)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649736/; classtype:trojan-activity;sid:84512836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649734)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/src/sass/demo/info.zip"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649734/; classtype:trojan-activity;sid:84512834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649732)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649732/; classtype:trojan-activity;sid:84512832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649733)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2019-12-17/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649733/; classtype:trojan-activity;sid:84512833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649730)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000557542/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649730/; classtype:trojan-activity;sid:84512830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649731)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167115/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649731/; classtype:trojan-activity;sid:84512831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649728)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-031/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649728/; classtype:trojan-activity;sid:84512828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649729)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/binn/dlltmp32/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649729/; classtype:trojan-activity;sid:84512829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649726)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000600294/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649726/; classtype:trojan-activity;sid:84512826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649727)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-001/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649727/; classtype:trojan-activity;sid:84512827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649725)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000542543/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649725/; classtype:trojan-activity;sid:84512825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649724)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2019-03-18/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649724/; classtype:trojan-activity;sid:84512824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649723)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1033/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649723/; classtype:trojan-activity;sid:84512823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649721)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2006/11/info.zip"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649721/; classtype:trojan-activity;sid:84512821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649722)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000600293/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649722/; classtype:trojan-activity;sid:84512822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649720)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211208-061/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649720/; classtype:trojan-activity;sid:84512820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649719)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000677/2019-07-12/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649719/; classtype:trojan-activity;sid:84512819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649718)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649718/; classtype:trojan-activity;sid:84512818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649717)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000566431/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649717/; classtype:trojan-activity;sid:84512817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649714)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/zh-chs/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649714/; classtype:trojan-activity;sid:84512814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649715)"; flow:established,from_client; content:"GET"; http_method; content:"/qcg.google|3f|t=ewlxsvqe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"gu.jnfe-1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649715/; classtype:trojan-activity;sid:84512815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649716)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1028/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649716/; classtype:trojan-activity;sid:84512816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649712)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000265247/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649712/; classtype:trojan-activity;sid:84512812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649713)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649713/; classtype:trojan-activity;sid:84512813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649711)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220117-019/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649711/; classtype:trojan-activity;sid:84512811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649710)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000226538/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649710/; classtype:trojan-activity;sid:84512810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649708)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/keyfile/2052/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649708/; classtype:trojan-activity;sid:84512808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649709)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649709/; classtype:trojan-activity;sid:84512809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649707)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"178.61.160.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649707/; classtype:trojan-activity;sid:84512807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649705)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqlmes/info.zip"; http_uri; depth:168; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649705/; classtype:trojan-activity;sid:84512805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649706)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_msi/pfiles/sqlservr/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649706/; classtype:trojan-activity;sid:84512806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649703)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/tasks/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649703/; classtype:trojan-activity;sid:84512803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649704)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"2.193.69.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649704/; classtype:trojan-activity;sid:84512804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649699)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168301/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649699/; classtype:trojan-activity;sid:84512799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649700)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-022/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649700/; classtype:trojan-activity;sid:84512800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649701)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171474/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649701/; classtype:trojan-activity;sid:84512801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649702)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-09-16/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649702/; classtype:trojan-activity;sid:84512802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649697)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000465109/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649697/; classtype:trojan-activity;sid:84512797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649698)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-053/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649698/; classtype:trojan-activity;sid:84512798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649695)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/1033/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649695/; classtype:trojan-activity;sid:84512795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649696)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/com/en/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649696/; classtype:trojan-activity;sid:84512796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649694)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/options/info.zip"; http_uri; depth:164; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649694/; classtype:trojan-activity;sid:84512794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649693)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/windows/gac/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649693/; classtype:trojan-activity;sid:84512793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649690)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220217-062/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649690/; classtype:trojan-activity;sid:84512790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649691)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"68.225.217.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649691/; classtype:trojan-activity;sid:84512791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649692)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167423/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649692/; classtype:trojan-activity;sid:84512792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649689)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-12-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649689/; classtype:trojan-activity;sid:84512789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649688)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/dotnetfx35/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649688/; classtype:trojan-activity;sid:84512788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649687)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-05-04/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649687/; classtype:trojan-activity;sid:84512787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649684)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/windows%20installer/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649684/; classtype:trojan-activity;sid:84512784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649685)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"87.249.142.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649685/; classtype:trojan-activity;sid:84512785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649686)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/com/res/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649686/; classtype:trojan-activity;sid:84512786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649683)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649683/; classtype:trojan-activity;sid:84512783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649682)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"222.252.31.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649682/; classtype:trojan-activity;sid:84512782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649681)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171702/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649681/; classtype:trojan-activity;sid:84512781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649678)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/tasks/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649678/; classtype:trojan-activity;sid:84512778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649679)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/msnet/adomd.net/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649679/; classtype:trojan-activity;sid:84512779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649680)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"175.207.184.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649680/; classtype:trojan-activity;sid:84512780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649677)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171468/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649677/; classtype:trojan-activity;sid:84512777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649676)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"96.11.145.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649676/; classtype:trojan-activity;sid:84512776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649673)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000230418/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649673/; classtype:trojan-activity;sid:84512773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649674)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166739/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649674/; classtype:trojan-activity;sid:84512774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649675)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/windows/gac/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649675/; classtype:trojan-activity;sid:84512775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649672)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-11-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649672/; classtype:trojan-activity;sid:84512772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649670)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000218874/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649670/; classtype:trojan-activity;sid:84512770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649671)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649671/; classtype:trojan-activity;sid:84512771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649666)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649666/; classtype:trojan-activity;sid:84512766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649667)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/sqlservr/100/keyfile/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649667/; classtype:trojan-activity;sid:84512767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649668)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/vs2008/2052/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649668/; classtype:trojan-activity;sid:84512768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649669)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000552326/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649669/; classtype:trojan-activity;sid:84512769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649663)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-31/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649663/; classtype:trojan-activity;sid:84512763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649664)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/msnet/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649664/; classtype:trojan-activity;sid:84512764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649665)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/07/dta/info.zip"; http_uri; depth:158; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649665/; classtype:trojan-activity;sid:84512765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649662)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-11-05/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649662/; classtype:trojan-activity;sid:84512762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649660)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649660/; classtype:trojan-activity;sid:84512760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649661)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/2052/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649661/; classtype:trojan-activity;sid:84512761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649659)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"73.155.237.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649659/; classtype:trojan-activity;sid:84512759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649658)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/help/1033/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649658/; classtype:trojan-activity;sid:84512758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649656)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-04-29/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649656/; classtype:trojan-activity;sid:84512756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649657)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-058/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649657/; classtype:trojan-activity;sid:84512757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649655)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169927/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649655/; classtype:trojan-activity;sid:84512755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649654)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-09-10/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649654/; classtype:trojan-activity;sid:84512754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649651)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-08-05/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649651/; classtype:trojan-activity;sid:84512751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649652)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000608221/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649652/; classtype:trojan-activity;sid:84512752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649653)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-12-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649653/; classtype:trojan-activity;sid:84512753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649650)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649650/; classtype:trojan-activity;sid:84512750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649649)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000600309/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649649/; classtype:trojan-activity;sid:84512749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649648)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000209999/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649648/; classtype:trojan-activity;sid:84512748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649647)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000543908/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649647/; classtype:trojan-activity;sid:84512747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649645)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"124.72.203.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649645/; classtype:trojan-activity;sid:84512745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649646)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000215215/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649646/; classtype:trojan-activity;sid:84512746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649641)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-10-19/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649641/; classtype:trojan-activity;sid:84512741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649642)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2020-05-27/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649642/; classtype:trojan-activity;sid:84512742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649643)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172094/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649643/; classtype:trojan-activity;sid:84512743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649644)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000542543/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649644/; classtype:trojan-activity;sid:84512744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649639)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000584370/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649639/; classtype:trojan-activity;sid:84512739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649640)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000603104/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649640/; classtype:trojan-activity;sid:84512740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649635)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000162506/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649635/; classtype:trojan-activity;sid:84512735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649636)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-04-02/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649636/; classtype:trojan-activity;sid:84512736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649637)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000600290/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649637/; classtype:trojan-activity;sid:84512737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649638)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000566430/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649638/; classtype:trojan-activity;sid:84512738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649620)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000585560/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649620/; classtype:trojan-activity;sid:84512720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649621)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000603149/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649621/; classtype:trojan-activity;sid:84512721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649622)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171302/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649622/; classtype:trojan-activity;sid:84512722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649623)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000218874/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649623/; classtype:trojan-activity;sid:84512723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649624)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000391039/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649624/; classtype:trojan-activity;sid:84512724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649625)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000557542/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649625/; classtype:trojan-activity;sid:84512725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649626)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166801/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649626/; classtype:trojan-activity;sid:84512726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649627)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000543908/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649627/; classtype:trojan-activity;sid:84512727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649628)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167071/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649628/; classtype:trojan-activity;sid:84512728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649629)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000721/2019-12-11/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649629/; classtype:trojan-activity;sid:84512729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649630)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000625326/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649630/; classtype:trojan-activity;sid:84512730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649631)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000230417/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649631/; classtype:trojan-activity;sid:84512731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649632)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2022-11-25/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649632/; classtype:trojan-activity;sid:84512732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649633)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000603747/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649633/; classtype:trojan-activity;sid:84512733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649634)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2019-10-22/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649634/; classtype:trojan-activity;sid:84512734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649619)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211030-056/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649619/; classtype:trojan-activity;sid:84512719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649617)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000555505/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649617/; classtype:trojan-activity;sid:84512717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649618)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649618/; classtype:trojan-activity;sid:84512718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649615)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2020-09-11/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649615/; classtype:trojan-activity;sid:84512715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649616)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-02-11/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649616/; classtype:trojan-activity;sid:84512716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649612)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000602408/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649612/; classtype:trojan-activity;sid:84512712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649613)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160981/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649613/; classtype:trojan-activity;sid:84512713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649614)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211125-002/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649614/; classtype:trojan-activity;sid:84512714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649607)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000551812/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649607/; classtype:trojan-activity;sid:84512707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649608)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000574637/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649608/; classtype:trojan-activity;sid:84512708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649609)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/1033/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649609/; classtype:trojan-activity;sid:84512709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649610)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/msnet/adomd.net/100/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649610/; classtype:trojan-activity;sid:84512710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649611)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/info.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649611/; classtype:trojan-activity;sid:84512711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649606)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000585575/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649606/; classtype:trojan-activity;sid:84512706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649601)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-09-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649601/; classtype:trojan-activity;sid:84512701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649602)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-12-08/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649602/; classtype:trojan-activity;sid:84512702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649603)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/bulkload/format/info.zip"; http_uri; depth:164; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649603/; classtype:trojan-activity;sid:84512703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649604)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220824-011/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649604/; classtype:trojan-activity;sid:84512704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649605)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649605/; classtype:trojan-activity;sid:84512705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649596)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210731-081/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649596/; classtype:trojan-activity;sid:84512696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649597)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/images/zhijia/info.zip"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649597/; classtype:trojan-activity;sid:84512697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649598)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000225745/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649598/; classtype:trojan-activity;sid:84512698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649599)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-10-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649599/; classtype:trojan-activity;sid:84512699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649600)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/catalog/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649600/; classtype:trojan-activity;sid:84512700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649595)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000546233/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649595/; classtype:trojan-activity;sid:84512695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649594)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-07-05/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649594/; classtype:trojan-activity;sid:84512694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649593)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/upgrade/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649593/; classtype:trojan-activity;sid:84512693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649588)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-09-29/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649588/; classtype:trojan-activity;sid:84512688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649589)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649589/; classtype:trojan-activity;sid:84512689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649590)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-03-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649590/; classtype:trojan-activity;sid:84512690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649591)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-049/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649591/; classtype:trojan-activity;sid:84512691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649592)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-12-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649592/; classtype:trojan-activity;sid:84512692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649586)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/src/fonts/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649586/; classtype:trojan-activity;sid:84512686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649587)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649587/; classtype:trojan-activity;sid:84512687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649585)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000223168/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649585/; classtype:trojan-activity;sid:84512685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649584)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000232289/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649584/; classtype:trojan-activity;sid:84512684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649582)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210804-082/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649582/; classtype:trojan-activity;sid:84512682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649583)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000591279/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649583/; classtype:trojan-activity;sid:84512683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649580)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-02-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649580/; classtype:trojan-activity;sid:84512680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649581)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/dotnetmsp/x64/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649581/; classtype:trojan-activity;sid:84512681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649579)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/1033/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649579/; classtype:trojan-activity;sid:84512679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649578)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-05-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649578/; classtype:trojan-activity;sid:84512678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649576)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168299/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649576/; classtype:trojan-activity;sid:84512676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649577)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167451/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649577/; classtype:trojan-activity;sid:84512677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649573)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160619/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649573/; classtype:trojan-activity;sid:84512673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649574)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171294/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649574/; classtype:trojan-activity;sid:84512674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649575)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000186186/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649575/; classtype:trojan-activity;sid:84512675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649572)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171316/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649572/; classtype:trojan-activity;sid:84512672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649569)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000677/2020-06-10/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649569/; classtype:trojan-activity;sid:84512669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649570)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-08-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649570/; classtype:trojan-activity;sid:84512670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649571)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171474/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649571/; classtype:trojan-activity;sid:84512671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649565)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649565/; classtype:trojan-activity;sid:84512665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649566)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649566/; classtype:trojan-activity;sid:84512666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649567)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000223168/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649567/; classtype:trojan-activity;sid:84512667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649568)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/res/2052/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649568/; classtype:trojan-activity;sid:84512668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649563)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649563/; classtype:trojan-activity;sid:84512663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649564)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/windows/gac/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649564/; classtype:trojan-activity;sid:84512664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649561)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000606636/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649561/; classtype:trojan-activity;sid:84512661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649562)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000489/2022-10-28/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649562/; classtype:trojan-activity;sid:84512662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649559)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/zh-chs/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649559/; classtype:trojan-activity;sid:84512659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649560)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-04-29/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649560/; classtype:trojan-activity;sid:84512660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649557)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-008/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649557/; classtype:trojan-activity;sid:84512657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649558)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/mapfiles/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649558/; classtype:trojan-activity;sid:84512658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649556)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168281/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649556/; classtype:trojan-activity;sid:84512656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649554)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-02-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649554/; classtype:trojan-activity;sid:84512654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649555)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/images/zhijia-tuzhi/info.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649555/; classtype:trojan-activity;sid:84512655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649553)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-020/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649553/; classtype:trojan-activity;sid:84512653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649549)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171358/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649549/; classtype:trojan-activity;sid:84512649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649550)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/sqlservr/100/shared/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649550/; classtype:trojan-activity;sid:84512650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649551)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167601/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649551/; classtype:trojan-activity;sid:84512651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649552)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000758/2024-06-06/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649552/; classtype:trojan-activity;sid:84512652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649548)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172574/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649548/; classtype:trojan-activity;sid:84512648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649544)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000600310/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649544/; classtype:trojan-activity;sid:84512644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649545)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649545/; classtype:trojan-activity;sid:84512645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649546)"; flow:established,from_client; content:"GET"; http_method; content:"/aspnet_client/system_web/info.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"96.11.145.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649546/; classtype:trojan-activity;sid:84512646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649547)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-009/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649547/; classtype:trojan-activity;sid:84512647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649540)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649540/; classtype:trojan-activity;sid:84512640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649541)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000732234/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649541/; classtype:trojan-activity;sid:84512641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649542)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/com/res/2052/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649542/; classtype:trojan-activity;sid:84512642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649543)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649543/; classtype:trojan-activity;sid:84512643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649539)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000264645/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649539/; classtype:trojan-activity;sid:84512639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649536)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649536/; classtype:trojan-activity;sid:84512636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649537)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/1033/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649537/; classtype:trojan-activity;sid:84512637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649538)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/shared/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649538/; classtype:trojan-activity;sid:84512638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649534)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000585575/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649534/; classtype:trojan-activity;sid:84512634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649535)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-10-09/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649535/; classtype:trojan-activity;sid:84512635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649533)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166323/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649533/; classtype:trojan-activity;sid:84512633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649531)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pb/normal/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649531/; classtype:trojan-activity;sid:84512631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649532)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000732234/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649532/; classtype:trojan-activity;sid:84512632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649530)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211008-021/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649530/; classtype:trojan-activity;sid:84512630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649529)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-06-13/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649529/; classtype:trojan-activity;sid:84512629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649526)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/shared/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649526/; classtype:trojan-activity;sid:84512626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649527)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/dotnetfx20/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649527/; classtype:trojan-activity;sid:84512627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649528)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000223167/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649528/; classtype:trojan-activity;sid:84512628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649523)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqlrowct/info.zip"; http_uri; depth:168; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649523/; classtype:trojan-activity;sid:84512623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649524)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/zh-chs/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649524/; classtype:trojan-activity;sid:84512624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649525)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220317-085/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649525/; classtype:trojan-activity;sid:84512625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649521)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000584370/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649521/; classtype:trojan-activity;sid:84512621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649522)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220224-043/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649522/; classtype:trojan-activity;sid:84512622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649520)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-029/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649520/; classtype:trojan-activity;sid:84512620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649518)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649518/; classtype:trojan-activity;sid:84512618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649519)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/src/sass/info.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649519/; classtype:trojan-activity;sid:84512619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649517)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000583934/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649517/; classtype:trojan-activity;sid:84512617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649516)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649516/; classtype:trojan-activity;sid:84512616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649514)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165844/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649514/; classtype:trojan-activity;sid:84512614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649515)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649515/; classtype:trojan-activity;sid:84512615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649513)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000237371/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649513/; classtype:trojan-activity;sid:84512613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649512)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649512/; classtype:trojan-activity;sid:84512612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649511)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/res/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649511/; classtype:trojan-activity;sid:84512611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649509)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/shared/zh-chs/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649509/; classtype:trojan-activity;sid:84512609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649510)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-057/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649510/; classtype:trojan-activity;sid:84512610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649508)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/windows/gac_32/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649508/; classtype:trojan-activity;sid:84512608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649507)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/binn/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649507/; classtype:trojan-activity;sid:84512607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649504)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211109-007/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649504/; classtype:trojan-activity;sid:84512604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649505)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/com/res/2052/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649505/; classtype:trojan-activity;sid:84512605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649506)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-12-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649506/; classtype:trojan-activity;sid:84512606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649503)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165184/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649503/; classtype:trojan-activity;sid:84512603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649502)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604321/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649502/; classtype:trojan-activity;sid:84512602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649501)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-04-13/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649501/; classtype:trojan-activity;sid:84512601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649499)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/bulkload/info.zip"; http_uri; depth:157; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649499/; classtype:trojan-activity;sid:84512599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649500)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649500/; classtype:trojan-activity;sid:84512600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649497)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/07/showplan/info.zip"; http_uri; depth:163; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649497/; classtype:trojan-activity;sid:84512597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649498)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/df/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649498/; classtype:trojan-activity;sid:84512598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649495)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-01-16/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649495/; classtype:trojan-activity;sid:84512595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649496)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/keyfile/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649496/; classtype:trojan-activity;sid:84512596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649494)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-09-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649494/; classtype:trojan-activity;sid:84512594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649493)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649493/; classtype:trojan-activity;sid:84512593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649492)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168365/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649492/; classtype:trojan-activity;sid:84512592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649491)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-029/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649491/; classtype:trojan-activity;sid:84512591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649489)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-03-26/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649489/; classtype:trojan-activity;sid:84512589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649490)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-12-11/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649490/; classtype:trojan-activity;sid:84512590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649488)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000591478/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649488/; classtype:trojan-activity;sid:84512588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649487)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-055/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649487/; classtype:trojan-activity;sid:84512587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649485)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-07-29/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649485/; classtype:trojan-activity;sid:84512585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649486)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-03-01/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649486/; classtype:trojan-activity;sid:84512586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649484)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-09-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649484/; classtype:trojan-activity;sid:84512584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649482)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160618/td00000000000000159843/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649482/; classtype:trojan-activity;sid:84512582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649483)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000209999/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649483/; classtype:trojan-activity;sid:84512583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649481)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-06-09/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649481/; classtype:trojan-activity;sid:84512581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649479)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000548123/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649479/; classtype:trojan-activity;sid:84512579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649480)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649480/; classtype:trojan-activity;sid:84512580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649477)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/res/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649477/; classtype:trojan-activity;sid:84512577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649478)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220224-043/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649478/; classtype:trojan-activity;sid:84512578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649475)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211005-031/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649475/; classtype:trojan-activity;sid:84512575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649476)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000546495/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649476/; classtype:trojan-activity;sid:84512576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649474)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/binn/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649474/; classtype:trojan-activity;sid:84512574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649473)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649473/; classtype:trojan-activity;sid:84512573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649472)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000553613/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649472/; classtype:trojan-activity;sid:84512572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649471)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-03-26/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649471/; classtype:trojan-activity;sid:84512571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649469)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649469/; classtype:trojan-activity;sid:84512569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649470)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/powershell/x64/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649470/; classtype:trojan-activity;sid:84512570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649467)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000677/2019-04-08/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649467/; classtype:trojan-activity;sid:84512567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649468)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164122/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649468/; classtype:trojan-activity;sid:84512568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649463)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1028/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649463/; classtype:trojan-activity;sid:84512563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649464)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220217-062/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649464/; classtype:trojan-activity;sid:84512564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649465)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649465/; classtype:trojan-activity;sid:84512565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649466)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649466/; classtype:trojan-activity;sid:84512566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649462)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000721/2019-12-19/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649462/; classtype:trojan-activity;sid:84512562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649460)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000603095/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649460/; classtype:trojan-activity;sid:84512560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649461)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/com/res/1033/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649461/; classtype:trojan-activity;sid:84512561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649459)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567165/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649459/; classtype:trojan-activity;sid:84512559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649456)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-09-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649456/; classtype:trojan-activity;sid:84512556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649457)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-070/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649457/; classtype:trojan-activity;sid:84512557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649458)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-12-09/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649458/; classtype:trojan-activity;sid:84512558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649454)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/windows/gac/zh-chs/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649454/; classtype:trojan-activity;sid:84512554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649455)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171854/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649455/; classtype:trojan-activity;sid:84512555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649453)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/res/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649453/; classtype:trojan-activity;sid:84512553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649451)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-10-04/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649451/; classtype:trojan-activity;sid:84512551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649452)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/windows/gac/zh-chs/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649452/; classtype:trojan-activity;sid:84512552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649450)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211008-021/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649450/; classtype:trojan-activity;sid:84512550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649447)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/dotnetmsp/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649447/; classtype:trojan-activity;sid:84512547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649448)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/windows/syswow64/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649448/; classtype:trojan-activity;sid:84512548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649449)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-05-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649449/; classtype:trojan-activity;sid:84512549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649446)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-06-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649446/; classtype:trojan-activity;sid:84512546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649445)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649445/; classtype:trojan-activity;sid:84512545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649443)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/tools/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649443/; classtype:trojan-activity;sid:84512543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649444)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-065/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649444/; classtype:trojan-activity;sid:84512544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649440)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604321/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649440/; classtype:trojan-activity;sid:84512540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649441)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000624984/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649441/; classtype:trojan-activity;sid:84512541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649442)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649442/; classtype:trojan-activity;sid:84512542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649439)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetmsp/ia64/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649439/; classtype:trojan-activity;sid:84512539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649438)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000566430/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649438/; classtype:trojan-activity;sid:84512538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649435)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220428-040/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649435/; classtype:trojan-activity;sid:84512535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649436)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-04-09/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649436/; classtype:trojan-activity;sid:84512536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649437)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-007/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649437/; classtype:trojan-activity;sid:84512537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649433)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/info.zip"; http_uri; depth:155; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649433/; classtype:trojan-activity;sid:84512533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649434)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210723-026/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649434/; classtype:trojan-activity;sid:84512534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649431)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-006/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649431/; classtype:trojan-activity;sid:84512531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649432)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/windows/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649432/; classtype:trojan-activity;sid:84512532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649429)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/windows%20installer/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649429/; classtype:trojan-activity;sid:84512529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649430)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/keyfile/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649430/; classtype:trojan-activity;sid:84512530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649428)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000543689/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649428/; classtype:trojan-activity;sid:84512528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649427)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-02-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649427/; classtype:trojan-activity;sid:84512527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649426)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000640/2021-12-17/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649426/; classtype:trojan-activity;sid:84512526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649425)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/windows/system32/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649425/; classtype:trojan-activity;sid:84512525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649423)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649423/; classtype:trojan-activity;sid:84512523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649424)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160615/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649424/; classtype:trojan-activity;sid:84512524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649421)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/msnet/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649421/; classtype:trojan-activity;sid:84512521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649422)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/msvs9/common7/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649422/; classtype:trojan-activity;sid:84512522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649419)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/keyfile/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649419/; classtype:trojan-activity;sid:84512519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649420)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-03-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649420/; classtype:trojan-activity;sid:84512520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649418)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171250/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649418/; classtype:trojan-activity;sid:84512518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649417)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-03-13/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649417/; classtype:trojan-activity;sid:84512517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649416)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165250/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649416/; classtype:trojan-activity;sid:84512516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649415)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-01-10/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649415/; classtype:trojan-activity;sid:84512515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649414)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171286/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649414/; classtype:trojan-activity;sid:84512514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649413)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/shared/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649413/; classtype:trojan-activity;sid:84512513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649412)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/msvs9/common7/ide/priassem/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649412/; classtype:trojan-activity;sid:84512512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649411)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169527/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649411/; classtype:trojan-activity;sid:84512511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649410)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-11-18/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649410/; classtype:trojan-activity;sid:84512510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649409)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211206-052/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649409/; classtype:trojan-activity;sid:84512509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649408)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000213544/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649408/; classtype:trojan-activity;sid:84512508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649405)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000626337/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649405/; classtype:trojan-activity;sid:84512505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649406)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171402/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649406/; classtype:trojan-activity;sid:84512506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649407)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/src/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649407/; classtype:trojan-activity;sid:84512507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649402)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-04-02/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649402/; classtype:trojan-activity;sid:84512502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649403)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-059/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649403/; classtype:trojan-activity;sid:84512503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649404)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/zh-chs/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649404/; classtype:trojan-activity;sid:84512504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649397)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000758/2021-05-08/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649397/; classtype:trojan-activity;sid:84512497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649398)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/windows/gac/info.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649398/; classtype:trojan-activity;sid:84512498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649399)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000584368/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649399/; classtype:trojan-activity;sid:84512499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649400)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-026/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649400/; classtype:trojan-activity;sid:84512500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649401)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/msnet/adomd.net/100/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649401/; classtype:trojan-activity;sid:84512501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649396)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000583935/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649396/; classtype:trojan-activity;sid:84512496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649395)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-08-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649395/; classtype:trojan-activity;sid:84512495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649392)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171478/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649392/; classtype:trojan-activity;sid:84512492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649393)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604651/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649393/; classtype:trojan-activity;sid:84512493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649394)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604662/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649394/; classtype:trojan-activity;sid:84512494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649389)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168553/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649389/; classtype:trojan-activity;sid:84512489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649390)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-055/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649390/; classtype:trojan-activity;sid:84512490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649391)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-08-22/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649391/; classtype:trojan-activity;sid:84512491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649388)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/windows/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649388/; classtype:trojan-activity;sid:84512488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649386)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/msnet/adomd.net/100/zh-chs/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649386/; classtype:trojan-activity;sid:84512486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649387)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171462/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649387/; classtype:trojan-activity;sid:84512487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649385)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/2023-12-12/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649385/; classtype:trojan-activity;sid:84512485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649383)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211110-006/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649383/; classtype:trojan-activity;sid:84512483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649384)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/2052/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649384/; classtype:trojan-activity;sid:84512484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649382)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/1/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649382/; classtype:trojan-activity;sid:84512482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649379)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000606635/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649379/; classtype:trojan-activity;sid:84512479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649380)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-03-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649380/; classtype:trojan-activity;sid:84512480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649381)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/connect/en/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649381/; classtype:trojan-activity;sid:84512481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649377)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000238203/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649377/; classtype:trojan-activity;sid:84512477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649378)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649378/; classtype:trojan-activity;sid:84512478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649375)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-12-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649375/; classtype:trojan-activity;sid:84512475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649376)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649376/; classtype:trojan-activity;sid:84512476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649374)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/msvs9/info.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649374/; classtype:trojan-activity;sid:84512474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649372)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171242/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649372/; classtype:trojan-activity;sid:84512472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649373)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171470/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649373/; classtype:trojan-activity;sid:84512473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649371)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-023/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649371/; classtype:trojan-activity;sid:84512471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649368)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000601712/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649368/; classtype:trojan-activity;sid:84512468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649369)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000224583/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649369/; classtype:trojan-activity;sid:84512469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649370)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649370/; classtype:trojan-activity;sid:84512470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649367)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000602407/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649367/; classtype:trojan-activity;sid:84512467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649365)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171464/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649365/; classtype:trojan-activity;sid:84512465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649366)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-07-30/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649366/; classtype:trojan-activity;sid:84512466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649363)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-06-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649363/; classtype:trojan-activity;sid:84512463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649364)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210807-020/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649364/; classtype:trojan-activity;sid:84512464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649362)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-059/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649362/; classtype:trojan-activity;sid:84512462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649360)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171332/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649360/; classtype:trojan-activity;sid:84512460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649361)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/res/1033/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649361/; classtype:trojan-activity;sid:84512461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649359)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-11-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649359/; classtype:trojan-activity;sid:84512459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649358)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-011/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649358/; classtype:trojan-activity;sid:84512458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649357)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166237/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649357/; classtype:trojan-activity;sid:84512457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649354)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165850/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649354/; classtype:trojan-activity;sid:84512454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649355)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-12-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649355/; classtype:trojan-activity;sid:84512455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649356)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/shared/1033/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649356/; classtype:trojan-activity;sid:84512456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649353)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000213544/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649353/; classtype:trojan-activity;sid:84512453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649350)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/sdk/assembly/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649350/; classtype:trojan-activity;sid:84512450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649351)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/vsshell/common7/ide/zh-chs/info.zip"; http_uri; depth:164; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649351/; classtype:trojan-activity;sid:84512451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649352)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-01-10/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649352/; classtype:trojan-activity;sid:84512452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649349)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000542542/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649349/; classtype:trojan-activity;sid:84512449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649348)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649348/; classtype:trojan-activity;sid:84512448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649346)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000265246/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649346/; classtype:trojan-activity;sid:84512446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649347)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/sdk/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649347/; classtype:trojan-activity;sid:84512447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649345)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649345/; classtype:trojan-activity;sid:84512445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649344)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649344/; classtype:trojan-activity;sid:84512444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649343)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/07/info.zip"; http_uri; depth:153; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649343/; classtype:trojan-activity;sid:84512443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649342)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/dotnetfx35/x86/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649342/; classtype:trojan-activity;sid:84512442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649341)"; flow:established,from_client; content:"GET"; http_method; content:"/blog/info.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"96.11.145.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649341/; classtype:trojan-activity;sid:84512441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649340)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-004/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649340/; classtype:trojan-activity;sid:84512440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649339)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2006/11/info.zip"; http_uri; depth:153; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649339/; classtype:trojan-activity;sid:84512439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649338)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-06-13/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649338/; classtype:trojan-activity;sid:84512438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649337)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-08-11/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649337/; classtype:trojan-activity;sid:84512437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649336)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-06-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649336/; classtype:trojan-activity;sid:84512436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649335)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000587212/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649335/; classtype:trojan-activity;sid:84512435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649334)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649334/; classtype:trojan-activity;sid:84512434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649332)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172165/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649332/; classtype:trojan-activity;sid:84512432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649333)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-09-09/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649333/; classtype:trojan-activity;sid:84512433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649331)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000179593/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649331/; classtype:trojan-activity;sid:84512431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649329)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165794/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649329/; classtype:trojan-activity;sid:84512429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649330)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/res/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649330/; classtype:trojan-activity;sid:84512430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649328)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220427-069/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649328/; classtype:trojan-activity;sid:84512428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649326)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000173022/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649326/; classtype:trojan-activity;sid:84512426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649327)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-07-06/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649327/; classtype:trojan-activity;sid:84512427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649325)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/res/1033/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649325/; classtype:trojan-activity;sid:84512425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649324)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-057/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649324/; classtype:trojan-activity;sid:84512424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649321)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/info.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649321/; classtype:trojan-activity;sid:84512421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649322)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649322/; classtype:trojan-activity;sid:84512422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649323)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000677/2023-11-20/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649323/; classtype:trojan-activity;sid:84512423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649320)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-048/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649320/; classtype:trojan-activity;sid:84512420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649319)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-023/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649319/; classtype:trojan-activity;sid:84512419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649317)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000589083/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649317/; classtype:trojan-activity;sid:84512417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649318)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000264706/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649318/; classtype:trojan-activity;sid:84512418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649313)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000584368/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649313/; classtype:trojan-activity;sid:84512413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649314)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/powershell/x86/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649314/; classtype:trojan-activity;sid:84512414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649315)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000225746/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649315/; classtype:trojan-activity;sid:84512415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649316)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/plcomps/res/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649316/; classtype:trojan-activity;sid:84512416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649311)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000543908/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649311/; classtype:trojan-activity;sid:84512411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649312)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/xiangdan/210721-020/document/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649312/; classtype:trojan-activity;sid:84512412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649310)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000566420/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649310/; classtype:trojan-activity;sid:84512410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649308)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000631756/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649308/; classtype:trojan-activity;sid:84512408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649309)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567141/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649309/; classtype:trojan-activity;sid:84512409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649307)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000583935/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649307/; classtype:trojan-activity;sid:84512407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649306)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000215215/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649306/; classtype:trojan-activity;sid:84512406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649305)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-06-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649305/; classtype:trojan-activity;sid:84512405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649304)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211208-061/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649304/; classtype:trojan-activity;sid:84512404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649303)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000562903/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649303/; classtype:trojan-activity;sid:84512403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649302)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/install/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649302/; classtype:trojan-activity;sid:84512402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649300)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-12-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649300/; classtype:trojan-activity;sid:84512400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649301)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/tools/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649301/; classtype:trojan-activity;sid:84512401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649299)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-01-21/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649299/; classtype:trojan-activity;sid:84512399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649297)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/tools/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649297/; classtype:trojan-activity;sid:84512397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649298)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220729-016/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649298/; classtype:trojan-activity;sid:84512398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649296)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/com/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649296/; classtype:trojan-activity;sid:84512396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649295)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567162/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649295/; classtype:trojan-activity;sid:84512395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649294)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000556239/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649294/; classtype:trojan-activity;sid:84512394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649293)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/res/2052/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649293/; classtype:trojan-activity;sid:84512393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649292)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000566149/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649292/; classtype:trojan-activity;sid:84512392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649290)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-11-13/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649290/; classtype:trojan-activity;sid:84512390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649291)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/ide/priassem/busproj/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649291/; classtype:trojan-activity;sid:84512391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649289)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/res/1033/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649289/; classtype:trojan-activity;sid:84512389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649288)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/com/res/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649288/; classtype:trojan-activity;sid:84512388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649287)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649287/; classtype:trojan-activity;sid:84512387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649286)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-04-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649286/; classtype:trojan-activity;sid:84512386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649285)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-06-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649285/; classtype:trojan-activity;sid:84512385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649284)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649284/; classtype:trojan-activity;sid:84512384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649283)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1049/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649283/; classtype:trojan-activity;sid:84512383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649282)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/windows/gac_32/zh-chs/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649282/; classtype:trojan-activity;sid:84512382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649281)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-11-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649281/; classtype:trojan-activity;sid:84512381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649280)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649280/; classtype:trojan-activity;sid:84512380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649278)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168063/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649278/; classtype:trojan-activity;sid:84512378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649279)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649279/; classtype:trojan-activity;sid:84512379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649276)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211228-039/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649276/; classtype:trojan-activity;sid:84512376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649277)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649277/; classtype:trojan-activity;sid:84512377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649275)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-11-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649275/; classtype:trojan-activity;sid:84512375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649274)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/catalog/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649274/; classtype:trojan-activity;sid:84512374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649273)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000224583/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649273/; classtype:trojan-activity;sid:84512373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649272)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-002/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649272/; classtype:trojan-activity;sid:84512372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649271)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604320/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649271/; classtype:trojan-activity;sid:84512371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649270)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-08-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649270/; classtype:trojan-activity;sid:84512370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649268)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000553463/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649268/; classtype:trojan-activity;sid:84512368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649269)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000232289/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649269/; classtype:trojan-activity;sid:84512369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649265)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-09-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649265/; classtype:trojan-activity;sid:84512365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649266)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-04-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649266/; classtype:trojan-activity;sid:84512366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649267)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649267/; classtype:trojan-activity;sid:84512367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649263)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-04-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649263/; classtype:trojan-activity;sid:84512363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649264)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649264/; classtype:trojan-activity;sid:84512364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649260)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/07/showplan/info.zip"; http_uri; depth:160; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649260/; classtype:trojan-activity;sid:84512360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649261)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000600544/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649261/; classtype:trojan-activity;sid:84512361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649262)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-05-13/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649262/; classtype:trojan-activity;sid:84512362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649259)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/windows/gac_32/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649259/; classtype:trojan-activity;sid:84512359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649258)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/keyfile/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649258/; classtype:trojan-activity;sid:84512358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649257)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/windows/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649257/; classtype:trojan-activity;sid:84512357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649255)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000683762/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649255/; classtype:trojan-activity;sid:84512355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649256)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649256/; classtype:trojan-activity;sid:84512356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649254)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210807-008/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649254/; classtype:trojan-activity;sid:84512354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649253)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000680913/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649253/; classtype:trojan-activity;sid:84512353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649249)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649249/; classtype:trojan-activity;sid:84512349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649250)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000558592/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649250/; classtype:trojan-activity;sid:84512350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649251)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/tasks/en/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649251/; classtype:trojan-activity;sid:84512351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649252)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-06-06/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649252/; classtype:trojan-activity;sid:84512352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649248)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220210-142/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649248/; classtype:trojan-activity;sid:84512348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649246)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000546512/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649246/; classtype:trojan-activity;sid:84512346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649247)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210720-027/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649247/; classtype:trojan-activity;sid:84512347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649245)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/feenmer/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649245/; classtype:trojan-activity;sid:84512345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649244)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-040/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649244/; classtype:trojan-activity;sid:84512344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649243)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-05-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649243/; classtype:trojan-activity;sid:84512343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649242)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171090/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649242/; classtype:trojan-activity;sid:84512342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649240)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-06-24/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649240/; classtype:trojan-activity;sid:84512340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649241)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649241/; classtype:trojan-activity;sid:84512341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649238)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/sqlservr/100/com/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649238/; classtype:trojan-activity;sid:84512338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649239)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/windows%20installer/x86/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649239/; classtype:trojan-activity;sid:84512339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649236)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/msvs9/common7/ide/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649236/; classtype:trojan-activity;sid:84512336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649237)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-01-27/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649237/; classtype:trojan-activity;sid:84512337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649235)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210807-020/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649235/; classtype:trojan-activity;sid:84512335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649232)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/90/shared/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649232/; classtype:trojan-activity;sid:84512332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649233)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220406-025/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649233/; classtype:trojan-activity;sid:84512333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649234)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/com/res/2052/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649234/; classtype:trojan-activity;sid:84512334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649231)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-08-17/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649231/; classtype:trojan-activity;sid:84512331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649230)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000551812/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649230/; classtype:trojan-activity;sid:84512330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649229)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000629918/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649229/; classtype:trojan-activity;sid:84512329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649228)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/windows/gac/info.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649228/; classtype:trojan-activity;sid:84512328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649227)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649227/; classtype:trojan-activity;sid:84512327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649226)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/sdk/assembly/en/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649226/; classtype:trojan-activity;sid:84512326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649223)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/windows/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649223/; classtype:trojan-activity;sid:84512323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649224)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-04-15/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649224/; classtype:trojan-activity;sid:84512324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649225)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649225/; classtype:trojan-activity;sid:84512325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649222)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/keyfile/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649222/; classtype:trojan-activity;sid:84512322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649220)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649220/; classtype:trojan-activity;sid:84512320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649221)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649221/; classtype:trojan-activity;sid:84512321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649218)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/sqlservr/100/dts/binn/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649218/; classtype:trojan-activity;sid:84512318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649219)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-024/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649219/; classtype:trojan-activity;sid:84512319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649217)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000633210/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649217/; classtype:trojan-activity;sid:84512317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649216)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000746890/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649216/; classtype:trojan-activity;sid:84512316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649215)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-12-27/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649215/; classtype:trojan-activity;sid:84512315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649212)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/plcomps/res/1033/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649212/; classtype:trojan-activity;sid:84512312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649213)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-09-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649213/; classtype:trojan-activity;sid:84512313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649214)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/res/2052/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649214/; classtype:trojan-activity;sid:84512314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649211)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-020/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649211/; classtype:trojan-activity;sid:84512311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649210)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210809-047/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649210/; classtype:trojan-activity;sid:84512310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649209)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/tasks/zh-chs/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649209/; classtype:trojan-activity;sid:84512309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649208)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-12-21/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649208/; classtype:trojan-activity;sid:84512308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649207)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/sqlservr/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649207/; classtype:trojan-activity;sid:84512307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649205)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649205/; classtype:trojan-activity;sid:84512305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649206)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-05-19/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649206/; classtype:trojan-activity;sid:84512306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649204)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000609592/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649204/; classtype:trojan-activity;sid:84512304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649202)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-036/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649202/; classtype:trojan-activity;sid:84512302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649203)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-061/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649203/; classtype:trojan-activity;sid:84512303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649201)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604501/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649201/; classtype:trojan-activity;sid:84512301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649199)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000489/2024-06-10/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649199/; classtype:trojan-activity;sid:84512299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649200)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/shared/zh-chs/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649200/; classtype:trojan-activity;sid:84512300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649197)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649197/; classtype:trojan-activity;sid:84512297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649198)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/msnet/adomd.net/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649198/; classtype:trojan-activity;sid:84512298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649194)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000549109/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649194/; classtype:trojan-activity;sid:84512294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649195)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567163/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649195/; classtype:trojan-activity;sid:84512295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649196)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-06-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649196/; classtype:trojan-activity;sid:84512296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649192)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000600290/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649192/; classtype:trojan-activity;sid:84512292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649193)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000600544/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649193/; classtype:trojan-activity;sid:84512293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649188)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-08-05/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649188/; classtype:trojan-activity;sid:84512288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649189)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165480/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649189/; classtype:trojan-activity;sid:84512289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649190)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000591478/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649190/; classtype:trojan-activity;sid:84512290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649191)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649191/; classtype:trojan-activity;sid:84512291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649185)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/info.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649185/; classtype:trojan-activity;sid:84512285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649186)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649186/; classtype:trojan-activity;sid:84512286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649187)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000223168/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649187/; classtype:trojan-activity;sid:84512287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649180)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000564863/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649180/; classtype:trojan-activity;sid:84512280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649181)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/src/sass/demo/helpers/info.zip"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649181/; classtype:trojan-activity;sid:84512281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649182)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/keyfile/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649182/; classtype:trojan-activity;sid:84512282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649183)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-01-19/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649183/; classtype:trojan-activity;sid:84512283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649184)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210729-050/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649184/; classtype:trojan-activity;sid:84512284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649179)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-07-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649179/; classtype:trojan-activity;sid:84512279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649178)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649178/; classtype:trojan-activity;sid:84512278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649177)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-01-10/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649177/; classtype:trojan-activity;sid:84512277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649173)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000162652/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649173/; classtype:trojan-activity;sid:84512273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649174)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000606634/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649174/; classtype:trojan-activity;sid:84512274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649175)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166307/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649175/; classtype:trojan-activity;sid:84512275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649176)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000616852/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649176/; classtype:trojan-activity;sid:84512276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649169)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567162/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649169/; classtype:trojan-activity;sid:84512269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649170)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/res/1033/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649170/; classtype:trojan-activity;sid:84512270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649171)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-004/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649171/; classtype:trojan-activity;sid:84512271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649172)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649172/; classtype:trojan-activity;sid:84512272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649167)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000224647/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649167/; classtype:trojan-activity;sid:84512267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649168)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211201-059/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649168/; classtype:trojan-activity;sid:84512268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649163)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/msvs9/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649163/; classtype:trojan-activity;sid:84512263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649164)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649164/; classtype:trojan-activity;sid:84512264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649165)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/1033/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649165/; classtype:trojan-activity;sid:84512265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649166)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000732234/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649166/; classtype:trojan-activity;sid:84512266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649162)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/shared/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649162/; classtype:trojan-activity;sid:84512262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649160)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-10-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649160/; classtype:trojan-activity;sid:84512260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649161)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/1033/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649161/; classtype:trojan-activity;sid:84512261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649157)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-037/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649157/; classtype:trojan-activity;sid:84512257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649158)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166657/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649158/; classtype:trojan-activity;sid:84512258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649159)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2006/info.zip"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649159/; classtype:trojan-activity;sid:84512259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649156)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/dotnetfx35/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649156/; classtype:trojan-activity;sid:84512256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649154)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000603747/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649154/; classtype:trojan-activity;sid:84512254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649155)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-05-04/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649155/; classtype:trojan-activity;sid:84512255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649150)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/info.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649150/; classtype:trojan-activity;sid:84512250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649151)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649151/; classtype:trojan-activity;sid:84512251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649152)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/ide/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649152/; classtype:trojan-activity;sid:84512252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649153)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/windows/gac_32/zh-chs/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649153/; classtype:trojan-activity;sid:84512253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649147)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210918-075/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649147/; classtype:trojan-activity;sid:84512247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649148)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649148/; classtype:trojan-activity;sid:84512248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649149)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000625429/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649149/; classtype:trojan-activity;sid:84512249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649145)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000600309/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649145/; classtype:trojan-activity;sid:84512245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649146)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000489/2023-08-23/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649146/; classtype:trojan-activity;sid:84512246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649143)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000556239/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649143/; classtype:trojan-activity;sid:84512243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649144)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000765367/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649144/; classtype:trojan-activity;sid:84512244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649142)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000625325/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649142/; classtype:trojan-activity;sid:84512242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649138)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000586305/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649138/; classtype:trojan-activity;sid:84512238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649139)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000201084/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649139/; classtype:trojan-activity;sid:84512239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649140)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000230417/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649140/; classtype:trojan-activity;sid:84512240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649141)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649141/; classtype:trojan-activity;sid:84512241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649137)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2021-11-14/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649137/; classtype:trojan-activity;sid:84512237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649134)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649134/; classtype:trojan-activity;sid:84512234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649135)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/1/9929/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649135/; classtype:trojan-activity;sid:84512235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649136)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-02-12/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649136/; classtype:trojan-activity;sid:84512236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649130)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171244/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649130/; classtype:trojan-activity;sid:84512230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649131)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/vs2008/1033/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649131/; classtype:trojan-activity;sid:84512231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649132)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649132/; classtype:trojan-activity;sid:84512232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649133)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649133/; classtype:trojan-activity;sid:84512233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649128)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/info.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649128/; classtype:trojan-activity;sid:84512228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649129)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-074/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649129/; classtype:trojan-activity;sid:84512229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649126)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210817-031/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649126/; classtype:trojan-activity;sid:84512226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649127)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/msnet/adomd.net/100/zh-chs/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649127/; classtype:trojan-activity;sid:84512227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649125)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-02-11/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649125/; classtype:trojan-activity;sid:84512225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649123)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-09-20/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649123/; classtype:trojan-activity;sid:84512223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649124)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168297/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649124/; classtype:trojan-activity;sid:84512224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649121)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-002/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649121/; classtype:trojan-activity;sid:84512221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649122)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/shared/1033/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649122/; classtype:trojan-activity;sid:84512222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649120)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-07-11/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649120/; classtype:trojan-activity;sid:84512220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649118)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168387/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649118/; classtype:trojan-activity;sid:84512218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649119)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000606634/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649119/; classtype:trojan-activity;sid:84512219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649110)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000551813/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649110/; classtype:trojan-activity;sid:84512210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649111)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-03-13/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649111/; classtype:trojan-activity;sid:84512211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649112)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164394/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649112/; classtype:trojan-activity;sid:84512212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649113)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/upgrdmap/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649113/; classtype:trojan-activity;sid:84512213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649114)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/windows/system32/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649114/; classtype:trojan-activity;sid:84512214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649115)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000606635/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649115/; classtype:trojan-activity;sid:84512215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649116)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649116/; classtype:trojan-activity;sid:84512216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649117)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169966/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649117/; classtype:trojan-activity;sid:84512217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649109)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/zh-chs/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649109/; classtype:trojan-activity;sid:84512209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649105)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000621738/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649105/; classtype:trojan-activity;sid:84512205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649106)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210911-035/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649106/; classtype:trojan-activity;sid:84512206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649107)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166665/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649107/; classtype:trojan-activity;sid:84512207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649108)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000224583/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649108/; classtype:trojan-activity;sid:84512208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649100)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetmsp/x64/info.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649100/; classtype:trojan-activity;sid:84512200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649101)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/com/res/1033/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649101/; classtype:trojan-activity;sid:84512201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649102)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1036/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649102/; classtype:trojan-activity;sid:84512202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649103)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649103/; classtype:trojan-activity;sid:84512203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649104)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-031/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649104/; classtype:trojan-activity;sid:84512204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649097)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-05-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649097/; classtype:trojan-activity;sid:84512197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649098)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000600293/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649098/; classtype:trojan-activity;sid:84512198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649099)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170506/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649099/; classtype:trojan-activity;sid:84512199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649093)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567165/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649093/; classtype:trojan-activity;sid:84512193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649094)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649094/; classtype:trojan-activity;sid:84512194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649095)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000585560/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649095/; classtype:trojan-activity;sid:84512195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649096)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000616852/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649096/; classtype:trojan-activity;sid:84512196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649092)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-07-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649092/; classtype:trojan-activity;sid:84512192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649089)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/2022-03-09/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649089/; classtype:trojan-activity;sid:84512189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649090)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/msnet/adomd.net/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649090/; classtype:trojan-activity;sid:84512190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649091)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-037/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649091/; classtype:trojan-activity;sid:84512191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649084)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000591279/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649084/; classtype:trojan-activity;sid:84512184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649085)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/zh-chs/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649085/; classtype:trojan-activity;sid:84512185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649086)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649086/; classtype:trojan-activity;sid:84512186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649087)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1033/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649087/; classtype:trojan-activity;sid:84512187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649088)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/powershell/ia64/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649088/; classtype:trojan-activity;sid:84512188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649082)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-05-29/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649082/; classtype:trojan-activity;sid:84512182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649083)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220406-019/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649083/; classtype:trojan-activity;sid:84512183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649081)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/windows/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649081/; classtype:trojan-activity;sid:84512181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649080)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165248/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649080/; classtype:trojan-activity;sid:84512180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649079)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000546234/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649079/; classtype:trojan-activity;sid:84512179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649078)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000225746/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649078/; classtype:trojan-activity;sid:84512178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649073)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2023-11-23/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649073/; classtype:trojan-activity;sid:84512173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649074)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/msvs9/common7/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649074/; classtype:trojan-activity;sid:84512174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649075)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/plcomps/res/2052/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649075/; classtype:trojan-activity;sid:84512175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649076)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166105/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649076/; classtype:trojan-activity;sid:84512176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649077)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-12-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649077/; classtype:trojan-activity;sid:84512177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649071)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649071/; classtype:trojan-activity;sid:84512171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649072)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211109-007/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649072/; classtype:trojan-activity;sid:84512172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649070)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649070/; classtype:trojan-activity;sid:84512170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649067)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000607873/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649067/; classtype:trojan-activity;sid:84512167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649068)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-10-09/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649068/; classtype:trojan-activity;sid:84512168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649069)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-033/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649069/; classtype:trojan-activity;sid:84512169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649066)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210817-043/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649066/; classtype:trojan-activity;sid:84512166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649065)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567166/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649065/; classtype:trojan-activity;sid:84512165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649063)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/sdk/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649063/; classtype:trojan-activity;sid:84512163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649064)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220809-080/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649064/; classtype:trojan-activity;sid:84512164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649061)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166183/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649061/; classtype:trojan-activity;sid:84512161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649062)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-05-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649062/; classtype:trojan-activity;sid:84512162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649058)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-10-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649058/; classtype:trojan-activity;sid:84512158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649059)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220809-080/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649059/; classtype:trojan-activity;sid:84512159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649060)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/ide/priassem/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649060/; classtype:trojan-activity;sid:84512160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649057)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/com/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649057/; classtype:trojan-activity;sid:84512157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649055)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000616852/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649055/; classtype:trojan-activity;sid:84512155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649056)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-07-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649056/; classtype:trojan-activity;sid:84512156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649050)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-01-27/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649050/; classtype:trojan-activity;sid:84512150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649051)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649051/; classtype:trojan-activity;sid:84512151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649052)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210807-008/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649052/; classtype:trojan-activity;sid:84512152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649053)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-006/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649053/; classtype:trojan-activity;sid:84512153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649054)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220503-020/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649054/; classtype:trojan-activity;sid:84512154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649045)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/2052/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649045/; classtype:trojan-activity;sid:84512145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649046)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/80/tools/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649046/; classtype:trojan-activity;sid:84512146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649047)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220715-064/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649047/; classtype:trojan-activity;sid:84512147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649048)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-10-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649048/; classtype:trojan-activity;sid:84512148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649049)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/sqlservr/100/tools/binn/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649049/; classtype:trojan-activity;sid:84512149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649041)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220111-033/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649041/; classtype:trojan-activity;sid:84512141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649042)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/2052/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649042/; classtype:trojan-activity;sid:84512142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649043)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-07-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649043/; classtype:trojan-activity;sid:84512143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649044)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649044/; classtype:trojan-activity;sid:84512144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649039)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-01-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649039/; classtype:trojan-activity;sid:84512139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649040)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/com/res/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649040/; classtype:trojan-activity;sid:84512140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649033)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170776/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649033/; classtype:trojan-activity;sid:84512133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649034)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160612/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649034/; classtype:trojan-activity;sid:84512134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649035)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2020-12-07/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649035/; classtype:trojan-activity;sid:84512135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649036)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-003/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649036/; classtype:trojan-activity;sid:84512136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649037)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649037/; classtype:trojan-activity;sid:84512137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649038)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pb/normal/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649038/; classtype:trojan-activity;sid:84512138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649032)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/sdk/assembly/zh-chs/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649032/; classtype:trojan-activity;sid:84512132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649031)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-048/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649031/; classtype:trojan-activity;sid:84512131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649023)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/shared/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649023/; classtype:trojan-activity;sid:84512123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649024)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211021-033/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649024/; classtype:trojan-activity;sid:84512124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649025)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210804-020/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649025/; classtype:trojan-activity;sid:84512125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649026)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/cfiles/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649026/; classtype:trojan-activity;sid:84512126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649027)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171306/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649027/; classtype:trojan-activity;sid:84512127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649028)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160718/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649028/; classtype:trojan-activity;sid:84512128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649029)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604673/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649029/; classtype:trojan-activity;sid:84512129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649030)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-06-02/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649030/; classtype:trojan-activity;sid:84512130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649022)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqltran/info.zip"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649022/; classtype:trojan-activity;sid:84512122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649018)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649018/; classtype:trojan-activity;sid:84512118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649019)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-047/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649019/; classtype:trojan-activity;sid:84512119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649020)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-04-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649020/; classtype:trojan-activity;sid:84512120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649021)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164236/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649021/; classtype:trojan-activity;sid:84512121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649015)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211112-030/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649015/; classtype:trojan-activity;sid:84512115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649016)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-07-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649016/; classtype:trojan-activity;sid:84512116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649017)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/windows/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649017/; classtype:trojan-activity;sid:84512117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649012)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171640/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649012/; classtype:trojan-activity;sid:84512112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649013)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649013/; classtype:trojan-activity;sid:84512113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649014)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2024-03-27/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649014/; classtype:trojan-activity;sid:84512114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649009)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649009/; classtype:trojan-activity;sid:84512109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649010)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/2.0/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649010/; classtype:trojan-activity;sid:84512110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649011)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210810-022/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649011/; classtype:trojan-activity;sid:84512111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649007)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/2052/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649007/; classtype:trojan-activity;sid:84512107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649008)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-01-10/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649008/; classtype:trojan-activity;sid:84512108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649006)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649006/; classtype:trojan-activity;sid:84512106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649004)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211110-008/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649004/; classtype:trojan-activity;sid:84512104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649005)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-06-03/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649005/; classtype:trojan-activity;sid:84512105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649002)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649002/; classtype:trojan-activity;sid:84512102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649003)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000586305/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649003/; classtype:trojan-activity;sid:84512103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649001)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649001/; classtype:trojan-activity;sid:84512101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649000)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/sqlservr/100/tools/binn/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649000/; classtype:trojan-activity;sid:84512100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648998)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2024-08-07/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648998/; classtype:trojan-activity;sid:84512098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648999)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567164/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648999/; classtype:trojan-activity;sid:84512099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648994)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-05-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648994/; classtype:trojan-activity;sid:84512094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648995)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166851/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648995/; classtype:trojan-activity;sid:84512095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648996)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-11-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648996/; classtype:trojan-activity;sid:84512096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648997)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791001053/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648997/; classtype:trojan-activity;sid:84512097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648992)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/res/2052/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648992/; classtype:trojan-activity;sid:84512092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648993)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648993/; classtype:trojan-activity;sid:84512093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648987)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:155; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648987/; classtype:trojan-activity;sid:84512087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648988)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000553613/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648988/; classtype:trojan-activity;sid:84512088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648989)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220114-001/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648989/; classtype:trojan-activity;sid:84512089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648990)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/2052/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648990/; classtype:trojan-activity;sid:84512090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648991)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000551812/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648991/; classtype:trojan-activity;sid:84512091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648986)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-04-05/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648986/; classtype:trojan-activity;sid:84512086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648982)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-06-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648982/; classtype:trojan-activity;sid:84512082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648983)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648983/; classtype:trojan-activity;sid:84512083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648984)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000225746/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648984/; classtype:trojan-activity;sid:84512084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648985)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1042/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648985/; classtype:trojan-activity;sid:84512085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648980)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2006/11/events/info.zip"; http_uri; depth:158; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648980/; classtype:trojan-activity;sid:84512080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648981)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000253230/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648981/; classtype:trojan-activity;sid:84512081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648977)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000226538/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648977/; classtype:trojan-activity;sid:84512077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648978)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-05-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648978/; classtype:trojan-activity;sid:84512078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648979)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-03-20/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648979/; classtype:trojan-activity;sid:84512079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648976)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000558592/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648976/; classtype:trojan-activity;sid:84512076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648975)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211008-008/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648975/; classtype:trojan-activity;sid:84512075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648972)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172670/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648972/; classtype:trojan-activity;sid:84512072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648973)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164510/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648973/; classtype:trojan-activity;sid:84512073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648974)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211110-006/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648974/; classtype:trojan-activity;sid:84512074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648970)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/windows/syswow64/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648970/; classtype:trojan-activity;sid:84512070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648971)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/90/shared/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648971/; classtype:trojan-activity;sid:84512071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648969)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/dotnetmsp/ia64/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648969/; classtype:trojan-activity;sid:84512069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648962)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/2052/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648962/; classtype:trojan-activity;sid:84512062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648963)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648963/; classtype:trojan-activity;sid:84512063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648964)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-09-16/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648964/; classtype:trojan-activity;sid:84512064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648965)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/com/res/1033/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648965/; classtype:trojan-activity;sid:84512065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648966)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167219/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648966/; classtype:trojan-activity;sid:84512066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648967)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/windows/gac_32/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648967/; classtype:trojan-activity;sid:84512067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648968)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-12-19/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648968/; classtype:trojan-activity;sid:84512068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648959)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000489/2019-10-31/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648959/; classtype:trojan-activity;sid:84512059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648960)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-05-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648960/; classtype:trojan-activity;sid:84512060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648961)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000765366/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648961/; classtype:trojan-activity;sid:84512061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648957)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171308/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648957/; classtype:trojan-activity;sid:84512057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648958)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165844/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648958/; classtype:trojan-activity;sid:84512058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648956)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000556238/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648956/; classtype:trojan-activity;sid:84512056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648954)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171858/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648954/; classtype:trojan-activity;sid:84512054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648955)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-04-29/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648955/; classtype:trojan-activity;sid:84512055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648953)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/2023-12-21/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648953/; classtype:trojan-activity;sid:84512053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648951)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2020-12-19/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648951/; classtype:trojan-activity;sid:84512051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648952)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160742/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648952/; classtype:trojan-activity;sid:84512052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648947)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000238203/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648947/; classtype:trojan-activity;sid:84512047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648948)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000566429/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648948/; classtype:trojan-activity;sid:84512048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648949)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-11-11/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648949/; classtype:trojan-activity;sid:84512049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648950)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000230418/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648950/; classtype:trojan-activity;sid:84512050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648946)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/sqlservr/info.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648946/; classtype:trojan-activity;sid:84512046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648938)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-09-09/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648938/; classtype:trojan-activity;sid:84512038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648939)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648939/; classtype:trojan-activity;sid:84512039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648940)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000603095/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648940/; classtype:trojan-activity;sid:84512040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648941)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000629918/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648941/; classtype:trojan-activity;sid:84512041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648942)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/18296147000306/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648942/; classtype:trojan-activity;sid:84512042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648943)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/es/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648943/; classtype:trojan-activity;sid:84512043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648944)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:154; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648944/; classtype:trojan-activity;sid:84512044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648945)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/zh-chs/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648945/; classtype:trojan-activity;sid:84512045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648936)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000566149/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648936/; classtype:trojan-activity;sid:84512036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648937)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2020-09-10/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648937/; classtype:trojan-activity;sid:84512037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648934)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/tasks/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648934/; classtype:trojan-activity;sid:84512034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648935)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000765367/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648935/; classtype:trojan-activity;sid:84512035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648933)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168121/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648933/; classtype:trojan-activity;sid:84512033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648926)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165244/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648926/; classtype:trojan-activity;sid:84512026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648927)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-12-10/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648927/; classtype:trojan-activity;sid:84512027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648928)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-02-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648928/; classtype:trojan-activity;sid:84512028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648929)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/powershell/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648929/; classtype:trojan-activity;sid:84512029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648930)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-06-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648930/; classtype:trojan-activity;sid:84512030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648931)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-03-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648931/; classtype:trojan-activity;sid:84512031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648932)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211202-019/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648932/; classtype:trojan-activity;sid:84512032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648922)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-019/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648922/; classtype:trojan-activity;sid:84512022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648923)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/sqlservr/100/info.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648923/; classtype:trojan-activity;sid:84512023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648924)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648924/; classtype:trojan-activity;sid:84512024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648925)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604651/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648925/; classtype:trojan-activity;sid:84512025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648921)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000226538/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648921/; classtype:trojan-activity;sid:84512021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648913)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648913/; classtype:trojan-activity;sid:84512013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648914)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-04-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648914/; classtype:trojan-activity;sid:84512014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648915)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604673/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648915/; classtype:trojan-activity;sid:84512015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648916)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000585436/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648916/; classtype:trojan-activity;sid:84512016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648917)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-04-16/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648917/; classtype:trojan-activity;sid:84512017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648918)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000587212/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648918/; classtype:trojan-activity;sid:84512018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648919)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211228-022/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648919/; classtype:trojan-activity;sid:84512019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648920)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000583934/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648920/; classtype:trojan-activity;sid:84512020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648911)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/keyfile/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648911/; classtype:trojan-activity;sid:84512011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648912)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000201084/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648912/; classtype:trojan-activity;sid:84512012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648910)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1036/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648910/; classtype:trojan-activity;sid:84512010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648902)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/keyfile/2052/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648902/; classtype:trojan-activity;sid:84512002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648903)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567141/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648903/; classtype:trojan-activity;sid:84512003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648904)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-09-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648904/; classtype:trojan-activity;sid:84512004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648905)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2020-05-09/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648905/; classtype:trojan-activity;sid:84512005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648906)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220503-020/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648906/; classtype:trojan-activity;sid:84512006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648907)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/res/1033/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648907/; classtype:trojan-activity;sid:84512007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648908)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/en/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648908/; classtype:trojan-activity;sid:84512008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648909)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000600310/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648909/; classtype:trojan-activity;sid:84512009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648901)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/dotnetfx35/ia64/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648901/; classtype:trojan-activity;sid:84512001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648899)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000585561/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648899/; classtype:trojan-activity;sid:84511999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648900)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168527/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648900/; classtype:trojan-activity;sid:84512000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648895)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170506/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648895/; classtype:trojan-activity;sid:84511995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648896)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648896/; classtype:trojan-activity;sid:84511996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648897)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648897/; classtype:trojan-activity;sid:84511997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648898)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-06-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648898/; classtype:trojan-activity;sid:84511998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648892)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000222522/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648892/; classtype:trojan-activity;sid:84511992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648893)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-06-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648893/; classtype:trojan-activity;sid:84511993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648894)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/vsshell/common7/ide/zh-chs/info.zip"; http_uri; depth:162; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648894/; classtype:trojan-activity;sid:84511994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648891)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167509/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648891/; classtype:trojan-activity;sid:84511991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648888)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604318/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648888/; classtype:trojan-activity;sid:84511988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648889)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171476/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648889/; classtype:trojan-activity;sid:84511989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648890)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000683761/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648890/; classtype:trojan-activity;sid:84511990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648883)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000625549/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648883/; classtype:trojan-activity;sid:84511983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648884)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168551/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648884/; classtype:trojan-activity;sid:84511984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648885)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165820/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648885/; classtype:trojan-activity;sid:84511985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648886)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000603104/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648886/; classtype:trojan-activity;sid:84511986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648887)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-09-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648887/; classtype:trojan-activity;sid:84511987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648879)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210910-045/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648879/; classtype:trojan-activity;sid:84511979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648880)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/msnet/adomd.net/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648880/; classtype:trojan-activity;sid:84511980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648881)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-02-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648881/; classtype:trojan-activity;sid:84511981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648882)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetfx35/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648882/; classtype:trojan-activity;sid:84511982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648872)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166085/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648872/; classtype:trojan-activity;sid:84511972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648873)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/1033/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648873/; classtype:trojan-activity;sid:84511973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648874)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/2052/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648874/; classtype:trojan-activity;sid:84511974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648875)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-01-14/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648875/; classtype:trojan-activity;sid:84511975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648876)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-03-29/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648876/; classtype:trojan-activity;sid:84511976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648877)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171292/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648877/; classtype:trojan-activity;sid:84511977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648878)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1040/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648878/; classtype:trojan-activity;sid:84511978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648871)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648871/; classtype:trojan-activity;sid:84511971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648870)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/res/2052/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648870/; classtype:trojan-activity;sid:84511970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648869)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/plcomps/res/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648869/; classtype:trojan-activity;sid:84511969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648865)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/x64/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648865/; classtype:trojan-activity;sid:84511965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648866)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210910-072/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648866/; classtype:trojan-activity;sid:84511966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648867)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/connect/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648867/; classtype:trojan-activity;sid:84511967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648868)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165486/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648868/; classtype:trojan-activity;sid:84511968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648864)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648864/; classtype:trojan-activity;sid:84511964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648861)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000543689/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648861/; classtype:trojan-activity;sid:84511961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648862)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-11-05/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648862/; classtype:trojan-activity;sid:84511962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648863)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211125-002/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648863/; classtype:trojan-activity;sid:84511963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648859)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000633209/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648859/; classtype:trojan-activity;sid:84511959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648860)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000603104/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648860/; classtype:trojan-activity;sid:84511960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648857)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/sdk/assembly/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648857/; classtype:trojan-activity;sid:84511957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648858)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169013/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648858/; classtype:trojan-activity;sid:84511958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648855)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000677/2020-12-14/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648855/; classtype:trojan-activity;sid:84511955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648856)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-024/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648856/; classtype:trojan-activity;sid:84511956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648854)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160982/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648854/; classtype:trojan-activity;sid:84511954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648850)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-06-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648850/; classtype:trojan-activity;sid:84511950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648851)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648851/; classtype:trojan-activity;sid:84511951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648852)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000618093/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648852/; classtype:trojan-activity;sid:84511952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648853)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/sqlservr/100/shared/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648853/; classtype:trojan-activity;sid:84511953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648848)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648848/; classtype:trojan-activity;sid:84511948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648849)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165826/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648849/; classtype:trojan-activity;sid:84511949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648846)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211021-034/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648846/; classtype:trojan-activity;sid:84511946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648847)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648847/; classtype:trojan-activity;sid:84511947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648841)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-05-29/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648841/; classtype:trojan-activity;sid:84511941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648842)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/sqltypes/info.zip"; http_uri; depth:157; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648842/; classtype:trojan-activity;sid:84511942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648843)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/2052/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648843/; classtype:trojan-activity;sid:84511943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648844)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:158; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648844/; classtype:trojan-activity;sid:84511944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648845)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/vs2008/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648845/; classtype:trojan-activity;sid:84511945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648840)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648840/; classtype:trojan-activity;sid:84511940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648839)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000263120/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648839/; classtype:trojan-activity;sid:84511939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648837)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/sdk/assembly/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648837/; classtype:trojan-activity;sid:84511937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648838)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211026-077/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648838/; classtype:trojan-activity;sid:84511938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648836)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000602408/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648836/; classtype:trojan-activity;sid:84511936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648835)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-02-23/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648835/; classtype:trojan-activity;sid:84511935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648833)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648833/; classtype:trojan-activity;sid:84511933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648834)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648834/; classtype:trojan-activity;sid:84511934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648830)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-05-10/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648830/; classtype:trojan-activity;sid:84511930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648831)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/info.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648831/; classtype:trojan-activity;sid:84511931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648832)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000591547/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648832/; classtype:trojan-activity;sid:84511932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648827)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000624984/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648827/; classtype:trojan-activity;sid:84511927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648828)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000595438/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648828/; classtype:trojan-activity;sid:84511928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648829)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220419-045/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648829/; classtype:trojan-activity;sid:84511929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648823)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/com/res/2052/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648823/; classtype:trojan-activity;sid:84511923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648824)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000621599/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648824/; classtype:trojan-activity;sid:84511924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648825)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171450/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648825/; classtype:trojan-activity;sid:84511925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648826)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210826-050/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648826/; classtype:trojan-activity;sid:84511926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648822)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/connect/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648822/; classtype:trojan-activity;sid:84511922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648819)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166307/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648819/; classtype:trojan-activity;sid:84511919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648820)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-09-11/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648820/; classtype:trojan-activity;sid:84511920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648821)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_msi/windows/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648821/; classtype:trojan-activity;sid:84511921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648817)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648817/; classtype:trojan-activity;sid:84511917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648818)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-053/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648818/; classtype:trojan-activity;sid:84511918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648814)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/msnet/adomd.net/100/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648814/; classtype:trojan-activity;sid:84511914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648815)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-033/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648815/; classtype:trojan-activity;sid:84511915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648816)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648816/; classtype:trojan-activity;sid:84511916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648813)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648813/; classtype:trojan-activity;sid:84511913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648812)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-05-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648812/; classtype:trojan-activity;sid:84511912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648811)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171228/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648811/; classtype:trojan-activity;sid:84511911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648809)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/plcomps/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648809/; classtype:trojan-activity;sid:84511909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648810)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-07-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648810/; classtype:trojan-activity;sid:84511910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648808)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648808/; classtype:trojan-activity;sid:84511908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648807)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/ide/priassem/busproj/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648807/; classtype:trojan-activity;sid:84511907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648805)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171470/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648805/; classtype:trojan-activity;sid:84511905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648806)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-04-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648806/; classtype:trojan-activity;sid:84511906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648801)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000629919/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648801/; classtype:trojan-activity;sid:84511901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648802)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172170/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648802/; classtype:trojan-activity;sid:84511902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648803)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/sqlservr/100/dts/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648803/; classtype:trojan-activity;sid:84511903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648804)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/plcomps/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648804/; classtype:trojan-activity;sid:84511904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648798)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000595439/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648798/; classtype:trojan-activity;sid:84511898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648799)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-09-09/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648799/; classtype:trojan-activity;sid:84511899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648800)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648800/; classtype:trojan-activity;sid:84511900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648794)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648794/; classtype:trojan-activity;sid:84511894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648795)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/90/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648795/; classtype:trojan-activity;sid:84511895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648796)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648796/; classtype:trojan-activity;sid:84511896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648797)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_msi/windows/gac/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648797/; classtype:trojan-activity;sid:84511897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648789)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-07-11/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648789/; classtype:trojan-activity;sid:84511889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648790)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-01-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648790/; classtype:trojan-activity;sid:84511890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648791)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648791/; classtype:trojan-activity;sid:84511891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648792)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetfx35/ia64/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648792/; classtype:trojan-activity;sid:84511892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648793)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648793/; classtype:trojan-activity;sid:84511893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648787)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000557542/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648787/; classtype:trojan-activity;sid:84511887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648788)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000625549/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648788/; classtype:trojan-activity;sid:84511888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648784)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/zh-chs/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648784/; classtype:trojan-activity;sid:84511884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648785)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-01-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648785/; classtype:trojan-activity;sid:84511885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648786)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/sqlservr/100/dts/binn/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648786/; classtype:trojan-activity;sid:84511886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648780)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648780/; classtype:trojan-activity;sid:84511880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648781)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168291/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648781/; classtype:trojan-activity;sid:84511881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648782)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1031/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648782/; classtype:trojan-activity;sid:84511882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648783)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000238203/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648783/; classtype:trojan-activity;sid:84511883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648778)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-02-04/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648778/; classtype:trojan-activity;sid:84511878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648779)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165900/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648779/; classtype:trojan-activity;sid:84511879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648777)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000618093/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648777/; classtype:trojan-activity;sid:84511877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648775)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/plcomps/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648775/; classtype:trojan-activity;sid:84511875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648776)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648776/; classtype:trojan-activity;sid:84511876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648772)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/tools/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648772/; classtype:trojan-activity;sid:84511872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648773)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000546513/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648773/; classtype:trojan-activity;sid:84511873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648774)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/com/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648774/; classtype:trojan-activity;sid:84511874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648768)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-05-13/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648768/; classtype:trojan-activity;sid:84511868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648769)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/res/2052/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648769/; classtype:trojan-activity;sid:84511869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648770)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648770/; classtype:trojan-activity;sid:84511870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648771)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171318/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648771/; classtype:trojan-activity;sid:84511871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648767)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000624762/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648767/; classtype:trojan-activity;sid:84511867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648766)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000621738/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648766/; classtype:trojan-activity;sid:84511866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648764)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/info.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648764/; classtype:trojan-activity;sid:84511864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648765)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-07-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648765/; classtype:trojan-activity;sid:84511865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648763)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/tasks/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648763/; classtype:trojan-activity;sid:84511863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648762)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/binn/dlltmp64/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648762/; classtype:trojan-activity;sid:84511862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648759)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-05-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648759/; classtype:trojan-activity;sid:84511859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648760)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000212326/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648760/; classtype:trojan-activity;sid:84511860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648761)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/2052/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648761/; classtype:trojan-activity;sid:84511861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648758)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000602408/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648758/; classtype:trojan-activity;sid:84511858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648752)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000553198/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648752/; classtype:trojan-activity;sid:84511852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648753)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-01-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648753/; classtype:trojan-activity;sid:84511853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648754)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-12-09/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648754/; classtype:trojan-activity;sid:84511854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648755)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000553198/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648755/; classtype:trojan-activity;sid:84511855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648756)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648756/; classtype:trojan-activity;sid:84511856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648757)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-10-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648757/; classtype:trojan-activity;sid:84511857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648750)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172872/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648750/; classtype:trojan-activity;sid:84511850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648751)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648751/; classtype:trojan-activity;sid:84511851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648749)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000603094/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648749/; classtype:trojan-activity;sid:84511849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648747)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000619269/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648747/; classtype:trojan-activity;sid:84511847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648748)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210814-005/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648748/; classtype:trojan-activity;sid:84511848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648746)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160984/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648746/; classtype:trojan-activity;sid:84511846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648744)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648744/; classtype:trojan-activity;sid:84511844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648745)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000226537/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648745/; classtype:trojan-activity;sid:84511845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648738)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-015/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648738/; classtype:trojan-activity;sid:84511838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648739)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-020/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648739/; classtype:trojan-activity;sid:84511839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648740)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-12-19/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648740/; classtype:trojan-activity;sid:84511840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648741)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-05-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648741/; classtype:trojan-activity;sid:84511841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648742)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/msnet/adomd.net/100/zh-chs/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648742/; classtype:trojan-activity;sid:84511842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648743)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/provdesc/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648743/; classtype:trojan-activity;sid:84511843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648734)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-06-16/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648734/; classtype:trojan-activity;sid:84511834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648735)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/images/famen/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648735/; classtype:trojan-activity;sid:84511835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648736)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-05-22/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648736/; classtype:trojan-activity;sid:84511836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648737)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160478/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648737/; classtype:trojan-activity;sid:84511837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648733)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648733/; classtype:trojan-activity;sid:84511833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648731)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/dotnetfx35/x64/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648731/; classtype:trojan-activity;sid:84511831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648732)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/sqlservr/100/com/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648732/; classtype:trojan-activity;sid:84511832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648729)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/shared/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648729/; classtype:trojan-activity;sid:84511829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648730)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648730/; classtype:trojan-activity;sid:84511830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648728)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648728/; classtype:trojan-activity;sid:84511828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648726)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/keyfile/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648726/; classtype:trojan-activity;sid:84511826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648727)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1041/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648727/; classtype:trojan-activity;sid:84511827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648725)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166243/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648725/; classtype:trojan-activity;sid:84511825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648723)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/connect/en/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648723/; classtype:trojan-activity;sid:84511823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648724)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/sqltypes/info.zip"; http_uri; depth:160; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648724/; classtype:trojan-activity;sid:84511824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648722)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000585561/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648722/; classtype:trojan-activity;sid:84511822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648720)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000767154/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648720/; classtype:trojan-activity;sid:84511820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648721)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1046/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648721/; classtype:trojan-activity;sid:84511821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648718)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/80/tools/binn/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648718/; classtype:trojan-activity;sid:84511818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648719)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-11-12/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648719/; classtype:trojan-activity;sid:84511819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648716)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/2052/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648716/; classtype:trojan-activity;sid:84511816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648717)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-061/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648717/; classtype:trojan-activity;sid:84511817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648715)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/windows/system32/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648715/; classtype:trojan-activity;sid:84511815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648714)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648714/; classtype:trojan-activity;sid:84511814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648713)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210810-020/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648713/; classtype:trojan-activity;sid:84511813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648712)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-06-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648712/; classtype:trojan-activity;sid:84511812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648711)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-12-11/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648711/; classtype:trojan-activity;sid:84511811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648709)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-23/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648709/; classtype:trojan-activity;sid:84511809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648710)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172746/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648710/; classtype:trojan-activity;sid:84511810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648708)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-04-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648708/; classtype:trojan-activity;sid:84511808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648707)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-11-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648707/; classtype:trojan-activity;sid:84511807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648706)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-05-09/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648706/; classtype:trojan-activity;sid:84511806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648705)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210923-026/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648705/; classtype:trojan-activity;sid:84511805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648704)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000556238/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648704/; classtype:trojan-activity;sid:84511804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648703)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/connect/zh-chs/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648703/; classtype:trojan-activity;sid:84511803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648700)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171310/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648700/; classtype:trojan-activity;sid:84511800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648701)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-018/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648701/; classtype:trojan-activity;sid:84511801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648702)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-08-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648702/; classtype:trojan-activity;sid:84511802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648697)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000213544/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648697/; classtype:trojan-activity;sid:84511797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648698)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172292/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648698/; classtype:trojan-activity;sid:84511798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648699)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/info.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648699/; classtype:trojan-activity;sid:84511799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648695)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2006/11/events/info.zip"; http_uri; depth:160; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648695/; classtype:trojan-activity;sid:84511795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648696)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-06-08/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648696/; classtype:trojan-activity;sid:84511796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648694)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648694/; classtype:trojan-activity;sid:84511794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648693)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000542542/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648693/; classtype:trojan-activity;sid:84511793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648692)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160618/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648692/; classtype:trojan-activity;sid:84511792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648691)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-06-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648691/; classtype:trojan-activity;sid:84511791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648688)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-11-16/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648688/; classtype:trojan-activity;sid:84511788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648689)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000624761/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648689/; classtype:trojan-activity;sid:84511789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648690)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-01-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648690/; classtype:trojan-activity;sid:84511790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648685)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648685/; classtype:trojan-activity;sid:84511785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648686)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168329/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648686/; classtype:trojan-activity;sid:84511786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648687)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/shared/2052/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648687/; classtype:trojan-activity;sid:84511787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648682)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167041/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648682/; classtype:trojan-activity;sid:84511782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648683)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000542543/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648683/; classtype:trojan-activity;sid:84511783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648684)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-11-30/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648684/; classtype:trojan-activity;sid:84511784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648679)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-09-09/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648679/; classtype:trojan-activity;sid:84511779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648680)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-06-04/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648680/; classtype:trojan-activity;sid:84511780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648681)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000566149/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648681/; classtype:trojan-activity;sid:84511781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648677)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-02-23/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648677/; classtype:trojan-activity;sid:84511777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648678)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000600309/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648678/; classtype:trojan-activity;sid:84511778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648674)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-10-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648674/; classtype:trojan-activity;sid:84511774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648675)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-08-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648675/; classtype:trojan-activity;sid:84511775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648676)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000617432/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648676/; classtype:trojan-activity;sid:84511776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648673)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-053/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648673/; classtype:trojan-activity;sid:84511773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648670)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000624984/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648670/; classtype:trojan-activity;sid:84511770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648671)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211005-031/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648671/; classtype:trojan-activity;sid:84511771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648672)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000566430/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648672/; classtype:trojan-activity;sid:84511772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648667)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000201084/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648667/; classtype:trojan-activity;sid:84511767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648668)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000586961/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648668/; classtype:trojan-activity;sid:84511768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648669)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604501/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648669/; classtype:trojan-activity;sid:84511769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648662)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604491/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648662/; classtype:trojan-activity;sid:84511762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648663)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000624761/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648663/; classtype:trojan-activity;sid:84511763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648664)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/upgrade/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648664/; classtype:trojan-activity;sid:84511764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648665)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210723-030/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648665/; classtype:trojan-activity;sid:84511765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648666)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000265247/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648666/; classtype:trojan-activity;sid:84511766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648661)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000625429/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648661/; classtype:trojan-activity;sid:84511761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648653)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000677/2024-10-19/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648653/; classtype:trojan-activity;sid:84511753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648654)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/options/info.zip"; http_uri; depth:163; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648654/; classtype:trojan-activity;sid:84511754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648655)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171438/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648655/; classtype:trojan-activity;sid:84511755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648656)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648656/; classtype:trojan-activity;sid:84511756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648657)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000230417/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648657/; classtype:trojan-activity;sid:84511757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648658)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-061/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648658/; classtype:trojan-activity;sid:84511758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648659)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220224-016/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648659/; classtype:trojan-activity;sid:84511759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648660)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-07-08/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648660/; classtype:trojan-activity;sid:84511760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648651)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220210-142/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648651/; classtype:trojan-activity;sid:84511751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648652)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648652/; classtype:trojan-activity;sid:84511752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648649)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648649/; classtype:trojan-activity;sid:84511749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648650)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000566150/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648650/; classtype:trojan-activity;sid:84511750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648648)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210817-031/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648648/; classtype:trojan-activity;sid:84511748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648642)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648642/; classtype:trojan-activity;sid:84511742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648643)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-11-12/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648643/; classtype:trojan-activity;sid:84511743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648644)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-06-30/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648644/; classtype:trojan-activity;sid:84511744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648645)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648645/; classtype:trojan-activity;sid:84511745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648646)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000213545/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648646/; classtype:trojan-activity;sid:84511746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648647)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-05-22/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648647/; classtype:trojan-activity;sid:84511747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648641)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648641/; classtype:trojan-activity;sid:84511741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648639)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567141/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648639/; classtype:trojan-activity;sid:84511739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648640)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-01-30/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648640/; classtype:trojan-activity;sid:84511740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648637)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604491/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648637/; classtype:trojan-activity;sid:84511737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648638)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648638/; classtype:trojan-activity;sid:84511738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648633)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000551813/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648633/; classtype:trojan-activity;sid:84511733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648634)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-12-27/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648634/; classtype:trojan-activity;sid:84511734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648635)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000621599/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648635/; classtype:trojan-activity;sid:84511735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648636)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000457040/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648636/; classtype:trojan-activity;sid:84511736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648627)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-07-06/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648627/; classtype:trojan-activity;sid:84511727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648628)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169469/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648628/; classtype:trojan-activity;sid:84511728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648629)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000426238/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648629/; classtype:trojan-activity;sid:84511729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648630)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000585614/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648630/; classtype:trojan-activity;sid:84511730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648631)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-01-08/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648631/; classtype:trojan-activity;sid:84511731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648632)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-06-30/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648632/; classtype:trojan-activity;sid:84511732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648620)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/binn/dlltmp32/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648620/; classtype:trojan-activity;sid:84511720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648621)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/vs2008/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648621/; classtype:trojan-activity;sid:84511721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648622)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-10-13/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648622/; classtype:trojan-activity;sid:84511722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648623)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/01/info.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648623/; classtype:trojan-activity;sid:84511723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648624)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000677/2023-12-31/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648624/; classtype:trojan-activity;sid:84511724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648625)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-03-20/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648625/; classtype:trojan-activity;sid:84511725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648626)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/src/fonts/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648626/; classtype:trojan-activity;sid:84511726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648609)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/sdk/assembly/en/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648609/; classtype:trojan-activity;sid:84511709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648610)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220427-069/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648610/; classtype:trojan-activity;sid:84511710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648611)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-10-25/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648611/; classtype:trojan-activity;sid:84511711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648612)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211218-033/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648612/; classtype:trojan-activity;sid:84511712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648613)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648613/; classtype:trojan-activity;sid:84511713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648614)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-10-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648614/; classtype:trojan-activity;sid:84511714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648615)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/res/1033/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648615/; classtype:trojan-activity;sid:84511715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648616)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604320/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648616/; classtype:trojan-activity;sid:84511716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648617)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000677/2021-11-19/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648617/; classtype:trojan-activity;sid:84511717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648618)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-010/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648618/; classtype:trojan-activity;sid:84511718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648619)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211116-023/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648619/; classtype:trojan-activity;sid:84511719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648603)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/binn/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648603/; classtype:trojan-activity;sid:84511703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648604)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-06-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648604/; classtype:trojan-activity;sid:84511704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648605)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/zh-chs/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648605/; classtype:trojan-activity;sid:84511705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648606)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648606/; classtype:trojan-activity;sid:84511706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648607)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-065/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648607/; classtype:trojan-activity;sid:84511707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648608)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/en/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648608/; classtype:trojan-activity;sid:84511708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648602)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648602/; classtype:trojan-activity;sid:84511702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648599)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-07-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648599/; classtype:trojan-activity;sid:84511699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648600)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-03-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648600/; classtype:trojan-activity;sid:84511700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648601)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1049/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648601/; classtype:trojan-activity;sid:84511701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648598)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1028/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648598/; classtype:trojan-activity;sid:84511698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648595)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-030/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648595/; classtype:trojan-activity;sid:84511695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648596)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-03-02/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648596/; classtype:trojan-activity;sid:84511696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648597)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/msnet/adomd.net/100/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648597/; classtype:trojan-activity;sid:84511697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648594)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-01-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648594/; classtype:trojan-activity;sid:84511694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648593)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648593/; classtype:trojan-activity;sid:84511693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648592)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168289/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648592/; classtype:trojan-activity;sid:84511692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648591)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/windows/gac/zh-chs/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648591/; classtype:trojan-activity;sid:84511691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648589)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-06-22/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648589/; classtype:trojan-activity;sid:84511689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648590)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171240/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648590/; classtype:trojan-activity;sid:84511690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648576)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/connect/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648576/; classtype:trojan-activity;sid:84511676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648577)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-028/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648577/; classtype:trojan-activity;sid:84511677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648578)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/dist/fonts/info.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648578/; classtype:trojan-activity;sid:84511678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648579)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648579/; classtype:trojan-activity;sid:84511679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648580)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000562903/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648580/; classtype:trojan-activity;sid:84511680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648581)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/binn/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648581/; classtype:trojan-activity;sid:84511681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648582)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/ide/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648582/; classtype:trojan-activity;sid:84511682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648583)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-02-12/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648583/; classtype:trojan-activity;sid:84511683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648584)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000677/2024-05-04/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648584/; classtype:trojan-activity;sid:84511684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648585)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-03-20/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648585/; classtype:trojan-activity;sid:84511685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648586)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/zh-chs/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648586/; classtype:trojan-activity;sid:84511686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648587)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-033/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648587/; classtype:trojan-activity;sid:84511687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648588)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648588/; classtype:trojan-activity;sid:84511688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648575)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/1/9929/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648575/; classtype:trojan-activity;sid:84511675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648574)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000265246/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648574/; classtype:trojan-activity;sid:84511674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648565)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000677/2023-11-02/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648565/; classtype:trojan-activity;sid:84511665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648566)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/plcomps/res/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648566/; classtype:trojan-activity;sid:84511666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648567)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-07-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648567/; classtype:trojan-activity;sid:84511667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648568)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000600290/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648568/; classtype:trojan-activity;sid:84511668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648569)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-024/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648569/; classtype:trojan-activity;sid:84511669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648570)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/msnet/adomd.net/100/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648570/; classtype:trojan-activity;sid:84511670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648571)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172690/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648571/; classtype:trojan-activity;sid:84511671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648572)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-03-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648572/; classtype:trojan-activity;sid:84511672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648573)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000606635/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648573/; classtype:trojan-activity;sid:84511673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648563)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648563/; classtype:trojan-activity;sid:84511663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648564)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648564/; classtype:trojan-activity;sid:84511664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648552)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2022-07-22/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648552/; classtype:trojan-activity;sid:84511652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648553)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000574637/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648553/; classtype:trojan-activity;sid:84511653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648554)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000548123/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648554/; classtype:trojan-activity;sid:84511654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648555)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172690/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648555/; classtype:trojan-activity;sid:84511655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648556)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000552709/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648556/; classtype:trojan-activity;sid:84511656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648557)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000601753/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648557/; classtype:trojan-activity;sid:84511657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648558)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000624763/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648558/; classtype:trojan-activity;sid:84511658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648559)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/dotnetfx20/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648559/; classtype:trojan-activity;sid:84511659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648560)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000555504/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648560/; classtype:trojan-activity;sid:84511660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648561)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000758/2019-08-24/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648561/; classtype:trojan-activity;sid:84511661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648562)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171726/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648562/; classtype:trojan-activity;sid:84511662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648551)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/lang-data/av.scr"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"182.143.114.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648551/; classtype:trojan-activity;sid:84511651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648550)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/av.scr"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"182.143.114.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648550/; classtype:trojan-activity;sid:84511650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648549)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250606-148/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648549/; classtype:trojan-activity;sid:84511649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648548)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240417-047/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648548/; classtype:trojan-activity;sid:84511648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648546)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pbdll/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648546/; classtype:trojan-activity;sid:84511646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648547)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240625-008/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648547/; classtype:trojan-activity;sid:84511647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648544)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221219-024/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648544/; classtype:trojan-activity;sid:84511644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648545)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648545/; classtype:trojan-activity;sid:84511645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648543)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/sefira%20pc/old%20pc/sefira%20data%20on%20bom001_veera/acrobat/adobe%20acrobat%20writer%205.0/acrobat%205/info.zip"; http_uri; depth:149; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648543/; classtype:trojan-activity;sid:84511643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648542)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-059/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648542/; classtype:trojan-activity;sid:84511642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648541)"; flow:established,from_client; content:"GET"; http_method; content:"/update/%e6%96%b0%e5%bb%ba%e6%96%87%e4%bb%b6%e5%a4%b9/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648541/; classtype:trojan-activity;sid:84511641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648537)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250610-009/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648537/; classtype:trojan-activity;sid:84511637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648538)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210720-066/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648538/; classtype:trojan-activity;sid:84511638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648539)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241205-082/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648539/; classtype:trojan-activity;sid:84511639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648540)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220804-012/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648540/; classtype:trojan-activity;sid:84511640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648534)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/xiangdan/info.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648534/; classtype:trojan-activity;sid:84511634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648535)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250709-015/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648535/; classtype:trojan-activity;sid:84511635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648536)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211026-077/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648536/; classtype:trojan-activity;sid:84511636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648530)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220317-085/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648530/; classtype:trojan-activity;sid:84511630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648531)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241128-012/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648531/; classtype:trojan-activity;sid:84511631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648532)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231228-073/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648532/; classtype:trojan-activity;sid:84511632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648533)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220916-031/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648533/; classtype:trojan-activity;sid:84511633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648528)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250616-002/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648528/; classtype:trojan-activity;sid:84511628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648529)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/1.8933demo/177278d1757f/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648529/; classtype:trojan-activity;sid:84511629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648525)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/css/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648525/; classtype:trojan-activity;sid:84511625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648526)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20magnum%20power%20-%20acct%20primarina%20cpd%2027%20april%202016/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648526/; classtype:trojan-activity;sid:84511626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648527)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/my%20pictures/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648527/; classtype:trojan-activity;sid:84511627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648522)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211110-008/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648522/; classtype:trojan-activity;sid:84511622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648523)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20yfsl%20tbn(amis%20orchid)%20-%20scmc%20cpd%2008%20dec%202017/charter%20party/scanned%20copy%20of%20executed%20cp/info.zip"; http_uri; depth:187; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648523/; classtype:trojan-activity;sid:84511623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648524)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-008/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648524/; classtype:trojan-activity;sid:84511624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648519)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/libs/ropper/ropper/av.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648519/; classtype:trojan-activity;sid:84511619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648520)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20iron%20man_jaldhi_080809_035/charter%20parties/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648520/; classtype:trojan-activity;sid:84511620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648521)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20polyworld%20-%20scmc%20cpd%2018th%20jan%202019/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:162; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648521/; classtype:trojan-activity;sid:84511621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648514)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/libs/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648514/; classtype:trojan-activity;sid:84511614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648515)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/%e8%a5%bf%e7%be%8e%e5%8d%b0%e5%88%b7%e7%94%9f%e4%ba%a7%e4%bb%93%e5%ba%93%e7%b3%bb%e7%bb%9f/update/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648515/; classtype:trojan-activity;sid:84511615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648516)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/index/video.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648516/; classtype:trojan-activity;sid:84511616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648517)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210629-021/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648517/; classtype:trojan-activity;sid:84511617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648518)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210910-045/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648518/; classtype:trojan-activity;sid:84511618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648512)"; flow:established,from_client; content:"GET"; http_method; content:"/update/%e8%a5%bf%e7%be%8e%e5%8d%b0%e5%88%b7%e7%94%9f%e4%ba%a7%e4%bb%93%e5%ba%93%e7%b3%bb%e7%bb%9f/setup/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648512/; classtype:trojan-activity;sid:84511612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648513)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/av.lnk"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648513/; classtype:trojan-activity;sid:84511613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648501)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/dist/fonts/info.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648501/; classtype:trojan-activity;sid:84511601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648502)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230327-043/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648502/; classtype:trojan-activity;sid:84511602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648503)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/asn1/av.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648503/; classtype:trojan-activity;sid:84511603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648504)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210720-027/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648504/; classtype:trojan-activity;sid:84511604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648505)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/undw/undw60/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648505/; classtype:trojan-activity;sid:84511605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648506)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-029/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648506/; classtype:trojan-activity;sid:84511606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648507)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/index/photo.scr"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648507/; classtype:trojan-activity;sid:84511607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648508)"; flow:established,from_client; content:"GET"; http_method; content:"/javadoc/exploitpack/video.scr"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648508/; classtype:trojan-activity;sid:84511608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648509)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231116-007/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648509/; classtype:trojan-activity;sid:84511609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648510)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/aug%202008/market%20report%20dtd28aug08/info.zip"; http_uri; depth:168; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648510/; classtype:trojan-activity;sid:84511610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648511)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210529-031/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648511/; classtype:trojan-activity;sid:84511611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648496)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220624-043/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648496/; classtype:trojan-activity;sid:84511596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648497)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/sefira%20pc/old%20pc/sefira%20data%20on%20bom001_veera/my%20documents/charter%20party/charter%20party/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648497/; classtype:trojan-activity;sid:84511597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648498)"; flow:established,from_client; content:"GET"; http_method; content:"/images/photo.lnk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"182.143.114.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648498/; classtype:trojan-activity;sid:84511598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648499)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211008-008/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648499/; classtype:trojan-activity;sid:84511599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648500)"; flow:established,from_client; content:"GET"; http_method; content:"/javadoc/av.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648500/; classtype:trojan-activity;sid:84511600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648494)"; flow:established,from_client; content:"GET"; http_method; content:"/key/photo.scr"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648494/; classtype:trojan-activity;sid:84511594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648495)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220217-062/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648495/; classtype:trojan-activity;sid:84511595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648490)"; flow:established,from_client; content:"GET"; http_method; content:"/maps/info.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"62.122.213.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648490/; classtype:trojan-activity;sid:84511590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648491)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20heilan%20song-fomento%20cp%20dtd%2005%20feb%202018/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648491/; classtype:trojan-activity;sid:84511591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648492)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250715-011/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648492/; classtype:trojan-activity;sid:84511592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648493)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-024/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648493/; classtype:trojan-activity;sid:84511593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648489)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw0606/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648489/; classtype:trojan-activity;sid:84511589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648482)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/aug%202008/market%20report%20dtd%2011th%20aug%202008/info.zip"; http_uri; depth:181; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648482/; classtype:trojan-activity;sid:84511582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648483)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220624-043/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648483/; classtype:trojan-activity;sid:84511583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648484)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/550%20-%20mv%20pan%20crocus%20-%20scmc%20cp%20dtd%2026.02.2020%20-%20file%20no.%20550/brokerage%20invoice/info.zip"; http_uri; depth:205; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648484/; classtype:trojan-activity;sid:84511584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648485)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240111-044/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648485/; classtype:trojan-activity;sid:84511585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648486)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210802-018/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648486/; classtype:trojan-activity;sid:84511586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648487)"; flow:established,from_client; content:"GET"; http_method; content:"/update/%e6%96%b0%e5%bb%ba%e6%96%87%e4%bb%b6%e5%a4%b9/_pb%20decompiler%20dws/bjgl.pbd/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648487/; classtype:trojan-activity;sid:84511587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648488)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20pola%20ladoga-essar%20cpd%2029th%20may%202018/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:161; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648488/; classtype:trojan-activity;sid:84511588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648481)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/modules/photo.scr"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648481/; classtype:trojan-activity;sid:84511581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648480)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241016-028/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648480/; classtype:trojan-activity;sid:84511580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648479)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210816-019/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648479/; classtype:trojan-activity;sid:84511579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648475)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240403-011/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648475/; classtype:trojan-activity;sid:84511575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648476)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-061/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648476/; classtype:trojan-activity;sid:84511576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648477)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/logic/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648477/; classtype:trojan-activity;sid:84511577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648478)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/542%20-%20mv%20dessert%20spring%20-%20power%20international%20-%20cpd%2030.01.2020%20-%20file%20no.%20542/misc%20attachments/info.zip"; http_uri; depth:224; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648478/; classtype:trojan-activity;sid:84511578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648473)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210730-024/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648473/; classtype:trojan-activity;sid:84511573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648474)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220624-043/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648474/; classtype:trojan-activity;sid:84511574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648471)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231113-030/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648471/; classtype:trojan-activity;sid:84511571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648472)"; flow:established,from_client; content:"GET"; http_method; content:"/update/%e6%96%b0%e5%bb%ba%e6%96%87%e4%bb%b6%e5%a4%b9/_pb%20decompiler%20dws/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648472/; classtype:trojan-activity;sid:84511572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648470)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231113-028/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648470/; classtype:trojan-activity;sid:84511570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648467)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-001/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648467/; classtype:trojan-activity;sid:84511567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648468)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240527-035/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648468/; classtype:trojan-activity;sid:84511568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648469)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-047/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648469/; classtype:trojan-activity;sid:84511569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648463)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1100/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648463/; classtype:trojan-activity;sid:84511563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648464)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/dist/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648464/; classtype:trojan-activity;sid:84511564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648465)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/notanalyze/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648465/; classtype:trojan-activity;sid:84511565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648466)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20christina%20iv%20-%20ripley%20cpd%2007%20october%202019/charter%20party/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648466/; classtype:trojan-activity;sid:84511566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648462)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20harmony%20tbn%20(mv%20ce%20guardian)%20-%20acct%20surya%20exim-cpd%2009%20march%202017/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:202; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648462/; classtype:trojan-activity;sid:84511562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648461)"; flow:established,from_client; content:"GET"; http_method; content:"/aspjpeg_setup%e5%9b%be%e7%89%87%e5%a4%84%e7%90%86%e7%bb%84%e4%bb%b6/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648461/; classtype:trojan-activity;sid:84511561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648460)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231101-141/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648460/; classtype:trojan-activity;sid:84511560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648458)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-053/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648458/; classtype:trojan-activity;sid:84511558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648459)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-028/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648459/; classtype:trojan-activity;sid:84511559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648456)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210729-089/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648456/; classtype:trojan-activity;sid:84511556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648457)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/ppw0200/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648457/; classtype:trojan-activity;sid:84511557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648455)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250603-136/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648455/; classtype:trojan-activity;sid:84511555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648452)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648452/; classtype:trojan-activity;sid:84511552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648453)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240718-019/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648453/; classtype:trojan-activity;sid:84511553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648454)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211109-007/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648454/; classtype:trojan-activity;sid:84511554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648451)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250208-081/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648451/; classtype:trojan-activity;sid:84511551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648445)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-041/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648445/; classtype:trojan-activity;sid:84511545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648446)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648446/; classtype:trojan-activity;sid:84511546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648447)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241123-018/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648447/; classtype:trojan-activity;sid:84511547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648448)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220111-033/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648448/; classtype:trojan-activity;sid:84511548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648449)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/output/cores_usr_sbin/video.scr"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648449/; classtype:trojan-activity;sid:84511549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648450)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pdffactory_pro_setup/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648450/; classtype:trojan-activity;sid:84511550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648443)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-002/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648443/; classtype:trojan-activity;sid:84511543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648444)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230323-001/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648444/; classtype:trojan-activity;sid:84511544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648441)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/contrib/automotive/photo.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648441/; classtype:trojan-activity;sid:84511541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648442)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/modules/krack/photo.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648442/; classtype:trojan-activity;sid:84511542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648440)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"62.122.213.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648440/; classtype:trojan-activity;sid:84511540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648438)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/aug%202008/market%20report%20dtd%208%20aug2008/info.zip"; http_uri; depth:175; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648438/; classtype:trojan-activity;sid:84511538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648439)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/551%20-%20mv%20eships%20dugon%20-%20arcelormittal%20cp%20dtd%20%2026.02.2020%20-%20file%20no.%20551/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:240; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648439/; classtype:trojan-activity;sid:84511539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648437)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/nedstar%20profile/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648437/; classtype:trojan-activity;sid:84511537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648435)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/563%20-%20mv%20nd%20aristeia%20-%20bagadiya%20cp%20dtd%2019.06.2020%20-%20file%20no.563/charter%20party/proforma%20cp/info.zip"; http_uri; depth:217; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648435/; classtype:trojan-activity;sid:84511535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648436)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/sefira%20pc/old%20pc/sefira%20data%20on%20bom001_veera/c%20drive/sefira/my%20documents/charter%20party/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648436/; classtype:trojan-activity;sid:84511536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648431)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/556%20-%20mv%20top%20fair%20-%20scmc%20cp%20%20dtd%2007.05.2020%20-%20file%20no.%20556/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:227; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648431/; classtype:trojan-activity;sid:84511531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648432)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20harmony%20tbn%20(mv%20ce%20guardian)%20-%20acct%20surya%20exim-cpd%2009%20march%202017/charter%20party/proforma%20cp/info.zip"; http_uri; depth:191; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648432/; classtype:trojan-activity;sid:84511532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648433)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/sept%202008/market%20report%20dtd%2017%20sep08/info.zip"; http_uri; depth:175; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648433/; classtype:trojan-activity;sid:84511533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648434)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/av.scr"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648434/; classtype:trojan-activity;sid:84511534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648429)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648429/; classtype:trojan-activity;sid:84511529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648430)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240608-095/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648430/; classtype:trojan-activity;sid:84511530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648426)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20densa%20eagle-shreeji%20global%20cpd%2012%20oct%202018/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:170; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648426/; classtype:trojan-activity;sid:84511526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648427)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/sefira%20pc/old%20pc/sefira%20data%20on%20bom001_veera/c%20drive/sefira/my%20documents/my%20pictures/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648427/; classtype:trojan-activity;sid:84511527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648428)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/sefira%20pc/old%20pc/sefira%20data%20on%20bom001_veera/my%20documents/charter%20party/charter%20party/mv.pos%20freedom%20-%20vikram%20ispat%20cp%20dtd%2027th%20may%20%272006/info.zip"; http_uri; depth:217; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648428/; classtype:trojan-activity;sid:84511528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648424)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/libs/ropper/video.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648424/; classtype:trojan-activity;sid:84511524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648425)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/548%20-%20mv%20amfitriti%20-%20visa%20bulk%20cp%20dtd%2021.02.2020%20-%20file%20no.%20548/charter%20party/proforma%20cp/info.zip"; http_uri; depth:219; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648425/; classtype:trojan-activity;sid:84511525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648418)"; flow:established,from_client; content:"GET"; http_method; content:"/data/knowndll/av.scr"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648418/; classtype:trojan-activity;sid:84511518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648419)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/scd/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648419/; classtype:trojan-activity;sid:84511519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648420)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/2052/info.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648420/; classtype:trojan-activity;sid:84511520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648421)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/logic/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648421/; classtype:trojan-activity;sid:84511521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648422)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230213-066/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648422/; classtype:trojan-activity;sid:84511522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648423)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20norvic%20tbn(mv%20ionic%20storm)%20-%20lss%20cpd%2025%20april%202016/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:184; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648423/; classtype:trojan-activity;sid:84511523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648411)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/layers/av.scr"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648411/; classtype:trojan-activity;sid:84511511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648412)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20rainbow%20quest-propel%20shipping-cpd%2017%20oct%202016/charter%20party/proforma%20cp/info.zip"; http_uri; depth:160; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648412/; classtype:trojan-activity;sid:84511512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648413)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240914-044/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648413/; classtype:trojan-activity;sid:84511513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648414)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/libs/av.scr"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648414/; classtype:trojan-activity;sid:84511514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648415)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/output/video.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648415/; classtype:trojan-activity;sid:84511515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648416)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/contrib/scada/av.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648416/; classtype:trojan-activity;sid:84511516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648417)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240803-024/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648417/; classtype:trojan-activity;sid:84511517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648405)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-011/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648405/; classtype:trojan-activity;sid:84511505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648406)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240326-093/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648406/; classtype:trojan-activity;sid:84511506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648407)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230518-057/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648407/; classtype:trojan-activity;sid:84511507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648408)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211218-033/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648408/; classtype:trojan-activity;sid:84511508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648409)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/libs/ropper/filebytes/photo.scr"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648409/; classtype:trojan-activity;sid:84511509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648410)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210723-002/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648410/; classtype:trojan-activity;sid:84511510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648398)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231008-073/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648398/; classtype:trojan-activity;sid:84511498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648399)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/fonts/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648399/; classtype:trojan-activity;sid:84511499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648400)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221017-053/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648400/; classtype:trojan-activity;sid:84511500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648401)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241007-045/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648401/; classtype:trojan-activity;sid:84511501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648402)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221118-098/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648402/; classtype:trojan-activity;sid:84511502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648403)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230817-055/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648403/; classtype:trojan-activity;sid:84511503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648404)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-006/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648404/; classtype:trojan-activity;sid:84511504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648394)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/oct%202008/14%20oct08/info.zip"; http_uri; depth:150; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648394/; classtype:trojan-activity;sid:84511494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648395)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240329-083/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648395/; classtype:trojan-activity;sid:84511495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648396)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-034/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648396/; classtype:trojan-activity;sid:84511496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648397)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250709-032/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648397/; classtype:trojan-activity;sid:84511497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648393)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250617-065/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648393/; classtype:trojan-activity;sid:84511493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648390)"; flow:established,from_client; content:"GET"; http_method; content:"/data/dllagent/photo.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648390/; classtype:trojan-activity;sid:84511490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648391)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/libs/ropper/testcases/av.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648391/; classtype:trojan-activity;sid:84511491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648392)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220503-020/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648392/; classtype:trojan-activity;sid:84511492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648385)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/type%20here...vbs"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648385/; classtype:trojan-activity;sid:84511485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648386)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-004/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648386/; classtype:trojan-activity;sid:84511486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648387)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-045/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648387/; classtype:trojan-activity;sid:84511487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648388)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241024-033/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648388/; classtype:trojan-activity;sid:84511488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648389)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230719-034/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648389/; classtype:trojan-activity;sid:84511489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648384)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-048/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648384/; classtype:trojan-activity;sid:84511484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648383)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/nov%202008/market%20report%20dtd%2010th%20nov%2008/info.zip"; http_uri; depth:179; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648383/; classtype:trojan-activity;sid:84511483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648380)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/nov%202008/market%20repot%20dtd%2026%20nov%2008/info.zip"; http_uri; depth:176; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648380/; classtype:trojan-activity;sid:84511480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648381)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-008/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648381/; classtype:trojan-activity;sid:84511481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648382)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241017-088/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648382/; classtype:trojan-activity;sid:84511482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648377)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210103-001/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648377/; classtype:trojan-activity;sid:84511477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648378)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-055/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648378/; classtype:trojan-activity;sid:84511478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648379)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230829-067/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648379/; classtype:trojan-activity;sid:84511479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648375)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240111-062/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648375/; classtype:trojan-activity;sid:84511475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648376)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210720-066/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648376/; classtype:trojan-activity;sid:84511476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648374)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240905-044/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648374/; classtype:trojan-activity;sid:84511474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648373)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231114-038/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648373/; classtype:trojan-activity;sid:84511473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648371)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210901-059/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648371/; classtype:trojan-activity;sid:84511471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648372)"; flow:established,from_client; content:"GET"; http_method; content:"/log/av.scr"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648372/; classtype:trojan-activity;sid:84511472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648367)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240402-089/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648367/; classtype:trojan-activity;sid:84511467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648368)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/1.8933demo/177278d1757f/41dae12595c9/e3ee6be74f9a/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648368/; classtype:trojan-activity;sid:84511468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648369)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231206-014/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648369/; classtype:trojan-activity;sid:84511469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648370)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648370/; classtype:trojan-activity;sid:84511470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648365)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221130-018/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648365/; classtype:trojan-activity;sid:84511465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648366)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/dist/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648366/; classtype:trojan-activity;sid:84511466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648363)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-020/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648363/; classtype:trojan-activity;sid:84511463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648364)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230309-021/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648364/; classtype:trojan-activity;sid:84511464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648361)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1050/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648361/; classtype:trojan-activity;sid:84511461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648362)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20coal%20pride_wamspl_190809_037/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648362/; classtype:trojan-activity;sid:84511462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648355)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20htk%20lucky-%20essar%20cpd%202%20aug%202018/charter%20party/scanned%20copy%20of%20executed%20cp/info.zip"; http_uri; depth:170; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648355/; classtype:trojan-activity;sid:84511455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648356)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20cs%20sonoma-safesea%20cpd%2014%20may%202018/charter%20party/proforma%20cp/info.zip"; http_uri; depth:148; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648356/; classtype:trojan-activity;sid:84511456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648357)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/my%20received%20files/vinod982038189896/info.zip"; http_uri; depth:168; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648357/; classtype:trojan-activity;sid:84511457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648358)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/565%20-%20mv%20woohyun%20green%20-%20singh%20group%20cp%20dtd%2003.07.2020%20-%20file%20no.%20565/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:238; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648358/; classtype:trojan-activity;sid:84511458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648359)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20privmed%20-%20visa%20cpd%2012%20april%202016/charter%20party/scanned%20copy%20of%20executed%20cp/info.zip"; http_uri; depth:171; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648359/; classtype:trojan-activity;sid:84511459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648360)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220824-006/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648360/; classtype:trojan-activity;sid:84511460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648354)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/desktop/transchart/unused%20desktop%20shortcuts/info.zip"; http_uri; depth:161; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648354/; classtype:trojan-activity;sid:84511454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648353)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/libs/ropper/filebytes/photo.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648353/; classtype:trojan-activity;sid:84511453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648347)"; flow:established,from_client; content:"GET"; http_method; content:"/key/video.scr"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648347/; classtype:trojan-activity;sid:84511447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648348)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/libs/ropgadget/video.scr"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648348/; classtype:trojan-activity;sid:84511448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648349)"; flow:established,from_client; content:"GET"; http_method; content:"/key/av.scr"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648349/; classtype:trojan-activity;sid:84511449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648350)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241021-102/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648350/; classtype:trojan-activity;sid:84511450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648351)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648351/; classtype:trojan-activity;sid:84511451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648352)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-023/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648352/; classtype:trojan-activity;sid:84511452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648339)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-018/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648339/; classtype:trojan-activity;sid:84511439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648340)"; flow:established,from_client; content:"GET"; http_method; content:"/output/photo.scr"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648340/; classtype:trojan-activity;sid:84511440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648341)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/layers/photo.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648341/; classtype:trojan-activity;sid:84511441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648342)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230904-072/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648342/; classtype:trojan-activity;sid:84511442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648343)"; flow:established,from_client; content:"GET"; http_method; content:"/data/dllagent/video.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648343/; classtype:trojan-activity;sid:84511443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648344)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250523-124/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648344/; classtype:trojan-activity;sid:84511444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648345)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/540%20-%20mv%20stove%20friend%20-%20scmc%20-%20cpdd%2013.01.2020%20-%20file%20no.%20540/charter%20party/scanned%20copy%20of%20executed%20cp/info.zip"; http_uri; depth:239; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648345/; classtype:trojan-activity;sid:84511445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648346)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20ece%20nur%20bayraktar-usl%20cpd%2030%20oct%202015/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:165; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648346/; classtype:trojan-activity;sid:84511446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648334)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210814-028/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648334/; classtype:trojan-activity;sid:84511434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648335)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/libs/ropgadget/av.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648335/; classtype:trojan-activity;sid:84511435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648336)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20prabhu%20gopal%20-%20acct%20visa%20-%20cpd%2016%20april%202016/charter%20party/proforma%20cp/info.zip"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648336/; classtype:trojan-activity;sid:84511436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648337)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231024-129/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648337/; classtype:trojan-activity;sid:84511437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648338)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/xiangdan/210721-020/info.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648338/; classtype:trojan-activity;sid:84511438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648331)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/info.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648331/; classtype:trojan-activity;sid:84511431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648332)"; flow:established,from_client; content:"GET"; http_method; content:"/hitomi%20downloader/info.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.122.213.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648332/; classtype:trojan-activity;sid:84511432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648333)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240425-036/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648333/; classtype:trojan-activity;sid:84511433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648330)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210810-022/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648330/; classtype:trojan-activity;sid:84511430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648329)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-042/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648329/; classtype:trojan-activity;sid:84511429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648327)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210629-021/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648327/; classtype:trojan-activity;sid:84511427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648328)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221019-077/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648328/; classtype:trojan-activity;sid:84511428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648323)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-076/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648323/; classtype:trojan-activity;sid:84511423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648324)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-020/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648324/; classtype:trojan-activity;sid:84511424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648325)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1150/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648325/; classtype:trojan-activity;sid:84511425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648326)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/540%20-%20mv%20stove%20friend%20-%20scmc%20-%20cpdd%2013.01.2020%20-%20file%20no.%20540/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:228; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648326/; classtype:trojan-activity;sid:84511426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648319)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211230-002/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648319/; classtype:trojan-activity;sid:84511419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648320)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-020/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648320/; classtype:trojan-activity;sid:84511420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648321)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/oct%202008/market%20report%20dtd%2027%20oct%2008/info.zip"; http_uri; depth:177; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648321/; classtype:trojan-activity;sid:84511421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648322)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-002/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648322/; classtype:trojan-activity;sid:84511422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648317)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210810-003/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648317/; classtype:trojan-activity;sid:84511417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648318)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-033/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648318/; classtype:trojan-activity;sid:84511418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648316)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-054/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648316/; classtype:trojan-activity;sid:84511416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648314)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250702-070/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648314/; classtype:trojan-activity;sid:84511414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648315)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20ocean%20crown_wbc_100209_008/charter%20parties/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648315/; classtype:trojan-activity;sid:84511415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648311)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230317-034/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648311/; classtype:trojan-activity;sid:84511411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648312)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211215-049/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648312/; classtype:trojan-activity;sid:84511412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648313)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/nov%202008/market%20report%20dtd%2012%20nov%2008/info.zip"; http_uri; depth:177; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648313/; classtype:trojan-activity;sid:84511413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648310)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230511-051/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648310/; classtype:trojan-activity;sid:84511410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648307)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20doro%20-%20acct%20propel%20-%20cpd%2003%20june%202016/charter%20party/proforma%20cp/info.zip"; http_uri; depth:158; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648307/; classtype:trojan-activity;sid:84511407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648308)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-012/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648308/; classtype:trojan-activity;sid:84511408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648309)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/%e8%a5%bf%e7%be%8e%e5%8d%b0%e5%88%b7%e7%94%9f%e4%ba%a7%e4%bb%93%e5%ba%93%e7%b3%bb%e7%bb%9f/sysdll/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648309/; classtype:trojan-activity;sid:84511409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648306)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-058/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648306/; classtype:trojan-activity;sid:84511406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648302)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211021-033/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648302/; classtype:trojan-activity;sid:84511402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648303)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240219-116/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648303/; classtype:trojan-activity;sid:84511403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648304)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210918-075/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648304/; classtype:trojan-activity;sid:84511404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648305)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211116-023/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648305/; classtype:trojan-activity;sid:84511405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648301)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240708-046/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648301/; classtype:trojan-activity;sid:84511401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648300)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20yfsl%20(mv%20sarwar%20jahan)-acct%20scmc-%2018%20november%202016/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:180; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648300/; classtype:trojan-activity;sid:84511400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648299)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-026/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648299/; classtype:trojan-activity;sid:84511399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648297)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/sefira%20pc/old%20pc/sefira%20data%20on%20bom001_veera/c%20drive/sefira/my%20documents/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648297/; classtype:trojan-activity;sid:84511397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648298)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648298/; classtype:trojan-activity;sid:84511398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648296)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220217-058/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648296/; classtype:trojan-activity;sid:84511396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648291)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210809-022/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648291/; classtype:trojan-activity;sid:84511391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648292)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210703-016/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648292/; classtype:trojan-activity;sid:84511392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648293)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.prabhu%20parvati_ispat_020607_019/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648293/; classtype:trojan-activity;sid:84511393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648294)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20zhehai%20520%20-%20scmc%20-%204th%20shipment/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648294/; classtype:trojan-activity;sid:84511394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648295)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-075/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648295/; classtype:trojan-activity;sid:84511395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648288)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240122-018/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648288/; classtype:trojan-activity;sid:84511388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648289)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/ppw0200/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648289/; classtype:trojan-activity;sid:84511389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648290)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/1033/info.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648290/; classtype:trojan-activity;sid:84511390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648287)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/%e8%a5%bf%e7%be%8e%e5%8d%b0%e5%88%b7%e7%94%9f%e4%ba%a7%e4%bb%93%e5%ba%93%e7%b3%bb%e7%bb%9f/pbdll/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648287/; classtype:trojan-activity;sid:84511387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648286)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vinalines%20green-visa%20cp%20dated%2002%20dec%202015/charter%20party/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648286/; classtype:trojan-activity;sid:84511386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648284)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240724-070/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648284/; classtype:trojan-activity;sid:84511384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648285)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210703-016/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648285/; classtype:trojan-activity;sid:84511385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648280)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/tools/av.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648280/; classtype:trojan-activity;sid:84511380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648281)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/560%20-%20mv%20peace%20angel%20-%20scmc%20-%20cp%20dtd%2005.06.2020%20-%20file%20no%20560/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:230; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648281/; classtype:trojan-activity;sid:84511381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648282)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210103-001/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648282/; classtype:trojan-activity;sid:84511382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648283)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/545%20-%20mv%20navios%20ulysses%20-%20power%20international%20-%20cpd%2007.02.2020%20-%20file%20no.%20545/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:246; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648283/; classtype:trojan-activity;sid:84511383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648278)"; flow:established,from_client; content:"GET"; http_method; content:"/data/netprofiler/photo.scr"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648278/; classtype:trojan-activity;sid:84511378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648279)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-056/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648279/; classtype:trojan-activity;sid:84511379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648277)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241205-027/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648277/; classtype:trojan-activity;sid:84511377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648274)"; flow:established,from_client; content:"GET"; http_method; content:"/data/bash/av.lnk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648274/; classtype:trojan-activity;sid:84511374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648275)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250513-103/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648275/; classtype:trojan-activity;sid:84511375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648276)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210911-035/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648276/; classtype:trojan-activity;sid:84511376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648273)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211228-039/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648273/; classtype:trojan-activity;sid:84511373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648272)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648272/; classtype:trojan-activity;sid:84511372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648271)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/output/video.scr"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648271/; classtype:trojan-activity;sid:84511371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648269)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210810-003/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648269/; classtype:trojan-activity;sid:84511369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648270)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250403-102/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648270/; classtype:trojan-activity;sid:84511370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648268)"; flow:established,from_client; content:"GET"; http_method; content:"/data/knowndll/video.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648268/; classtype:trojan-activity;sid:84511368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648266)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241017-114/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648266/; classtype:trojan-activity;sid:84511366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648267)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20privmed%20-%20visa%20cpd%2012%20april%202016/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:160; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648267/; classtype:trojan-activity;sid:84511367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648265)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/1.8933demo/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648265/; classtype:trojan-activity;sid:84511365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648263)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/oct%202008/market%20report%20dtd%2022%20oct%2008/info.zip"; http_uri; depth:177; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648263/; classtype:trojan-activity;sid:84511363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648264)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/modules/video.scr"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648264/; classtype:trojan-activity;sid:84511364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648262)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648262/; classtype:trojan-activity;sid:84511362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648258)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-059/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648258/; classtype:trojan-activity;sid:84511358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648259)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw0505/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648259/; classtype:trojan-activity;sid:84511359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648260)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648260/; classtype:trojan-activity;sid:84511360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648261)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/modules/av.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648261/; classtype:trojan-activity;sid:84511361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648257)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20hydrus-usl%20cpd%2019%20aug%202016/charter%20party/scanned%20copy%20of%20executed%20cp/info.zip"; http_uri; depth:161; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648257/; classtype:trojan-activity;sid:84511357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648255)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-010/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648255/; classtype:trojan-activity;sid:84511355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648256)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20prabhu%20gopal%20-%20acct%20usl-%20cpd%2027%20july%202017/brokerage%20invoice/info.zip"; http_uri; depth:152; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648256/; classtype:trojan-activity;sid:84511356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648254)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210826-050/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648254/; classtype:trojan-activity;sid:84511354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648252)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210607-069/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648252/; classtype:trojan-activity;sid:84511352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648253)"; flow:established,from_client; content:"GET"; http_method; content:"/update/%e8%a5%bf%e7%be%8e%e5%8d%b0%e5%88%b7%e7%94%9f%e4%ba%a7%e4%bb%93%e5%ba%93%e7%b3%bb%e7%bb%9f/sysdll/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648253/; classtype:trojan-activity;sid:84511353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648251)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250331-029/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648251/; classtype:trojan-activity;sid:84511351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648250)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210731-081/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648250/; classtype:trojan-activity;sid:84511350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648249)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-019/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648249/; classtype:trojan-activity;sid:84511349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648248)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-022/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648248/; classtype:trojan-activity;sid:84511348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648246)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250410-075/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648246/; classtype:trojan-activity;sid:84511346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648247)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230508-048/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648247/; classtype:trojan-activity;sid:84511347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648243)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-054/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648243/; classtype:trojan-activity;sid:84511343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648244)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-043/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648244/; classtype:trojan-activity;sid:84511344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648245)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/css/info.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648245/; classtype:trojan-activity;sid:84511345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648241)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1250/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648241/; classtype:trojan-activity;sid:84511341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648242)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-043/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648242/; classtype:trojan-activity;sid:84511342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648240)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220528-019/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648240/; classtype:trojan-activity;sid:84511340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648239)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/542%20-%20mv%20dessert%20spring%20-%20power%20international%20-%20cpd%2030.01.2020%20-%20file%20no.%20542/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:246; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648239/; classtype:trojan-activity;sid:84511339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648238)"; flow:established,from_client; content:"GET"; http_method; content:"/log/video.scr"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648238/; classtype:trojan-activity;sid:84511338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648236)"; flow:established,from_client; content:"GET"; http_method; content:"/data/exploitpackgp/certificate/photo.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648236/; classtype:trojan-activity;sid:84511336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648237)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/layers/av.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648237/; classtype:trojan-activity;sid:84511337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648229)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250717-033/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648229/; classtype:trojan-activity;sid:84511329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648230)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221118-019/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648230/; classtype:trojan-activity;sid:84511330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648231)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240312-072/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648231/; classtype:trojan-activity;sid:84511331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648232)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20chetna%20-%20dhlcp%20dtd%2018%20dec%202015/charter%20party/proforma%20cp/info.zip"; http_uri; depth:156; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648232/; classtype:trojan-activity;sid:84511332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648233)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221207-038/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648233/; classtype:trojan-activity;sid:84511333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648234)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20htc%20alfa-acct%20sudima%20-%20charter%20party%20dated%2026th%20%20november%20-%20fixture%20note/charter%20party/proforma%20cp/info.zip"; http_uri; depth:201; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648234/; classtype:trojan-activity;sid:84511334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648235)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/jul%202008/market%20report%20dtd%2017jul2008/info.zip"; http_uri; depth:173; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648235/; classtype:trojan-activity;sid:84511335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648228)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1050/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648228/; classtype:trojan-activity;sid:84511328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648223)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/otherup/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648223/; classtype:trojan-activity;sid:84511323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648224)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241225-087/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648224/; classtype:trojan-activity;sid:84511324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648225)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20rainbow%20lucky-%20propel%20cp%20dated%2019%20oct%202015/charter%20party/scanned%20copy%20of%20executed%20cp/info.zip"; http_uri; depth:183; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648225/; classtype:trojan-activity;sid:84511325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648226)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/nov%202008/market%20report%20dtd%2024th%20nov/info.zip"; http_uri; depth:174; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648226/; classtype:trojan-activity;sid:84511326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648227)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210814-026/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648227/; classtype:trojan-activity;sid:84511327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648222)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-013/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648222/; classtype:trojan-activity;sid:84511322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648220)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-053/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648220/; classtype:trojan-activity;sid:84511320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648221)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220224-043/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648221/; classtype:trojan-activity;sid:84511321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648219)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230327-016/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648219/; classtype:trojan-activity;sid:84511319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648213)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/downloads/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648213/; classtype:trojan-activity;sid:84511313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648214)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/vk%20jain/my%20pictures/info.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648214/; classtype:trojan-activity;sid:84511314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648215)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220809-080/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648215/; classtype:trojan-activity;sid:84511315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648216)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-001/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648216/; classtype:trojan-activity;sid:84511316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648217)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.devprayag_noble_180408_009/charter%20parties/main%20body/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648217/; classtype:trojan-activity;sid:84511317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648218)"; flow:established,from_client; content:"GET"; http_method; content:"/data/jagent/video.scr"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648218/; classtype:trojan-activity;sid:84511318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648211)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220824-011/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648211/; classtype:trojan-activity;sid:84511311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648212)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-053/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648212/; classtype:trojan-activity;sid:84511312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648205)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250408-014/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648205/; classtype:trojan-activity;sid:84511305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648206)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250315-130/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648206/; classtype:trojan-activity;sid:84511306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648207)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230922-167/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648207/; classtype:trojan-activity;sid:84511307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648208)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/asn1/video.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648208/; classtype:trojan-activity;sid:84511308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648209)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/osiris.vbs"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648209/; classtype:trojan-activity;sid:84511309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648210)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/video.scr"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648210/; classtype:trojan-activity;sid:84511310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648201)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/js/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648201/; classtype:trojan-activity;sid:84511301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648202)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jan%202009%20to%20jul%202009/jan%202009/market%20report%20dtd%2013jan%2009/info.zip"; http_uri; depth:174; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648202/; classtype:trojan-activity;sid:84511302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648203)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/libs/ropper/test-binaries/av.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648203/; classtype:trojan-activity;sid:84511303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648204)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250301-019/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648204/; classtype:trojan-activity;sid:84511304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648194)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-002/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648194/; classtype:trojan-activity;sid:84511294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648195)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw0900/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648195/; classtype:trojan-activity;sid:84511295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648196)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-051/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648196/; classtype:trojan-activity;sid:84511296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648197)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20karolina_jaldhi_260609_026/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648197/; classtype:trojan-activity;sid:84511297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648198)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220428-040/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648198/; classtype:trojan-activity;sid:84511298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648199)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210816-051/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648199/; classtype:trojan-activity;sid:84511299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648200)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240131-058/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648200/; classtype:trojan-activity;sid:84511300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648191)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw0700/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648191/; classtype:trojan-activity;sid:84511291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648192)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/undw/undw90/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648192/; classtype:trojan-activity;sid:84511292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648193)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220211-036/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648193/; classtype:trojan-activity;sid:84511293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648190)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-003/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648190/; classtype:trojan-activity;sid:84511290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648187)"; flow:established,from_client; content:"GET"; http_method; content:"/data/perl/video.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648187/; classtype:trojan-activity;sid:84511287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648188)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/sept%202008/market%20report%20dtd%205sept/info.zip"; http_uri; depth:170; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648188/; classtype:trojan-activity;sid:84511288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648189)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/aug%202008/market%20report%20dtd22aug08/info.zip"; http_uri; depth:168; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648189/; classtype:trojan-activity;sid:84511289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648185)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-059/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648185/; classtype:trojan-activity;sid:84511285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648186)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-036/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648186/; classtype:trojan-activity;sid:84511286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648180)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/557%20-%20mv%20nautical%20madison%20-%20bajrang%20-%20cp%20dtd%2008.05.2020%20-%20file%20no.%20557/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:239; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648180/; classtype:trojan-activity;sid:84511280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648181)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-030/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648181/; classtype:trojan-activity;sid:84511281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648182)"; flow:established,from_client; content:"GET"; http_method; content:"/test/info.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"202.84.41.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648182/; classtype:trojan-activity;sid:84511282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648183)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw0505/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648183/; classtype:trojan-activity;sid:84511283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648184)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230415-045/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648184/; classtype:trojan-activity;sid:84511284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648179)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/contrib/video.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648179/; classtype:trojan-activity;sid:84511279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648175)"; flow:established,from_client; content:"GET"; http_method; content:"/data/exploitpackgp/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648175/; classtype:trojan-activity;sid:84511275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648176)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210804-082/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648176/; classtype:trojan-activity;sid:84511276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648177)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210706-066/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648177/; classtype:trojan-activity;sid:84511277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648178)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/sefira%20pc/old%20pc/sefira%20data%20on%20bom001_veera/internet%20explorer%206.0%20(full)/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648178/; classtype:trojan-activity;sid:84511278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648171)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20rainbow%20lucky-%20propel%20cp%20dated%2019%20oct%202015/charter%20party/proforma%20cp/info.zip"; http_uri; depth:161; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648171/; classtype:trojan-activity;sid:84511271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648172)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20pacific%20island-joy%20sky%20mineral%20cpd%2022-jan-2015/charter%20party/proforma%20cp/info.zip"; http_uri; depth:161; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648172/; classtype:trojan-activity;sid:84511272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648173)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230712-107/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648173/; classtype:trojan-activity;sid:84511273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648174)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221201-071/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648174/; classtype:trojan-activity;sid:84511274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648168)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210807-023/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648168/; classtype:trojan-activity;sid:84511268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648169)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250613-003/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648169/; classtype:trojan-activity;sid:84511269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648170)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/output/cores_usr_sbin/photo.scr"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648170/; classtype:trojan-activity;sid:84511270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648166)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241019-103/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648166/; classtype:trojan-activity;sid:84511266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648167)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/sefira%20pc/old%20pc/sefira%20data%20on%20bom001_veera/my%20documents/fixture%20notes/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648167/; classtype:trojan-activity;sid:84511267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648164)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-042/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648164/; classtype:trojan-activity;sid:84511264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648165)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/dist/css/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648165/; classtype:trojan-activity;sid:84511265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648162)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210804-020/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648162/; classtype:trojan-activity;sid:84511262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648163)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/559%20-%20mv%20stonington%20eagle%20-power%20international%20cp%20dtd%2022.05.2020%20-%20file%20no.559/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:243; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648163/; classtype:trojan-activity;sid:84511263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648157)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210720-066/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648157/; classtype:trojan-activity;sid:84511257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648158)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-018/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648158/; classtype:trojan-activity;sid:84511258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648159)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/nov%202008/market%20reprt%20dtd%203%20nov%202008/info.zip"; http_uri; depth:177; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648159/; classtype:trojan-activity;sid:84511259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648160)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240918-031/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648160/; classtype:trojan-activity;sid:84511260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648161)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1250/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648161/; classtype:trojan-activity;sid:84511261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648155)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/1.8933demo/177278d1757f/41dae12595c9/e3ee6be74f9a/info.zip"; http_uri; depth:153; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648155/; classtype:trojan-activity;sid:84511255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648156)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20rhodos%20-%20torq%20cpd%2005%20july%202019/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:158; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648156/; classtype:trojan-activity;sid:84511256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648152)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jan%202009%20to%20jul%202009/jan%202009/market%20report%20dtd%207%20jan%2009/info.zip"; http_uri; depth:176; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648152/; classtype:trojan-activity;sid:84511252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648153)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jan%202009%20to%20jul%202009/jan%202009/market%20report%20dtd%208%20jan%2009/info.zip"; http_uri; depth:176; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648153/; classtype:trojan-activity;sid:84511253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648154)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/sefira%20pc/old%20pc/sefira%20data%20on%20bom001_veera/c%20drive/sefira/my%20documents/charter%20party/cps%20sent%20to%20tony%20brown/cps%20sent%20to%20tony%20brown/info.zip"; http_uri; depth:208; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648154/; classtype:trojan-activity;sid:84511254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648149)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240403-056/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648149/; classtype:trojan-activity;sid:84511249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648150)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20union%20explorer%20-%20isl%20cp%20dtd%2002%20may%202019/mv%20unico%20jianna-%20lss%20ocean%20cpd%2022%20jan%202016/charter%20party/proforma%20cp/info.zip"; http_uri; depth:219; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648150/; classtype:trojan-activity;sid:84511250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648151)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250613-039/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648151/; classtype:trojan-activity;sid:84511251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648147)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/oct%202008/market%20report%20dtd%2031%20oct%2008/info.zip"; http_uri; depth:177; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648147/; classtype:trojan-activity;sid:84511247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648148)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/sefira%20pc/old%20pc/sefira%20data%20on%20bom001_veera/e%20drive/outlook/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648148/; classtype:trojan-activity;sid:84511248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648144)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648144/; classtype:trojan-activity;sid:84511244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648145)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-029/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648145/; classtype:trojan-activity;sid:84511245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648146)"; flow:established,from_client; content:"GET"; http_method; content:"/data/netprofiler/video.scr"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648146/; classtype:trojan-activity;sid:84511246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648143)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-024/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648143/; classtype:trojan-activity;sid:84511243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648137)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20hydrus-%20usl-%20cpd%2028%20july%202016/charter%20party/scanned%20copy%20of%20executed%20cp/info.zip"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648137/; classtype:trojan-activity;sid:84511237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648138)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-002/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648138/; classtype:trojan-activity;sid:84511238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648139)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230705-085/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648139/; classtype:trojan-activity;sid:84511239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648140)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/undw/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648140/; classtype:trojan-activity;sid:84511240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648141)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210624-084/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648141/; classtype:trojan-activity;sid:84511241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648142)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240823-011/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648142/; classtype:trojan-activity;sid:84511242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648132)"; flow:established,from_client; content:"GET"; http_method; content:"/data/exploitpackgp/agent/video.scr"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648132/; classtype:trojan-activity;sid:84511232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648133)"; flow:established,from_client; content:"GET"; http_method; content:"/data/netagent/photo.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648133/; classtype:trojan-activity;sid:84511233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648134)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648134/; classtype:trojan-activity;sid:84511234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648135)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250421-008/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648135/; classtype:trojan-activity;sid:84511235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648136)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-050/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648136/; classtype:trojan-activity;sid:84511236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648129)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/550%20-%20mv%20pan%20crocus%20-%20scmc%20cp%20dtd%2026.02.2020%20-%20file%20no.%20550/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:226; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648129/; classtype:trojan-activity;sid:84511229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648130)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230310-087/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648130/; classtype:trojan-activity;sid:84511230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648131)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250310-026/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648131/; classtype:trojan-activity;sid:84511231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648123)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jan%202009%20to%20jul%202009/april%202009/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648123/; classtype:trojan-activity;sid:84511223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648124)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/tools/automotive/photo.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648124/; classtype:trojan-activity;sid:84511224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648125)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pbdll/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648125/; classtype:trojan-activity;sid:84511225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648126)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/oct%202008/market%20report%20dtd%2016%20oct%2008/info.zip"; http_uri; depth:177; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648126/; classtype:trojan-activity;sid:84511226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648127)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/info.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648127/; classtype:trojan-activity;sid:84511227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648128)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/564%20-%20mv%20banglar%20joyjatra%20-%20martrade%20cp%20dtd%2001.07.2020%20-%20file%20no.%20564/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:236; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648128/; classtype:trojan-activity;sid:84511228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648118)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/%e8%a5%bf%e7%be%8e%e5%8d%b0%e5%88%b7%e7%94%9f%e4%ba%a7%e4%bb%93%e5%ba%93%e7%b3%bb%e7%bb%9f/setup/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648118/; classtype:trojan-activity;sid:84511218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648119)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-057/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648119/; classtype:trojan-activity;sid:84511219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648120)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/fonts/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648120/; classtype:trojan-activity;sid:84511220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648121)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw0800/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648121/; classtype:trojan-activity;sid:84511221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648122)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20norvic%20tbn(mv%20ionic%20storm)%20-%20lss%20cpd%2025%20april%202016/charter%20party/proforma%20cp/info.zip"; http_uri; depth:173; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648122/; classtype:trojan-activity;sid:84511222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648115)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/540%20-%20mv%20stove%20friend%20-%20scmc%20-%20cpdd%2013.01.2020%20-%20file%20no.%20540/misc%20attachments/chrts%20ltc/info.zip"; http_uri; depth:218; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648115/; classtype:trojan-activity;sid:84511215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648116)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221130-089/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648116/; classtype:trojan-activity;sid:84511216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648117)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-046/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648117/; classtype:trojan-activity;sid:84511217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648114)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220824-006/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648114/; classtype:trojan-activity;sid:84511214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648112)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/my%20received%20files/vinod982038189896/history/info.zip"; http_uri; depth:176; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648112/; classtype:trojan-activity;sid:84511212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648113)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20dubai%20crown%20-%20jaldi%20cpdd%2023%20jan%202018/charter%20party/proforma%20cp/info.zip"; http_uri; depth:155; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648113/; classtype:trojan-activity;sid:84511213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648111)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240717-061/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648111/; classtype:trojan-activity;sid:84511211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648107)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220715-064/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648107/; classtype:trojan-activity;sid:84511207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648108)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240525-082/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648108/; classtype:trojan-activity;sid:84511208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648109)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-002/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648109/; classtype:trojan-activity;sid:84511209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648110)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210730-024/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648110/; classtype:trojan-activity;sid:84511210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648104)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/jun%202008/marketreport%20dtd%2025jun%202008/info.zip"; http_uri; depth:173; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648104/; classtype:trojan-activity;sid:84511204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648105)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-054/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648105/; classtype:trojan-activity;sid:84511205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648106)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20royal%20innovation-acct%20propel-%20cpd%2006%20jan%202017/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:173; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648106/; classtype:trojan-activity;sid:84511206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648102)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/modules/av.scr"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648102/; classtype:trojan-activity;sid:84511202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648103)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240329-100/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648103/; classtype:trojan-activity;sid:84511203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648098)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20union%20explorer%20-%20isl%20cp%20dtd%2002%20may%202019/mv%20unico%20jianna-%20lss%20ocean%20cpd%2022%20jan%202016/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:230; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648098/; classtype:trojan-activity;sid:84511198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648099)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230310-090/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648099/; classtype:trojan-activity;sid:84511199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648100)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-042/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648100/; classtype:trojan-activity;sid:84511200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648101)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/555%20-%20mv%20pacific%20advance%20-%20isl%20cp%20dtd%2028.04.2020%20-%20file%20no.%20555/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:230; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648101/; classtype:trojan-activity;sid:84511201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648095)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/sefira%20pc/old%20pc/sefira%20data%20on%20bom001_veera/my%20documents/sefira/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648095/; classtype:trojan-activity;sid:84511195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648096)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20prabhu%20gopal%20-%20acct%20visa%20-%20cpd%2016%20april%202016/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:178; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648096/; classtype:trojan-activity;sid:84511196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648097)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250625-002/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648097/; classtype:trojan-activity;sid:84511197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648089)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20privmed%20-%20visa%20cpd%2012%20april%202016/charter%20party/proforma%20cp/info.zip"; http_uri; depth:149; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648089/; classtype:trojan-activity;sid:84511189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648090)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210909-018/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648090/; classtype:trojan-activity;sid:84511190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648091)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20hydrus-%20usl-%20cpd%2028%20july%202016/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:155; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648091/; classtype:trojan-activity;sid:84511191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648092)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/oct%202008/market%20report%20dtd17oct%2008/info.zip"; http_uri; depth:171; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648092/; classtype:trojan-activity;sid:84511192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648093)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/543%20-%20mv%20dessert%20spring%20-%20isl%20-%20cpd%2004.02.2020%20-%20file%20no.%20543/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:228; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648093/; classtype:trojan-activity;sid:84511193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648094)"; flow:established,from_client; content:"GET"; http_method; content:"/data/config/video.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648094/; classtype:trojan-activity;sid:84511194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648087)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/modules/krack/av.scr"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648087/; classtype:trojan-activity;sid:84511187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648088)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/images/info.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648088/; classtype:trojan-activity;sid:84511188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648084)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240523-025/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648084/; classtype:trojan-activity;sid:84511184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648085)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/libs/photo.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648085/; classtype:trojan-activity;sid:84511185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648086)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-045/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648086/; classtype:trojan-activity;sid:84511186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648082)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-020/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648082/; classtype:trojan-activity;sid:84511182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648083)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/help/info.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648083/; classtype:trojan-activity;sid:84511183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648078)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/output/av.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648078/; classtype:trojan-activity;sid:84511178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648079)"; flow:established,from_client; content:"GET"; http_method; content:"/data/exploitpackgp/agent/photo.scr"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648079/; classtype:trojan-activity;sid:84511179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648080)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/index/video.scr"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648080/; classtype:trojan-activity;sid:84511180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648081)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-074/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648081/; classtype:trojan-activity;sid:84511181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648073)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20htc%20alfa-acct%20sudima%20-%20charter%20party%20dated%2026th%20%20november%20-%20fixture%20note/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:212; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648073/; classtype:trojan-activity;sid:84511173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648074)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230826-084/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648074/; classtype:trojan-activity;sid:84511174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648075)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/oct%202008/market%20report%20dtd%206%20oct%202008/info.zip"; http_uri; depth:178; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648075/; classtype:trojan-activity;sid:84511175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648076)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211230-002/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648076/; classtype:trojan-activity;sid:84511176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648077)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/brokerage%20invoice%20template/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648077/; classtype:trojan-activity;sid:84511177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648072)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20clipper%20vision%20-%20orissa%20metalikes%20cpd%2024%20june%202019/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:172; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648072/; classtype:trojan-activity;sid:84511172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648070)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648070/; classtype:trojan-activity;sid:84511170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648071)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-024/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648071/; classtype:trojan-activity;sid:84511171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648068)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210907-038/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648068/; classtype:trojan-activity;sid:84511168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648069)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jan%202009%20to%20jul%202009/mar%202009/market%20report%20dtd%206%20mar%2009/info.zip"; http_uri; depth:176; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648069/; classtype:trojan-activity;sid:84511169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648063)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vigor%20sw%20-%20usl%20shipping%20cp%20dated%2030%20nov%2015/charter%20party/scanned%20copy%20of%20executed%20cp/info.zip"; http_uri; depth:187; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648063/; classtype:trojan-activity;sid:84511163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648064)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/index/photo.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648064/; classtype:trojan-activity;sid:84511164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648065)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250721-033/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648065/; classtype:trojan-activity;sid:84511165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648066)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210103-001/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648066/; classtype:trojan-activity;sid:84511166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648067)"; flow:established,from_client; content:"GET"; http_method; content:"/update/%e8%a5%bf%e7%be%8e%e5%8d%b0%e5%88%b7%e7%94%9f%e4%ba%a7%e4%bb%93%e5%ba%93%e7%b3%bb%e7%bb%9f/pbdll/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648067/; classtype:trojan-activity;sid:84511167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648062)"; flow:established,from_client; content:"GET"; http_method; content:"/data/exploitpackgp/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648062/; classtype:trojan-activity;sid:84511162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648060)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-003/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648060/; classtype:trojan-activity;sid:84511160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648061)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210723-026/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648061/; classtype:trojan-activity;sid:84511161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648057)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/samchira/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648057/; classtype:trojan-activity;sid:84511157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648058)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-034/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648058/; classtype:trojan-activity;sid:84511158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648059)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240828-005/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648059/; classtype:trojan-activity;sid:84511159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648054)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250208-067/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648054/; classtype:trojan-activity;sid:84511154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648055)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20darya%20shaan%20-%20chun%20an%20cpd%2021%20feb%202018/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:169; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648055/; classtype:trojan-activity;sid:84511155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648056)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/js/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648056/; classtype:trojan-activity;sid:84511156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648051)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-013/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648051/; classtype:trojan-activity;sid:84511151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648052)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/nov%202008/market%20report%20dtd%20%2018%20nov%202008/info.zip"; http_uri; depth:182; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648052/; classtype:trojan-activity;sid:84511152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648053)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/dist/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648053/; classtype:trojan-activity;sid:84511153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648050)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/arch/av.scr"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648050/; classtype:trojan-activity;sid:84511150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648048)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/nov%202008/market%20report%20dtd%2013%20nov%2008/info.zip"; http_uri; depth:177; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648048/; classtype:trojan-activity;sid:84511148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648049)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250410-009/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648049/; classtype:trojan-activity;sid:84511149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648040)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/551%20-%20mv%20eships%20dugon%20-%20arcelormittal%20cp%20dtd%20%2026.02.2020%20-%20file%20no.%20551/charter%20party/proforma%20cp/info.zip"; http_uri; depth:229; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648040/; classtype:trojan-activity;sid:84511140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648041)"; flow:established,from_client; content:"GET"; http_method; content:"/aspjpeg_setup%e5%9b%be%e7%89%87%e5%a4%84%e7%90%86%e7%bb%84%e4%bb%b6/aspjpeg_setup/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648041/; classtype:trojan-activity;sid:84511141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648042)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-018/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648042/; classtype:trojan-activity;sid:84511142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648043)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250308-120/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648043/; classtype:trojan-activity;sid:84511143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648044)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/sefira%20pc/old%20pc/sefira%20data%20on%20bom001_veera/c%20drive/sefira/my%20documents/charter%20party/charter%20party/info.zip"; http_uri; depth:162; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648044/; classtype:trojan-activity;sid:84511144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648045)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-001/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648045/; classtype:trojan-activity;sid:84511145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648046)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210807-008/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648046/; classtype:trojan-activity;sid:84511146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648047)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240807-021/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648047/; classtype:trojan-activity;sid:84511147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648038)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/541%20-%20mv%20great%20amity%20-%20isl%20-%20cpd%2030%20jan%202020%20-%20file%20no.%20541/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:230; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648038/; classtype:trojan-activity;sid:84511138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648039)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-060/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648039/; classtype:trojan-activity;sid:84511139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648037)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210804-089/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648037/; classtype:trojan-activity;sid:84511137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648033)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jan%202009%20to%20jul%202009/jan%202009/market%20report%20dtd%2029%20jan%2009/info.zip"; http_uri; depth:177; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648033/; classtype:trojan-activity;sid:84511133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648034)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jan%202009%20to%20jul%202009/mar%202009/market%20report%20dtd%205%20mer%2009/info.zip"; http_uri; depth:176; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648034/; classtype:trojan-activity;sid:84511134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648035)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250701-032/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648035/; classtype:trojan-activity;sid:84511135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648036)"; flow:established,from_client; content:"GET"; http_method; content:"/update/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648036/; classtype:trojan-activity;sid:84511136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648029)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/sefira%20pc/old%20pc/sefira%20data%20on%20bom001_veera/outlook/ganesh/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648029/; classtype:trojan-activity;sid:84511129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648030)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/output/cores_usr_sbin/photo.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648030/; classtype:trojan-activity;sid:84511130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648031)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/output/cores/video.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648031/; classtype:trojan-activity;sid:84511131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648032)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1100/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648032/; classtype:trojan-activity;sid:84511132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648027)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241114-115/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648027/; classtype:trojan-activity;sid:84511127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648028)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240531-095/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648028/; classtype:trojan-activity;sid:84511128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648025)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/arch/windows/av.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648025/; classtype:trojan-activity;sid:84511125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648026)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220419-045/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648026/; classtype:trojan-activity;sid:84511126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648023)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250214-003/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648023/; classtype:trojan-activity;sid:84511123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648024)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241031-080/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648024/; classtype:trojan-activity;sid:84511124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648022)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240903-046/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648022/; classtype:trojan-activity;sid:84511122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648016)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20qatar%20spirit%20-%20xianglong%20cpd%2020%20sep%202018/charter%20party/proforma%20cp/info.zip"; http_uri; depth:159; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648016/; classtype:trojan-activity;sid:84511116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648017)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-046/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648017/; classtype:trojan-activity;sid:84511117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648018)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/notanalyze/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648018/; classtype:trojan-activity;sid:84511118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648019)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jan%202009%20to%20jul%202009/feb%202009/market%20report%20dtd%20%2010th%20feb%202009/info.zip"; http_uri; depth:184; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648019/; classtype:trojan-activity;sid:84511119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648020)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240131-035/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648020/; classtype:trojan-activity;sid:84511120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648021)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/dist/fonts/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648021/; classtype:trojan-activity;sid:84511121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648011)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/jul%202008/market%20reort%20dtd%2025jul2008/info.zip"; http_uri; depth:172; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648011/; classtype:trojan-activity;sid:84511111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648012)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/css/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648012/; classtype:trojan-activity;sid:84511112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648013)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210706-066/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648013/; classtype:trojan-activity;sid:84511113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648014)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-065/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648014/; classtype:trojan-activity;sid:84511114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648015)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/conn/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648015/; classtype:trojan-activity;sid:84511115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648006)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230818-065/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648006/; classtype:trojan-activity;sid:84511106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648007)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20rainbow%20lucky-%20propel%20cp%20dated%2019%20oct%202015/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:172; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648007/; classtype:trojan-activity;sid:84511107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648008)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648008/; classtype:trojan-activity;sid:84511108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648009)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-037/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648009/; classtype:trojan-activity;sid:84511109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648010)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241230-059/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648010/; classtype:trojan-activity;sid:84511110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648005)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jan%202009%20to%20jul%202009/feb%202009/market%20report%20dtd%203%20feb%2009/info.zip"; http_uri; depth:176; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648005/; classtype:trojan-activity;sid:84511105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648002)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250630-059/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648002/; classtype:trojan-activity;sid:84511102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648003)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/1.8933demo/177278d1757f/41dae12595c9/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648003/; classtype:trojan-activity;sid:84511103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648004)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vinalines%20green-visa%20cp%20dated%2002%20dec%202015/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:169; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648004/; classtype:trojan-activity;sid:84511104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647999)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/arch/photo.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647999/; classtype:trojan-activity;sid:84511099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648000)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-021/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648000/; classtype:trojan-activity;sid:84511100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648001)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210810-020/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648001/; classtype:trojan-activity;sid:84511101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647995)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/564%20-%20mv%20banglar%20joyjatra%20-%20martrade%20cp%20dtd%2001.07.2020%20-%20file%20no.%20564/charter%20party/proforma%20cp/info.zip"; http_uri; depth:225; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647995/; classtype:trojan-activity;sid:84511095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647996)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/js/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647996/; classtype:trojan-activity;sid:84511096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647997)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-006/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647997/; classtype:trojan-activity;sid:84511097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647998)"; flow:established,from_client; content:"GET"; http_method; content:"/update/%e8%a5%bf%e7%be%8e%e5%8d%b0%e5%88%b7%e7%94%9f%e4%ba%a7%e4%bb%93%e5%ba%93%e7%b3%bb%e7%bb%9f/pic/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647998/; classtype:trojan-activity;sid:84511098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647993)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/sept%202008/market%20report%20dtd15%20sep%202008/info.zip"; http_uri; depth:177; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647993/; classtype:trojan-activity;sid:84511093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647994)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/544%20-%20mv%20ksl%20qingyang%20-%20power%20international%20cpd%2004.02.2020%20-%20file%20no.%20544/charter%20party/proforma%20cp/info.zip"; http_uri; depth:229; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647994/; classtype:trojan-activity;sid:84511094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647990)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250429-048/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647990/; classtype:trojan-activity;sid:84511090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647991)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20firm%20offer%20format/spartan/info.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647991/; classtype:trojan-activity;sid:84511091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647992)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/563%20-%20mv%20nd%20aristeia%20-%20bagadiya%20cp%20dtd%2019.06.2020%20-%20file%20no.563/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:228; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647992/; classtype:trojan-activity;sid:84511092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647989)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20maithili%20-%20essar%20cp%20dtd%2007.09.2019/ltc/new%20folder/new%20folder/info.zip"; http_uri; depth:149; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647989/; classtype:trojan-activity;sid:84511089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647987)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220223-034/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647987/; classtype:trojan-activity;sid:84511087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647988)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20pistis%20-%20visa%20cpd%2015%20march%202016/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:159; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647988/; classtype:trojan-activity;sid:84511088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647984)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/jun%202008/marketreport%20dtd%2026jun%202008/info.zip"; http_uri; depth:173; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647984/; classtype:trojan-activity;sid:84511084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647985)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210817-043/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647985/; classtype:trojan-activity;sid:84511085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647986)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250416-015/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647986/; classtype:trojan-activity;sid:84511086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647983)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210816-019/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647983/; classtype:trojan-activity;sid:84511083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647980)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230909-008/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647980/; classtype:trojan-activity;sid:84511080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647981)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/video.lnk"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647981/; classtype:trojan-activity;sid:84511081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647982)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/video.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647982/; classtype:trojan-activity;sid:84511082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647977)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240127-019/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647977/; classtype:trojan-activity;sid:84511077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647978)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-022/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647978/; classtype:trojan-activity;sid:84511078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647979)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-026/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647979/; classtype:trojan-activity;sid:84511079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647969)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/libs/ropgadget/photo.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647969/; classtype:trojan-activity;sid:84511069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647970)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/547%20-%20mv%20rowan%202%20-%20scmc%20-%20cpdtd%2019.02.2020%20-%20file%20no.%20547/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:224; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647970/; classtype:trojan-activity;sid:84511070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647971)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221015-025/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647971/; classtype:trojan-activity;sid:84511071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647972)"; flow:established,from_client; content:"GET"; http_method; content:"/update/%e8%a5%bf%e7%be%8e%e5%8d%b0%e5%88%b7%e7%94%9f%e4%ba%a7%e4%bb%93%e5%ba%93%e7%b3%bb%e7%bb%9f/info.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647972/; classtype:trojan-activity;sid:84511072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647973)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210820-072/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647973/; classtype:trojan-activity;sid:84511073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647974)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230526-025/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647974/; classtype:trojan-activity;sid:84511074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647975)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230307-014/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647975/; classtype:trojan-activity;sid:84511075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647976)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647976/; classtype:trojan-activity;sid:84511076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647968)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-059/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647968/; classtype:trojan-activity;sid:84511068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647966)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-045/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647966/; classtype:trojan-activity;sid:84511066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647967)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-046/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647967/; classtype:trojan-activity;sid:84511067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647965)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220729-016/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647965/; classtype:trojan-activity;sid:84511065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647964)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240827-070/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647964/; classtype:trojan-activity;sid:84511064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647962)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/output/cores/video.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647962/; classtype:trojan-activity;sid:84511062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647963)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"202.84.41.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647963/; classtype:trojan-activity;sid:84511063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647956)"; flow:established,from_client; content:"GET"; http_method; content:"/log/photo.lnk"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647956/; classtype:trojan-activity;sid:84511056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647957)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw0606/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647957/; classtype:trojan-activity;sid:84511057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647958)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211021-034/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647958/; classtype:trojan-activity;sid:84511058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647959)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250724-113/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647959/; classtype:trojan-activity;sid:84511059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647960)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-024/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647960/; classtype:trojan-activity;sid:84511060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647961)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-009/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647961/; classtype:trojan-activity;sid:84511061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647950)"; flow:established,from_client; content:"GET"; http_method; content:"/data/exploitpackgp/image/av.scr"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647950/; classtype:trojan-activity;sid:84511050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647951)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-030/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647951/; classtype:trojan-activity;sid:84511051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647952)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210720-027/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647952/; classtype:trojan-activity;sid:84511052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647953)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241105-102/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647953/; classtype:trojan-activity;sid:84511053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647954)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240328-046/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647954/; classtype:trojan-activity;sid:84511054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647955)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/548%20-%20mv%20amfitriti%20-%20visa%20bulk%20cp%20dtd%2021.02.2020%20-%20file%20no.%20548/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:230; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647955/; classtype:trojan-activity;sid:84511055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647948)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/%e8%a5%bf%e7%be%8e%e5%8d%b0%e5%88%b7%e7%94%9f%e4%ba%a7%e4%bb%93%e5%ba%93%e7%b3%bb%e7%bb%9f/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647948/; classtype:trojan-activity;sid:84511048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647949)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/info.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647949/; classtype:trojan-activity;sid:84511049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647945)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210529-031/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647945/; classtype:trojan-activity;sid:84511045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647946)"; flow:established,from_client; content:"GET"; http_method; content:"/javadoc/photo.lnk"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647946/; classtype:trojan-activity;sid:84511046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647947)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/dist/js/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647947/; classtype:trojan-activity;sid:84511047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647944)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/symantec/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647944/; classtype:trojan-activity;sid:84511044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647943)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/546%20-%20mv%20oktem%20aksoy%20-%20scmc%20-%20cpd%2018.02.2020%20-%20file%20no.%20546/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:226; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647943/; classtype:trojan-activity;sid:84511043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647940)"; flow:established,from_client; content:"GET"; http_method; content:"/data/config/photo.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647940/; classtype:trojan-activity;sid:84511040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647941)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/photo.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647941/; classtype:trojan-activity;sid:84511041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647942)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jan%202009%20to%20jul%202009/mar%202009/market%20report%20dtd%2012%20mar%2009/info.zip"; http_uri; depth:177; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647942/; classtype:trojan-activity;sid:84511042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647937)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20qatar%20spirit%20-%20xianglong%20cpd%2020%20sep%202018/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:170; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647937/; classtype:trojan-activity;sid:84511037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647938)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220917-046/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647938/; classtype:trojan-activity;sid:84511038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647939)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/undw/undw80/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647939/; classtype:trojan-activity;sid:84511039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647934)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw0900/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647934/; classtype:trojan-activity;sid:84511034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647935)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220114-001/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647935/; classtype:trojan-activity;sid:84511035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647936)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240308-027/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647936/; classtype:trojan-activity;sid:84511036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647931)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20norvic%20tbn(mv%20jupiter)%20%20-%20lss%20-%20cpd%2028%20april%202016/charter%20party/proforma%20cp/info.zip"; http_uri; depth:174; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647931/; classtype:trojan-activity;sid:84511031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647932)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-023/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647932/; classtype:trojan-activity;sid:84511032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647933)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210703-016/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647933/; classtype:trojan-activity;sid:84511033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647930)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240617-013/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647930/; classtype:trojan-activity;sid:84511030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647927)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/sefira%20pc/old%20pc/sefira%20data%20on%20bom001_veera/c%20drive/sefira/my%20documents/charter%20party/cps%20sent%20to%20tony%20brown/info.zip"; http_uri; depth:177; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647927/; classtype:trojan-activity;sid:84511027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647928)"; flow:established,from_client; content:"GET"; http_method; content:"/data/exploitpackgp/image/video.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647928/; classtype:trojan-activity;sid:84511028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647929)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1100_beta1/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647929/; classtype:trojan-activity;sid:84511029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647924)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-015/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647924/; classtype:trojan-activity;sid:84511024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647925)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-007/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647925/; classtype:trojan-activity;sid:84511025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647926)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20doro%20-%20acct%20propel%20-%20cpd%2003%20june%202016/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:169; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647926/; classtype:trojan-activity;sid:84511026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647920)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250211-041/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647920/; classtype:trojan-activity;sid:84511020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647921)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/cpbz/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647921/; classtype:trojan-activity;sid:84511021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647922)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20yfsl%20tbn(amis%20orchid)%20-%20scmc%20cpd%2008%20dec%202017/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:176; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647922/; classtype:trojan-activity;sid:84511022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647923)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210730-004/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647923/; classtype:trojan-activity;sid:84511023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647914)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241106-151/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647914/; classtype:trojan-activity;sid:84511014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647915)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/libs/ropgadget/scripts/av.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647915/; classtype:trojan-activity;sid:84511015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647916)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/dist/css/info.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647916/; classtype:trojan-activity;sid:84511016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647917)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211224-005/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647917/; classtype:trojan-activity;sid:84511017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647918)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250625-043/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647918/; classtype:trojan-activity;sid:84511018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647919)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/567%20-%20mv%20pangeo%20-%20seapol%20cp%20dtd%2004.08.2020%20-%20file%20no.%20567/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:222; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647919/; classtype:trojan-activity;sid:84511019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647913)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250212-044/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647913/; classtype:trojan-activity;sid:84511013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647910)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/%e8%a5%bf%e7%be%8e%e5%8d%b0%e5%88%b7%e7%94%9f%e4%ba%a7%e4%bb%93%e5%ba%93%e7%b3%bb%e7%bb%9f/pic/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647910/; classtype:trojan-activity;sid:84511010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647911)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231110-090/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647911/; classtype:trojan-activity;sid:84511011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647912)"; flow:established,from_client; content:"GET"; http_method; content:"/data/bash/video.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647912/; classtype:trojan-activity;sid:84511012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647909)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-075/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647909/; classtype:trojan-activity;sid:84511009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647908)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230817-051/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647908/; classtype:trojan-activity;sid:84511008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647907)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/vk%20jain/my%20music/my%20playlists/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647907/; classtype:trojan-activity;sid:84511007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647905)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250429-119/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647905/; classtype:trojan-activity;sid:84511005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647906)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250219-050/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647906/; classtype:trojan-activity;sid:84511006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647901)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210817-031/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647901/; classtype:trojan-activity;sid:84511001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647902)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/bookmark/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647902/; classtype:trojan-activity;sid:84511002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647903)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20heilan%20song-fomento%20cp%20dtd%2005%20feb%202018/charter%20party/proforma%20cp/info.zip"; http_uri; depth:155; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647903/; classtype:trojan-activity;sid:84511003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647904)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221227-001/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647904/; classtype:trojan-activity;sid:84511004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647898)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250315-081/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647898/; classtype:trojan-activity;sid:84510998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647899)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210706-066/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647899/; classtype:trojan-activity;sid:84510999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647900)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/transchart/my%20received%20files/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647900/; classtype:trojan-activity;sid:84511000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647896)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20heilan%20song-fomento%20cp%20dtd%2005%20feb%202018/fixture%20note%20(if%20voyage)/proforma%20fn/info.zip"; http_uri; depth:170; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647896/; classtype:trojan-activity;sid:84510996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647897)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240423-021/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647897/; classtype:trojan-activity;sid:84510997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647893)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/asn1/photo.scr"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647893/; classtype:trojan-activity;sid:84510993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647894)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210807-020/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647894/; classtype:trojan-activity;sid:84510994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647895)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-022/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647895/; classtype:trojan-activity;sid:84510995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647887)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240919-102/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647887/; classtype:trojan-activity;sid:84510987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647888)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211230-002/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647888/; classtype:trojan-activity;sid:84510988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647889)"; flow:established,from_client; content:"GET"; http_method; content:"/data/perl/video.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647889/; classtype:trojan-activity;sid:84510989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647890)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210910-072/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647890/; classtype:trojan-activity;sid:84510990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647891)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230629-022/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647891/; classtype:trojan-activity;sid:84510991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647892)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-026/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647892/; classtype:trojan-activity;sid:84510992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647883)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-031/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647883/; classtype:trojan-activity;sid:84510983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647884)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210804-019/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647884/; classtype:trojan-activity;sid:84510984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647885)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/otherup/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647885/; classtype:trojan-activity;sid:84510985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647886)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210810-003/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647886/; classtype:trojan-activity;sid:84510986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647880)"; flow:established,from_client; content:"GET"; http_method; content:"/data/exploitpackgp/agent/av.scr"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647880/; classtype:trojan-activity;sid:84510980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647881)"; flow:established,from_client; content:"GET"; http_method; content:"/log/photo.scr"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647881/; classtype:trojan-activity;sid:84510981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647882)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/libs/av.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647882/; classtype:trojan-activity;sid:84510982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647876)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/tools/automotive/av.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647876/; classtype:trojan-activity;sid:84510976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647877)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/sefira%20pc/old%20pc/sefira%20data%20on%20bom001_veera/my%20documents/charter%20party/cps%20sent%20to%20tony%20brown/cps%20sent%20to%20tony%20brown/info.zip"; http_uri; depth:191; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647877/; classtype:trojan-activity;sid:84510977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647878)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-043/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647878/; classtype:trojan-activity;sid:84510978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647879)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/output/cores/av.scr"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647879/; classtype:trojan-activity;sid:84510979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647874)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210816-019/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647874/; classtype:trojan-activity;sid:84510974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647875)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210723-029/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647875/; classtype:trojan-activity;sid:84510975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647872)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250214-089/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647872/; classtype:trojan-activity;sid:84510972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647873)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210723-030/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647873/; classtype:trojan-activity;sid:84510973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647870)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220618-010/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647870/; classtype:trojan-activity;sid:84510970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647871)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230403-031/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647871/; classtype:trojan-activity;sid:84510971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647865)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240711-130/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647865/; classtype:trojan-activity;sid:84510965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647866)"; flow:established,from_client; content:"GET"; http_method; content:"/key/av.lnk"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647866/; classtype:trojan-activity;sid:84510966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647867)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241008-082/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647867/; classtype:trojan-activity;sid:84510967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647868)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-055/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647868/; classtype:trojan-activity;sid:84510968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647869)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/oct%202008/market%20report%20dtd%2028%20oct%2008/info.zip"; http_uri; depth:177; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647869/; classtype:trojan-activity;sid:84510969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647863)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/tools/photo.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647863/; classtype:trojan-activity;sid:84510963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647864)"; flow:established,from_client; content:"GET"; http_method; content:"/output/video.scr"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647864/; classtype:trojan-activity;sid:84510964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647859)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-057/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647859/; classtype:trojan-activity;sid:84510959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647860)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210624-084/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647860/; classtype:trojan-activity;sid:84510960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647861)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20ocean%20hope%20-%20propelshipping%20cpd%2019%20nov%202015/charter%20party/proforma%20cp/info.zip"; http_uri; depth:162; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647861/; classtype:trojan-activity;sid:84510961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647862)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/undw/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647862/; classtype:trojan-activity;sid:84510962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647857)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647857/; classtype:trojan-activity;sid:84510957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647858)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/nov%202008/market%20report%20dtd%2014th%20nov%2008/info.zip"; http_uri; depth:179; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647858/; classtype:trojan-activity;sid:84510958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647853)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/libs/ropgadget/ropgadget/photo.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647853/; classtype:trojan-activity;sid:84510953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647854)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230607-012/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647854/; classtype:trojan-activity;sid:84510954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647855)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210607-069/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647855/; classtype:trojan-activity;sid:84510955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647856)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/jun%202008/marketreport%20dtd%2027jun%202008/info.zip"; http_uri; depth:173; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647856/; classtype:trojan-activity;sid:84510956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647852)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220406-019/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647852/; classtype:trojan-activity;sid:84510952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647851)"; flow:established,from_client; content:"GET"; http_method; content:"/javadoc/video.lnk"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647851/; classtype:trojan-activity;sid:84510951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647847)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250110-100/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647847/; classtype:trojan-activity;sid:84510947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647848)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/undw/undw60/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647848/; classtype:trojan-activity;sid:84510948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647849)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231120-099/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647849/; classtype:trojan-activity;sid:84510949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647850)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210729-050/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647850/; classtype:trojan-activity;sid:84510950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647846)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-056/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647846/; classtype:trojan-activity;sid:84510946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647838)"; flow:established,from_client; content:"GET"; http_method; content:"/javadoc/exploitpack/photo.scr"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647838/; classtype:trojan-activity;sid:84510938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647839)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-061/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647839/; classtype:trojan-activity;sid:84510939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647840)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/544%20-%20mv%20ksl%20qingyang%20-%20power%20international%20cpd%2004.02.2020%20-%20file%20no.%20544/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:240; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647840/; classtype:trojan-activity;sid:84510940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647841)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240726-087/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647841/; classtype:trojan-activity;sid:84510941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647842)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20pacific%20island-joy%20sky%20mineral%20cpd%2022-jan-2015/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:172; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647842/; classtype:trojan-activity;sid:84510942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647843)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240912-107/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647843/; classtype:trojan-activity;sid:84510943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647844)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230406-086/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647844/; classtype:trojan-activity;sid:84510944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647845)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230424-035/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647845/; classtype:trojan-activity;sid:84510945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647837)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/557%20-%20mv%20nautical%20madison%20-%20bajrang%20-%20cp%20dtd%2008.05.2020%20-%20file%20no.%20557/charter%20party/proforma%20cp/info.zip"; http_uri; depth:228; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647837/; classtype:trojan-activity;sid:84510937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647836)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pdffactory_pro_setup/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647836/; classtype:trojan-activity;sid:84510936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647834)"; flow:established,from_client; content:"GET"; http_method; content:"/output/av.scr"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647834/; classtype:trojan-activity;sid:84510934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647835)"; flow:established,from_client; content:"GET"; http_method; content:"/javadoc/index-files/av.scr"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647835/; classtype:trojan-activity;sid:84510935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647832)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/language/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647832/; classtype:trojan-activity;sid:84510932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647833)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240708-067/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647833/; classtype:trojan-activity;sid:84510933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647826)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/raj%20sir/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647826/; classtype:trojan-activity;sid:84510926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647827)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250604-042/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647827/; classtype:trojan-activity;sid:84510927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647828)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220210-142/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647828/; classtype:trojan-activity;sid:84510928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647829)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-020/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647829/; classtype:trojan-activity;sid:84510929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647830)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-070/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647830/; classtype:trojan-activity;sid:84510930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647831)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250626-035/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647831/; classtype:trojan-activity;sid:84510931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647822)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.prabhu%20mihika_refined%20sucess_270407_015/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647822/; classtype:trojan-activity;sid:84510922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647823)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230918-056/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647823/; classtype:trojan-activity;sid:84510923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647824)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240417-165/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647824/; classtype:trojan-activity;sid:84510924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647825)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jan%202009%20to%20jul%202009/feb%202009/market%20report%20dtd%2025%20feb%2009/info.zip"; http_uri; depth:177; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647825/; classtype:trojan-activity;sid:84510925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647816)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250104-016/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647816/; classtype:trojan-activity;sid:84510916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647817)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221213-037/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647817/; classtype:trojan-activity;sid:84510917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647818)"; flow:established,from_client; content:"GET"; http_method; content:"/data/exploitpackgp/agent/video.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647818/; classtype:trojan-activity;sid:84510918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647819)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/index/av.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647819/; classtype:trojan-activity;sid:84510919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647820)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/libs/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647820/; classtype:trojan-activity;sid:84510920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647821)"; flow:established,from_client; content:"GET"; http_method; content:"/output/photo.lnk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647821/; classtype:trojan-activity;sid:84510921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647814)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/jul%202008/market%20report%20dtd%2030jul2008/info.zip"; http_uri; depth:173; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647814/; classtype:trojan-activity;sid:84510914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647815)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221110-062/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647815/; classtype:trojan-activity;sid:84510915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647812)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240619-028/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647812/; classtype:trojan-activity;sid:84510912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647813)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/desktop/transchart/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647813/; classtype:trojan-activity;sid:84510913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647806)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-036/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647806/; classtype:trojan-activity;sid:84510906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647807)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/output/cores_usr_sbin/av.scr"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647807/; classtype:trojan-activity;sid:84510907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647808)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-040/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647808/; classtype:trojan-activity;sid:84510908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647809)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/contrib/automotive/obd/av.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647809/; classtype:trojan-activity;sid:84510909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647810)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20oriental%20angel%20-%20gagan%20coal%20cpd%2004%20jan%202019/charter%20party/scanned%20copy%20of%20executed%20cp/info.zip"; http_uri; depth:186; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647810/; classtype:trojan-activity;sid:84510910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647811)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/gst%20registration/info.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647811/; classtype:trojan-activity;sid:84510911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647803)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/1.8933demo/177278d1757f/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647803/; classtype:trojan-activity;sid:84510903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647804)"; flow:established,from_client; content:"GET"; http_method; content:"/javadoc/index-files/video.scr"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647804/; classtype:trojan-activity;sid:84510904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647805)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240617-095/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647805/; classtype:trojan-activity;sid:84510905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647799)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-051/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647799/; classtype:trojan-activity;sid:84510899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647800)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250628-087/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647800/; classtype:trojan-activity;sid:84510900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647801)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/1.8933demo/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647801/; classtype:trojan-activity;sid:84510901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647802)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647802/; classtype:trojan-activity;sid:84510902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647794)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/backgrounds/sai%20trans%2c%2016%20january%202013/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647794/; classtype:trojan-activity;sid:84510894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647795)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250211-096/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647795/; classtype:trojan-activity;sid:84510895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647796)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/contrib/automotive/av.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647796/; classtype:trojan-activity;sid:84510896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647797)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/jul%202008/marketreport%20%20dtd%2028jul2008/info.zip"; http_uri; depth:173; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647797/; classtype:trojan-activity;sid:84510897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647798)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647798/; classtype:trojan-activity;sid:84510898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647793)"; flow:established,from_client; content:"GET"; http_method; content:"/data/netprofiler/av.scr"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647793/; classtype:trojan-activity;sid:84510893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647792)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230414-050/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647792/; classtype:trojan-activity;sid:84510892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647790)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-033/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647790/; classtype:trojan-activity;sid:84510890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647791)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1100_beta1/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647791/; classtype:trojan-activity;sid:84510891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647787)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220824-006/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647787/; classtype:trojan-activity;sid:84510887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647788)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-023/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647788/; classtype:trojan-activity;sid:84510888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647789)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/aug%202008/market%20report%20dtd18aug%202008/info.zip"; http_uri; depth:173; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647789/; classtype:trojan-activity;sid:84510889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647785)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/output/cores_usr_bin/av.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647785/; classtype:trojan-activity;sid:84510885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647786)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210624-084/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647786/; classtype:trojan-activity;sid:84510886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647784)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20prabhu%20gopal%20-%20acct%20usl-%20cpd%2027%20july%202017/charter%20party/proforma%20cp/info.zip"; http_uri; depth:162; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647784/; classtype:trojan-activity;sid:84510884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647782)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211112-030/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647782/; classtype:trojan-activity;sid:84510882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647783)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250328-154/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647783/; classtype:trojan-activity;sid:84510883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647780)"; flow:established,from_client; content:"GET"; http_method; content:"/update/%e8%a5%bf%e7%be%8e%e5%8d%b0%e5%88%b7%e7%94%9f%e4%ba%a7%e4%bb%93%e5%ba%93%e7%b3%bb%e7%bb%9f/update/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647780/; classtype:trojan-activity;sid:84510880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647781)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210529-031/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647781/; classtype:trojan-activity;sid:84510881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647777)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210814-005/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647777/; classtype:trojan-activity;sid:84510877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647778)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231213-078/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647778/; classtype:trojan-activity;sid:84510878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647779)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tx/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647779/; classtype:trojan-activity;sid:84510879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647772)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220825-055/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647772/; classtype:trojan-activity;sid:84510872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647773)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241123-072/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647773/; classtype:trojan-activity;sid:84510873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647774)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/output/cores_usr_bin/photo.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647774/; classtype:trojan-activity;sid:84510874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647775)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20polyworld%20-%20scmc%20cpd%2018th%20jan%202019/fixture%20note%20(if%20voyage)/new%20fn/info.zip"; http_uri; depth:161; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647775/; classtype:trojan-activity;sid:84510875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647776)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-017/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647776/; classtype:trojan-activity;sid:84510876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647770)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/contrib/automotive/bmw/av.scr"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647770/; classtype:trojan-activity;sid:84510870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647771)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230503-049/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647771/; classtype:trojan-activity;sid:84510871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647768)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20dn%20millet-surya%20exim-cpd%2010%20feb%202017/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:162; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647768/; classtype:trojan-activity;sid:84510868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647769)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-041/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647769/; classtype:trojan-activity;sid:84510869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647764)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241211-068/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647764/; classtype:trojan-activity;sid:84510864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647765)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240903-084/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647765/; classtype:trojan-activity;sid:84510865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647766)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/oct%202008/market%20report%20dtd%2024%20oct%2008/info.zip"; http_uri; depth:177; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647766/; classtype:trojan-activity;sid:84510866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647767)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231110-108/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647767/; classtype:trojan-activity;sid:84510867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647760)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/images/info.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647760/; classtype:trojan-activity;sid:84510860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647761)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/libs/ropgadget/video.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647761/; classtype:trojan-activity;sid:84510861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647762)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241219-043/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647762/; classtype:trojan-activity;sid:84510862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647763)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20oriental%20angel%20-%20gagan%20coal%20cpd%2004%20jan%202019/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:175; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647763/; classtype:trojan-activity;sid:84510863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647755)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-013/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647755/; classtype:trojan-activity;sid:84510855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647756)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20harmony%20tbn(%20mv%20vlazakis%20i%20)-%20synergy/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:165; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647756/; classtype:trojan-activity;sid:84510856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647757)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210809-047/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647757/; classtype:trojan-activity;sid:84510857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647758)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240726-073/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647758/; classtype:trojan-activity;sid:84510858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647759)"; flow:established,from_client; content:"GET"; http_method; content:"/data/photo.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647759/; classtype:trojan-activity;sid:84510859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647754)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/asn1/photo.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647754/; classtype:trojan-activity;sid:84510854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647750)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211201-059/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647750/; classtype:trojan-activity;sid:84510850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647751)"; flow:established,from_client; content:"GET"; http_method; content:"/dddrupdate/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647751/; classtype:trojan-activity;sid:84510851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647752)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/output/cores_usr_bin/video.scr"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647752/; classtype:trojan-activity;sid:84510852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647753)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/ylcgd/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647753/; classtype:trojan-activity;sid:84510853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647747)"; flow:established,from_client; content:"GET"; http_method; content:"/log/av.lnk"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647747/; classtype:trojan-activity;sid:84510847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647748)"; flow:established,from_client; content:"GET"; http_method; content:"/data/av.lnk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647748/; classtype:trojan-activity;sid:84510848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647749)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/goods/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647749/; classtype:trojan-activity;sid:84510849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647744)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-072/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647744/; classtype:trojan-activity;sid:84510844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647745)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220117-019/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647745/; classtype:trojan-activity;sid:84510845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647746)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/undw/undw70/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647746/; classtype:trojan-activity;sid:84510846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647741)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/layers/video.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647741/; classtype:trojan-activity;sid:84510841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647742)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/tools/av.scr"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647742/; classtype:trojan-activity;sid:84510842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647743)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240701-062/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647743/; classtype:trojan-activity;sid:84510843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647740)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220427-035/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647740/; classtype:trojan-activity;sid:84510840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647737)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/arch/bpf/av.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647737/; classtype:trojan-activity;sid:84510837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647738)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250305-083/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647738/; classtype:trojan-activity;sid:84510838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647739)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-003/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647739/; classtype:trojan-activity;sid:84510839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647735)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/sept%202008/market%20report%20dtd24%20sep%2008/info.zip"; http_uri; depth:175; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647735/; classtype:trojan-activity;sid:84510835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647736)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/undw/undw90/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647736/; classtype:trojan-activity;sid:84510836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647733)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/552%20-%20mv%20jewel%20of%20shinas%20-%20delta%20cp%20dtd%2014.04.2020%20-%20file%20no.%20552/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:234; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647733/; classtype:trojan-activity;sid:84510833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647734)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20donghae-acct%20bulk%20marine%20cpd%2014%20nov%202016/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:168; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647734/; classtype:trojan-activity;sid:84510834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647730)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.murshidabad_noble_250408_012/charter%20parties/main%20body/main%20body/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647730/; classtype:trojan-activity;sid:84510830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647731)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/562%20-%20mv%20mermaid%20star%20-%20singh%20group%20cp%20dtd%2017.06.2020%20-%20file%20no.%20562/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:237; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647731/; classtype:trojan-activity;sid:84510831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647732)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-051/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647732/; classtype:trojan-activity;sid:84510832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647727)"; flow:established,from_client; content:"GET"; http_method; content:"/data/agent/photo.scr"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647727/; classtype:trojan-activity;sid:84510827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647728)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jan%202009%20to%20jul%202009/mar%202009/market%20report%20dtd%203mar%202009/info.zip"; http_uri; depth:175; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647728/; classtype:trojan-activity;sid:84510828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647729)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240224-074/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647729/; classtype:trojan-activity;sid:84510829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647725)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/av.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647725/; classtype:trojan-activity;sid:84510825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647726)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/sefira%20pc/old%20pc/sefira%20data%20on%20bom001_veera/rt/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647726/; classtype:trojan-activity;sid:84510826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647723)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/bookmark/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647723/; classtype:trojan-activity;sid:84510823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647724)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/undw/undw70/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647724/; classtype:trojan-activity;sid:84510824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647722)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-072/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647722/; classtype:trojan-activity;sid:84510822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647720)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220224-016/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647720/; classtype:trojan-activity;sid:84510820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647721)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211228-022/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647721/; classtype:trojan-activity;sid:84510821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647716)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/libs/ropper/test-binaries/photo.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647716/; classtype:trojan-activity;sid:84510816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647717)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/aug%202008/market%20report%20dtd%204aug%202008/info.zip"; http_uri; depth:175; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647717/; classtype:trojan-activity;sid:84510817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647718)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/contrib/av.scr"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647718/; classtype:trojan-activity;sid:84510818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647719)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/src/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647719/; classtype:trojan-activity;sid:84510819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647714)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/output/cores_usr_bin/av.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647714/; classtype:trojan-activity;sid:84510814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647715)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-076/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647715/; classtype:trojan-activity;sid:84510815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647709)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240803-025/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647709/; classtype:trojan-activity;sid:84510809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647710)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20donghae-acct%20bulk%20marine%20cpd%2014%20nov%202016/charter%20party/proforma%20cp/info.zip"; http_uri; depth:157; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647710/; classtype:trojan-activity;sid:84510810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647711)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/jul%202008/market%20report%20dtd%208jul%202008/info.zip"; http_uri; depth:175; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647711/; classtype:trojan-activity;sid:84510811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647712)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jan%202009%20to%20jul%202009/jan%202009/market%20report%20dtd%2028%20jan%2009/info.zip"; http_uri; depth:177; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647712/; classtype:trojan-activity;sid:84510812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647713)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/libs/ropper/photo.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647713/; classtype:trojan-activity;sid:84510813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647707)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-007/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647707/; classtype:trojan-activity;sid:84510807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647708)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20pola%20muron-%20essar%20cpd%2010%20may%202018/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:161; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647708/; classtype:trojan-activity;sid:84510808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647700)"; flow:established,from_client; content:"GET"; http_method; content:"/data/netagent/video.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647700/; classtype:trojan-activity;sid:84510800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647701)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240521-004/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647701/; classtype:trojan-activity;sid:84510801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647702)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/552%20-%20mv%20jewel%20of%20shinas%20-%20delta%20cp%20dtd%2014.04.2020%20-%20file%20no.%20552/charter%20party/proforma%20cp/info.zip"; http_uri; depth:223; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647702/; classtype:trojan-activity;sid:84510802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647703)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240907-061/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647703/; classtype:trojan-activity;sid:84510803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647704)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-061/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647704/; classtype:trojan-activity;sid:84510804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647705)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221207-040/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647705/; classtype:trojan-activity;sid:84510805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647706)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/jul%202008/market%20report%20td%2016th%20july%2008/info.zip"; http_uri; depth:179; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647706/; classtype:trojan-activity;sid:84510806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647698)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/images/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647698/; classtype:trojan-activity;sid:84510798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647699)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/aug%202008/market%20report%20dtd%206%20aug%202008/info.zip"; http_uri; depth:178; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647699/; classtype:trojan-activity;sid:84510799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647697)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240523-018/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647697/; classtype:trojan-activity;sid:84510797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647693)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/541%20-%20mv%20great%20amity%20-%20isl%20-%20cpd%2030%20jan%202020%20-%20file%20no.%20541/charter%20party/proforma%20cp/info.zip"; http_uri; depth:219; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647693/; classtype:trojan-activity;sid:84510793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647694)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231026-003/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647694/; classtype:trojan-activity;sid:84510794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647695)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230728-087/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647695/; classtype:trojan-activity;sid:84510795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647696)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/singh%20group/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647696/; classtype:trojan-activity;sid:84510796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647692)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220421-042/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647692/; classtype:trojan-activity;sid:84510792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647687)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-019/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647687/; classtype:trojan-activity;sid:84510787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647688)"; flow:established,from_client; content:"GET"; http_method; content:"/data/jagent/video.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647688/; classtype:trojan-activity;sid:84510788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647689)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/output/photo.scr"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647689/; classtype:trojan-activity;sid:84510789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647690)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/tools/photo.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647690/; classtype:trojan-activity;sid:84510790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647691)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/arch/video.scr"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647691/; classtype:trojan-activity;sid:84510791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647685)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/asn1/video.scr"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647685/; classtype:trojan-activity;sid:84510785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647686)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240315-095/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647686/; classtype:trojan-activity;sid:84510786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647682)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/539%20-%20mv%20pacific%20advance%20-%20power%20international%20-%20cpd%2010%20jan%202020%20-%20file%20no.%20539/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:252; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647682/; classtype:trojan-activity;sid:84510782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647683)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/contrib/photo.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647683/; classtype:trojan-activity;sid:84510783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647684)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw0800/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647684/; classtype:trojan-activity;sid:84510784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647677)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240413-004/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647677/; classtype:trojan-activity;sid:84510777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647678)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211206-052/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647678/; classtype:trojan-activity;sid:84510778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647679)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/libs/ropper/test-binaries/av.scr"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647679/; classtype:trojan-activity;sid:84510779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647680)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20htk%20lucky-%20essar%20cpd%202%20aug%202018/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:159; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647680/; classtype:trojan-activity;sid:84510780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647681)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/layers/tls/av.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647681/; classtype:trojan-activity;sid:84510781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647673)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210813-060/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647673/; classtype:trojan-activity;sid:84510773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647674)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20rhodos%20-%20scmc%20cpd%207%20sept%202018/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:157; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647674/; classtype:trojan-activity;sid:84510774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647675)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1150/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647675/; classtype:trojan-activity;sid:84510775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647676)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/contrib/automotive/av.scr"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647676/; classtype:trojan-activity;sid:84510776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647668)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20rhodos%20-%20torq%20cpd%2005%20july%202019/misc%20attachement/new%20folder/info.zip"; http_uri; depth:149; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647668/; classtype:trojan-activity;sid:84510768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647669)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-001/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647669/; classtype:trojan-activity;sid:84510769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647670)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211005-031/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647670/; classtype:trojan-activity;sid:84510770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647671)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210629-021/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647671/; classtype:trojan-activity;sid:84510771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647672)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250621-084/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647672/; classtype:trojan-activity;sid:84510772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647666)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20prabhu%20gopal%20-%20acct%20usl-%20cpd%2027%20july%202017/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:173; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647666/; classtype:trojan-activity;sid:84510766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647667)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1200/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647667/; classtype:trojan-activity;sid:84510767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647663)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220423-022/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647663/; classtype:trojan-activity;sid:84510763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647664)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/sept%202008/market%20report%20dtd%2011%20sept/info.zip"; http_uri; depth:174; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647664/; classtype:trojan-activity;sid:84510764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647665)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20ocean%20hope%20-%20propelshipping%20cpd%2019%20nov%202015/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:173; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647665/; classtype:trojan-activity;sid:84510765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647662)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250715-023/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647662/; classtype:trojan-activity;sid:84510762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647659)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230629-126/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647659/; classtype:trojan-activity;sid:84510759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647660)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220913-021/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647660/; classtype:trojan-activity;sid:84510760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647661)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-002/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647661/; classtype:trojan-activity;sid:84510761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647651)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211125-002/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647651/; classtype:trojan-activity;sid:84510751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647652)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211030-056/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647652/; classtype:trojan-activity;sid:84510752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647653)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-056/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647653/; classtype:trojan-activity;sid:84510753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647654)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-034/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647654/; classtype:trojan-activity;sid:84510754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647655)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/desktop/transchart/sail%20performa%20jan11/info.zip"; http_uri; depth:156; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647655/; classtype:trojan-activity;sid:84510755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647656)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240830-004/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647656/; classtype:trojan-activity;sid:84510756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647657)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220427-069/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647657/; classtype:trojan-activity;sid:84510757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647658)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647658/; classtype:trojan-activity;sid:84510758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647650)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/libs/photo.scr"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647650/; classtype:trojan-activity;sid:84510750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647647)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250111-061/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647647/; classtype:trojan-activity;sid:84510747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647648)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241130-012/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647648/; classtype:trojan-activity;sid:84510748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647649)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/layers/photo.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647649/; classtype:trojan-activity;sid:84510749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647642)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/contrib/automotive/gm/av.scr"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647642/; classtype:trojan-activity;sid:84510742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647643)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/av.scr"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647643/; classtype:trojan-activity;sid:84510743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647644)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-026/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647644/; classtype:trojan-activity;sid:84510744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647645)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/contrib/automotive/obd/av.scr"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647645/; classtype:trojan-activity;sid:84510745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647646)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211202-019/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647646/; classtype:trojan-activity;sid:84510746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647639)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-024/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647639/; classtype:trojan-activity;sid:84510739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647640)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw0700/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647640/; classtype:trojan-activity;sid:84510740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647641)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/fresh%20circulation%20list/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647641/; classtype:trojan-activity;sid:84510741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647637)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250516-025/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647637/; classtype:trojan-activity;sid:84510737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647638)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20royal%20innovation-acct%20propel-%20cpd%2006%20jan%202017/charter%20party/proforma%20cp/info.zip"; http_uri; depth:162; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647638/; classtype:trojan-activity;sid:84510738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647629)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1000/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647629/; classtype:trojan-activity;sid:84510729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647630)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/1.8933demo/177278d1757f/41dae12595c9/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647630/; classtype:trojan-activity;sid:84510730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647631)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240618-124/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647631/; classtype:trojan-activity;sid:84510731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647632)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-058/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647632/; classtype:trojan-activity;sid:84510732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647633)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-041/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647633/; classtype:trojan-activity;sid:84510733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647634)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1200/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647634/; classtype:trojan-activity;sid:84510734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647635)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/nov%202008/market%20report%20dtd%2011nov2008/info.zip"; http_uri; depth:173; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647635/; classtype:trojan-activity;sid:84510735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647636)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1000/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647636/; classtype:trojan-activity;sid:84510736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647628)"; flow:established,from_client; content:"GET"; http_method; content:"/javadoc/av.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647628/; classtype:trojan-activity;sid:84510728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647624)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647624/; classtype:trojan-activity;sid:84510724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647625)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/libs/ropper/testcases/av.scr"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647625/; classtype:trojan-activity;sid:84510725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647626)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/images/famen/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647626/; classtype:trojan-activity;sid:84510726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647627)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-076/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647627/; classtype:trojan-activity;sid:84510727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647623)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/nov%202008/market%20report%20dtd%2019%20nov%202008/info.zip"; http_uri; depth:179; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647623/; classtype:trojan-activity;sid:84510723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647621)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211008-021/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647621/; classtype:trojan-activity;sid:84510721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647622)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241113-091/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647622/; classtype:trojan-activity;sid:84510722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647619)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/oct%202008/market%20report%20dtd%208oct%202008/info.zip"; http_uri; depth:175; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647619/; classtype:trojan-activity;sid:84510719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647620)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220929-056/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647620/; classtype:trojan-activity;sid:84510720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647614)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250301-019/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647614/; classtype:trojan-activity;sid:84510714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647615)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-023/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647615/; classtype:trojan-activity;sid:84510715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647616)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241029-103/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647616/; classtype:trojan-activity;sid:84510716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647617)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/temp.vbs"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647617/; classtype:trojan-activity;sid:84510717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647618)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-001/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647618/; classtype:trojan-activity;sid:84510718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647612)"; flow:established,from_client; content:"GET"; http_method; content:"/data/knowndll/photo.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647612/; classtype:trojan-activity;sid:84510712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647613)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210730-024/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647613/; classtype:trojan-activity;sid:84510713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647611)"; flow:established,from_client; content:"GET"; http_method; content:"/data/av.scr"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647611/; classtype:trojan-activity;sid:84510711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647608)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210923-026/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647608/; classtype:trojan-activity;sid:84510708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647609)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/undw/undw80/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647609/; classtype:trojan-activity;sid:84510709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647610)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647610/; classtype:trojan-activity;sid:84510710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647605)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/libs/ropper/photo.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647605/; classtype:trojan-activity;sid:84510705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647606)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250603-130/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647606/; classtype:trojan-activity;sid:84510706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647607)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210731-081/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647607/; classtype:trojan-activity;sid:84510707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647600)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241112-002/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647600/; classtype:trojan-activity;sid:84510700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647601)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-049/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647601/; classtype:trojan-activity;sid:84510701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647602)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-020/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647602/; classtype:trojan-activity;sid:84510702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647603)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/549%20-%20mv%20milos%20-%20power%20international%20cp%20dtd%2026.02.2020/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:213; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647603/; classtype:trojan-activity;sid:84510703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647604)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/sept%202008/market%20report%20dtd%2018%20sep%2008/info.zip"; http_uri; depth:178; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647604/; classtype:trojan-activity;sid:84510704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647599)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221209-001/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647599/; classtype:trojan-activity;sid:84510699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647598)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20ece%20nur%20bayraktar-usl%20cpd%2030%20oct%202015/charter%20party/proforma%20cp/info.zip"; http_uri; depth:154; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647598/; classtype:trojan-activity;sid:84510698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647593)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/arch/photo.scr"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647593/; classtype:trojan-activity;sid:84510693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647594)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/libs/ropgadget/photo.scr"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647594/; classtype:trojan-activity;sid:84510694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647595)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-024/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647595/; classtype:trojan-activity;sid:84510695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647596)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240722-081/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647596/; classtype:trojan-activity;sid:84510696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647597)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/language/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647597/; classtype:trojan-activity;sid:84510697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647589)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240831-053/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647589/; classtype:trojan-activity;sid:84510689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647590)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/sefira%20pc/old%20pc/sefira%20data%20on%20bom001_veera/c%20drive/sefira/my%20documents/fixture%20notes/fixture%20notes/info.zip"; http_uri; depth:162; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647590/; classtype:trojan-activity;sid:84510690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647591)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240913-107/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647591/; classtype:trojan-activity;sid:84510691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647592)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250726-060/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647592/; classtype:trojan-activity;sid:84510692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647581)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/video.scr"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647581/; classtype:trojan-activity;sid:84510681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647582)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/otherup/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647582/; classtype:trojan-activity;sid:84510682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647583)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/sail%20empanelment/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647583/; classtype:trojan-activity;sid:84510683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647584)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211110-006/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647584/; classtype:trojan-activity;sid:84510684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647585)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20great%20rich-mcs%20cpd%2031-7-15/charter%20party/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647585/; classtype:trojan-activity;sid:84510685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647586)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231016-103/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647586/; classtype:trojan-activity;sid:84510686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647587)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sbillno/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647587/; classtype:trojan-activity;sid:84510687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647588)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20ece%20nur%20bayraktar-usl%20cpd%2030%20oct%202015/charter%20party/scanned%20copy%20of%20executed%20cp/info.zip"; http_uri; depth:176; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647588/; classtype:trojan-activity;sid:84510688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647578)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/557%20-%20mv%20nautical%20madison%20-%20bajrang%20-%20cp%20dtd%2008.05.2020%20-%20file%20no.%20557/brokerage%20invoice/info.zip"; http_uri; depth:218; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647578/; classtype:trojan-activity;sid:84510678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647579)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250718-044/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647579/; classtype:trojan-activity;sid:84510679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647580)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/nov%202008/market%20report%20dtd%205%20nov%2008/info.zip"; http_uri; depth:176; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647580/; classtype:trojan-activity;sid:84510680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647576)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/sefira%20pc/old%20pc/sefira%20data%20on%20bom001_veera/c%20drive/sefira/desktop/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647576/; classtype:trojan-activity;sid:84510676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647577)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211208-061/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647577/; classtype:trojan-activity;sid:84510677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647571)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221125-039/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647571/; classtype:trojan-activity;sid:84510671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647572)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/arch/bpf/video.scr"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647572/; classtype:trojan-activity;sid:84510672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647573)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/jul%202008/market%20report%20dtd%2021jul%202008/info.zip"; http_uri; depth:176; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647573/; classtype:trojan-activity;sid:84510673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647574)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240531-121/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647574/; classtype:trojan-activity;sid:84510674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647575)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220406-025/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647575/; classtype:trojan-activity;sid:84510675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647570)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/dist/js/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647570/; classtype:trojan-activity;sid:84510670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647568)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/charter%20parties/mv%20vega%20libra/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647568/; classtype:trojan-activity;sid:84510668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647569)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/558%20-%20mv%20marylisa%20v%20-%20bajrang%20-%20cp%20dtd%2019.05.2020%20-%20file%20no.%20558/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:233; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647569/; classtype:trojan-activity;sid:84510669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647565)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20sea%20arrow%20-%20visa%20bulk%20cpd%2012%20may%202016/charter%20party/proforma%20cp/info.zip"; http_uri; depth:158; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647565/; classtype:trojan-activity;sid:84510665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647566)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20id%20tide_ispat_080709_027/charter%20parties/main%20body/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647566/; classtype:trojan-activity;sid:84510666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647567)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jan%202009%20to%20jul%202009/jan%202009/market%20report%20dtd%2022%20jan%2009/info.zip"; http_uri; depth:177; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647567/; classtype:trojan-activity;sid:84510667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647556)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/libs/video.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647556/; classtype:trojan-activity;sid:84510656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647557)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647557/; classtype:trojan-activity;sid:84510657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647558)"; flow:established,from_client; content:"GET"; http_method; content:"/output/av.lnk"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647558/; classtype:trojan-activity;sid:84510658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647559)"; flow:established,from_client; content:"GET"; http_method; content:"/data/agent/video.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647559/; classtype:trojan-activity;sid:84510659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647560)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/libs/av.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647560/; classtype:trojan-activity;sid:84510660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647561)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/photo.scr"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647561/; classtype:trojan-activity;sid:84510661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647562)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/libs/ropgadget/test-suite-binaries/av.scr"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647562/; classtype:trojan-activity;sid:84510662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647563)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/output/cores_usr_bin/video.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647563/; classtype:trojan-activity;sid:84510663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647564)"; flow:established,from_client; content:"GET"; http_method; content:"/data/exploitpackgp/certificate/video.scr"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647564/; classtype:trojan-activity;sid:84510664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647555)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.52.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647555/; classtype:trojan-activity;sid:84510655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647554)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.187.82.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647554/; classtype:trojan-activity;sid:84510654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647553)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.112.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647553/; classtype:trojan-activity;sid:84510653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647552)"; flow:established,from_client; content:"GET"; http_method; content:"/fo2p0ma1ro.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ae.qqd-6-e.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647552/; classtype:trojan-activity;sid:84510652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647551)"; flow:established,from_client; content:"GET"; http_method; content:"/b7e.check|3f|t=imcblbae"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ge.jnfe-1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647551/; classtype:trojan-activity;sid:84510651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647550)"; flow:established,from_client; content:"GET"; http_method; content:"/jyqbqd3lpo.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"b1.xkx-0-o.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647550/; classtype:trojan-activity;sid:84510650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647549)"; flow:established,from_client; content:"GET"; http_method; content:"/b7e.check|3f|t=236shbjz"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ge.jnfe-1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647549/; classtype:trojan-activity;sid:84510649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647548)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.24.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647548/; classtype:trojan-activity;sid:84510648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647547)"; flow:established,from_client; content:"GET"; http_method; content:"/ffj.check|3f|t=y1ckp9z9"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ga.nqju-5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647547/; classtype:trojan-activity;sid:84510647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647546)"; flow:established,from_client; content:"GET"; http_method; content:"/k3pib7xkc9.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"b1.xkx-0-o.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647546/; classtype:trojan-activity;sid:84510646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647545)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.187.82.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647545/; classtype:trojan-activity;sid:84510645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647544)"; flow:established,from_client; content:"GET"; http_method; content:"/u0w.google|3f|t=pa4wzhno"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"fy.nqju-5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647544/; classtype:trojan-activity;sid:84510644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647543)"; flow:established,from_client; content:"GET"; http_method; content:"/gc7e8fspwk.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"g4.xkx-0-o.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647543/; classtype:trojan-activity;sid:84510643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647542)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.52.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647542/; classtype:trojan-activity;sid:84510642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647541)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.150.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647541/; classtype:trojan-activity;sid:84510641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647540)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.237.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647540/; classtype:trojan-activity;sid:84510640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647539)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.203.135.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647539/; classtype:trojan-activity;sid:84510639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647538)"; flow:established,from_client; content:"GET"; http_method; content:"/ss.google|3f|t=5sfmbsl6"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"fu.nqju-5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647538/; classtype:trojan-activity;sid:84510638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647537)"; flow:established,from_client; content:"GET"; http_method; content:"/luc14u205b.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pm7.xkx-0-o.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647537/; classtype:trojan-activity;sid:84510637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647536)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.160.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647536/; classtype:trojan-activity;sid:84510636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647535)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.45.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647535/; classtype:trojan-activity;sid:84510635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647534)"; flow:established,from_client; content:"GET"; http_method; content:"/6h6ku9hj9u.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k4.xkx-0-o.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647534/; classtype:trojan-activity;sid:84510634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647533)"; flow:established,from_client; content:"GET"; http_method; content:"/4f.google|3f|t=ssiwwhkv"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"fo.nqju-5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647533/; classtype:trojan-activity;sid:84510633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647532)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.195.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647532/; classtype:trojan-activity;sid:84510632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647531)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.6.189.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647531/; classtype:trojan-activity;sid:84510631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647530)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.146.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647530/; classtype:trojan-activity;sid:84510630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647529)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.203.135.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647529/; classtype:trojan-activity;sid:84510629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647528)"; flow:established,from_client; content:"GET"; http_method; content:"/flnd6kwk0a.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"y.xkx-0-o.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647528/; classtype:trojan-activity;sid:84510628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647527)"; flow:established,from_client; content:"GET"; http_method; content:"/5cn.check|3f|t=6g6valzl"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"fi.nqju-5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647527/; classtype:trojan-activity;sid:84510627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647525)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.118.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647525/; classtype:trojan-activity;sid:84510625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647526)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.6.189.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647526/; classtype:trojan-activity;sid:84510626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647524)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647524/; classtype:trojan-activity;sid:84510624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647523)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.219.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647523/; classtype:trojan-activity;sid:84510623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647522)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.72.103.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647522/; classtype:trojan-activity;sid:84510622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647521)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"81.70.255.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647521/; classtype:trojan-activity;sid:84510621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647520)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.113.186.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647520/; classtype:trojan-activity;sid:84510620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647518)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"152.136.159.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647518/; classtype:trojan-activity;sid:84510618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647519)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.99.125.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647519/; classtype:trojan-activity;sid:84510619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647517)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"192.144.232.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647517/; classtype:trojan-activity;sid:84510617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647516)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.104.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647516/; classtype:trojan-activity;sid:84510616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647513)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.220.234.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647513/; classtype:trojan-activity;sid:84510613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647514)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.162.140.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647514/; classtype:trojan-activity;sid:84510614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647515)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.233.26.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647515/; classtype:trojan-activity;sid:84510615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647512)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.175.212.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647512/; classtype:trojan-activity;sid:84510612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647507)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"24.188.102.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647507/; classtype:trojan-activity;sid:84510607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647508)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.75.128.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647508/; classtype:trojan-activity;sid:84510608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647509)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.146.0.185"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647509/; classtype:trojan-activity;sid:84510609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647510)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.187.24.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647510/; classtype:trojan-activity;sid:84510610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647511)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.213.79.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647511/; classtype:trojan-activity;sid:84510611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647504)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.146.0.185"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647504/; classtype:trojan-activity;sid:84510604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647505)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.23.169.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647505/; classtype:trojan-activity;sid:84510605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647506)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.2.172.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647506/; classtype:trojan-activity;sid:84510606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647502)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.248.64.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647502/; classtype:trojan-activity;sid:84510602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647503)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.46.55.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647503/; classtype:trojan-activity;sid:84510603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647501)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"59.182.84.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647501/; classtype:trojan-activity;sid:84510601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647498)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.50.85.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647498/; classtype:trojan-activity;sid:84510598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647499)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.233.140.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647499/; classtype:trojan-activity;sid:84510599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647500)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.209.209.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647500/; classtype:trojan-activity;sid:84510600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647497)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.180.182.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647497/; classtype:trojan-activity;sid:84510597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647496)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.24.221.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647496/; classtype:trojan-activity;sid:84510596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647494)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.224.154.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647494/; classtype:trojan-activity;sid:84510594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647495)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.80.149.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647495/; classtype:trojan-activity;sid:84510595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647493)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.32.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647493/; classtype:trojan-activity;sid:84510593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647482)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"91.235.116.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647482/; classtype:trojan-activity;sid:84510582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647483)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91.235.116.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647483/; classtype:trojan-activity;sid:84510583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647484)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91.235.116.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647484/; classtype:trojan-activity;sid:84510584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647485)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"91.235.116.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647485/; classtype:trojan-activity;sid:84510585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647486)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91.235.116.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647486/; classtype:trojan-activity;sid:84510586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647487)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"91.235.116.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647487/; classtype:trojan-activity;sid:84510587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647488)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.90.12.79"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647488/; classtype:trojan-activity;sid:84510588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647489)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.90.12.79"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647489/; classtype:trojan-activity;sid:84510589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647490)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.90.12.79"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647490/; classtype:trojan-activity;sid:84510590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647491)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.90.12.79"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647491/; classtype:trojan-activity;sid:84510591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647492)"; flow:established,from_client; content:"GET"; http_method; content:"/garm7"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.90.12.79"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647492/; classtype:trojan-activity;sid:84510592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647481)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.90.12.79"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647481/; classtype:trojan-activity;sid:84510581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647472)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"91.235.116.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647472/; classtype:trojan-activity;sid:84510572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647473)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91.235.116.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647473/; classtype:trojan-activity;sid:84510573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647474)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91.235.116.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647474/; classtype:trojan-activity;sid:84510574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647475)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"91.235.116.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647475/; classtype:trojan-activity;sid:84510575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647476)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"91.235.116.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647476/; classtype:trojan-activity;sid:84510576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647477)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.90.12.79"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647477/; classtype:trojan-activity;sid:84510577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647478)"; flow:established,from_client; content:"GET"; http_method; content:"/gmpsl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.90.12.79"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647478/; classtype:trojan-activity;sid:84510578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647479)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.90.12.79"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647479/; classtype:trojan-activity;sid:84510579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647480)"; flow:established,from_client; content:"GET"; http_method; content:"/gmips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.90.12.79"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647480/; classtype:trojan-activity;sid:84510580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647471)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647471/; classtype:trojan-activity;sid:84510571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647470)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.217.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647470/; classtype:trojan-activity;sid:84510570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647469)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.40.210"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647469/; classtype:trojan-activity;sid:84510569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647468)"; flow:established,from_client; content:"GET"; http_method; content:"/hhpe5uewar.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k4.vzj-1-o.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647468/; classtype:trojan-activity;sid:84510568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647467)"; flow:established,from_client; content:"GET"; http_method; content:"/hw.google|3f|t=78z14bf7"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"dy.mxta-6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647467/; classtype:trojan-activity;sid:84510567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647466)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.40.210"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647466/; classtype:trojan-activity;sid:84510566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647465)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.32.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647465/; classtype:trojan-activity;sid:84510565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647464)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.242.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647464/; classtype:trojan-activity;sid:84510564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647463)"; flow:established,from_client; content:"GET"; http_method; content:"/i86dmc0ob8.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"z3.vzj-1-o.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647463/; classtype:trojan-activity;sid:84510563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647462)"; flow:established,from_client; content:"GET"; http_method; content:"/s6.google|3f|t=r74mjqrq"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"du.mxta-6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647462/; classtype:trojan-activity;sid:84510562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647461)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.77.204"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647461/; classtype:trojan-activity;sid:84510561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647460)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.224.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647460/; classtype:trojan-activity;sid:84510560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647459)"; flow:established,from_client; content:"GET"; http_method; content:"/a11pza2p5w.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qm9.vzj-1-o.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647459/; classtype:trojan-activity;sid:84510559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647458)"; flow:established,from_client; content:"GET"; http_method; content:"/n0.google|3f|t=r0lo52tm"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"cy.mxta-6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647458/; classtype:trojan-activity;sid:84510558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647457)"; flow:established,from_client; content:"GET"; http_method; content:"/recipes/staging/a-89fb7017-7780-4b72-950d-c2db1146a34a.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"best10cdn.blob.core.windows.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647457/; classtype:trojan-activity;sid:84510557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647456)"; flow:established,from_client; content:"GET"; http_method; content:"/ti5wtfhsa0.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"u1.vzj-1-o.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647456/; classtype:trojan-activity;sid:84510556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647455)"; flow:established,from_client; content:"GET"; http_method; content:"/7cw.check|3f|t=9tfo1uz4"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"cu.mxta-6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647455/; classtype:trojan-activity;sid:84510555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647454)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.242.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647454/; classtype:trojan-activity;sid:84510554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647453)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.227.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647453/; classtype:trojan-activity;sid:84510553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647451)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.242.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647451/; classtype:trojan-activity;sid:84510551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647452)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.77.100.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647452/; classtype:trojan-activity;sid:84510552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647450)"; flow:established,from_client; content:"GET"; http_method; content:"/%e4%ba%a4%e4%ba%92/%e6%89%93%e5%bc%80%e7%bd%91%e9%a1%b5%e7%b1%bb%e5%91%bd%e4%bb%a4/av.lnk"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"39.96.156.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647450/; classtype:trojan-activity;sid:84510550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647449)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/photo.scr"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"182.143.114.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647449/; classtype:trojan-activity;sid:84510549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647448)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/forge/video.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.143.114.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647448/; classtype:trojan-activity;sid:84510548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647447)"; flow:established,from_client; content:"GET"; http_method; content:"/images/photo.scr"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"182.143.114.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647447/; classtype:trojan-activity;sid:84510547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647446)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/fonts/av.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"182.143.114.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647446/; classtype:trojan-activity;sid:84510546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647445)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.143.114.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647445/; classtype:trojan-activity;sid:84510545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647444)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/photo.scr"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"182.143.114.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647444/; classtype:trojan-activity;sid:84510544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647443)"; flow:established,from_client; content:"GET"; http_method; content:"/modules/av.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"182.143.114.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647443/; classtype:trojan-activity;sid:84510543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647442)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"182.143.114.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647442/; classtype:trojan-activity;sid:84510542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647441)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/av.scr"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"182.143.114.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647441/; classtype:trojan-activity;sid:84510541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647440)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/lang-data/photo.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"182.143.114.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647440/; classtype:trojan-activity;sid:84510540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647439)"; flow:established,from_client; content:"GET"; http_method; content:"/modules/photo.scr"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"182.143.114.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647439/; classtype:trojan-activity;sid:84510539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647438)"; flow:established,from_client; content:"GET"; http_method; content:"/modules/video.scr"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"182.143.114.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647438/; classtype:trojan-activity;sid:84510538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647437)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"182.143.114.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647437/; classtype:trojan-activity;sid:84510537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647436)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/forge/av.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"182.143.114.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647436/; classtype:trojan-activity;sid:84510536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647435)"; flow:established,from_client; content:"GET"; http_method; content:"/images/av.scr"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"182.143.114.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647435/; classtype:trojan-activity;sid:84510535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647434)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/fonts/video.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.143.114.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647434/; classtype:trojan-activity;sid:84510534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647433)"; flow:established,from_client; content:"GET"; http_method; content:"/%e4%ba%a4%e4%ba%92%5c%e6%89%93%e5%bc%80%e7%bd%91%e9%a1%b5%e7%b1%bb%e5%91%bd%e4%bb%a4/video.scr"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"39.96.156.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647433/; classtype:trojan-activity;sid:84510533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647431)"; flow:established,from_client; content:"GET"; http_method; content:"/%e4%ba%a4%e4%ba%92%5c%e6%89%93%e5%bc%80%e7%bd%91%e9%a1%b5%e7%b1%bb%e5%91%bd%e4%bb%a4/photo.scr"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"39.96.156.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647431/; classtype:trojan-activity;sid:84510531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647430)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/lang-data/video.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"182.143.114.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647430/; classtype:trojan-activity;sid:84510530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647429)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/contrib/video.scr"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647429/; classtype:trojan-activity;sid:84510529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647428)"; flow:established,from_client; content:"GET"; http_method; content:"/key/photo.lnk"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647428/; classtype:trojan-activity;sid:84510528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647427)"; flow:established,from_client; content:"GET"; http_method; content:"/javadoc/exploitpack/av.scr"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647427/; classtype:trojan-activity;sid:84510527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647426)"; flow:established,from_client; content:"GET"; http_method; content:"/data/exploitpackgp/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647426/; classtype:trojan-activity;sid:84510526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647424)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/arch/av.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647424/; classtype:trojan-activity;sid:84510524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647425)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/libs/photo.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647425/; classtype:trojan-activity;sid:84510525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647421)"; flow:established,from_client; content:"GET"; http_method; content:"/data/exploitpackgp/image/photo.scr"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647421/; classtype:trojan-activity;sid:84510521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647420)"; flow:established,from_client; content:"GET"; http_method; content:"/data/video.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647420/; classtype:trojan-activity;sid:84510520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647419)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/video.scr"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"182.143.114.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647419/; classtype:trojan-activity;sid:84510519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647418)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/layers/video.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647418/; classtype:trojan-activity;sid:84510518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647417)"; flow:established,from_client; content:"GET"; http_method; content:"/modules/av.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"182.143.114.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647417/; classtype:trojan-activity;sid:84510517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647414)"; flow:established,from_client; content:"GET"; http_method; content:"/%e4%ba%a4%e4%ba%92%5c%e6%89%93%e5%bc%80%e7%bd%91%e9%a1%b5%e7%b1%bb%e5%91%bd%e4%bb%a4/av.lnk"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"39.96.156.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647414/; classtype:trojan-activity;sid:84510514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647415)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/forge/av.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"182.143.114.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647415/; classtype:trojan-activity;sid:84510515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647416)"; flow:established,from_client; content:"GET"; http_method; content:"/%e4%ba%a4%e4%ba%92/%e6%89%93%e5%bc%80%e7%bd%91%e9%a1%b5%e7%b1%bb%e5%91%bd%e4%bb%a4/av.scr"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"39.96.156.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647416/; classtype:trojan-activity;sid:84510516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647405)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/contrib/automotive/gm/av.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647405/; classtype:trojan-activity;sid:84510505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647406)"; flow:established,from_client; content:"GET"; http_method; content:"/data/bash/video.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647406/; classtype:trojan-activity;sid:84510506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647407)"; flow:established,from_client; content:"GET"; http_method; content:"/javadoc/exploitpack/video.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647407/; classtype:trojan-activity;sid:84510507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647408)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/contrib/automotive/video.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647408/; classtype:trojan-activity;sid:84510508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647409)"; flow:established,from_client; content:"GET"; http_method; content:"/data/exploitpackgp/image/photo.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647409/; classtype:trojan-activity;sid:84510509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647410)"; flow:established,from_client; content:"GET"; http_method; content:"/data/netagent/video.scr"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647410/; classtype:trojan-activity;sid:84510510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647411)"; flow:established,from_client; content:"GET"; http_method; content:"/data/dllagent/av.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647411/; classtype:trojan-activity;sid:84510511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647412)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/output/cores_usr_sbin/video.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647412/; classtype:trojan-activity;sid:84510512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647413)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/agent.vbs"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647413/; classtype:trojan-activity;sid:84510513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647404)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/video.scr"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"182.143.114.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647404/; classtype:trojan-activity;sid:84510504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647401)"; flow:established,from_client; content:"GET"; http_method; content:"/data/agent/av.scr"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647401/; classtype:trojan-activity;sid:84510501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647394)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/arch/bpf/av.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647394/; classtype:trojan-activity;sid:84510494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647392)"; flow:established,from_client; content:"GET"; http_method; content:"/%e4%ba%a4%e4%ba%92/%e5%bc%95%e5%af%bc%e7%b1%bb%e5%91%bd%e4%bb%a4/photo.scr"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"39.96.156.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647392/; classtype:trojan-activity;sid:84510492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647393)"; flow:established,from_client; content:"GET"; http_method; content:"/data/dllagent/video.scr"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647393/; classtype:trojan-activity;sid:84510493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647391)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/libs/ropgadget/test-suite-binaries/av.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647391/; classtype:trojan-activity;sid:84510491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647390)"; flow:established,from_client; content:"GET"; http_method; content:"/%e4%ba%a4%e4%ba%92/%e9%87%87%e9%9b%86%e6%80%aa%e7%89%a9%e5%b0%b8%e4%bd%93/video.lnk"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"39.96.156.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647390/; classtype:trojan-activity;sid:84510490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647389)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/libs/ropper/av.scr"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647389/; classtype:trojan-activity;sid:84510489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647384)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/modules/photo.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647384/; classtype:trojan-activity;sid:84510484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647385)"; flow:established,from_client; content:"GET"; http_method; content:"/data/netprofiler/video.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647385/; classtype:trojan-activity;sid:84510485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647386)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/libs/ropgadget/av.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647386/; classtype:trojan-activity;sid:84510486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647387)"; flow:established,from_client; content:"GET"; http_method; content:"/javadoc/index-files/video.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647387/; classtype:trojan-activity;sid:84510487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647388)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/contrib/automotive/bmw/av.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647388/; classtype:trojan-activity;sid:84510488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647383)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647383/; classtype:trojan-activity;sid:84510483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647381)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/photo.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"182.143.114.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647381/; classtype:trojan-activity;sid:84510481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647382)"; flow:established,from_client; content:"GET"; http_method; content:"/%e4%ba%a4%e4%ba%92%5c%e5%bc%95%e5%af%bc%e7%b1%bb%e5%91%bd%e4%bb%a4/photo.lnk"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"39.96.156.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647382/; classtype:trojan-activity;sid:84510482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647378)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/fonts/photo.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.143.114.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647378/; classtype:trojan-activity;sid:84510478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647379)"; flow:established,from_client; content:"GET"; http_method; content:"/data/jagent/av.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647379/; classtype:trojan-activity;sid:84510479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647380)"; flow:established,from_client; content:"GET"; http_method; content:"/data/photo.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647380/; classtype:trojan-activity;sid:84510480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647374)"; flow:established,from_client; content:"GET"; http_method; content:"/modules/video.lnk"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"182.143.114.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647374/; classtype:trojan-activity;sid:84510474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647375)"; flow:established,from_client; content:"GET"; http_method; content:"/images/video.lnk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"182.143.114.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647375/; classtype:trojan-activity;sid:84510475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647376)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/contrib/automotive/photo.scr"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647376/; classtype:trojan-activity;sid:84510476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647377)"; flow:established,from_client; content:"GET"; http_method; content:"/%e4%ba%a4%e4%ba%92%5c%e9%87%87%e9%9b%86%e6%80%aa%e7%89%a9%e5%b0%b8%e4%bd%93/av.scr"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"39.96.156.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647377/; classtype:trojan-activity;sid:84510477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647372)"; flow:established,from_client; content:"GET"; http_method; content:"/%e4%ba%a4%e4%ba%92/%e5%bc%95%e5%af%bc%e7%b1%bb%e5%91%bd%e4%bb%a4/av.lnk"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"39.96.156.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647372/; classtype:trojan-activity;sid:84510472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647373)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/arch/bpf/photo.scr"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647373/; classtype:trojan-activity;sid:84510473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647370)"; flow:established,from_client; content:"GET"; http_method; content:"/%e4%ba%a4%e4%ba%92/%e9%87%87%e9%9b%86%e6%80%aa%e7%89%a9%e5%b0%b8%e4%bd%93/photo.scr"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"39.96.156.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647370/; classtype:trojan-activity;sid:84510470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647362)"; flow:established,from_client; content:"GET"; http_method; content:"/data/config/av.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647362/; classtype:trojan-activity;sid:84510462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647360)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/photo.scr"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647360/; classtype:trojan-activity;sid:84510460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647352)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/output/cores/av.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647352/; classtype:trojan-activity;sid:84510452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647351)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/av.scr"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647351/; classtype:trojan-activity;sid:84510451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647345)"; flow:established,from_client; content:"GET"; http_method; content:"/%e4%ba%a4%e4%ba%92/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"39.96.156.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647345/; classtype:trojan-activity;sid:84510445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647342)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/contrib/photo.scr"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647342/; classtype:trojan-activity;sid:84510442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647341)"; flow:established,from_client; content:"GET"; http_method; content:"/%e4%ba%a4%e4%ba%92/photo.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"39.96.156.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647341/; classtype:trojan-activity;sid:84510441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647337)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/libs/ropper/ropper/av.scr"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647337/; classtype:trojan-activity;sid:84510437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647338)"; flow:established,from_client; content:"GET"; http_method; content:"/data/bash/photo.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647338/; classtype:trojan-activity;sid:84510438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647339)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/libs/ropper/av.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647339/; classtype:trojan-activity;sid:84510439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647336)"; flow:established,from_client; content:"GET"; http_method; content:"/%e4%ba%a4%e4%ba%92/%e6%89%93%e5%bc%80%e7%bd%91%e9%a1%b5%e7%b1%bb%e5%91%bd%e4%bb%a4/photo.scr"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"39.96.156.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647336/; classtype:trojan-activity;sid:84510436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647334)"; flow:established,from_client; content:"GET"; http_method; content:"/%e4%ba%a4%e4%ba%92/%e6%89%93%e5%bc%80%e7%bd%91%e9%a1%b5%e7%b1%bb%e5%91%bd%e4%bb%a4/photo.lnk"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"39.96.156.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647334/; classtype:trojan-activity;sid:84510434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647335)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"182.143.114.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647335/; classtype:trojan-activity;sid:84510435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647330)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/forge/photo.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.143.114.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647330/; classtype:trojan-activity;sid:84510430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647331)"; flow:established,from_client; content:"GET"; http_method; content:"/%e4%ba%a4%e4%ba%92/%e6%89%93%e5%bc%80%e7%bd%91%e9%a1%b5%e7%b1%bb%e5%91%bd%e4%bb%a4/video.lnk"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"39.96.156.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647331/; classtype:trojan-activity;sid:84510431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647325)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/libs/ropper/video.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647325/; classtype:trojan-activity;sid:84510425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647326)"; flow:established,from_client; content:"GET"; http_method; content:"/data/config/video.scr"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647326/; classtype:trojan-activity;sid:84510426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647322)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.96.156.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647322/; classtype:trojan-activity;sid:84510422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647323)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/libs/ropgadget/scripts/av.scr"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647323/; classtype:trojan-activity;sid:84510423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647324)"; flow:established,from_client; content:"GET"; http_method; content:"/data/exploitpackgp/certificate/av.scr"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647324/; classtype:trojan-activity;sid:84510424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647321)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"39.96.156.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647321/; classtype:trojan-activity;sid:84510421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647320)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/video.scr"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647320/; classtype:trojan-activity;sid:84510420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647319)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/av.lnk"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"182.143.114.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647319/; classtype:trojan-activity;sid:84510419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647318)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/video.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"182.143.114.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647318/; classtype:trojan-activity;sid:84510418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647316)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/arch/bpf/photo.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647316/; classtype:trojan-activity;sid:84510416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647317)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/photo.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647317/; classtype:trojan-activity;sid:84510417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647315)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%8a%9f%e8%83%bd/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"39.96.156.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647315/; classtype:trojan-activity;sid:84510415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647314)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/av.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647314/; classtype:trojan-activity;sid:84510414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647310)"; flow:established,from_client; content:"GET"; http_method; content:"/%e4%ba%a4%e4%ba%92/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"39.96.156.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647310/; classtype:trojan-activity;sid:84510410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647311)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647311/; classtype:trojan-activity;sid:84510411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647308)"; flow:established,from_client; content:"GET"; http_method; content:"/%e4%ba%a4%e4%ba%92%5c%e9%87%87%e9%9b%86%e6%80%aa%e7%89%a9%e5%b0%b8%e4%bd%93/video.lnk"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"39.96.156.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647308/; classtype:trojan-activity;sid:84510408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647307)"; flow:established,from_client; content:"GET"; http_method; content:"/%e4%ba%a4%e4%ba%92%5c%e5%bc%95%e5%af%bc%e7%b1%bb%e5%91%bd%e4%bb%a4/av.lnk"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"39.96.156.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647307/; classtype:trojan-activity;sid:84510407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647306)"; flow:established,from_client; content:"GET"; http_method; content:"/data/exploitpackgp/image/video.scr"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647306/; classtype:trojan-activity;sid:84510406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647302)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%8a%9f%e8%83%bd/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"39.96.156.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647302/; classtype:trojan-activity;sid:84510402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647305)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"39.96.156.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647305/; classtype:trojan-activity;sid:84510405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647296)"; flow:established,from_client; content:"GET"; http_method; content:"/%e4%ba%a4%e4%ba%92/%e9%87%87%e9%9b%86%e6%80%aa%e7%89%a9%e5%b0%b8%e4%bd%93/av.scr"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"39.96.156.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647296/; classtype:trojan-activity;sid:84510396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647288)"; flow:established,from_client; content:"GET"; http_method; content:"/%e4%ba%a4%e4%ba%92/%e5%bc%95%e5%af%bc%e7%b1%bb%e5%91%bd%e4%bb%a4/av.scr"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"39.96.156.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647288/; classtype:trojan-activity;sid:84510388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647279)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.143.114.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647279/; classtype:trojan-activity;sid:84510379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647276)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/video.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647276/; classtype:trojan-activity;sid:84510376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647277)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/libs/ropgadget/ropgadget/av.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647277/; classtype:trojan-activity;sid:84510377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647278)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/output/cores/photo.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647278/; classtype:trojan-activity;sid:84510378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647275)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/libs/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647275/; classtype:trojan-activity;sid:84510375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647274)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/modules/video.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647274/; classtype:trojan-activity;sid:84510374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647272)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/video.lnk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"182.143.114.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647272/; classtype:trojan-activity;sid:84510372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647273)"; flow:established,from_client; content:"GET"; http_method; content:"/%e4%ba%a4%e4%ba%92%5c%e9%87%87%e9%9b%86%e6%80%aa%e7%89%a9%e5%b0%b8%e4%bd%93/av.lnk"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"39.96.156.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647273/; classtype:trojan-activity;sid:84510373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647271)"; flow:established,from_client; content:"GET"; http_method; content:"/%e4%ba%a4%e4%ba%92%5c%e9%87%87%e9%9b%86%e6%80%aa%e7%89%a9%e5%b0%b8%e4%bd%93/video.scr"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"39.96.156.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647271/; classtype:trojan-activity;sid:84510371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647266)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/fonts/photo.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.143.114.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647266/; classtype:trojan-activity;sid:84510366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647267)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/photo.lnk"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647267/; classtype:trojan-activity;sid:84510367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647268)"; flow:established,from_client; content:"GET"; http_method; content:"/data/netagent/av.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647268/; classtype:trojan-activity;sid:84510368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647269)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/forge/video.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.143.114.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647269/; classtype:trojan-activity;sid:84510369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647270)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/arch/video.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647270/; classtype:trojan-activity;sid:84510370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647263)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/arch/windows/av.scr"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647263/; classtype:trojan-activity;sid:84510363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647258)"; flow:established,from_client; content:"GET"; http_method; content:"/%e4%ba%a4%e4%ba%92%5c%e5%bc%95%e5%af%bc%e7%b1%bb%e5%91%bd%e4%bb%a4/video.lnk"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"39.96.156.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647258/; classtype:trojan-activity;sid:84510358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647259)"; flow:established,from_client; content:"GET"; http_method; content:"/%e4%ba%a4%e4%ba%92%5c%e9%87%87%e9%9b%86%e6%80%aa%e7%89%a9%e5%b0%b8%e4%bd%93/photo.scr"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"39.96.156.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647259/; classtype:trojan-activity;sid:84510359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647262)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/av.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"182.143.114.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647262/; classtype:trojan-activity;sid:84510362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647256)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%8a%9f%e8%83%bd/av.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"39.96.156.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647256/; classtype:trojan-activity;sid:84510356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647252)"; flow:established,from_client; content:"GET"; http_method; content:"/data/perl/photo.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647252/; classtype:trojan-activity;sid:84510352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647245)"; flow:established,from_client; content:"GET"; http_method; content:"/data/jagent/photo.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647245/; classtype:trojan-activity;sid:84510345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647246)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/arch/bpf/video.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647246/; classtype:trojan-activity;sid:84510346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647247)"; flow:established,from_client; content:"GET"; http_method; content:"/%e4%ba%a4%e4%ba%92%5c%e5%bc%95%e5%af%bc%e7%b1%bb%e5%91%bd%e4%bb%a4/photo.scr"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"39.96.156.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647247/; classtype:trojan-activity;sid:84510347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647243)"; flow:established,from_client; content:"GET"; http_method; content:"/%e4%ba%a4%e4%ba%92/av.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"39.96.156.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647243/; classtype:trojan-activity;sid:84510343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647242)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/output/cores/photo.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647242/; classtype:trojan-activity;sid:84510342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647240)"; flow:established,from_client; content:"GET"; http_method; content:"/%e4%ba%a4%e4%ba%92/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"39.96.156.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647240/; classtype:trojan-activity;sid:84510340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647241)"; flow:established,from_client; content:"GET"; http_method; content:"/%e4%ba%a4%e4%ba%92/%e9%87%87%e9%9b%86%e6%80%aa%e7%89%a9%e5%b0%b8%e4%bd%93/video.scr"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"39.96.156.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647241/; classtype:trojan-activity;sid:84510341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647238)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"182.143.114.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647238/; classtype:trojan-activity;sid:84510338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647239)"; flow:established,from_client; content:"GET"; http_method; content:"/%e4%ba%a4%e4%ba%92/%e5%bc%95%e5%af%bc%e7%b1%bb%e5%91%bd%e4%bb%a4/video.scr"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"39.96.156.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647239/; classtype:trojan-activity;sid:84510339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647236)"; flow:established,from_client; content:"GET"; http_method; content:"/data/exploitpackgp/certificate/photo.scr"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647236/; classtype:trojan-activity;sid:84510336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647235)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/fonts/video.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.143.114.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647235/; classtype:trojan-activity;sid:84510335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647231)"; flow:established,from_client; content:"GET"; http_method; content:"/%e4%ba%a4%e4%ba%92/%e9%87%87%e9%9b%86%e6%80%aa%e7%89%a9%e5%b0%b8%e4%bd%93/photo.lnk"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"39.96.156.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647231/; classtype:trojan-activity;sid:84510331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647232)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/lang-data/photo.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"182.143.114.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647232/; classtype:trojan-activity;sid:84510332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647222)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/asn1/av.scr"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647222/; classtype:trojan-activity;sid:84510322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647223)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/libs/ropper/filebytes/av.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647223/; classtype:trojan-activity;sid:84510323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647213)"; flow:established,from_client; content:"GET"; http_method; content:"/data/exploitpackgp/photo.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647213/; classtype:trojan-activity;sid:84510313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647208)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"39.96.156.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647208/; classtype:trojan-activity;sid:84510308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647205)"; flow:established,from_client; content:"GET"; http_method; content:"/data/perl/av.scr"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647205/; classtype:trojan-activity;sid:84510305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647201)"; flow:established,from_client; content:"GET"; http_method; content:"/modules/photo.lnk"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"182.143.114.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647201/; classtype:trojan-activity;sid:84510301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647204)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/fonts/av.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"182.143.114.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647204/; classtype:trojan-activity;sid:84510304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647176)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/output/av.scr"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647176/; classtype:trojan-activity;sid:84510276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647175)"; flow:established,from_client; content:"GET"; http_method; content:"/%e4%ba%a4%e4%ba%92%5c%e5%bc%95%e5%af%bc%e7%b1%bb%e5%91%bd%e4%bb%a4/av.scr"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"39.96.156.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647175/; classtype:trojan-activity;sid:84510275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647172)"; flow:established,from_client; content:"GET"; http_method; content:"/%e4%ba%a4%e4%ba%92/%e5%bc%95%e5%af%bc%e7%b1%bb%e5%91%bd%e4%bb%a4/photo.lnk"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"39.96.156.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647172/; classtype:trojan-activity;sid:84510272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647166)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/lang-data/video.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"182.143.114.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647166/; classtype:trojan-activity;sid:84510266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647149)"; flow:established,from_client; content:"GET"; http_method; content:"/%e4%ba%a4%e4%ba%92/%e9%87%87%e9%9b%86%e6%80%aa%e7%89%a9%e5%b0%b8%e4%bd%93/av.lnk"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"39.96.156.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647149/; classtype:trojan-activity;sid:84510249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647150)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/forge/photo.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.143.114.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647150/; classtype:trojan-activity;sid:84510250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647152)"; flow:established,from_client; content:"GET"; http_method; content:"/data/knowndll/video.scr"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647152/; classtype:trojan-activity;sid:84510252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647147)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/libs/video.scr"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647147/; classtype:trojan-activity;sid:84510247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647145)"; flow:established,from_client; content:"GET"; http_method; content:"/%e4%ba%a4%e4%ba%92%5c%e6%89%93%e5%bc%80%e7%bd%91%e9%a1%b5%e7%b1%bb%e5%91%bd%e4%bb%a4/video.lnk"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"39.96.156.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647145/; classtype:trojan-activity;sid:84510245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647142)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.96.156.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647142/; classtype:trojan-activity;sid:84510242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647139)"; flow:established,from_client; content:"GET"; http_method; content:"/javadoc/index-files/photo.scr"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647139/; classtype:trojan-activity;sid:84510239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647138)"; flow:established,from_client; content:"GET"; http_method; content:"/images/av.lnk"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"182.143.114.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647138/; classtype:trojan-activity;sid:84510238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647121)"; flow:established,from_client; content:"GET"; http_method; content:"/data/exploitpackgp/certificate/video.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647121/; classtype:trojan-activity;sid:84510221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647122)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/tools/automotive/av.scr"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647122/; classtype:trojan-activity;sid:84510222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647124)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/output/cores_usr_sbin/av.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647124/; classtype:trojan-activity;sid:84510224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647127)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/libs/ropper/filebytes/av.scr"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647127/; classtype:trojan-activity;sid:84510227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647118)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/modules/krack/av.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647118/; classtype:trojan-activity;sid:84510218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647119)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/output/photo.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647119/; classtype:trojan-activity;sid:84510219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647120)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/lang-data/av.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"182.143.114.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647120/; classtype:trojan-activity;sid:84510220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647117)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/output/cores_usr_bin/photo.scr"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647117/; classtype:trojan-activity;sid:84510217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647115)"; flow:established,from_client; content:"GET"; http_method; content:"/%e4%ba%a4%e4%ba%92%5c%e5%bc%95%e5%af%bc%e7%b1%bb%e5%91%bd%e4%bb%a4/video.scr"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"39.96.156.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647115/; classtype:trojan-activity;sid:84510215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647116)"; flow:established,from_client; content:"GET"; http_method; content:"/data/agent/av.lnk"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647116/; classtype:trojan-activity;sid:84510216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647114)"; flow:established,from_client; content:"GET"; http_method; content:"/%e4%ba%a4%e4%ba%92%5c%e6%89%93%e5%bc%80%e7%bd%91%e9%a1%b5%e7%b1%bb%e5%91%bd%e4%bb%a4/photo.lnk"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"39.96.156.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647114/; classtype:trojan-activity;sid:84510214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647109)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/scapy/contrib/av.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647109/; classtype:trojan-activity;sid:84510209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647110)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/libs/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647110/; classtype:trojan-activity;sid:84510210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647111)"; flow:established,from_client; content:"GET"; http_method; content:"/%e4%ba%a4%e4%ba%92/%e5%bc%95%e5%af%bc%e7%b1%bb%e5%91%bd%e4%bb%a4/video.lnk"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"39.96.156.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647111/; classtype:trojan-activity;sid:84510211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647112)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/code/libs/ropgadget/ropgadget/av.scr"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"210.215.129.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647112/; classtype:trojan-activity;sid:84510212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647113)"; flow:established,from_client; content:"GET"; http_method; content:"/%e4%ba%a4%e4%ba%92/%e6%89%93%e5%bc%80%e7%bd%91%e9%a1%b5%e7%b1%bb%e5%91%bd%e4%bb%a4/video.scr"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"39.96.156.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647113/; classtype:trojan-activity;sid:84510213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647107)"; flow:established,from_client; content:"GET"; http_method; content:"/%e4%ba%a4%e4%ba%92/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"39.96.156.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647107/; classtype:trojan-activity;sid:84510207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647108)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"39.96.156.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647108/; classtype:trojan-activity;sid:84510208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647106)"; flow:established,from_client; content:"GET"; http_method; content:"/%e4%ba%a4%e4%ba%92%5c%e6%89%93%e5%bc%80%e7%bd%91%e9%a1%b5%e7%b1%bb%e5%91%bd%e4%bb%a4/av.scr"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"39.96.156.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647106/; classtype:trojan-activity;sid:84510206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647105)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/photo.lnk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"182.143.114.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647105/; classtype:trojan-activity;sid:84510205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647104)"; flow:established,from_client; content:"GET"; http_method; content:"/%e4%ba%a4%e4%ba%92%5c%e9%87%87%e9%9b%86%e6%80%aa%e7%89%a9%e5%b0%b8%e4%bd%93/photo.lnk"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"39.96.156.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647104/; classtype:trojan-activity;sid:84510204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647103)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.85.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647103/; classtype:trojan-activity;sid:84510203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647102)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.4.24.226"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647102/; classtype:trojan-activity;sid:84510202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647101)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/validator/css/video.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647101/; classtype:trojan-activity;sid:84510201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647100)"; flow:established,from_client; content:"GET"; http_method; content:"/admin/video.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647100/; classtype:trojan-activity;sid:84510200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647099)"; flow:established,from_client; content:"GET"; http_method; content:"/plug/lottery/theme/admin/video.scr"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647099/; classtype:trojan-activity;sid:84510199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647097)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/dialogs/video/images/av.scr"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647097/; classtype:trojan-activity;sid:84510197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647098)"; flow:established,from_client; content:"GET"; http_method; content:"/admin/photo.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647098/; classtype:trojan-activity;sid:84510198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647096)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/treetable/photo.scr"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647096/; classtype:trojan-activity;sid:84510196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647094)"; flow:established,from_client; content:"GET"; http_method; content:"/plug/photo.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647094/; classtype:trojan-activity;sid:84510194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647095)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/dialogs/preview/av.scr"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647095/; classtype:trojan-activity;sid:84510195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647093)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/css/ztreestyle/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647093/; classtype:trojan-activity;sid:84510193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647091)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/third-party/webuploader/video.scr"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647091/; classtype:trojan-activity;sid:84510191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647092)"; flow:established,from_client; content:"GET"; http_method; content:"/theme/default/model/photo.scr"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647092/; classtype:trojan-activity;sid:84510192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647089)"; flow:established,from_client; content:"GET"; http_method; content:"/plug/spider/av.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647089/; classtype:trojan-activity;sid:84510189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647090)"; flow:established,from_client; content:"GET"; http_method; content:"/theme/default/block/photo.scr"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647090/; classtype:trojan-activity;sid:84510190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647088)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/third-party/zeroclipboard/video.scr"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647088/; classtype:trojan-activity;sid:84510188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647087)"; flow:established,from_client; content:"GET"; http_method; content:"/theme/default/model/page/av.scr"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647087/; classtype:trojan-activity;sid:84510187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647086)"; flow:established,from_client; content:"GET"; http_method; content:"/admin/html/av.scr"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647086/; classtype:trojan-activity;sid:84510186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647085)"; flow:established,from_client; content:"GET"; http_method; content:"/app_data/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647085/; classtype:trojan-activity;sid:84510185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647084)"; flow:established,from_client; content:"GET"; http_method; content:"/plug/attachment/av.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647084/; classtype:trojan-activity;sid:84510184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647083)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/third-party/zeroclipboard/photo.scr"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647083/; classtype:trojan-activity;sid:84510183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647082)"; flow:established,from_client; content:"GET"; http_method; content:"/theme/default/model/down/av.scr"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647082/; classtype:trojan-activity;sid:84510182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647081)"; flow:established,from_client; content:"GET"; http_method; content:"/001/photo.scr"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647081/; classtype:trojan-activity;sid:84510181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647080)"; flow:established,from_client; content:"GET"; http_method; content:"/upfile/lottery/201710/photo.scr"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647080/; classtype:trojan-activity;sid:84510180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647079)"; flow:established,from_client; content:"GET"; http_method; content:"/plug/lottery/video.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647079/; classtype:trojan-activity;sid:84510179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647078)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/av.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647078/; classtype:trojan-activity;sid:84510178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647077)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/class/photo.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647077/; classtype:trojan-activity;sid:84510177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647076)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/class/av.scr"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647076/; classtype:trojan-activity;sid:84510176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647075)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/dialogs/video/av.scr"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647075/; classtype:trojan-activity;sid:84510175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647074)"; flow:established,from_client; content:"GET"; http_method; content:"/upfile/201710/photo.scr"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647074/; classtype:trojan-activity;sid:84510174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647073)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/dialogs/attachment/images/photo.scr"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647073/; classtype:trojan-activity;sid:84510173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647072)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/dialogs/table/av.scr"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647072/; classtype:trojan-activity;sid:84510172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647071)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/dialogs/searchreplace/video.scr"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647071/; classtype:trojan-activity;sid:84510171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647070)"; flow:established,from_client; content:"GET"; http_method; content:"/theme/default/photo.scr"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647070/; classtype:trojan-activity;sid:84510170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647069)"; flow:established,from_client; content:"GET"; http_method; content:"/theme/default/css/av.scr"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647069/; classtype:trojan-activity;sid:84510169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647067)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/themes/default/images/video.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647067/; classtype:trojan-activity;sid:84510167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647068)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/css/ztreestyle/img/video.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647068/; classtype:trojan-activity;sid:84510168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647063)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/tips/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647063/; classtype:trojan-activity;sid:84510163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647064)"; flow:established,from_client; content:"GET"; http_method; content:"/theme/default/av.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647064/; classtype:trojan-activity;sid:84510164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647065)"; flow:established,from_client; content:"GET"; http_method; content:"/theme/video.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647065/; classtype:trojan-activity;sid:84510165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647066)"; flow:established,from_client; content:"GET"; http_method; content:"/theme/default/img/photo.scr"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647066/; classtype:trojan-activity;sid:84510166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647062)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/themes/default/css/photo.scr"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647062/; classtype:trojan-activity;sid:84510162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647061)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/css/ztreestyle/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647061/; classtype:trojan-activity;sid:84510161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647058)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/lang/photo.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647058/; classtype:trojan-activity;sid:84510158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647059)"; flow:established,from_client; content:"GET"; http_method; content:"/plug/lottery/theme/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647059/; classtype:trojan-activity;sid:84510159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647060)"; flow:established,from_client; content:"GET"; http_method; content:"/upfile/video.lnk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647060/; classtype:trojan-activity;sid:84510160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647056)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/themes/default/css/av.scr"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647056/; classtype:trojan-activity;sid:84510156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647057)"; flow:established,from_client; content:"GET"; http_method; content:"/plug/photo.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647057/; classtype:trojan-activity;sid:84510157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647055)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/images/ext/photo.scr"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647055/; classtype:trojan-activity;sid:84510155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647054)"; flow:established,from_client; content:"GET"; http_method; content:"/theme/default/block/av.scr"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647054/; classtype:trojan-activity;sid:84510154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647053)"; flow:established,from_client; content:"GET"; http_method; content:"/001/av.scr"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647053/; classtype:trojan-activity;sid:84510153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647051)"; flow:established,from_client; content:"GET"; http_method; content:"/app_data/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647051/; classtype:trojan-activity;sid:84510151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647052)"; flow:established,from_client; content:"GET"; http_method; content:"/theme/default/img/av.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647052/; classtype:trojan-activity;sid:84510152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647050)"; flow:established,from_client; content:"GET"; http_method; content:"/theme/av.scr"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647050/; classtype:trojan-activity;sid:84510150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647048)"; flow:established,from_client; content:"GET"; http_method; content:"/theme/default/css/video.scr"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647048/; classtype:trojan-activity;sid:84510148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647049)"; flow:established,from_client; content:"GET"; http_method; content:"/plug/av.scr"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647049/; classtype:trojan-activity;sid:84510149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647047)"; flow:established,from_client; content:"GET"; http_method; content:"/config/av.scr"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647047/; classtype:trojan-activity;sid:84510147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647042)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/dialogs/av.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647042/; classtype:trojan-activity;sid:84510142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647043)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/images/av.lnk"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647043/; classtype:trojan-activity;sid:84510143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647044)"; flow:established,from_client; content:"GET"; http_method; content:"/plug/video.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647044/; classtype:trojan-activity;sid:84510144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647045)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/treetable/video.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647045/; classtype:trojan-activity;sid:84510145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647046)"; flow:established,from_client; content:"GET"; http_method; content:"/upfile/lottery/201710/photo.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647046/; classtype:trojan-activity;sid:84510146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647041)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/tips/css/av.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647041/; classtype:trojan-activity;sid:84510141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647040)"; flow:established,from_client; content:"GET"; http_method; content:"/upfile/video.scr"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647040/; classtype:trojan-activity;sid:84510140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647039)"; flow:established,from_client; content:"GET"; http_method; content:"/plug/lottery/theme/images/av.scr"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647039/; classtype:trojan-activity;sid:84510139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647037)"; flow:established,from_client; content:"GET"; http_method; content:"/theme/default/img/av.scr"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647037/; classtype:trojan-activity;sid:84510137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647038)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647038/; classtype:trojan-activity;sid:84510138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647036)"; flow:established,from_client; content:"GET"; http_method; content:"/plug/attachment/video.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647036/; classtype:trojan-activity;sid:84510136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647035)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/themes/default/images/av.scr"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647035/; classtype:trojan-activity;sid:84510135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647033)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/dialogs/link/video.scr"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647033/; classtype:trojan-activity;sid:84510133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647034)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/lang/video.scr"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647034/; classtype:trojan-activity;sid:84510134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647028)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/themes/default/css/av.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647028/; classtype:trojan-activity;sid:84510128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647029)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/third-party/webuploader/photo.scr"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647029/; classtype:trojan-activity;sid:84510129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647030)"; flow:established,from_client; content:"GET"; http_method; content:"/theme/default/av.scr"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647030/; classtype:trojan-activity;sid:84510130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647031)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/dialogs/anchor/photo.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647031/; classtype:trojan-activity;sid:84510131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647032)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/dialogs/help/video.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647032/; classtype:trojan-activity;sid:84510132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647026)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/validator/css/video.scr"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647026/; classtype:trojan-activity;sid:84510126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647027)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/highlight/av.scr"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647027/; classtype:trojan-activity;sid:84510127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647025)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/dialogs/photo.scr"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647025/; classtype:trojan-activity;sid:84510125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647024)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/js/av.scr"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647024/; classtype:trojan-activity;sid:84510124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647020)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/uploader/images/av.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647020/; classtype:trojan-activity;sid:84510120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647021)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/js/photo.lnk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647021/; classtype:trojan-activity;sid:84510121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647022)"; flow:established,from_client; content:"GET"; http_method; content:"/plug/attachment/photo.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647022/; classtype:trojan-activity;sid:84510122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647023)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/js/video.lnk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647023/; classtype:trojan-activity;sid:84510123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647019)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/uploader/av.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647019/; classtype:trojan-activity;sid:84510119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647016)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/swf/photo.scr"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647016/; classtype:trojan-activity;sid:84510116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647017)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/dialogs/anchor/video.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647017/; classtype:trojan-activity;sid:84510117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647018)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/themes/default/images/av.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647018/; classtype:trojan-activity;sid:84510118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647014)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/dialogs/table/video.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647014/; classtype:trojan-activity;sid:84510114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647015)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/lang/zh-cn/images/video.scr"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647015/; classtype:trojan-activity;sid:84510115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647013)"; flow:established,from_client; content:"GET"; http_method; content:"/theme/default/video.scr"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647013/; classtype:trojan-activity;sid:84510113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647012)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/third-party/av.scr"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647012/; classtype:trojan-activity;sid:84510112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647010)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/dialogs/video/images/video.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647010/; classtype:trojan-activity;sid:84510110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647011)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/uploader/css/video.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647011/; classtype:trojan-activity;sid:84510111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647009)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/images/photo.scr"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647009/; classtype:trojan-activity;sid:84510109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647007)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/dialogs/table/photo.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647007/; classtype:trojan-activity;sid:84510107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647008)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/dialogs/link/av.scr"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647008/; classtype:trojan-activity;sid:84510108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647004)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/av.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647004/; classtype:trojan-activity;sid:84510104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647005)"; flow:established,from_client; content:"GET"; http_method; content:"/theme/default/css/photo.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647005/; classtype:trojan-activity;sid:84510105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647006)"; flow:established,from_client; content:"GET"; http_method; content:"/upfile/av.scr"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647006/; classtype:trojan-activity;sid:84510106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647003)"; flow:established,from_client; content:"GET"; http_method; content:"/001/av.lnk"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647003/; classtype:trojan-activity;sid:84510103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647001)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/dialogs/video.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647001/; classtype:trojan-activity;sid:84510101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647002)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/video.scr"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647002/; classtype:trojan-activity;sid:84510102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646998)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/dialogs/video/images/av.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646998/; classtype:trojan-activity;sid:84510098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646999)"; flow:established,from_client; content:"GET"; http_method; content:"/plug/av.lnk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646999/; classtype:trojan-activity;sid:84510099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647000)"; flow:established,from_client; content:"GET"; http_method; content:"/plug/spider/video.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647000/; classtype:trojan-activity;sid:84510100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646996)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/class/photo.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646996/; classtype:trojan-activity;sid:84510096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646997)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/uploader/js/av.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646997/; classtype:trojan-activity;sid:84510097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646995)"; flow:established,from_client; content:"GET"; http_method; content:"/plug/lottery/theme/admin/photo.scr"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646995/; classtype:trojan-activity;sid:84510095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646994)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/dialogs/help/video.scr"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646994/; classtype:trojan-activity;sid:84510094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646992)"; flow:established,from_client; content:"GET"; http_method; content:"/theme/default/css/av.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646992/; classtype:trojan-activity;sid:84510092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646993)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/themes/default/av.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646993/; classtype:trojan-activity;sid:84510093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646990)"; flow:established,from_client; content:"GET"; http_method; content:"/theme/default/video.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646990/; classtype:trojan-activity;sid:84510090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646991)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/urlrule/av.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646991/; classtype:trojan-activity;sid:84510091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646989)"; flow:established,from_client; content:"GET"; http_method; content:"/theme/default/css/video.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646989/; classtype:trojan-activity;sid:84510089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646988)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/dialogs/attachment/filetypeimages/video.scr"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646988/; classtype:trojan-activity;sid:84510088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646987)"; flow:established,from_client; content:"GET"; http_method; content:"/plug/attachment/photo.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646987/; classtype:trojan-activity;sid:84510087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646986)"; flow:established,from_client; content:"GET"; http_method; content:"/admin/html/video.scr"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646986/; classtype:trojan-activity;sid:84510086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646984)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/third-party/photo.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646984/; classtype:trojan-activity;sid:84510084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646985)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/dialogs/attachment/photo.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646985/; classtype:trojan-activity;sid:84510085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646983)"; flow:established,from_client; content:"GET"; http_method; content:"/theme/default/css/photo.scr"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646983/; classtype:trojan-activity;sid:84510083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646979)"; flow:established,from_client; content:"GET"; http_method; content:"/upfile/lottery/201710/av.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646979/; classtype:trojan-activity;sid:84510079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646980)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/dialogs/video/photo.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646980/; classtype:trojan-activity;sid:84510080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646981)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/dialogs/spechars/av.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646981/; classtype:trojan-activity;sid:84510081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646982)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/uploader/images/av.scr"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646982/; classtype:trojan-activity;sid:84510082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646974)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/uploader/video.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646974/; classtype:trojan-activity;sid:84510074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646975)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/uploader/css/av.scr"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646975/; classtype:trojan-activity;sid:84510075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646976)"; flow:established,from_client; content:"GET"; http_method; content:"/theme/default/model/page/av.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646976/; classtype:trojan-activity;sid:84510076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646977)"; flow:established,from_client; content:"GET"; http_method; content:"/theme/default/model/av.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646977/; classtype:trojan-activity;sid:84510077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646978)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/swf/av.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646978/; classtype:trojan-activity;sid:84510078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646971)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/urlrule/photo.scr"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646971/; classtype:trojan-activity;sid:84510071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646972)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/uploader/images/video.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646972/; classtype:trojan-activity;sid:84510072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646973)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/lang/photo.scr"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646973/; classtype:trojan-activity;sid:84510073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646968)"; flow:established,from_client; content:"GET"; http_method; content:"/theme/default/model/news/av.scr"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646968/; classtype:trojan-activity;sid:84510068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646969)"; flow:established,from_client; content:"GET"; http_method; content:"/upfile/lottery/av.scr"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646969/; classtype:trojan-activity;sid:84510069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646970)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/lang/zh-cn/images/photo.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646970/; classtype:trojan-activity;sid:84510070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646964)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/treetable/av.scr"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646964/; classtype:trojan-activity;sid:84510064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646965)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/themes/default/video.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646965/; classtype:trojan-activity;sid:84510065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646966)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/tips/images/av.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646966/; classtype:trojan-activity;sid:84510066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646967)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/dialogs/video/photo.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646967/; classtype:trojan-activity;sid:84510067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646963)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/validator/photo.scr"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646963/; classtype:trojan-activity;sid:84510063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646962)"; flow:established,from_client; content:"GET"; http_method; content:"/app_data/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646962/; classtype:trojan-activity;sid:84510062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646961)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/uploader/js/photo.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646961/; classtype:trojan-activity;sid:84510061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646960)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/uploader/js/video.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646960/; classtype:trojan-activity;sid:84510060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646958)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646958/; classtype:trojan-activity;sid:84510058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646959)"; flow:established,from_client; content:"GET"; http_method; content:"/plug/lottery/theme/av.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646959/; classtype:trojan-activity;sid:84510059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646956)"; flow:established,from_client; content:"GET"; http_method; content:"/plug/spider/photo.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646956/; classtype:trojan-activity;sid:84510056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646957)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/dialogs/attachment/photo.scr"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646957/; classtype:trojan-activity;sid:84510057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646953)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/lang/zh-cn/video.scr"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646953/; classtype:trojan-activity;sid:84510053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646954)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/dialogs/attachment/filetypeimages/av.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646954/; classtype:trojan-activity;sid:84510054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646955)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/css/av.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646955/; classtype:trojan-activity;sid:84510055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646952)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/uploader/css/video.scr"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646952/; classtype:trojan-activity;sid:84510052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646951)"; flow:established,from_client; content:"GET"; http_method; content:"/plug/replace/photo.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646951/; classtype:trojan-activity;sid:84510051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646950)"; flow:established,from_client; content:"GET"; http_method; content:"/admin/html/photo.scr"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646950/; classtype:trojan-activity;sid:84510050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646949)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/photo.scr"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646949/; classtype:trojan-activity;sid:84510049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646948)"; flow:established,from_client; content:"GET"; http_method; content:"/plug/spider/photo.scr"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646948/; classtype:trojan-activity;sid:84510048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646947)"; flow:established,from_client; content:"GET"; http_method; content:"/config/av.lnk"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646947/; classtype:trojan-activity;sid:84510047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646946)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/themes/av.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646946/; classtype:trojan-activity;sid:84510046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646945)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/third-party/webuploader/av.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646945/; classtype:trojan-activity;sid:84510045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646944)"; flow:established,from_client; content:"GET"; http_method; content:"/upfile/lottery/av.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646944/; classtype:trojan-activity;sid:84510044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646943)"; flow:established,from_client; content:"GET"; http_method; content:"/plug/lottery/theme/images/video.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646943/; classtype:trojan-activity;sid:84510043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646941)"; flow:established,from_client; content:"GET"; http_method; content:"/plug/spider/av.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646941/; classtype:trojan-activity;sid:84510041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646942)"; flow:established,from_client; content:"GET"; http_method; content:"/config/video.scr"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646942/; classtype:trojan-activity;sid:84510042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646940)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/images/video.scr"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646940/; classtype:trojan-activity;sid:84510040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646938)"; flow:established,from_client; content:"GET"; http_method; content:"/theme/default/img/photo.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646938/; classtype:trojan-activity;sid:84510038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646939)"; flow:established,from_client; content:"GET"; http_method; content:"/admin/photo.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646939/; classtype:trojan-activity;sid:84510039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646935)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646935/; classtype:trojan-activity;sid:84510035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646936)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/dialogs/video/av.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646936/; classtype:trojan-activity;sid:84510036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646937)"; flow:established,from_client; content:"GET"; http_method; content:"/plug/lottery/theme/admin/av.scr"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646937/; classtype:trojan-activity;sid:84510037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646934)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/dialogs/image/video.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646934/; classtype:trojan-activity;sid:84510034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646933)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/validator/images/av.scr"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646933/; classtype:trojan-activity;sid:84510033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646932)"; flow:established,from_client; content:"GET"; http_method; content:"/theme/av.lnk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646932/; classtype:trojan-activity;sid:84510032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646931)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/treetable/vsstyle/video.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646931/; classtype:trojan-activity;sid:84510031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646928)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/treetable/vsstyle/photo.scr"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646928/; classtype:trojan-activity;sid:84510028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646929)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/dialogs/spechars/photo.scr"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646929/; classtype:trojan-activity;sid:84510029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646930)"; flow:established,from_client; content:"GET"; http_method; content:"/plug/lottery/av.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646930/; classtype:trojan-activity;sid:84510030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646927)"; flow:established,from_client; content:"GET"; http_method; content:"/001/video.scr"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646927/; classtype:trojan-activity;sid:84510027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646926)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/treetable/av.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646926/; classtype:trojan-activity;sid:84510026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646924)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/dialogs/video/images/video.scr"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646924/; classtype:trojan-activity;sid:84510024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646925)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/urlrule/av.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646925/; classtype:trojan-activity;sid:84510025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646923)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/class/av.lnk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646923/; classtype:trojan-activity;sid:84510023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646922)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/dialogs/wordimage/av.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646922/; classtype:trojan-activity;sid:84510022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646921)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/uploader/photo.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646921/; classtype:trojan-activity;sid:84510021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646920)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/third-party/av.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646920/; classtype:trojan-activity;sid:84510020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646919)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/swf/av.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646919/; classtype:trojan-activity;sid:84510019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646918)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/dialogs/anchor/av.scr"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646918/; classtype:trojan-activity;sid:84510018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646915)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/tips/css/video.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646915/; classtype:trojan-activity;sid:84510015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646916)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/lang/zh-cn/av.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646916/; classtype:trojan-activity;sid:84510016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646917)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/tips/images/photo.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646917/; classtype:trojan-activity;sid:84510017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646912)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/themes/default/css/video.scr"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646912/; classtype:trojan-activity;sid:84510012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646913)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/lang/zh-cn/av.scr"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646913/; classtype:trojan-activity;sid:84510013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646914)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/validator/images/av.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646914/; classtype:trojan-activity;sid:84510014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646911)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/uploader/css/photo.scr"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646911/; classtype:trojan-activity;sid:84510011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646910)"; flow:established,from_client; content:"GET"; http_method; content:"/upfile/lottery/201710/video.scr"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646910/; classtype:trojan-activity;sid:84510010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646909)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/dialogs/table/av.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646909/; classtype:trojan-activity;sid:84510009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646908)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/css/av.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646908/; classtype:trojan-activity;sid:84510008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646907)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/css/video.lnk"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646907/; classtype:trojan-activity;sid:84510007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646906)"; flow:established,from_client; content:"GET"; http_method; content:"/upfile/av.lnk"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646906/; classtype:trojan-activity;sid:84510006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646905)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/tips/css/photo.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646905/; classtype:trojan-activity;sid:84510005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646902)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/dialog/av.lnk"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646902/; classtype:trojan-activity;sid:84510002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646903)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/video.lnk"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646903/; classtype:trojan-activity;sid:84510003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646904)"; flow:established,from_client; content:"GET"; http_method; content:"/upfile/201710/video.scr"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646904/; classtype:trojan-activity;sid:84510004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646901)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/class/video.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646901/; classtype:trojan-activity;sid:84510001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646898)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/images/ext/video.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646898/; classtype:trojan-activity;sid:84509998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646899)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/dialogs/preview/photo.scr"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646899/; classtype:trojan-activity;sid:84509999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646900)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/images/video.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646900/; classtype:trojan-activity;sid:84510000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646897)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/uploader/images/photo.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646897/; classtype:trojan-activity;sid:84509997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646896)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/dialogs/searchreplace/photo.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646896/; classtype:trojan-activity;sid:84509996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646894)"; flow:established,from_client; content:"GET"; http_method; content:"/theme/default/block/video.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646894/; classtype:trojan-activity;sid:84509994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646895)"; flow:established,from_client; content:"GET"; http_method; content:"/upfile/lottery/201710/video.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646895/; classtype:trojan-activity;sid:84509995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646890)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/video.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646890/; classtype:trojan-activity;sid:84509990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646891)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/dialogs/image/photo.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646891/; classtype:trojan-activity;sid:84509991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646892)"; flow:established,from_client; content:"GET"; http_method; content:"/upfile/lottery/photo.scr"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646892/; classtype:trojan-activity;sid:84509992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646893)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/treetable/video.scr"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646893/; classtype:trojan-activity;sid:84509993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646889)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/uploader/js/av.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646889/; classtype:trojan-activity;sid:84509989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646888)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/dialogs/searchreplace/av.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646888/; classtype:trojan-activity;sid:84509988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646887)"; flow:established,from_client; content:"GET"; http_method; content:"/upfile/photo.scr"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646887/; classtype:trojan-activity;sid:84509987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646884)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/tips/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646884/; classtype:trojan-activity;sid:84509984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646885)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646885/; classtype:trojan-activity;sid:84509985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646886)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/themes/default/css/video.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646886/; classtype:trojan-activity;sid:84509986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646881)"; flow:established,from_client; content:"GET"; http_method; content:"/plug/lottery/theme/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646881/; classtype:trojan-activity;sid:84509981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646882)"; flow:established,from_client; content:"GET"; http_method; content:"/admin/html/av.lnk"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646882/; classtype:trojan-activity;sid:84509982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646883)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/css/ztreestyle/photo.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646883/; classtype:trojan-activity;sid:84509983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646878)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/uploader/js/video.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646878/; classtype:trojan-activity;sid:84509978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646879)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/images/av.scr"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646879/; classtype:trojan-activity;sid:84509979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646880)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/validator/av.scr"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646880/; classtype:trojan-activity;sid:84509980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646877)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/uploader/js/photo.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646877/; classtype:trojan-activity;sid:84509977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646876)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/dialogs/spechars/photo.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646876/; classtype:trojan-activity;sid:84509976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646874)"; flow:established,from_client; content:"GET"; http_method; content:"/theme/default/model/page/photo.scr"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646874/; classtype:trojan-activity;sid:84509974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646875)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/treetable/vsstyle/photo.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646875/; classtype:trojan-activity;sid:84509975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646873)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/video.scr"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646873/; classtype:trojan-activity;sid:84509973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646872)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/dialogs/attachment/images/av.scr"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646872/; classtype:trojan-activity;sid:84509972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646871)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/dialog/photo.scr"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646871/; classtype:trojan-activity;sid:84509971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646870)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/dialogs/spechars/av.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646870/; classtype:trojan-activity;sid:84509970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646869)"; flow:established,from_client; content:"GET"; http_method; content:"/plug/replace/video.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646869/; classtype:trojan-activity;sid:84509969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646868)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/highlight/av.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646868/; classtype:trojan-activity;sid:84509968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646867)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/dialogs/link/av.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646867/; classtype:trojan-activity;sid:84509967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646865)"; flow:established,from_client; content:"GET"; http_method; content:"/theme/default/model/av.scr"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646865/; classtype:trojan-activity;sid:84509965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646866)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/tips/images/av.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646866/; classtype:trojan-activity;sid:84509966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646864)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/uploader/av.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646864/; classtype:trojan-activity;sid:84509964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646863)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/validator/video.scr"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646863/; classtype:trojan-activity;sid:84509963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646862)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/dialogs/attachment/images/video.scr"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646862/; classtype:trojan-activity;sid:84509962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646860)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/css/video.scr"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646860/; classtype:trojan-activity;sid:84509960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646861)"; flow:established,from_client; content:"GET"; http_method; content:"/theme/default/model/page/photo.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646861/; classtype:trojan-activity;sid:84509961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646858)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/urlrule/photo.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646858/; classtype:trojan-activity;sid:84509958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646859)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/images/ext/video.scr"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646859/; classtype:trojan-activity;sid:84509959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646856)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/css/ztreestyle/img/av.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646856/; classtype:trojan-activity;sid:84509956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646857)"; flow:established,from_client; content:"GET"; http_method; content:"/plug/video.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646857/; classtype:trojan-activity;sid:84509957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646855)"; flow:established,from_client; content:"GET"; http_method; content:"/plug/lottery/av.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646855/; classtype:trojan-activity;sid:84509955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646854)"; flow:established,from_client; content:"GET"; http_method; content:"/config/photo.lnk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646854/; classtype:trojan-activity;sid:84509954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646852)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/js/av.lnk"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646852/; classtype:trojan-activity;sid:84509952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646853)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/tips/images/video.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646853/; classtype:trojan-activity;sid:84509953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646851)"; flow:established,from_client; content:"GET"; http_method; content:"/upfile/201710/av.scr"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646851/; classtype:trojan-activity;sid:84509951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646850)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/treetable/vsstyle/av.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646850/; classtype:trojan-activity;sid:84509950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646849)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/swf/video.scr"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646849/; classtype:trojan-activity;sid:84509949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646847)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/third-party/video.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646847/; classtype:trojan-activity;sid:84509947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646848)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/dialog/av.scr"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646848/; classtype:trojan-activity;sid:84509948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646846)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/tips/images/photo.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646846/; classtype:trojan-activity;sid:84509946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646845)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/photo.lnk"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646845/; classtype:trojan-activity;sid:84509945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646842)"; flow:established,from_client; content:"GET"; http_method; content:"/upfile/201710/video.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646842/; classtype:trojan-activity;sid:84509942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646843)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/themes/default/video.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646843/; classtype:trojan-activity;sid:84509943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646844)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/dialogs/searchreplace/photo.scr"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646844/; classtype:trojan-activity;sid:84509944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646841)"; flow:established,from_client; content:"GET"; http_method; content:"/theme/default/photo.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646841/; classtype:trojan-activity;sid:84509941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646838)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/dialogs/attachment/images/photo.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646838/; classtype:trojan-activity;sid:84509938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646839)"; flow:established,from_client; content:"GET"; http_method; content:"/theme/default/block/photo.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646839/; classtype:trojan-activity;sid:84509939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646840)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/av.scr"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646840/; classtype:trojan-activity;sid:84509940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646837)"; flow:established,from_client; content:"GET"; http_method; content:"/plug/replace/av.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646837/; classtype:trojan-activity;sid:84509937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646835)"; flow:established,from_client; content:"GET"; http_method; content:"/plug/lottery/theme/photo.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646835/; classtype:trojan-activity;sid:84509935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646836)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/dialogs/image/av.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646836/; classtype:trojan-activity;sid:84509936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646830)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/highlight/video.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646830/; classtype:trojan-activity;sid:84509930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646831)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/dialogs/table/video.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646831/; classtype:trojan-activity;sid:84509931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646832)"; flow:established,from_client; content:"GET"; http_method; content:"/upfile/photo.lnk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646832/; classtype:trojan-activity;sid:84509932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646833)"; flow:established,from_client; content:"GET"; http_method; content:"/plug/lottery/theme/images/photo.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646833/; classtype:trojan-activity;sid:84509933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646834)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/dialogs/preview/av.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646834/; classtype:trojan-activity;sid:84509934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646827)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/dialogs/attachment/filetypeimages/video.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646827/; classtype:trojan-activity;sid:84509927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646828)"; flow:established,from_client; content:"GET"; http_method; content:"/admin/video.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646828/; classtype:trojan-activity;sid:84509928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646829)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/dialogs/attachment/filetypeimages/photo.lnk"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646829/; classtype:trojan-activity;sid:84509929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646825)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/dialogs/table/photo.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646825/; classtype:trojan-activity;sid:84509925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646826)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/dialogs/photo.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646826/; classtype:trojan-activity;sid:84509926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646820)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/css/photo.scr"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646820/; classtype:trojan-activity;sid:84509920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646821)"; flow:established,from_client; content:"GET"; http_method; content:"/app_data/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646821/; classtype:trojan-activity;sid:84509921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646822)"; flow:established,from_client; content:"GET"; http_method; content:"/config/photo.scr"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646822/; classtype:trojan-activity;sid:84509922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646823)"; flow:established,from_client; content:"GET"; http_method; content:"/plug/attachment/video.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646823/; classtype:trojan-activity;sid:84509923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646824)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/css/ztreestyle/av.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646824/; classtype:trojan-activity;sid:84509924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646817)"; flow:established,from_client; content:"GET"; http_method; content:"/theme/default/model/photo.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646817/; classtype:trojan-activity;sid:84509917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646818)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/treetable/vsstyle/video.scr"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646818/; classtype:trojan-activity;sid:84509918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646819)"; flow:established,from_client; content:"GET"; http_method; content:"/plug/lottery/photo.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646819/; classtype:trojan-activity;sid:84509919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646816)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/lang/video.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646816/; classtype:trojan-activity;sid:84509916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646815)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/dialogs/anchor/photo.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646815/; classtype:trojan-activity;sid:84509915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646813)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/css/photo.lnk"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646813/; classtype:trojan-activity;sid:84509913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646814)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646814/; classtype:trojan-activity;sid:84509914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646812)"; flow:established,from_client; content:"GET"; http_method; content:"/upfile/lottery/video.scr"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646812/; classtype:trojan-activity;sid:84509912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646810)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/images/ext/av.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646810/; classtype:trojan-activity;sid:84509910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646811)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/images/ext/photo.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646811/; classtype:trojan-activity;sid:84509911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646809)"; flow:established,from_client; content:"GET"; http_method; content:"/theme/default/model/down/av.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646809/; classtype:trojan-activity;sid:84509909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646808)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/validator/av.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646808/; classtype:trojan-activity;sid:84509908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646807)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/dialogs/wordimage/video.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646807/; classtype:trojan-activity;sid:84509907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646804)"; flow:established,from_client; content:"GET"; http_method; content:"/theme/default/model/news/av.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646804/; classtype:trojan-activity;sid:84509904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646805)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/third-party/photo.scr"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646805/; classtype:trojan-activity;sid:84509905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646806)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/dialogs/anchor/av.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646806/; classtype:trojan-activity;sid:84509906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646803)"; flow:established,from_client; content:"GET"; http_method; content:"/theme/default/model/page/video.scr"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646803/; classtype:trojan-activity;sid:84509903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646801)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/themes/default/av.scr"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646801/; classtype:trojan-activity;sid:84509901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646802)"; flow:established,from_client; content:"GET"; http_method; content:"/theme/default/block/video.scr"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646802/; classtype:trojan-activity;sid:84509902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646799)"; flow:established,from_client; content:"GET"; http_method; content:"/upfile/lottery/video.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646799/; classtype:trojan-activity;sid:84509899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646800)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/uploader/images/photo.scr"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646800/; classtype:trojan-activity;sid:84509900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646796)"; flow:established,from_client; content:"GET"; http_method; content:"/theme/video.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646796/; classtype:trojan-activity;sid:84509896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646797)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/dialogs/wordimage/video.scr"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646797/; classtype:trojan-activity;sid:84509897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646798)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/dialogs/attachment/images/av.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646798/; classtype:trojan-activity;sid:84509898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646793)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/css/ztreestyle/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646793/; classtype:trojan-activity;sid:84509893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646794)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/treetable/photo.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646794/; classtype:trojan-activity;sid:84509894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646795)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/images/photo.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646795/; classtype:trojan-activity;sid:84509895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646792)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/dialogs/searchreplace/av.scr"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646792/; classtype:trojan-activity;sid:84509892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646788)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/dialogs/video/video.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646788/; classtype:trojan-activity;sid:84509888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646789)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/third-party/webuploader/video.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646789/; classtype:trojan-activity;sid:84509889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646790)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/tips/css/photo.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646790/; classtype:trojan-activity;sid:84509890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646791)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/lang/zh-cn/photo.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646791/; classtype:trojan-activity;sid:84509891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646783)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/dialog/video.scr"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646783/; classtype:trojan-activity;sid:84509883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646784)"; flow:established,from_client; content:"GET"; http_method; content:"/theme/default/model/down/photo.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646784/; classtype:trojan-activity;sid:84509884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646785)"; flow:established,from_client; content:"GET"; http_method; content:"/plug/spider/video.scr"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646785/; classtype:trojan-activity;sid:84509885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646786)"; flow:established,from_client; content:"GET"; http_method; content:"/theme/default/img/video.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646786/; classtype:trojan-activity;sid:84509886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646787)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/dialogs/av.scr"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646787/; classtype:trojan-activity;sid:84509887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646781)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646781/; classtype:trojan-activity;sid:84509881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646782)"; flow:established,from_client; content:"GET"; http_method; content:"/plug/lottery/photo.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646782/; classtype:trojan-activity;sid:84509882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646780)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/highlight/video.scr"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646780/; classtype:trojan-activity;sid:84509880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646779)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/validator/photo.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646779/; classtype:trojan-activity;sid:84509879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646778)"; flow:established,from_client; content:"GET"; http_method; content:"/upfile/201710/photo.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646778/; classtype:trojan-activity;sid:84509878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646777)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/photo.scr"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646777/; classtype:trojan-activity;sid:84509877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646776)"; flow:established,from_client; content:"GET"; http_method; content:"/app_data/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646776/; classtype:trojan-activity;sid:84509876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646775)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/tips/css/av.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646775/; classtype:trojan-activity;sid:84509875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646774)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/js/photo.scr"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646774/; classtype:trojan-activity;sid:84509874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646773)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/themes/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646773/; classtype:trojan-activity;sid:84509873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646771)"; flow:established,from_client; content:"GET"; http_method; content:"/config/video.lnk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646771/; classtype:trojan-activity;sid:84509871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646772)"; flow:established,from_client; content:"GET"; http_method; content:"/plug/lottery/theme/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646772/; classtype:trojan-activity;sid:84509872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646768)"; flow:established,from_client; content:"GET"; http_method; content:"/theme/default/block/av.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646768/; classtype:trojan-activity;sid:84509868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646769)"; flow:established,from_client; content:"GET"; http_method; content:"/plug/lottery/theme/admin/video.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646769/; classtype:trojan-activity;sid:84509869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646770)"; flow:established,from_client; content:"GET"; http_method; content:"/upfile/201710/av.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646770/; classtype:trojan-activity;sid:84509870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646765)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/validator/images/photo.scr"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646765/; classtype:trojan-activity;sid:84509865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646766)"; flow:established,from_client; content:"GET"; http_method; content:"/plug/attachment/av.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646766/; classtype:trojan-activity;sid:84509866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646767)"; flow:established,from_client; content:"GET"; http_method; content:"/admin/av.scr"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646767/; classtype:trojan-activity;sid:84509867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646764)"; flow:established,from_client; content:"GET"; http_method; content:"/upfile/lottery/201710/av.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646764/; classtype:trojan-activity;sid:84509864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646763)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/validator/css/av.scr"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646763/; classtype:trojan-activity;sid:84509863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646762)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/dialogs/attachment/av.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646762/; classtype:trojan-activity;sid:84509862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646761)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/dialogs/attachment/filetypeimages/av.scr"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646761/; classtype:trojan-activity;sid:84509861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646760)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/css/ztreestyle/img/av.scr"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646760/; classtype:trojan-activity;sid:84509860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646758)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/css/ztreestyle/img/video.scr"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646758/; classtype:trojan-activity;sid:84509858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646759)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/third-party/webuploader/av.scr"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646759/; classtype:trojan-activity;sid:84509859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646757)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/uploader/photo.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646757/; classtype:trojan-activity;sid:84509857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646756)"; flow:established,from_client; content:"GET"; http_method; content:"/theme/photo.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646756/; classtype:trojan-activity;sid:84509856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646755)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/dialogs/wordimage/photo.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646755/; classtype:trojan-activity;sid:84509855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646754)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/third-party/zeroclipboard/av.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646754/; classtype:trojan-activity;sid:84509854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646753)"; flow:established,from_client; content:"GET"; http_method; content:"/theme/default/model/video.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646753/; classtype:trojan-activity;sid:84509853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646752)"; flow:established,from_client; content:"GET"; http_method; content:"/theme/default/model/news/photo.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646752/; classtype:trojan-activity;sid:84509852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646751)"; flow:established,from_client; content:"GET"; http_method; content:"/admin/av.lnk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646751/; classtype:trojan-activity;sid:84509851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646748)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/lang/av.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646748/; classtype:trojan-activity;sid:84509848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646749)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/themes/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646749/; classtype:trojan-activity;sid:84509849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646750)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/dialogs/help/av.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646750/; classtype:trojan-activity;sid:84509850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646747)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/swf/photo.lnk"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646747/; classtype:trojan-activity;sid:84509847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646745)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/dialogs/preview/video.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646745/; classtype:trojan-activity;sid:84509845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646746)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/dialogs/attachment/images/video.lnk"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646746/; classtype:trojan-activity;sid:84509846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646744)"; flow:established,from_client; content:"GET"; http_method; content:"/plug/lottery/theme/images/av.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646744/; classtype:trojan-activity;sid:84509844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646743)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/highlight/photo.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646743/; classtype:trojan-activity;sid:84509843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646742)"; flow:established,from_client; content:"GET"; http_method; content:"/001/photo.lnk"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646742/; classtype:trojan-activity;sid:84509842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646741)"; flow:established,from_client; content:"GET"; http_method; content:"/admin/html/photo.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646741/; classtype:trojan-activity;sid:84509841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646740)"; flow:established,from_client; content:"GET"; http_method; content:"/plug/replace/av.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646740/; classtype:trojan-activity;sid:84509840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646739)"; flow:established,from_client; content:"GET"; http_method; content:"/plug/lottery/theme/images/video.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646739/; classtype:trojan-activity;sid:84509839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646738)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/validator/css/av.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646738/; classtype:trojan-activity;sid:84509838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646737)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/dialogs/link/photo.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646737/; classtype:trojan-activity;sid:84509837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646736)"; flow:established,from_client; content:"GET"; http_method; content:"/plug/lottery/theme/admin/av.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646736/; classtype:trojan-activity;sid:84509836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646734)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/uploader/css/av.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646734/; classtype:trojan-activity;sid:84509834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646735)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/photo.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646735/; classtype:trojan-activity;sid:84509835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646732)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/dialog/video.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646732/; classtype:trojan-activity;sid:84509832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646733)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/dialogs/image/photo.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646733/; classtype:trojan-activity;sid:84509833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646731)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/css/ztreestyle/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646731/; classtype:trojan-activity;sid:84509831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646730)"; flow:established,from_client; content:"GET"; http_method; content:"/upfile/lottery/photo.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646730/; classtype:trojan-activity;sid:84509830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646723)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/tips/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646723/; classtype:trojan-activity;sid:84509823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646724)"; flow:established,from_client; content:"GET"; http_method; content:"/theme/photo.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646724/; classtype:trojan-activity;sid:84509824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646725)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/av.lnk"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646725/; classtype:trojan-activity;sid:84509825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646726)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/swf/video.lnk"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646726/; classtype:trojan-activity;sid:84509826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646727)"; flow:established,from_client; content:"GET"; http_method; content:"/plug/replace/photo.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646727/; classtype:trojan-activity;sid:84509827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646728)"; flow:established,from_client; content:"GET"; http_method; content:"/plug/lottery/video.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646728/; classtype:trojan-activity;sid:84509828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646729)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/ueditor/lang/zh-cn/images/video.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"116.169.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646729/; classtype:trojan-activity;sid:84509829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646722)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"76.94.192.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646722/; classtype:trojan-activity;sid:84509822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646721)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2025/02/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646721/; classtype:trojan-activity;sid:84509821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646720)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2023/02/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646720/; classtype:trojan-activity;sid:84509820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646718)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2018/10/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646718/; classtype:trojan-activity;sid:84509818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646719)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2021/09/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646719/; classtype:trojan-activity;sid:84509819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646717)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2023/11/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646717/; classtype:trojan-activity;sid:84509817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646716)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2021/05/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646716/; classtype:trojan-activity;sid:84509816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646714)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2023/12/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646714/; classtype:trojan-activity;sid:84509814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646715)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2021/02/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646715/; classtype:trojan-activity;sid:84509815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646713)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2024/10/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646713/; classtype:trojan-activity;sid:84509813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646707)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2021/11/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646707/; classtype:trojan-activity;sid:84509807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646708)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2023/09/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646708/; classtype:trojan-activity;sid:84509808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646709)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2024/12/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646709/; classtype:trojan-activity;sid:84509809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646710)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2022/06/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646710/; classtype:trojan-activity;sid:84509810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646711)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2024/11/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646711/; classtype:trojan-activity;sid:84509811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646712)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2025/06/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646712/; classtype:trojan-activity;sid:84509812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646706)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2020/08/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646706/; classtype:trojan-activity;sid:84509806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646705)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2025/03/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646705/; classtype:trojan-activity;sid:84509805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646702)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2024/04/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646702/; classtype:trojan-activity;sid:84509802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646703)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2025/05/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646703/; classtype:trojan-activity;sid:84509803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646704)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2022/07/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646704/; classtype:trojan-activity;sid:84509804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646701)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2021/04/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646701/; classtype:trojan-activity;sid:84509801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646700)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.61.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646700/; classtype:trojan-activity;sid:84509800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646699)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.39.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646699/; classtype:trojan-activity;sid:84509799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646698)"; flow:established,from_client; content:"GET"; http_method; content:"/z4b.check|3f|t=dgdwojql"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"co.mxta-6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646698/; classtype:trojan-activity;sid:84509798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646697)"; flow:established,from_client; content:"GET"; http_method; content:"/qccgk09mmk.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"h.vzj-1-o.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646697/; classtype:trojan-activity;sid:84509797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646696)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.250.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646696/; classtype:trojan-activity;sid:84509796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646695)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.201.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646695/; classtype:trojan-activity;sid:84509795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646694)"; flow:established,from_client; content:"GET"; http_method; content:"/gxgw1it84l.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"h.vzj-1-o.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646694/; classtype:trojan-activity;sid:84509794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646693)"; flow:established,from_client; content:"GET"; http_method; content:"/2bl.google|3f|t=htnx11h5"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ce.kmbo-6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646693/; classtype:trojan-activity;sid:84509793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646692)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.202.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646692/; classtype:trojan-activity;sid:84509792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646691)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.60.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646691/; classtype:trojan-activity;sid:84509791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646690)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.187.53.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646690/; classtype:trojan-activity;sid:84509790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646689)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.162.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646689/; classtype:trojan-activity;sid:84509789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646688)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.84.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646688/; classtype:trojan-activity;sid:84509788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646686)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.83.242.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646686/; classtype:trojan-activity;sid:84509786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646687)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.123.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646687/; classtype:trojan-activity;sid:84509787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646685)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.26.81.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646685/; classtype:trojan-activity;sid:84509785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646684)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2018/07/soratjalaseh_heyat_omana_3th_from_6th_13931218.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"shirazartu.ac.ir"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646684/; classtype:trojan-activity;sid:84509784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646683)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"140.237.37.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646683/; classtype:trojan-activity;sid:84509783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646682)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.225.74.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646682/; classtype:trojan-activity;sid:84509782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646680)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2018/07/soratjalaseh_88th_komision_13950208.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"shirazartu.ac.ir"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646680/; classtype:trojan-activity;sid:84509780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646681)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2018/07/soratjalaseh_79th_komision_13930405.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"shirazartu.ac.ir"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646681/; classtype:trojan-activity;sid:84509781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646679)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.76.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646679/; classtype:trojan-activity;sid:84509779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646678)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.61.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646678/; classtype:trojan-activity;sid:84509778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646677)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.109.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646677/; classtype:trojan-activity;sid:84509777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646676)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.18.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646676/; classtype:trojan-activity;sid:84509776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646675)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.72.166.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646675/; classtype:trojan-activity;sid:84509775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646674)"; flow:established,from_client; content:"GET"; http_method; content:"/7t.check|3f|t=gbaypord"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ca.kmbo-6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646674/; classtype:trojan-activity;sid:84509774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646673)"; flow:established,from_client; content:"GET"; http_method; content:"/qr0nw19zyd.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"zd.mbs-3-a.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646673/; classtype:trojan-activity;sid:84509773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646672)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.201.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646672/; classtype:trojan-activity;sid:84509772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646671)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.128.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646671/; classtype:trojan-activity;sid:84509771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646670)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.51.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646670/; classtype:trojan-activity;sid:84509770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646668)"; flow:established,from_client; content:"GET"; http_method; content:"/c3.check|3f|t=u9epn964"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"bu.kmbo-6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646668/; classtype:trojan-activity;sid:84509768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646669)"; flow:established,from_client; content:"GET"; http_method; content:"/aes49xk9d5.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r2.mbs-3-a.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646669/; classtype:trojan-activity;sid:84509769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646667)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.53.197.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646667/; classtype:trojan-activity;sid:84509767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646666)"; flow:established,from_client; content:"GET"; http_method; content:"/files/740061926/8ciugjz.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646666/; classtype:trojan-activity;sid:84509766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646665)"; flow:established,from_client; content:"GET"; http_method; content:"/87rh1c6/belejthxbfnfmmhlb/asyncclient3333312313_protected.exe"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"api.chimera-hosting.zip"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646665/; classtype:trojan-activity;sid:84509765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646664)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.137.148.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646664/; classtype:trojan-activity;sid:84509764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646663)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.83.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646663/; classtype:trojan-activity;sid:84509763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646662)"; flow:established,from_client; content:"GET"; http_method; content:"/pmjtgyvarm.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"wq9.mbs-3-a.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646662/; classtype:trojan-activity;sid:84509762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646661)"; flow:established,from_client; content:"GET"; http_method; content:"/dk.check|3f|t=tukbrzfj"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"za.kmbo-6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646661/; classtype:trojan-activity;sid:84509761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646660)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.158.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646660/; classtype:trojan-activity;sid:84509760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646659)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.82.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646659/; classtype:trojan-activity;sid:84509759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646658)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.83.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646658/; classtype:trojan-activity;sid:84509758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646657)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.127.49.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646657/; classtype:trojan-activity;sid:84509757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646656)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.109.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646656/; classtype:trojan-activity;sid:84509756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646655)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.148.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646655/; classtype:trojan-activity;sid:84509755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646654)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.138.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646654/; classtype:trojan-activity;sid:84509754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646653)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.13.234.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646653/; classtype:trojan-activity;sid:84509753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646652)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.169.248.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646652/; classtype:trojan-activity;sid:84509752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646651)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.197.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646651/; classtype:trojan-activity;sid:84509751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646650)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.127.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646650/; classtype:trojan-activity;sid:84509750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646649)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.190.184.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646649/; classtype:trojan-activity;sid:84509749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646648)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.173.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646648/; classtype:trojan-activity;sid:84509748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646647)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.82.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646647/; classtype:trojan-activity;sid:84509747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646646)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.138.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646646/; classtype:trojan-activity;sid:84509746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646645)"; flow:established,from_client; content:"GET"; http_method; content:"/cptqvrn4ds.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c7.mbs-3-a.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646645/; classtype:trojan-activity;sid:84509745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646644)"; flow:established,from_client; content:"GET"; http_method; content:"/33.google|3f|t=e988hpa7"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"yo.kfko-3.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646644/; classtype:trojan-activity;sid:84509744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646643)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.190.184.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646643/; classtype:trojan-activity;sid:84509743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646642)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.89.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646642/; classtype:trojan-activity;sid:84509742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646641)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.127.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646641/; classtype:trojan-activity;sid:84509741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646640)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.173.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646640/; classtype:trojan-activity;sid:84509740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646639)"; flow:established,from_client; content:"GET"; http_method; content:"/jqoi6uu56k.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"n.mbs-3-a.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646639/; classtype:trojan-activity;sid:84509739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646638)"; flow:established,from_client; content:"GET"; http_method; content:"/h7.google|3f|t=ye75krlh"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ye.kfko-3.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646638/; classtype:trojan-activity;sid:84509738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646637)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.177.97.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646637/; classtype:trojan-activity;sid:84509737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646636)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.169.248.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646636/; classtype:trojan-activity;sid:84509736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646635)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.105.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646635/; classtype:trojan-activity;sid:84509735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646634)"; flow:established,from_client; content:"GET"; http_method; content:"/vwh942umu8.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k9.jwm-3-e.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646634/; classtype:trojan-activity;sid:84509734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646633)"; flow:established,from_client; content:"GET"; http_method; content:"/7z.google|3f|t=k09prpss"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ya.kfko-3.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646633/; classtype:trojan-activity;sid:84509733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646632)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.22.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646632/; classtype:trojan-activity;sid:84509732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.3.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646631/; classtype:trojan-activity;sid:84509731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646630)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.5.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646630/; classtype:trojan-activity;sid:84509730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646629)"; flow:established,from_client; content:"GET"; http_method; content:"/hh1.google|3f|t=mmjg12x9"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"xu.kfko-3.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646629/; classtype:trojan-activity;sid:84509729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646628)"; flow:established,from_client; content:"GET"; http_method; content:"/71001n4sxd.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m7.jwm-3-e.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646628/; classtype:trojan-activity;sid:84509728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646627)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.6.167.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646627/; classtype:trojan-activity;sid:84509727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646626)"; flow:established,from_client; content:"GET"; http_method; content:"/g04m7p5vds.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"tq1.jwm-3-e.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646626/; classtype:trojan-activity;sid:84509726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646625)"; flow:established,from_client; content:"GET"; http_method; content:"/02w.google|3f|t=vkfq143o"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"xi.kfko-3.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646625/; classtype:trojan-activity;sid:84509725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646624)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.247.88.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646624/; classtype:trojan-activity;sid:84509724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646623)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.196.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646623/; classtype:trojan-activity;sid:84509723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646622)"; flow:established,from_client; content:"GET"; http_method; content:"/e5.google|3f|t=umkj58t9"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"un.tfba6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646622/; classtype:trojan-activity;sid:84509722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646621)"; flow:established,from_client; content:"GET"; http_method; content:"/1czbezgpae.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"tq1.jwm-3-e.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646621/; classtype:trojan-activity;sid:84509721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646620)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.33.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646620/; classtype:trojan-activity;sid:84509720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646619)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.5.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646619/; classtype:trojan-activity;sid:84509719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646618)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.253.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646618/; classtype:trojan-activity;sid:84509718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646617)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.18.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646617/; classtype:trojan-activity;sid:84509717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646616)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.247.88.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646616/; classtype:trojan-activity;sid:84509716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646615)"; flow:established,from_client; content:"GET"; http_method; content:"/a68u9tsbfv.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"b2.jwm-3-e.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646615/; classtype:trojan-activity;sid:84509715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646614)"; flow:established,from_client; content:"GET"; http_method; content:"/iuj.google|3f|t=l1bqm9ix"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"um.tfba6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646614/; classtype:trojan-activity;sid:84509714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646613)"; flow:established,from_client; content:"GET"; http_method; content:"/am.google|3f|t=913jvhne"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"uh.tfba6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646613/; classtype:trojan-activity;sid:84509713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646611)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.120.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646611/; classtype:trojan-activity;sid:84509711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646612)"; flow:established,from_client; content:"GET"; http_method; content:"/lirb701qme.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"b2.jwm-3-e.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646612/; classtype:trojan-activity;sid:84509712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646610)"; flow:established,from_client; content:"GET"; http_method; content:"/m4bb2qom7b.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"x.jwm-3-e.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646610/; classtype:trojan-activity;sid:84509710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646609)"; flow:established,from_client; content:"GET"; http_method; content:"/tqk.check|3f|t=6ki7ubp8"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"to.tfba6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646609/; classtype:trojan-activity;sid:84509709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646608)"; flow:established,from_client; content:"GET"; http_method; content:"/v25jkswj39.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"x.jwm-3-e.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646608/; classtype:trojan-activity;sid:84509708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646607)"; flow:established,from_client; content:"GET"; http_method; content:"/2sf.google|3f|t=yo93i8np"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ti.tfba6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646607/; classtype:trojan-activity;sid:84509707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646605)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1397167287/x3iwavj.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646605/; classtype:trojan-activity;sid:84509705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646606)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.130.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646606/; classtype:trojan-activity;sid:84509706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646604)"; flow:established,from_client; content:"GET"; http_method; content:"/tsetup-x64.6.1.3.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.uhleii.fun"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646604/; classtype:trojan-activity;sid:84509704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646603)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.235.194.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646603/; classtype:trojan-activity;sid:84509703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646602)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.7.177"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646602/; classtype:trojan-activity;sid:84509702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646601)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646601/; classtype:trojan-activity;sid:84509701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646600)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.133.216.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646600/; classtype:trojan-activity;sid:84509700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646599)"; flow:established,from_client; content:"GET"; http_method; content:"/1f.google|3f|t=elmnwzt8"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ta.sxqy9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646599/; classtype:trojan-activity;sid:84509699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646598)"; flow:established,from_client; content:"GET"; http_method; content:"/62z0lsxlat.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"n0.hqs-9-i.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646598/; classtype:trojan-activity;sid:84509698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646597)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.109.229.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646597/; classtype:trojan-activity;sid:84509697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646596)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.101.19.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646596/; classtype:trojan-activity;sid:84509696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646595)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.235.194.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646595/; classtype:trojan-activity;sid:84509695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646594)"; flow:established,from_client; content:"GET"; http_method; content:"/b8m544k5jl.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"e1.hqs-9-i.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646594/; classtype:trojan-activity;sid:84509694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646593)"; flow:established,from_client; content:"GET"; http_method; content:"/ij.check|3f|t=1tyr7a7o"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"so.sxqy9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646593/; classtype:trojan-activity;sid:84509693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646592)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.90.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646592/; classtype:trojan-activity;sid:84509692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646591)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.231.229.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646591/; classtype:trojan-activity;sid:84509691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646590)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.103.0.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646590/; classtype:trojan-activity;sid:84509690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646589)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.39.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646589/; classtype:trojan-activity;sid:84509689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646588)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.53.128.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646588/; classtype:trojan-activity;sid:84509688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646587)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646587/; classtype:trojan-activity;sid:84509687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646586)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.109.229.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646586/; classtype:trojan-activity;sid:84509686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646585)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.180.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646585/; classtype:trojan-activity;sid:84509685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646584)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.60.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646584/; classtype:trojan-activity;sid:84509684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646583)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.103.0.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646583/; classtype:trojan-activity;sid:84509683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646582)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.179.46.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646582/; classtype:trojan-activity;sid:84509682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646581)"; flow:established,from_client; content:"GET"; http_method; content:"/you6m8cizk.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qk2.hqs-9-i.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646581/; classtype:trojan-activity;sid:84509681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646580)"; flow:established,from_client; content:"GET"; http_method; content:"/na9.check|3f|t=7tqbwnab"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"si.sxqy9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646580/; classtype:trojan-activity;sid:84509680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646579)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.78.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646579/; classtype:trojan-activity;sid:84509679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646578)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.179.46.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646578/; classtype:trojan-activity;sid:84509678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646577)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.59.10.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646577/; classtype:trojan-activity;sid:84509677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646576)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.180.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646576/; classtype:trojan-activity;sid:84509676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646575)"; flow:established,from_client; content:"GET"; http_method; content:"/optimized_msi.png"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"globalbusinesstradings.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646575/; classtype:trojan-activity;sid:84509675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646574)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.149.107.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646574/; classtype:trojan-activity;sid:84509674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646570)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1hfcq4eqzwyjpzz7vq0foqhvyhcxbu5el"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646570/; classtype:trojan-activity;sid:84509670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646571)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1lu0j1wlgkge54hrerkcxlebmxeqzyvjw"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646571/; classtype:trojan-activity;sid:84509671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646572)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251002023141.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"globalbusinesstradings.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646572/; classtype:trojan-activity;sid:84509672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646573)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251002023428.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"globalbusinesstradings.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646573/; classtype:trojan-activity;sid:84509673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646567)"; flow:established,from_client; content:"GET"; http_method; content:"/eqm.google|3f|t=e8eas1ac"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"re.sxqy9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646567/; classtype:trojan-activity;sid:84509667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646568)"; flow:established,from_client; content:"GET"; http_method; content:"/5lsu1n03wo.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"u5.hqs-9-i.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646568/; classtype:trojan-activity;sid:84509668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646569)"; flow:established,from_client; content:"GET"; http_method; content:"/nobutter/buuter1/raw/main/uploads/payload_1759349859_3316.txt"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646569/; classtype:trojan-activity;sid:84509669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646565)"; flow:established,from_client; content:"GET"; http_method; content:"/5h0.google|3f|t=12yld0k9"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"sh.sxqy9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646565/; classtype:trojan-activity;sid:84509665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646566)"; flow:established,from_client; content:"GET"; http_method; content:"/815uzmzo52.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"u5.hqs-9-i.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646566/; classtype:trojan-activity;sid:84509666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646562)"; flow:established,from_client; content:"GET"; http_method; content:"/nobutter/buuter1/raw/main/uploads/payload_1759350297_5374.txt"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646562/; classtype:trojan-activity;sid:84509662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646563)"; flow:established,from_client; content:"GET"; http_method; content:"/nobutter/buuter1/raw/main/uploads/payload_1759351077_1971.txt"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646563/; classtype:trojan-activity;sid:84509663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646564)"; flow:established,from_client; content:"GET"; http_method; content:"/nobutter/buuter1/raw/main/uploads/payload_1759350582_5191.txt"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646564/; classtype:trojan-activity;sid:84509664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646556)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7080311667/fd6obfs.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646556/; classtype:trojan-activity;sid:84509656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646557)"; flow:established,from_client; content:"GET"; http_method; content:"/nobutter/buuter1/raw/main/uploads/payload_1759395287_6690.txt"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646557/; classtype:trojan-activity;sid:84509657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646558)"; flow:established,from_client; content:"GET"; http_method; content:"/nobutter/buuter1/raw/main/uploads/payload_1759350093_6525.txt"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646558/; classtype:trojan-activity;sid:84509658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646559)"; flow:established,from_client; content:"GET"; http_method; content:"/nobutter/buuter1/raw/main/uploads/payload_1759345577_8436.txt"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646559/; classtype:trojan-activity;sid:84509659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646560)"; flow:established,from_client; content:"GET"; http_method; content:"/nobutter/buuter1/raw/main/uploads/payload_1759350422_5627.txt"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646560/; classtype:trojan-activity;sid:84509660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646561)"; flow:established,from_client; content:"GET"; http_method; content:"/nobutter/buuter1/raw/main/uploads/payload_1759351303_1157.txt"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646561/; classtype:trojan-activity;sid:84509661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646551)"; flow:established,from_client; content:"GET"; http_method; content:"/nobutter/buuter1/raw/main/uploads/payload_1759350897_8183.txt"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646551/; classtype:trojan-activity;sid:84509651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646552)"; flow:established,from_client; content:"GET"; http_method; content:"/nobutter/buuter1/raw/main/uploads/payload_1759353065_3625.txt"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646552/; classtype:trojan-activity;sid:84509652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646553)"; flow:established,from_client; content:"GET"; http_method; content:"/nobutter/buuter1/raw/main/uploads/payload_1759346821_7155.txt"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646553/; classtype:trojan-activity;sid:84509653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646554)"; flow:established,from_client; content:"GET"; http_method; content:"/nobutter/buuter1/raw/main/uploads/payload_1759395810_7662.txt"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646554/; classtype:trojan-activity;sid:84509654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646555)"; flow:established,from_client; content:"GET"; http_method; content:"/nobutter/buuter1/raw/main/uploads/payload_1759353364_9793.txt"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646555/; classtype:trojan-activity;sid:84509655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646549)"; flow:established,from_client; content:"GET"; http_method; content:"/nobutter/buuter1/raw/main/uploads/payload_1759405268_6307.txt"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646549/; classtype:trojan-activity;sid:84509649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646550)"; flow:established,from_client; content:"GET"; http_method; content:"/nobutter/buuter1/raw/main/uploads/payload_1759346604_7147.txt"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646550/; classtype:trojan-activity;sid:84509650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646546)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.25.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646546/; classtype:trojan-activity;sid:84509646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646547)"; flow:established,from_client; content:"GET"; http_method; content:"/nobutter/buuter1/raw/main/uploads/payload_1759404754_3988.txt"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646547/; classtype:trojan-activity;sid:84509647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646548)"; flow:established,from_client; content:"GET"; http_method; content:"/nobutter/buuter1/raw/main/uploads/payload_1759405015_6005.txt"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646548/; classtype:trojan-activity;sid:84509648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646545)"; flow:established,from_client; content:"GET"; http_method; content:"/nobutter/buuter1/raw/main/uploads/payload_1759395600_5910.txt"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646545/; classtype:trojan-activity;sid:84509645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646541)"; flow:established,from_client; content:"GET"; http_method; content:"/wlduj_21//02.txt"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"andrefelipedonascime1756166725866.0531865.meusitehostgator.com.br"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646541/; classtype:trojan-activity;sid:84509641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646542)"; flow:established,from_client; content:"GET"; http_method; content:"/wlduj_21/03.txt"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"andrefelipedonascime1756166725866.0531865.meusitehostgator.com.br"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646542/; classtype:trojan-activity;sid:84509642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646543)"; flow:established,from_client; content:"GET"; http_method; content:"/5ww6db.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646543/; classtype:trojan-activity;sid:84509643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646544)"; flow:established,from_client; content:"GET"; http_method; content:"/or.txt"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"starmaall.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646544/; classtype:trojan-activity;sid:84509644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646540)"; flow:established,from_client; content:"GET"; http_method; content:"/wlduj_21//01.txt"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"andrefelipedonascime1756166725866.0531865.meusitehostgator.com.br"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646540/; classtype:trojan-activity;sid:84509640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646539)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251002111342.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"mobshah.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646539/; classtype:trojan-activity;sid:84509639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646538)"; flow:established,from_client; content:"GET"; http_method; content:"/uf5tvtozfj.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r.hqs-9-i.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646538/; classtype:trojan-activity;sid:84509638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646536)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251002111333.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"mobshah.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646536/; classtype:trojan-activity;sid:84509636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646537)"; flow:established,from_client; content:"GET"; http_method; content:"/lqt.google|3f|t=gibgghzt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"qi.sqfe6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646537/; classtype:trojan-activity;sid:84509637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646535)"; flow:established,from_client; content:"GET"; http_method; content:"/03f67t.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646535/; classtype:trojan-activity;sid:84509635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646533)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251002111131.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"activegroup-bd.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646533/; classtype:trojan-activity;sid:84509633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646534)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251002110747.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"activegroup-bd.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646534/; classtype:trojan-activity;sid:84509634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646531)"; flow:established,from_client; content:"GET"; http_method; content:"/2/steinn.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"196.251.85.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646531/; classtype:trojan-activity;sid:84509631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646532)"; flow:established,from_client; content:"GET"; http_method; content:"/2/stein.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"196.251.85.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646532/; classtype:trojan-activity;sid:84509632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646530)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.215.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646530/; classtype:trojan-activity;sid:84509630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646524)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.123.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646524/; classtype:trojan-activity;sid:84509624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646525)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.145.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646525/; classtype:trojan-activity;sid:84509625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646526)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"211.158.209.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646526/; classtype:trojan-activity;sid:84509626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646527)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.192.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646527/; classtype:trojan-activity;sid:84509627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646528)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"122.193.197.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646528/; classtype:trojan-activity;sid:84509628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646529)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.176.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646529/; classtype:trojan-activity;sid:84509629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646518)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.213.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646518/; classtype:trojan-activity;sid:84509618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646519)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.249.70.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646519/; classtype:trojan-activity;sid:84509619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646520)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.5.51.199"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646520/; classtype:trojan-activity;sid:84509620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646521)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.105.76.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646521/; classtype:trojan-activity;sid:84509621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646522)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.105.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646522/; classtype:trojan-activity;sid:84509622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646523)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.176.125.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646523/; classtype:trojan-activity;sid:84509623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646517)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.129.1.246"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646517/; classtype:trojan-activity;sid:84509617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646515)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.94.127.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646515/; classtype:trojan-activity;sid:84509615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646516)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.249.70.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646516/; classtype:trojan-activity;sid:84509616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646514)"; flow:established,from_client; content:"GET"; http_method; content:"/fczxmcbcghowjenm222.bin"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"107.172.135.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646514/; classtype:trojan-activity;sid:84509614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646513)"; flow:established,from_client; content:"GET"; http_method; content:"/wwnmeadujulskwh116.bin"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"107.172.135.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646513/; classtype:trojan-activity;sid:84509613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646511)"; flow:established,from_client; content:"GET"; http_method; content:"/dlynkkhlmgcnfnib165.bin"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"107.172.135.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646511/; classtype:trojan-activity;sid:84509611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646512)"; flow:established,from_client; content:"GET"; http_method; content:"/zolfqta150.bin"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"107.172.135.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646512/; classtype:trojan-activity;sid:84509612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646510)"; flow:established,from_client; content:"GET"; http_method; content:"/orek3tlr5f.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r3.frl-0-i.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646510/; classtype:trojan-activity;sid:84509610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646509)"; flow:established,from_client; content:"GET"; http_method; content:"/6oy.check|3f|t=yuacuqyk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"po.sqfe6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646509/; classtype:trojan-activity;sid:84509609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646508)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.223.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646508/; classtype:trojan-activity;sid:84509608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646507)"; flow:established,from_client; content:"GET"; http_method; content:"/18rqsx3ksi.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r3.frl-0-i.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646507/; classtype:trojan-activity;sid:84509607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646506)"; flow:established,from_client; content:"GET"; http_method; content:"/i04.google|3f|t=yirogp8q"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"pi.sqfe6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646506/; classtype:trojan-activity;sid:84509606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646505)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20250929025123.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"firmnaoliu.wuaze.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646505/; classtype:trojan-activity;sid:84509605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646504)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20250929231211.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"firmnaoliu.wuaze.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646504/; classtype:trojan-activity;sid:84509604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646503)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.95.121.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646503/; classtype:trojan-activity;sid:84509603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646502)"; flow:established,from_client; content:"GET"; http_method; content:"/base644.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"apocolypser.s3.us-east-1.amazonaws.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646502/; classtype:trojan-activity;sid:84509602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646501)"; flow:established,from_client; content:"GET"; http_method; content:"/base46.txt"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"reporter9128.s3.us-east-1.amazonaws.com"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646501/; classtype:trojan-activity;sid:84509601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646500)"; flow:established,from_client; content:"GET"; http_method; content:"/802.check|3f|t=q1a7lu9z"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"pe.sqfe6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646500/; classtype:trojan-activity;sid:84509600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646499)"; flow:established,from_client; content:"GET"; http_method; content:"/474xcpu6wt.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k7.frl-0-i.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646499/; classtype:trojan-activity;sid:84509599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646498)"; flow:established,from_client; content:"GET"; http_method; content:"/d5.google|3f|t=30h5s72z"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"pa.sqfe6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646498/; classtype:trojan-activity;sid:84509598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646497)"; flow:established,from_client; content:"GET"; http_method; content:"/espxcmrx90.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k7.frl-0-i.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646497/; classtype:trojan-activity;sid:84509597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646496)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.230.103.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646496/; classtype:trojan-activity;sid:84509596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646495)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.254.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646495/; classtype:trojan-activity;sid:84509595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646494)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.54.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646494/; classtype:trojan-activity;sid:84509594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646493)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.176.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646493/; classtype:trojan-activity;sid:84509593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646492)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.35.92.182"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646492/; classtype:trojan-activity;sid:84509592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646491)"; flow:established,from_client; content:"GET"; http_method; content:"/401cuhte87.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"aa9.frl-0-i.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646491/; classtype:trojan-activity;sid:84509591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646490)"; flow:established,from_client; content:"GET"; http_method; content:"/wfc.google|3f|t=tz3gwl0a"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"oy.sgdi6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646490/; classtype:trojan-activity;sid:84509590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646489)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.254.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646489/; classtype:trojan-activity;sid:84509589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646488)"; flow:established,from_client; content:"GET"; http_method; content:"/cn8rqr6r0j.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2.frl-0-i.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646488/; classtype:trojan-activity;sid:84509588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646487)"; flow:established,from_client; content:"GET"; http_method; content:"/x4a.check|3f|t=pnvfbz4g"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ox.sgdi6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646487/; classtype:trojan-activity;sid:84509587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646486)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.35.92.182"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646486/; classtype:trojan-activity;sid:84509586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.212.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646485/; classtype:trojan-activity;sid:84509585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646484)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.136.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646484/; classtype:trojan-activity;sid:84509584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646483)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.134.174.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646483/; classtype:trojan-activity;sid:84509583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646482)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.149.107.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646482/; classtype:trojan-activity;sid:84509582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646481)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.94.75.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646481/; classtype:trojan-activity;sid:84509581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646480)"; flow:established,from_client; content:"GET"; http_method; content:"/2xxmscqrl7.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"g.frl-0-i.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646480/; classtype:trojan-activity;sid:84509580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646479)"; flow:established,from_client; content:"GET"; http_method; content:"/7k.check|3f|t=7sfbgs4y"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ow.sgdi6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646479/; classtype:trojan-activity;sid:84509579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646478)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.127.71.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646478/; classtype:trojan-activity;sid:84509578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646477)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.212.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646477/; classtype:trojan-activity;sid:84509577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646476)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.136.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646476/; classtype:trojan-activity;sid:84509576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646474)"; flow:established,from_client; content:"GET"; http_method; content:"/download/optimized_msi_20251002_2352/optimized_msi.png"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"archive.org"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646474/; classtype:trojan-activity;sid:84509574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646475)"; flow:established,from_client; content:"GET"; http_method; content:"/nueva%20carpeta/vmdocum.txt"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"hostphpwindowsdriversapps.duckdns.org"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646475/; classtype:trojan-activity;sid:84509575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646469)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"196.251.80.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646469/; classtype:trojan-activity;sid:84509569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646470)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i686"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.80.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646470/; classtype:trojan-activity;sid:84509570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646471)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i468"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.80.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646471/; classtype:trojan-activity;sid:84509571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646472)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86_64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"196.251.80.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646472/; classtype:trojan-activity;sid:84509572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646473)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i468"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"151.242.30.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646473/; classtype:trojan-activity;sid:84509573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646468)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.231.229.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646468/; classtype:trojan-activity;sid:84509568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646467)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.86.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646467/; classtype:trojan-activity;sid:84509567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646466)"; flow:established,from_client; content:"GET"; http_method; content:"/clp1.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.46.152.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646466/; classtype:trojan-activity;sid:84509566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646465)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.214.152.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646465/; classtype:trojan-activity;sid:84509565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646464)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.163.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646464/; classtype:trojan-activity;sid:84509564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646463)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.213.94.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646463/; classtype:trojan-activity;sid:84509563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646462)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.174.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646462/; classtype:trojan-activity;sid:84509562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646461)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.86.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646461/; classtype:trojan-activity;sid:84509561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646460)"; flow:established,from_client; content:"GET"; http_method; content:"/bvio5j4l3o.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m2.dxp-5-y.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646460/; classtype:trojan-activity;sid:84509560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646459)"; flow:established,from_client; content:"GET"; http_method; content:"/vf.google|3f|t=vj1niguu"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"os.sgdi6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646459/; classtype:trojan-activity;sid:84509559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646458)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.83.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646458/; classtype:trojan-activity;sid:84509558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646445)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.arm"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"5.180.82.245"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646445/; classtype:trojan-activity;sid:84509545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646446)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.arc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"5.180.82.245"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646446/; classtype:trojan-activity;sid:84509546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646447)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.x86"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"5.180.82.245"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646447/; classtype:trojan-activity;sid:84509547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646448)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.arm7"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"5.180.82.245"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646448/; classtype:trojan-activity;sid:84509548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646449)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.mpsl"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"5.180.82.245"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646449/; classtype:trojan-activity;sid:84509549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646450)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.arm5"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"5.180.82.245"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646450/; classtype:trojan-activity;sid:84509550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646451)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.mips"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"5.180.82.245"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646451/; classtype:trojan-activity;sid:84509551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646452)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.x86_64"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"5.180.82.245"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646452/; classtype:trojan-activity;sid:84509552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646453)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.sh4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"5.180.82.245"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646453/; classtype:trojan-activity;sid:84509553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646454)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.m68k"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"5.180.82.245"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646454/; classtype:trojan-activity;sid:84509554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646455)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.spc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"5.180.82.245"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646455/; classtype:trojan-activity;sid:84509555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646456)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.arm6"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"5.180.82.245"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646456/; classtype:trojan-activity;sid:84509556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646457)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.ppc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"5.180.82.245"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646457/; classtype:trojan-activity;sid:84509557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646444)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.241.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646444/; classtype:trojan-activity;sid:84509544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646443)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.228.71.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646443/; classtype:trojan-activity;sid:84509543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646442)"; flow:established,from_client; content:"GET"; http_method; content:"/3ghy8saef1.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"aa9.dxp-5-y.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646442/; classtype:trojan-activity;sid:84509542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646441)"; flow:established,from_client; content:"GET"; http_method; content:"/nl.check|3f|t=8qqw0qqe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"or.sgdi6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646441/; classtype:trojan-activity;sid:84509541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646440)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.201.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646440/; classtype:trojan-activity;sid:84509540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646439)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.190.203.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646439/; classtype:trojan-activity;sid:84509539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646438)"; flow:established,from_client; content:"GET"; http_method; content:"/vuvzjjhn.mp3"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"196.251.87.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646438/; classtype:trojan-activity;sid:84509538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646437)"; flow:established,from_client; content:"GET"; http_method; content:"/ksnftsl.mp3"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"196.251.87.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646437/; classtype:trojan-activity;sid:84509537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646436)"; flow:established,from_client; content:"GET"; http_method; content:"/cgewylrhx.pdf"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"196.251.87.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646436/; classtype:trojan-activity;sid:84509536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646435)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5917492177/lk5bp4t.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646435/; classtype:trojan-activity;sid:84509535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646434)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.83.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646434/; classtype:trojan-activity;sid:84509534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646433)"; flow:established,from_client; content:"GET"; http_method; content:"/322/iok___p0093003e030300302020039093400p0o0o3090943940394039049434.hta"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"172.245.209.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646433/; classtype:trojan-activity;sid:84509533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646432)"; flow:established,from_client; content:"GET"; http_method; content:"/rw3.check|3f|t=q5wbvaiu"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"op.rvni2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646432/; classtype:trojan-activity;sid:84509532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646431)"; flow:established,from_client; content:"GET"; http_method; content:"/wu9shjjtu6.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"xq0.dxp-5-y.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646431/; classtype:trojan-activity;sid:84509531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646430)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.222.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646430/; classtype:trojan-activity;sid:84509530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646429)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.229.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646429/; classtype:trojan-activity;sid:84509529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646428)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"151.242.30.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646428/; classtype:trojan-activity;sid:84509528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646427)"; flow:established,from_client; content:"GET"; http_method; content:"/tsetup-x64.6.1.3.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"pub-bc9604df3ece4286930884174e6c7dbe.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646427/; classtype:trojan-activity;sid:84509527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646426)"; flow:established,from_client; content:"GET"; http_method; content:"/images/optimized_msi.png"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"mobshah.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646426/; classtype:trojan-activity;sid:84509526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646424)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"151.242.30.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646424/; classtype:trojan-activity;sid:84509524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646425)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i686"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"151.242.30.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646425/; classtype:trojan-activity;sid:84509525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646423)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/connectwisecontrol.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:88; isdataat:!1,relative; nocase; content:"jsc091.frauddefensecorp.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646423/; classtype:trojan-activity;sid:84509523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646413)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/connectwisecontrol.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:88; isdataat:!1,relative; nocase; content:"sc.frauddefensecorp.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646413/; classtype:trojan-activity;sid:84509513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646414)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/v1/object/public/nano/image.jpg|3f|12711343"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"ybgctdtbzvgpdxjivafy.supabase.co"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646414/; classtype:trojan-activity;sid:84509514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646415)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"151.242.30.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646415/; classtype:trojan-activity;sid:84509515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646416)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"27.102.138.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646416/; classtype:trojan-activity;sid:84509516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646417)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.102.138.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646417/; classtype:trojan-activity;sid:84509517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646418)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"27.102.138.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646418/; classtype:trojan-activity;sid:84509518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646419)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7200390261/tb1kplu.msi"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646419/; classtype:trojan-activity;sid:84509519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646420)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/v1/object/public/nano_duso/image.jpg"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"frygzjyhtiunvhvnacif.supabase.co"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646420/; classtype:trojan-activity;sid:84509520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646421)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"151.242.30.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646421/; classtype:trojan-activity;sid:84509521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646422)"; flow:established,from_client; content:"GET"; http_method; content:"/87rh1c6/urwzbwohhvqastlns/deluxe_crypted.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"api.chimera-hosting.zip"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646422/; classtype:trojan-activity;sid:84509522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646409)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"27.102.138.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646409/; classtype:trojan-activity;sid:84509509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646410)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"151.242.30.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646410/; classtype:trojan-activity;sid:84509510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646411)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"151.242.30.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646411/; classtype:trojan-activity;sid:84509511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646412)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7782139129/i82fnyv.msi"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646412/; classtype:trojan-activity;sid:84509512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646396)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"27.102.138.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646396/; classtype:trojan-activity;sid:84509496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646397)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"151.242.30.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646397/; classtype:trojan-activity;sid:84509497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646398)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"151.242.30.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646398/; classtype:trojan-activity;sid:84509498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646399)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"151.242.30.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646399/; classtype:trojan-activity;sid:84509499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646400)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"151.242.30.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646400/; classtype:trojan-activity;sid:84509500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646401)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"27.102.138.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646401/; classtype:trojan-activity;sid:84509501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646402)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"27.102.138.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646402/; classtype:trojan-activity;sid:84509502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646403)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/v1/object/public/hold/image.jpg|3f|12711343h"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"ihmmkvkaiwnilneauhfn.supabase.co"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646403/; classtype:trojan-activity;sid:84509503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646404)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.sh4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"151.242.30.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646404/; classtype:trojan-activity;sid:84509504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646405)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"151.242.30.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646405/; classtype:trojan-activity;sid:84509505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646406)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"27.102.138.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646406/; classtype:trojan-activity;sid:84509506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646407)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"27.102.138.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646407/; classtype:trojan-activity;sid:84509507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646408)"; flow:established,from_client; content:"GET"; http_method; content:"/files/jqqvlru0vaih3z.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"toolshare.com.tr"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646408/; classtype:trojan-activity;sid:84509508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646390)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.80.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646390/; classtype:trojan-activity;sid:84509490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646391)"; flow:established,from_client; content:"GET"; http_method; content:"/tbk.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.102.138.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646391/; classtype:trojan-activity;sid:84509491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646392)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86_64"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"151.242.30.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646392/; classtype:trojan-activity;sid:84509492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646393)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"151.242.30.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646393/; classtype:trojan-activity;sid:84509493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646394)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/debug"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"151.242.30.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646394/; classtype:trojan-activity;sid:84509494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646395)"; flow:established,from_client; content:"GET"; http_method; content:"/i486"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"27.102.138.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646395/; classtype:trojan-activity;sid:84509495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646388)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"27.102.138.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646388/; classtype:trojan-activity;sid:84509488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646389)"; flow:established,from_client; content:"GET"; http_method; content:"/87rh1c6/bukmlmrfjsidmkbjsc/crypted.bat"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"api.chimera-hosting.zip"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646389/; classtype:trojan-activity;sid:84509489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646387)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1781548144/vpdlm50.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646387/; classtype:trojan-activity;sid:84509487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646383)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7340950931/ek2xqar.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646383/; classtype:trojan-activity;sid:84509483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646384)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7541447895/hzkrvse.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646384/; classtype:trojan-activity;sid:84509484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646385)"; flow:established,from_client; content:"GET"; http_method; content:"/img/image.jpg|3f|12711343"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"tjthjd.icu"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646385/; classtype:trojan-activity;sid:84509485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646386)"; flow:established,from_client; content:"GET"; http_method; content:"/unex.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"194.58.47.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646386/; classtype:trojan-activity;sid:84509486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646381)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1781548144/kben16p.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646381/; classtype:trojan-activity;sid:84509481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646382)"; flow:established,from_client; content:"GET"; http_method; content:"/img/image.jpg|3f|12711343"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"ngfkjfy.icu"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646382/; classtype:trojan-activity;sid:84509482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646377)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8178997029/x1yaayo.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646377/; classtype:trojan-activity;sid:84509477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646378)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7541447895/euoyiqy.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646378/; classtype:trojan-activity;sid:84509478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646379)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7541447895/8koksn0.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646379/; classtype:trojan-activity;sid:84509479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646380)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7541447895/0dlak0v.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646380/; classtype:trojan-activity;sid:84509480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646376)"; flow:established,from_client; content:"GET"; http_method; content:"/img/optimized_msi.png"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"104.168.7.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646376/; classtype:trojan-activity;sid:84509476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646373)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7755144173/sihsxps.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646373/; classtype:trojan-activity;sid:84509473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646374)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8069434297/rl6pgx0.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646374/; classtype:trojan-activity;sid:84509474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646375)"; flow:established,from_client; content:"GET"; http_method; content:"/yarn.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"27.102.138.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646375/; classtype:trojan-activity;sid:84509475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646372)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.201.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646372/; classtype:trojan-activity;sid:84509472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646371)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.190.203.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646371/; classtype:trojan-activity;sid:84509471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646370)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.71.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646370/; classtype:trojan-activity;sid:84509470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646369)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.78.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646369/; classtype:trojan-activity;sid:84509469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646368)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.237.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646368/; classtype:trojan-activity;sid:84509468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646367)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.126.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646367/; classtype:trojan-activity;sid:84509467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646366)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.186.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646366/; classtype:trojan-activity;sid:84509466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646365)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.38.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646365/; classtype:trojan-activity;sid:84509465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646364)"; flow:established,from_client; content:"GET"; http_method; content:"/4fyagy6rhv.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c5.dxp-5-y.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646364/; classtype:trojan-activity;sid:84509464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646363)"; flow:established,from_client; content:"GET"; http_method; content:"/wnt.google|3f|t=tzavmz1s"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"on.rvni2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646363/; classtype:trojan-activity;sid:84509463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646362)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.38.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646362/; classtype:trojan-activity;sid:84509462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646361)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.126.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646361/; classtype:trojan-activity;sid:84509461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646360)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.8.128.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646360/; classtype:trojan-activity;sid:84509460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646359)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.195.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646359/; classtype:trojan-activity;sid:84509459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646358)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.178.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646358/; classtype:trojan-activity;sid:84509458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646357)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.23.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646357/; classtype:trojan-activity;sid:84509457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646356)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7674584712/ouq3iyk.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646356/; classtype:trojan-activity;sid:84509456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646355)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7782139129/fpkrahz.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646355/; classtype:trojan-activity;sid:84509455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646354)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.196.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646354/; classtype:trojan-activity;sid:84509454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646353)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7340950931/aml1nnh.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646353/; classtype:trojan-activity;sid:84509453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646352)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7541447895/w6riucn.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646352/; classtype:trojan-activity;sid:84509452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646351)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7541447895/byiq5lp.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646351/; classtype:trojan-activity;sid:84509451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646350)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.209.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646350/; classtype:trojan-activity;sid:84509450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646349)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.229.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646349/; classtype:trojan-activity;sid:84509449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646347)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.93.228.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646347/; classtype:trojan-activity;sid:84509447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646348)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.114.193.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646348/; classtype:trojan-activity;sid:84509448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646346)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.130.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646346/; classtype:trojan-activity;sid:84509446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646345)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.196.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646345/; classtype:trojan-activity;sid:84509445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646344)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.70.13.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646344/; classtype:trojan-activity;sid:84509444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646343)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.23.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646343/; classtype:trojan-activity;sid:84509443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646342)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.172.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646342/; classtype:trojan-activity;sid:84509442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646341)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.191.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646341/; classtype:trojan-activity;sid:84509441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646340)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.62.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646340/; classtype:trojan-activity;sid:84509440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646339)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.70.13.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646339/; classtype:trojan-activity;sid:84509439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646338)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.70.90.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646338/; classtype:trojan-activity;sid:84509438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646337)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.130.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646337/; classtype:trojan-activity;sid:84509437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646336)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.93.228.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646336/; classtype:trojan-activity;sid:84509436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646335)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.64.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646335/; classtype:trojan-activity;sid:84509435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646334)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.197.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646334/; classtype:trojan-activity;sid:84509434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646333)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.162.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646333/; classtype:trojan-activity;sid:84509433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646332)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.172.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646332/; classtype:trojan-activity;sid:84509432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646331)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.52.32.98"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646331/; classtype:trojan-activity;sid:84509431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646330)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.94.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646330/; classtype:trojan-activity;sid:84509430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646329)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.62.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646329/; classtype:trojan-activity;sid:84509429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646328)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.71.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646328/; classtype:trojan-activity;sid:84509428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646327)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.70.90.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646327/; classtype:trojan-activity;sid:84509427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646326)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.138.212.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646326/; classtype:trojan-activity;sid:84509426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646320)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646320/; classtype:trojan-activity;sid:84509420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646321)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.24.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646321/; classtype:trojan-activity;sid:84509421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646322)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.80.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646322/; classtype:trojan-activity;sid:84509422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646323)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.160.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646323/; classtype:trojan-activity;sid:84509423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646324)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.236.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646324/; classtype:trojan-activity;sid:84509424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646325)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.236.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646325/; classtype:trojan-activity;sid:84509425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646319)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.2.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646319/; classtype:trojan-activity;sid:84509419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646318)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.241.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646318/; classtype:trojan-activity;sid:84509418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646317)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.40.241.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646317/; classtype:trojan-activity;sid:84509417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646316)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.71.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646316/; classtype:trojan-activity;sid:84509416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646315)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.197.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646315/; classtype:trojan-activity;sid:84509415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646314)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.109.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646314/; classtype:trojan-activity;sid:84509414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646313)"; flow:established,from_client; content:"GET"; http_method; content:"/nuelgd6zcr.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"l.dxp-5-y.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646313/; classtype:trojan-activity;sid:84509413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646312)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.136.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646312/; classtype:trojan-activity;sid:84509412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646311)"; flow:established,from_client; content:"GET"; http_method; content:"/u0.google|3f|t=xs8od2m9"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"om.rvni2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646311/; classtype:trojan-activity;sid:84509411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646310)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.175.82.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646310/; classtype:trojan-activity;sid:84509410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646308)"; flow:established,from_client; content:"GET"; http_method; content:"/55t4138ht2.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"l.dxp-5-y.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646308/; classtype:trojan-activity;sid:84509408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646309)"; flow:established,from_client; content:"GET"; http_method; content:"/oe.check|3f|t=k9hwnlvg"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ok.rvni2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646309/; classtype:trojan-activity;sid:84509409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646307)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.217.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646307/; classtype:trojan-activity;sid:84509407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646306)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"101.99.233.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646306/; classtype:trojan-activity;sid:84509406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646305)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.117.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646305/; classtype:trojan-activity;sid:84509405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646304)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.92.83"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646304/; classtype:trojan-activity;sid:84509404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646303)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.140.143.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646303/; classtype:trojan-activity;sid:84509403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646302)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.135.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646302/; classtype:trojan-activity;sid:84509402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646301)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.99.233.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646301/; classtype:trojan-activity;sid:84509401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646300)"; flow:established,from_client; content:"GET"; http_method; content:"/eeet3man15.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"aa.dvn-4-i.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646300/; classtype:trojan-activity;sid:84509400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646299)"; flow:established,from_client; content:"GET"; http_method; content:"/hi.google|3f|t=f0mo98ga"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"oi.rvni2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646299/; classtype:trojan-activity;sid:84509399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646298)"; flow:established,from_client; content:"GET"; http_method; content:"/hi.google|3f|t=9t2io5ii"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"oi.rvni2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646298/; classtype:trojan-activity;sid:84509398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646297)"; flow:established,from_client; content:"GET"; http_method; content:"/4awqw5vipe.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ab.qgf-5-e.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646297/; classtype:trojan-activity;sid:84509397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646296)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.51.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646296/; classtype:trojan-activity;sid:84509396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646295)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.117.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646295/; classtype:trojan-activity;sid:84509395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646294)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.109.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646294/; classtype:trojan-activity;sid:84509394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646293)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.193.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646293/; classtype:trojan-activity;sid:84509393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646292)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.135.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646292/; classtype:trojan-activity;sid:84509392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646291)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.92.83"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646291/; classtype:trojan-activity;sid:84509391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646290)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.236.146.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646290/; classtype:trojan-activity;sid:84509390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646289)"; flow:established,from_client; content:"GET"; http_method; content:"/dl0xpdnt5k.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"h1.dvn-4-i.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646289/; classtype:trojan-activity;sid:84509389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646288)"; flow:established,from_client; content:"GET"; http_method; content:"/qqhpso19f3.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"aa.qgf-5-e.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646288/; classtype:trojan-activity;sid:84509388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646286)"; flow:established,from_client; content:"GET"; http_method; content:"/hr.check|3f|t=3q7treri"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"oh.pvzi1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646286/; classtype:trojan-activity;sid:84509386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646287)"; flow:established,from_client; content:"GET"; http_method; content:"/hr.check|3f|t=fj8k2xxu"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"oh.pvzi1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646287/; classtype:trojan-activity;sid:84509387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646285)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.3.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646285/; classtype:trojan-activity;sid:84509385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646284)"; flow:established,from_client; content:"GET"; http_method; content:"/iloywe1yzu.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"h1.dvn-4-i.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646284/; classtype:trojan-activity;sid:84509384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646283)"; flow:established,from_client; content:"GET"; http_method; content:"/sh.check|3f|t=mk5cv2hp"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"of.pvzi1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646283/; classtype:trojan-activity;sid:84509383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646282)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.193.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646282/; classtype:trojan-activity;sid:84509382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646281)"; flow:established,from_client; content:"GET"; http_method; content:"/i0l0gymqwm.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"aa.qgf-5-e.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646281/; classtype:trojan-activity;sid:84509381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646280)"; flow:established,from_client; content:"GET"; http_method; content:"/sh.check|3f|t=ljcapfdc"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"of.pvzi1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646280/; classtype:trojan-activity;sid:84509380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646279)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.254.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646279/; classtype:trojan-activity;sid:84509379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646278)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.188.4.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646278/; classtype:trojan-activity;sid:84509378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646277)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.209.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646277/; classtype:trojan-activity;sid:84509377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646276)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.252.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646276/; classtype:trojan-activity;sid:84509376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646275)"; flow:established,from_client; content:"GET"; http_method; content:"/2t9lj8rh2g.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pz8.dvn-4-i.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646275/; classtype:trojan-activity;sid:84509375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646274)"; flow:established,from_client; content:"GET"; http_method; content:"/k0.check|3f|t=c1qcmfdk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"oe.pvzi1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646274/; classtype:trojan-activity;sid:84509374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646273)"; flow:established,from_client; content:"GET"; http_method; content:"/31z9d9umj7.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"o.qgf-5-e.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646273/; classtype:trojan-activity;sid:84509373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646272)"; flow:established,from_client; content:"GET"; http_method; content:"/k0.check|3f|t=d7uyr6zl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"oe.pvzi1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646272/; classtype:trojan-activity;sid:84509372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646271)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.188.4.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646271/; classtype:trojan-activity;sid:84509371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646270)"; flow:established,from_client; content:"GET"; http_method; content:"/bxrmhkkgjk.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"w4.dvn-4-i.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646270/; classtype:trojan-activity;sid:84509370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646269)"; flow:established,from_client; content:"GET"; http_method; content:"/nnf.google|3f|t=ee7rwob2"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"od.pvzi1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646269/; classtype:trojan-activity;sid:84509369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646268)"; flow:established,from_client; content:"GET"; http_method; content:"/nnf.google|3f|t=avgadbq5"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"od.pvzi1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646268/; classtype:trojan-activity;sid:84509368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646267)"; flow:established,from_client; content:"GET"; http_method; content:"/59lja50aw3.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"o.qgf-5-e.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646267/; classtype:trojan-activity;sid:84509367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646266)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.196.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646266/; classtype:trojan-activity;sid:84509366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646265)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.99.238.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646265/; classtype:trojan-activity;sid:84509365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646264)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.157.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646264/; classtype:trojan-activity;sid:84509364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646263)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.2.33.231"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646263/; classtype:trojan-activity;sid:84509363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646262)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"199.4.190.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646262/; classtype:trojan-activity;sid:84509362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646261)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.99.238.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646261/; classtype:trojan-activity;sid:84509361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646260)"; flow:established,from_client; content:"GET"; http_method; content:"/is.check|3f|t=q4qqa4vt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"nu.pvzi1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646260/; classtype:trojan-activity;sid:84509360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646259)"; flow:established,from_client; content:"GET"; http_method; content:"/is.check|3f|t=gscdg69v"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"nu.pvzi1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646259/; classtype:trojan-activity;sid:84509359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646257)"; flow:established,from_client; content:"GET"; http_method; content:"/g3wdbb7140.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"a.qgf-5-e.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646257/; classtype:trojan-activity;sid:84509357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646258)"; flow:established,from_client; content:"GET"; http_method; content:"/mtik3x3x73.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"d.dvn-4-i.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646258/; classtype:trojan-activity;sid:84509358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646256)"; flow:established,from_client; content:"GET"; http_method; content:"/rid.check|3f|t=6xf1xbhn"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"no.prli1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646256/; classtype:trojan-activity;sid:84509356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646254)"; flow:established,from_client; content:"GET"; http_method; content:"/jjq0h7v1fm.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"a.qgf-5-e.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646254/; classtype:trojan-activity;sid:84509354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646255)"; flow:established,from_client; content:"GET"; http_method; content:"/6wwp32phd8.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"hm.cpc-8-u.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646255/; classtype:trojan-activity;sid:84509355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646253)"; flow:established,from_client; content:"GET"; http_method; content:"/rid.check|3f|t=vsbfccle"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"no.prli1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646253/; classtype:trojan-activity;sid:84509353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646252)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"199.4.190.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646252/; classtype:trojan-activity;sid:84509352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646251)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.84.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646251/; classtype:trojan-activity;sid:84509351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646250)"; flow:established,from_client; content:"GET"; http_method; content:"/0ib8crxof2.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"hm.cpc-8-u.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646250/; classtype:trojan-activity;sid:84509350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646249)"; flow:established,from_client; content:"GET"; http_method; content:"/0b.google|3f|t=rmkq3vxe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ne.prli1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646249/; classtype:trojan-activity;sid:84509349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646248)"; flow:established,from_client; content:"GET"; http_method; content:"/1wxm0ctgyl.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"a.qgf-5-e.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646248/; classtype:trojan-activity;sid:84509348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646247)"; flow:established,from_client; content:"GET"; http_method; content:"/0b.google|3f|t=17abkcah"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ne.prli1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646247/; classtype:trojan-activity;sid:84509347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646246)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.185.243.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646246/; classtype:trojan-activity;sid:84509346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646245)"; flow:established,from_client; content:"GET"; http_method; content:"/0va2ieg99r.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t1.cpc-8-u.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646245/; classtype:trojan-activity;sid:84509345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646244)"; flow:established,from_client; content:"GET"; http_method; content:"/q4x.google|3f|t=i6kszuml"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"na.prli1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646244/; classtype:trojan-activity;sid:84509344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646243)"; flow:established,from_client; content:"GET"; http_method; content:"/7ic9a05hc7.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"a.qgf-5-e.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646243/; classtype:trojan-activity;sid:84509343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646242)"; flow:established,from_client; content:"GET"; http_method; content:"/q4x.google|3f|t=jj0gjwxe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"na.prli1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646242/; classtype:trojan-activity;sid:84509342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646241)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.199.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646241/; classtype:trojan-activity;sid:84509341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646239)"; flow:established,from_client; content:"GET"; http_method; content:"/uldviak40m.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"a.qgf-5-e.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646239/; classtype:trojan-activity;sid:84509339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646240)"; flow:established,from_client; content:"GET"; http_method; content:"/vz1rtxevpg.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qz9.cpc-8-u.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646240/; classtype:trojan-activity;sid:84509340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646237)"; flow:established,from_client; content:"GET"; http_method; content:"/h49.google|3f|t=378hxsj0"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"my.prli1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646237/; classtype:trojan-activity;sid:84509337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646238)"; flow:established,from_client; content:"GET"; http_method; content:"/h49.google|3f|t=0s5ftrbb"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"my.prli1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646238/; classtype:trojan-activity;sid:84509338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646236)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.234.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646236/; classtype:trojan-activity;sid:84509336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646235)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.128.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646235/; classtype:trojan-activity;sid:84509335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646234)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.150.112.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646234/; classtype:trojan-activity;sid:84509334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646233)"; flow:established,from_client; content:"GET"; http_method; content:"/g8s2ac0o14.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"a.qgf-5-e.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646233/; classtype:trojan-activity;sid:84509333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646232)"; flow:established,from_client; content:"GET"; http_method; content:"/p9e.check|3f|t=vd1lk9zw"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"mu.prli1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646232/; classtype:trojan-activity;sid:84509332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646230)"; flow:established,from_client; content:"GET"; http_method; content:"/p9e.check|3f|t=somgvrg5"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"mu.prli1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646230/; classtype:trojan-activity;sid:84509330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646231)"; flow:established,from_client; content:"GET"; http_method; content:"/oxmcjxr6ax.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2.cpc-8-u.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646231/; classtype:trojan-activity;sid:84509331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646229)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.15.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646229/; classtype:trojan-activity;sid:84509329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646228)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.39.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646228/; classtype:trojan-activity;sid:84509328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646227)"; flow:established,from_client; content:"GET"; http_method; content:"/yyzdv5s7ih.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"a.qgf-5-e.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646227/; classtype:trojan-activity;sid:84509327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646226)"; flow:established,from_client; content:"GET"; http_method; content:"/ld.google|3f|t=c2b83jky"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"mo.phpa3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646226/; classtype:trojan-activity;sid:84509326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646225)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.0.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646225/; classtype:trojan-activity;sid:84509325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646224)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.148.62.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646224/; classtype:trojan-activity;sid:84509324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646223)"; flow:established,from_client; content:"GET"; http_method; content:"/l7fqtx3lns.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k.cpc-8-u.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646223/; classtype:trojan-activity;sid:84509323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646222)"; flow:established,from_client; content:"GET"; http_method; content:"/ld.google|3f|t=rby5oduc"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"mo.phpa3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646222/; classtype:trojan-activity;sid:84509322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646221)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.101.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646221/; classtype:trojan-activity;sid:84509321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646220)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.88.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646220/; classtype:trojan-activity;sid:84509320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646218)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.44.145"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646218/; classtype:trojan-activity;sid:84509318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646219)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.55.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646219/; classtype:trojan-activity;sid:84509319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646217)"; flow:established,from_client; content:"GET"; http_method; content:"/veolmj2x25.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k.cpc-8-u.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646217/; classtype:trojan-activity;sid:84509317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646216)"; flow:established,from_client; content:"GET"; http_method; content:"/9ey.check|3f|t=ohdb3px4"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"mm.phpa3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646216/; classtype:trojan-activity;sid:84509316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646215)"; flow:established,from_client; content:"GET"; http_method; content:"/vojn1lo79f.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"a.qgf-5-e.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646215/; classtype:trojan-activity;sid:84509315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646214)"; flow:established,from_client; content:"GET"; http_method; content:"/9ey.check|3f|t=ta6aslxa"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"mm.phpa3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646214/; classtype:trojan-activity;sid:84509314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646213)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.39.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646213/; classtype:trojan-activity;sid:84509313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646212)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.25.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646212/; classtype:trojan-activity;sid:84509312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646209)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.128.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646209/; classtype:trojan-activity;sid:84509309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646210)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.185.241.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646210/; classtype:trojan-activity;sid:84509310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646211)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646211/; classtype:trojan-activity;sid:84509311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646208)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.58.218.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646208/; classtype:trojan-activity;sid:84509308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646207)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.191.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646207/; classtype:trojan-activity;sid:84509307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646206)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.88.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646206/; classtype:trojan-activity;sid:84509306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646205)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646205/; classtype:trojan-activity;sid:84509305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646204)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.237.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646204/; classtype:trojan-activity;sid:84509304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646203)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.44.145"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646203/; classtype:trojan-activity;sid:84509303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646202)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.101.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646202/; classtype:trojan-activity;sid:84509302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646201)"; flow:established,from_client; content:"GET"; http_method; content:"/jyk8ycfvfj.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m6.u-66r.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646201/; classtype:trojan-activity;sid:84509301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646200)"; flow:established,from_client; content:"GET"; http_method; content:"/b2.google|3f|t=wzwaah0i"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"mi.phpa3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646200/; classtype:trojan-activity;sid:84509300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646199)"; flow:established,from_client; content:"GET"; http_method; content:"/vphuhipohd.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"a.qgf-5-e.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646199/; classtype:trojan-activity;sid:84509299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646198)"; flow:established,from_client; content:"GET"; http_method; content:"/b2.google|3f|t=h7q11k06"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"mi.phpa3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646198/; classtype:trojan-activity;sid:84509298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646197)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646197/; classtype:trojan-activity;sid:84509297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646196)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.213.94.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646196/; classtype:trojan-activity;sid:84509296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646195)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.120.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646195/; classtype:trojan-activity;sid:84509295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646194)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.190.200.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646194/; classtype:trojan-activity;sid:84509294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646193)"; flow:established,from_client; content:"GET"; http_method; content:"/7m1l4qrcnc.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t1.u-66r.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646193/; classtype:trojan-activity;sid:84509293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646192)"; flow:established,from_client; content:"GET"; http_method; content:"/c32.google|3f|t=zqd91p30"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"me.phpa3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646192/; classtype:trojan-activity;sid:84509292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646191)"; flow:established,from_client; content:"GET"; http_method; content:"/c32.google|3f|t=cxnihtts"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"me.phpa3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646191/; classtype:trojan-activity;sid:84509291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646190)"; flow:established,from_client; content:"GET"; http_method; content:"/jx05lgyjqg.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"a.qgf-5-e.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646190/; classtype:trojan-activity;sid:84509290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646189)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.55.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646189/; classtype:trojan-activity;sid:84509289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646188)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.157.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646188/; classtype:trojan-activity;sid:84509288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646187)"; flow:established,from_client; content:"GET"; http_method; content:"/g9ixlzjgvy.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"a.qgf-5-e.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646187/; classtype:trojan-activity;sid:84509287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646186)"; flow:established,from_client; content:"GET"; http_method; content:"/6r.check|3f|t=38yfys7v"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ma.phpa3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646186/; classtype:trojan-activity;sid:84509286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646185)"; flow:established,from_client; content:"GET"; http_method; content:"/xblpj71kql.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qz9.u-66r.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646185/; classtype:trojan-activity;sid:84509285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646184)"; flow:established,from_client; content:"GET"; http_method; content:"/6r.check|3f|t=nch9gmc7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ma.phpa3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646184/; classtype:trojan-activity;sid:84509284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646183)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646183/; classtype:trojan-activity;sid:84509283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646182)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.11.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646182/; classtype:trojan-activity;sid:84509282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646180)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.182.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646180/; classtype:trojan-activity;sid:84509280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646181)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.2.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646181/; classtype:trojan-activity;sid:84509281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646179)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.152.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646179/; classtype:trojan-activity;sid:84509279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646176)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.4.223"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646176/; classtype:trojan-activity;sid:84509276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646177)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.140.173.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646177/; classtype:trojan-activity;sid:84509277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646178)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.38.17.35"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646178/; classtype:trojan-activity;sid:84509278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646174)"; flow:established,from_client; content:"GET"; http_method; content:"/7n6v.js"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aeropeics.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646174/; classtype:trojan-activity;sid:84509274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646175)"; flow:established,from_client; content:"GET"; http_method; content:"/js.php"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aeropeics.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646175/; classtype:trojan-activity;sid:84509275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646173)"; flow:established,from_client; content:"GET"; http_method; content:"/d5n.google|3f|t=fr42bqpf"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"lo.pgka9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646173/; classtype:trojan-activity;sid:84509273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646172)"; flow:established,from_client; content:"GET"; http_method; content:"/tywl5fhskr.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2.u-66r.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646172/; classtype:trojan-activity;sid:84509272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646171)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.0.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646171/; classtype:trojan-activity;sid:84509271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646170)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.106.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646170/; classtype:trojan-activity;sid:84509270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646169)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.42.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646169/; classtype:trojan-activity;sid:84509269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646168)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.68.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646168/; classtype:trojan-activity;sid:84509268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646167)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646167/; classtype:trojan-activity;sid:84509267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646166)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.106.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646166/; classtype:trojan-activity;sid:84509266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646165)"; flow:established,from_client; content:"GET"; http_method; content:"/ye97eq6pdb.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"a.qgf-5-e.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646165/; classtype:trojan-activity;sid:84509265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646164)"; flow:established,from_client; content:"GET"; http_method; content:"/zo.google|3f|t=evjlirv4"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"li.pgka9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646164/; classtype:trojan-activity;sid:84509264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646163)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.42.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646163/; classtype:trojan-activity;sid:84509263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646161)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"148.230.116.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646161/; classtype:trojan-activity;sid:84509261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646162)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"148.230.116.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646162/; classtype:trojan-activity;sid:84509262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646160)"; flow:established,from_client; content:"GET"; http_method; content:"/zo.google|3f|t=s7pg5j4z"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"li.pgka9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646160/; classtype:trojan-activity;sid:84509260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646159)"; flow:established,from_client; content:"GET"; http_method; content:"/049oduenwf.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k.u-66r.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646159/; classtype:trojan-activity;sid:84509259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646158)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.15.159.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646158/; classtype:trojan-activity;sid:84509258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646157)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.203.102.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646157/; classtype:trojan-activity;sid:84509257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646155)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.105.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646155/; classtype:trojan-activity;sid:84509255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646156)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.68.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646156/; classtype:trojan-activity;sid:84509256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646154)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"101.27.173.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646154/; classtype:trojan-activity;sid:84509254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646153)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.5.56.114"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646153/; classtype:trojan-activity;sid:84509253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646152)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.56.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646152/; classtype:trojan-activity;sid:84509252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646151)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646151/; classtype:trojan-activity;sid:84509251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646150)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.200.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646150/; classtype:trojan-activity;sid:84509250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646149)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.203.102.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646149/; classtype:trojan-activity;sid:84509249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646148)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.15.159.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646148/; classtype:trojan-activity;sid:84509248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646147)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.248.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646147/; classtype:trojan-activity;sid:84509247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646146)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.105.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646146/; classtype:trojan-activity;sid:84509246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646145)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.56.114"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646145/; classtype:trojan-activity;sid:84509245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646144)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646144/; classtype:trojan-activity;sid:84509244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646143)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.230.80.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646143/; classtype:trojan-activity;sid:84509243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646142)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.56.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646142/; classtype:trojan-activity;sid:84509242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646141)"; flow:established,from_client; content:"GET"; http_method; content:"/7ztigwpaec.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"b1.a-90g.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646141/; classtype:trojan-activity;sid:84509241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646138)"; flow:established,from_client; content:"GET"; http_method; content:"/61.check|3f|t=2qenysdg"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"la.pgka9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646138/; classtype:trojan-activity;sid:84509238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646139)"; flow:established,from_client; content:"GET"; http_method; content:"/61.check|3f|t=g7azjpdt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"la.pgka9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646139/; classtype:trojan-activity;sid:84509239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646140)"; flow:established,from_client; content:"GET"; http_method; content:"/d5smj8nyqq.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"a.qgf-5-e.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646140/; classtype:trojan-activity;sid:84509240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646137)"; flow:established,from_client; content:"GET"; http_method; content:"/rbleebr5p9.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"a.qgf-5-e.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646137/; classtype:trojan-activity;sid:84509237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646136)"; flow:established,from_client; content:"GET"; http_method; content:"/spi.google|3f|t=1jb0jxit"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ki.pgka9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646136/; classtype:trojan-activity;sid:84509236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646135)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.27.173.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646135/; classtype:trojan-activity;sid:84509235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646134)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.200.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646134/; classtype:trojan-activity;sid:84509234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646133)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.219.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646133/; classtype:trojan-activity;sid:84509233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646132)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.248.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646132/; classtype:trojan-activity;sid:84509232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646131)"; flow:established,from_client; content:"GET"; http_method; content:"/6fg6nahzrd.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"g4.a-90g.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646131/; classtype:trojan-activity;sid:84509231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646130)"; flow:established,from_client; content:"GET"; http_method; content:"/spi.google|3f|t=nj0yimjh"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ki.pgka9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646130/; classtype:trojan-activity;sid:84509230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646129)"; flow:established,from_client; content:"GET"; http_method; content:"/qos5dry9ag.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"g4.a-90g.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646129/; classtype:trojan-activity;sid:84509229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646128)"; flow:established,from_client; content:"GET"; http_method; content:"/hb.check|3f|t=a45t33og"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ka.pgka9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646128/; classtype:trojan-activity;sid:84509228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646126)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.198.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646126/; classtype:trojan-activity;sid:84509226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646127)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.254.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646127/; classtype:trojan-activity;sid:84509227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646124)"; flow:established,from_client; content:"GET"; http_method; content:"/hb.check|3f|t=uijpoca2"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ka.pgka9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646124/; classtype:trojan-activity;sid:84509224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646125)"; flow:established,from_client; content:"GET"; http_method; content:"/hr3qrspns0.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"a.qgf-5-e.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646125/; classtype:trojan-activity;sid:84509225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646123)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.219.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646123/; classtype:trojan-activity;sid:84509223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646122)"; flow:established,from_client; content:"GET"; http_method; content:"/a8.check|3f|t=clcsnf7g"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"jo.nzki7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646122/; classtype:trojan-activity;sid:84509222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646121)"; flow:established,from_client; content:"GET"; http_method; content:"/ha70f36g34.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pm7.a-90g.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646121/; classtype:trojan-activity;sid:84509221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646120)"; flow:established,from_client; content:"GET"; http_method; content:"/xq4sghv48i.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"a.qgf-5-e.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646120/; classtype:trojan-activity;sid:84509220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646119)"; flow:established,from_client; content:"GET"; http_method; content:"/a8.check|3f|t=kgfqpnjw"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"jo.nzki7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646119/; classtype:trojan-activity;sid:84509219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646118)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.223.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646118/; classtype:trojan-activity;sid:84509218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646116)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.77.204"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646116/; classtype:trojan-activity;sid:84509216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646117)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.34.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646117/; classtype:trojan-activity;sid:84509217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646115)"; flow:established,from_client; content:"GET"; http_method; content:"/lr644tfek6.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pm7.a-90g.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646115/; classtype:trojan-activity;sid:84509215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646114)"; flow:established,from_client; content:"GET"; http_method; content:"/8k.google|3f|t=zejzsv1c"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"it.nzki7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646114/; classtype:trojan-activity;sid:84509214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646112)"; flow:established,from_client; content:"GET"; http_method; content:"/8k.google|3f|t=bpx8cd0m"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"it.nzki7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646112/; classtype:trojan-activity;sid:84509212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646113)"; flow:established,from_client; content:"GET"; http_method; content:"/2vx1zhy6kr.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"a.qgf-5-e.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646113/; classtype:trojan-activity;sid:84509213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646111)"; flow:established,from_client; content:"GET"; http_method; content:"/vituahx073.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"a.qgf-5-e.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646111/; classtype:trojan-activity;sid:84509211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646110)"; flow:established,from_client; content:"GET"; http_method; content:"/gb.google|3f|t=n95bl0e4"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"is.nzki7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646110/; classtype:trojan-activity;sid:84509210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646109)"; flow:established,from_client; content:"GET"; http_method; content:"/gb.google|3f|t=ivwopysn"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"is.nzki7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646109/; classtype:trojan-activity;sid:84509209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646108)"; flow:established,from_client; content:"GET"; http_method; content:"/m66cay4zco.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k4.a-90g.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646108/; classtype:trojan-activity;sid:84509208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646107)"; flow:established,from_client; content:"GET"; http_method; content:"/wf5k5rkert.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"a.qgf-5-e.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646107/; classtype:trojan-activity;sid:84509207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646106)"; flow:established,from_client; content:"GET"; http_method; content:"/w7l.check|3f|t=nbhmb6wk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"in.nzki7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646106/; classtype:trojan-activity;sid:84509206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646105)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.64.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646105/; classtype:trojan-activity;sid:84509205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646104)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.54.253.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646104/; classtype:trojan-activity;sid:84509204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646103)"; flow:established,from_client; content:"GET"; http_method; content:"/w7l.check|3f|t=hkdh9ooi"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"in.nzki7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646103/; classtype:trojan-activity;sid:84509203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646102)"; flow:established,from_client; content:"GET"; http_method; content:"/3dh12bam3z.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"y.a-90g.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646102/; classtype:trojan-activity;sid:84509202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646101)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.64.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646101/; classtype:trojan-activity;sid:84509201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646100)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.237.211.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646100/; classtype:trojan-activity;sid:84509200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646099)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.146.201.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646099/; classtype:trojan-activity;sid:84509199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646098)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.11.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646098/; classtype:trojan-activity;sid:84509198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646096)"; flow:established,from_client; content:"GET"; http_method; content:"/byb.google|3f|t=8v9zeg2o"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"if.nzki7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646096/; classtype:trojan-activity;sid:84509196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646097)"; flow:established,from_client; content:"GET"; http_method; content:"/4w0122qfk2.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"a.qgf-5-e.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646097/; classtype:trojan-activity;sid:84509197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646094)"; flow:established,from_client; content:"GET"; http_method; content:"/byb.google|3f|t=3brzdpuf"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"if.nzki7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646094/; classtype:trojan-activity;sid:84509194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646095)"; flow:established,from_client; content:"GET"; http_method; content:"/lmc1etkdv5.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k4.i-78b.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646095/; classtype:trojan-activity;sid:84509195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646093)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.79.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646093/; classtype:trojan-activity;sid:84509193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646092)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.143.240.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646092/; classtype:trojan-activity;sid:84509192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646091)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"189.186.80.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646091/; classtype:trojan-activity;sid:84509191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646089)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.90.207.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646089/; classtype:trojan-activity;sid:84509189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646090)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"187.101.153.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646090/; classtype:trojan-activity;sid:84509190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646086)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"189.156.174.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646086/; classtype:trojan-activity;sid:84509186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646087)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.225.229.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646087/; classtype:trojan-activity;sid:84509187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646088)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.240.199.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646088/; classtype:trojan-activity;sid:84509188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646085)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.31.191.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646085/; classtype:trojan-activity;sid:84509185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646083)"; flow:established,from_client; content:"GET"; http_method; content:"/elk.google|3f|t=65kw23jz"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"id.nxno7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646083/; classtype:trojan-activity;sid:84509183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646084)"; flow:established,from_client; content:"GET"; http_method; content:"/a0xfs97vnk.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"z3.i-78b.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646084/; classtype:trojan-activity;sid:84509184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646082)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"113.187.247.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646082/; classtype:trojan-activity;sid:84509182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646080)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"120.157.46.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646080/; classtype:trojan-activity;sid:84509180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646081)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.146.0.185"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646081/; classtype:trojan-activity;sid:84509181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646076)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"113.169.184.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646076/; classtype:trojan-activity;sid:84509176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646077)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.175.214.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646077/; classtype:trojan-activity;sid:84509177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646078)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"113.187.163.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646078/; classtype:trojan-activity;sid:84509178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646079)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.73.163.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646079/; classtype:trojan-activity;sid:84509179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646075)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.224.143.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646075/; classtype:trojan-activity;sid:84509175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646074)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"77.179.27.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646074/; classtype:trojan-activity;sid:84509174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646073)"; flow:established,from_client; content:"GET"; http_method; content:"/elk.google|3f|t=uh340rns"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"id.nxno7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646073/; classtype:trojan-activity;sid:84509173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646072)"; flow:established,from_client; content:"GET"; http_method; content:"/2a4v3mc8nu.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"a.qgf-5-e.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646072/; classtype:trojan-activity;sid:84509172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646071)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.186.209.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646071/; classtype:trojan-activity;sid:84509171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646070)"; flow:established,from_client; content:"GET"; http_method; content:"/p4t5075pqq.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"a.qgf-5-e.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646070/; classtype:trojan-activity;sid:84509170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646069)"; flow:established,from_client; content:"GET"; http_method; content:"/6k.google|3f|t=1l84agy7"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"hm.nxno7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646069/; classtype:trojan-activity;sid:84509169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646068)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.79.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646068/; classtype:trojan-activity;sid:84509168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646067)"; flow:established,from_client; content:"GET"; http_method; content:"/dg9bb5qipb.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"z3.i-78b.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646067/; classtype:trojan-activity;sid:84509167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646066)"; flow:established,from_client; content:"GET"; http_method; content:"/6k.google|3f|t=sxcaujis"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"hm.nxno7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646066/; classtype:trojan-activity;sid:84509166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646065)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.80.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646065/; classtype:trojan-activity;sid:84509165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646064)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.9.164.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646064/; classtype:trojan-activity;sid:84509164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646063)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.151.73.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646063/; classtype:trojan-activity;sid:84509163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646062)"; flow:established,from_client; content:"GET"; http_method; content:"/ll.check|3f|t=mi2epp3d"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ho.nxno7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646062/; classtype:trojan-activity;sid:84509162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646061)"; flow:established,from_client; content:"GET"; http_method; content:"/wdznvtiep0.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qm9.i-78b.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646061/; classtype:trojan-activity;sid:84509161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646060)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.179.12.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646060/; classtype:trojan-activity;sid:84509160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646059)"; flow:established,from_client; content:"GET"; http_method; content:"/1p6yxyptjm.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qm9.i-78b.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646059/; classtype:trojan-activity;sid:84509159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646058)"; flow:established,from_client; content:"GET"; http_method; content:"/ntb.google|3f|t=vup376vb"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"hi.nxno7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646058/; classtype:trojan-activity;sid:84509158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.43.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646057/; classtype:trojan-activity;sid:84509157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646056)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.132.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646056/; classtype:trojan-activity;sid:84509156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646055)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.179.12.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646055/; classtype:trojan-activity;sid:84509155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646054)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.80.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646054/; classtype:trojan-activity;sid:84509154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646053)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.151.73.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646053/; classtype:trojan-activity;sid:84509153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646052)"; flow:established,from_client; content:"GET"; http_method; content:"/b74efi0ilo.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"u1.i-78b.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646052/; classtype:trojan-activity;sid:84509152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646051)"; flow:established,from_client; content:"GET"; http_method; content:"/ak.check|3f|t=ghtj2nbe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"he.nxno7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646051/; classtype:trojan-activity;sid:84509151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646050)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.9.164.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646050/; classtype:trojan-activity;sid:84509150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646049)"; flow:established,from_client; content:"GET"; http_method; content:"/wrfrzyt93m.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"a.qgf-5-e.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646049/; classtype:trojan-activity;sid:84509149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646048)"; flow:established,from_client; content:"GET"; http_method; content:"/ja.check|3f|t=8wipjw2k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ha.nqju5.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646048/; classtype:trojan-activity;sid:84509148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646047)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.43.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646047/; classtype:trojan-activity;sid:84509147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646046)"; flow:established,from_client; content:"GET"; http_method; content:"/fd4tjxyokg.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"h.i-78b.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646046/; classtype:trojan-activity;sid:84509146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646045)"; flow:established,from_client; content:"GET"; http_method; content:"/ja.check|3f|t=66uo9c3a"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ha.nqju5.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646045/; classtype:trojan-activity;sid:84509145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646044)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.7.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646044/; classtype:trojan-activity;sid:84509144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646043)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.43.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646043/; classtype:trojan-activity;sid:84509143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646042)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.210.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646042/; classtype:trojan-activity;sid:84509142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646041)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.132.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646041/; classtype:trojan-activity;sid:84509141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646040)"; flow:established,from_client; content:"GET"; http_method; content:"/nynmqm8kx6.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"zd.i-88b.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646040/; classtype:trojan-activity;sid:84509140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646039)"; flow:established,from_client; content:"GET"; http_method; content:"/qdb.check|3f|t=eqeidc6e"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"gi.nqju5.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646039/; classtype:trojan-activity;sid:84509139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646037)"; flow:established,from_client; content:"GET"; http_method; content:"/systemd-svchelper"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"109.172.55.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646037/; classtype:trojan-activity;sid:84509137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646038)"; flow:established,from_client; content:"GET"; http_method; content:"/virus5/1df535b60c2c7210305d602baf40e54f"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"119.29.5.98"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646038/; classtype:trojan-activity;sid:84509138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646036)"; flow:established,from_client; content:"GET"; http_method; content:"/virus1/f305c715cd2b2254fe9c3fbfe7e8a26b"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"119.29.5.98"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646036/; classtype:trojan-activity;sid:84509136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646035)"; flow:established,from_client; content:"GET"; http_method; content:"/ransomware.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"52.78.173.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646035/; classtype:trojan-activity;sid:84509135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646033)"; flow:established,from_client; content:"GET"; http_method; content:"/virus5/7f6bbe7d8dcaeef2e0b09e9dcf39708c"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"119.29.5.98"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646033/; classtype:trojan-activity;sid:84509133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646034)"; flow:established,from_client; content:"GET"; http_method; content:"/virus5/f305c715cd2b2254fe9c3fbfe7e8a26b"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"119.29.5.98"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646034/; classtype:trojan-activity;sid:84509134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646029)"; flow:established,from_client; content:"GET"; http_method; content:"/system-cron"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"109.172.55.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646029/; classtype:trojan-activity;sid:84509129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646030)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"109.172.55.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646030/; classtype:trojan-activity;sid:84509130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646028)"; flow:established,from_client; content:"GET"; http_method; content:"/ct76x7ejtw.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"a.qgf-5-e.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646028/; classtype:trojan-activity;sid:84509128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646027)"; flow:established,from_client; content:"GET"; http_method; content:"/qdb.check|3f|t=qnazugsb"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"gi.nqju5.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646027/; classtype:trojan-activity;sid:84509127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646026)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"120.32.4.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646026/; classtype:trojan-activity;sid:84509126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646025)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"120.32.4.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646025/; classtype:trojan-activity;sid:84509125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646024)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.32.4.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646024/; classtype:trojan-activity;sid:84509124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646023)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"120.32.4.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646023/; classtype:trojan-activity;sid:84509123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646022)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"120.32.4.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646022/; classtype:trojan-activity;sid:84509122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646020)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.32.4.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646020/; classtype:trojan-activity;sid:84509120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646021)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"120.32.4.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646021/; classtype:trojan-activity;sid:84509121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646019)"; flow:established,from_client; content:"GET"; http_method; content:"/mgmuq9n5zf.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"a.qgf-5-e.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646019/; classtype:trojan-activity;sid:84509119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646018)"; flow:established,from_client; content:"GET"; http_method; content:"/4ok.check|3f|t=w04gicjf"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"go.nqju5.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646018/; classtype:trojan-activity;sid:84509118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646017)"; flow:established,from_client; content:"GET"; http_method; content:"/ncomxydey3.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r2.i-88b.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646017/; classtype:trojan-activity;sid:84509117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646016)"; flow:established,from_client; content:"GET"; http_method; content:"/4ok.check|3f|t=k1ma3xe0"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"go.nqju5.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646016/; classtype:trojan-activity;sid:84509116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646015)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.4.223"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646015/; classtype:trojan-activity;sid:84509115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646014)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.186.209.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646014/; classtype:trojan-activity;sid:84509114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646013)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.175.8.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646013/; classtype:trojan-activity;sid:84509113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646012)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.127.71.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646012/; classtype:trojan-activity;sid:84509112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646011)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.84.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646011/; classtype:trojan-activity;sid:84509111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646009)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"148.230.116.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646009/; classtype:trojan-activity;sid:84509109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646010)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.107.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646010/; classtype:trojan-activity;sid:84509110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646008)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.83.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646008/; classtype:trojan-activity;sid:84509108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646007)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.186.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646007/; classtype:trojan-activity;sid:84509107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646006)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"148.230.116.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646006/; classtype:trojan-activity;sid:84509106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646005)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.237.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646005/; classtype:trojan-activity;sid:84509105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646002)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.87.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646002/; classtype:trojan-activity;sid:84509102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646003)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.54.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646003/; classtype:trojan-activity;sid:84509103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646004)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.219.31.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646004/; classtype:trojan-activity;sid:84509104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646001)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646001/; classtype:trojan-activity;sid:84509101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646000)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.54.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646000/; classtype:trojan-activity;sid:84509100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645995)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.178.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645995/; classtype:trojan-activity;sid:84509095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645996)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.213.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645996/; classtype:trojan-activity;sid:84509096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645997)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.86.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645997/; classtype:trojan-activity;sid:84509097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645998)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.86.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645998/; classtype:trojan-activity;sid:84509098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645999)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.5.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645999/; classtype:trojan-activity;sid:84509099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645994)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.218.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645994/; classtype:trojan-activity;sid:84509094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645993)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"148.230.116.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645993/; classtype:trojan-activity;sid:84509093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645989)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.bin"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"116.196.118.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645989/; classtype:trojan-activity;sid:84509089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645990)"; flow:established,from_client; content:"GET"; http_method; content:"/1.jpg"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"116.196.118.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645990/; classtype:trojan-activity;sid:84509090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645991)"; flow:established,from_client; content:"GET"; http_method; content:"/off_321_rc.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"157.250.206.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645991/; classtype:trojan-activity;sid:84509091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645992)"; flow:established,from_client; content:"GET"; http_method; content:"/remcos%20loader.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"157.250.206.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645992/; classtype:trojan-activity;sid:84509092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645988)"; flow:established,from_client; content:"GET"; http_method; content:"/i.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"161.97.136.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645988/; classtype:trojan-activity;sid:84509088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645987)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.230.80.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645987/; classtype:trojan-activity;sid:84509087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.209.104.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645986/; classtype:trojan-activity;sid:84509086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645985)"; flow:established,from_client; content:"GET"; http_method; content:"/85x.check|3f|t=b2bwzwen"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"fe.nqju5.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645985/; classtype:trojan-activity;sid:84509085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645984)"; flow:established,from_client; content:"GET"; http_method; content:"/kr1oae9d8y.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"wq9.i-88b.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645984/; classtype:trojan-activity;sid:84509084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645983)"; flow:established,from_client; content:"GET"; http_method; content:"/oxmhm0xnls.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"a.qgf-5-e.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645983/; classtype:trojan-activity;sid:84509083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645982)"; flow:established,from_client; content:"GET"; http_method; content:"/85x.check|3f|t=lm79c60a"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"fe.nqju5.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645982/; classtype:trojan-activity;sid:84509082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645981)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.19.120"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645981/; classtype:trojan-activity;sid:84509081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645980)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.84.8.252"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645980/; classtype:trojan-activity;sid:84509080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645979)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.186.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645979/; classtype:trojan-activity;sid:84509079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645978)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.4.244"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645978/; classtype:trojan-activity;sid:84509078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645977)"; flow:established,from_client; content:"GET"; http_method; content:"/1k866961ky.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c7.i-88b.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645977/; classtype:trojan-activity;sid:84509077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645976)"; flow:established,from_client; content:"GET"; http_method; content:"/3wb.google|3f|t=9a0vdqob"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"fa.nqju5.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645976/; classtype:trojan-activity;sid:84509076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645975)"; flow:established,from_client; content:"GET"; http_method; content:"/5wyicxmsu5.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"a.qgf-5-e.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645975/; classtype:trojan-activity;sid:84509075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645974)"; flow:established,from_client; content:"GET"; http_method; content:"/3wb.google|3f|t=mu5taehe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"fa.nqju5.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645974/; classtype:trojan-activity;sid:84509074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645973)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"222.246.42.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645973/; classtype:trojan-activity;sid:84509073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645972)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"def163.keenetic.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645972/; classtype:trojan-activity;sid:84509072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645969)"; flow:established,from_client; content:"GET"; http_method; content:"/%d0%9f%d0%b8%d0%bb%d0%be%d1%82/photo.scr"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"def163.keenetic.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645969/; classtype:trojan-activity;sid:84509069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645970)"; flow:established,from_client; content:"GET"; http_method; content:"/usb-%d0%bd%d0%b0%d0%ba%d0%be%d0%bf%d0%b8%d1%82%d0%b5%d0%bb%d1%8c/av.scr"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"def163.keenetic.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645970/; classtype:trojan-activity;sid:84509070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645971)"; flow:established,from_client; content:"GET"; http_method; content:"/usb-%d0%bd%d0%b0%d0%ba%d0%be%d0%bf%d0%b8%d1%82%d0%b5%d0%bb%d1%8c/photo.scr"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"def163.keenetic.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645971/; classtype:trojan-activity;sid:84509071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645968)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"def163.keenetic.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645968/; classtype:trojan-activity;sid:84509068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645967)"; flow:established,from_client; content:"GET"; http_method; content:"/usb-%d0%bd%d0%b0%d0%ba%d0%be%d0%bf%d0%b8%d1%82%d0%b5%d0%bb%d1%8c/video.scr"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"def163.keenetic.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645967/; classtype:trojan-activity;sid:84509067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645966)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"def163.keenetic.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645966/; classtype:trojan-activity;sid:84509066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645962)"; flow:established,from_client; content:"GET"; http_method; content:"/%d0%9f%d0%b8%d0%bb%d0%be%d1%82/video.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"def163.keenetic.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645962/; classtype:trojan-activity;sid:84509062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645963)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"def163.keenetic.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645963/; classtype:trojan-activity;sid:84509063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645964)"; flow:established,from_client; content:"GET"; http_method; content:"/usb-%d0%bd%d0%b0%d0%ba%d0%be%d0%bf%d0%b8%d1%82%d0%b5%d0%bb%d1%8c/photo.lnk"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"def163.keenetic.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645964/; classtype:trojan-activity;sid:84509064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645965)"; flow:established,from_client; content:"GET"; http_method; content:"/usb-%d0%bd%d0%b0%d0%ba%d0%be%d0%bf%d0%b8%d1%82%d0%b5%d0%bb%d1%8c/av.lnk"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"def163.keenetic.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645965/; classtype:trojan-activity;sid:84509065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645961)"; flow:established,from_client; content:"GET"; http_method; content:"/%d0%9f%d0%b8%d0%bb%d0%be%d1%82/av.scr"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"def163.keenetic.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645961/; classtype:trojan-activity;sid:84509061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645960)"; flow:established,from_client; content:"GET"; http_method; content:"/%d0%9f%d0%b8%d0%bb%d0%be%d1%82/video.scr"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"def163.keenetic.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645960/; classtype:trojan-activity;sid:84509060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645957)"; flow:established,from_client; content:"GET"; http_method; content:"/%d0%9f%d0%b8%d0%bb%d0%be%d1%82/av.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"def163.keenetic.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645957/; classtype:trojan-activity;sid:84509057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645958)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"def163.keenetic.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645958/; classtype:trojan-activity;sid:84509058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645959)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"def163.keenetic.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645959/; classtype:trojan-activity;sid:84509059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645955)"; flow:established,from_client; content:"GET"; http_method; content:"/usb-%d0%bd%d0%b0%d0%ba%d0%be%d0%bf%d0%b8%d1%82%d0%b5%d0%bb%d1%8c/video.lnk"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"def163.keenetic.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645955/; classtype:trojan-activity;sid:84509055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645956)"; flow:established,from_client; content:"GET"; http_method; content:"/%d0%9f%d0%b8%d0%bb%d0%be%d1%82/photo.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"def163.keenetic.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645956/; classtype:trojan-activity;sid:84509056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645954)"; flow:established,from_client; content:"GET"; http_method; content:"/51v2o4bre2.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c7.i-88b.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645954/; classtype:trojan-activity;sid:84509054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645953)"; flow:established,from_client; content:"GET"; http_method; content:"/vw4.check|3f|t=5uzk7wbv"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ex.mzvo7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645953/; classtype:trojan-activity;sid:84509053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645952)"; flow:established,from_client; content:"GET"; http_method; content:"/ud03t47rt6.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"a.qgf-5-e.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645952/; classtype:trojan-activity;sid:84509052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645951)"; flow:established,from_client; content:"GET"; http_method; content:"/vw4.check|3f|t=ynjd4ru0"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ex.mzvo7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645951/; classtype:trojan-activity;sid:84509051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645950)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.intelligradeeducation.vicentecisnerospub.com"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645950/; classtype:trojan-activity;sid:84509050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645947)"; flow:established,from_client; content:"GET"; http_method; content:"/photo_shinremont/pub/av.scr"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.98.241.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645947/; classtype:trojan-activity;sid:84509047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645948)"; flow:established,from_client; content:"GET"; http_method; content:"/photo_shinremont/av.scr"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.98.241.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645948/; classtype:trojan-activity;sid:84509048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645949)"; flow:established,from_client; content:"GET"; http_method; content:"/photo_shinremont/pub/photo.scr"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.98.241.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645949/; classtype:trojan-activity;sid:84509049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645946)"; flow:established,from_client; content:"GET"; http_method; content:"/photo_shinremont/pub/temp/av.scr"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.98.241.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645946/; classtype:trojan-activity;sid:84509046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645945)"; flow:established,from_client; content:"GET"; http_method; content:"/photo_shinremont/pub/temp/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"87.98.241.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645945/; classtype:trojan-activity;sid:84509045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645944)"; flow:established,from_client; content:"GET"; http_method; content:"/photo_shinremont/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.98.241.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645944/; classtype:trojan-activity;sid:84509044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645942)"; flow:established,from_client; content:"GET"; http_method; content:"/photo_shinremont/video.scr"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.98.241.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645942/; classtype:trojan-activity;sid:84509042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645943)"; flow:established,from_client; content:"GET"; http_method; content:"/photo_shinremont/pub/video.scr"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.98.241.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645943/; classtype:trojan-activity;sid:84509043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645934)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.98.241.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645934/; classtype:trojan-activity;sid:84509034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645935)"; flow:established,from_client; content:"GET"; http_method; content:"/photo/video.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"87.98.241.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645935/; classtype:trojan-activity;sid:84509035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645936)"; flow:established,from_client; content:"GET"; http_method; content:"/photo_shinremont/pub/temp/photo.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.98.241.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645936/; classtype:trojan-activity;sid:84509036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645937)"; flow:established,from_client; content:"GET"; http_method; content:"/photo_shinremont/pub/photo.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.98.241.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645937/; classtype:trojan-activity;sid:84509037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645938)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.98.241.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645938/; classtype:trojan-activity;sid:84509038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645939)"; flow:established,from_client; content:"GET"; http_method; content:"/photo/av.scr"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"87.98.241.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645939/; classtype:trojan-activity;sid:84509039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645940)"; flow:established,from_client; content:"GET"; http_method; content:"/photo_shinremont/pub/temp/video.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.98.241.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645940/; classtype:trojan-activity;sid:84509040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645941)"; flow:established,from_client; content:"GET"; http_method; content:"/photo_shinremont/pub/av.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.98.241.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645941/; classtype:trojan-activity;sid:84509041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645933)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.98.241.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645933/; classtype:trojan-activity;sid:84509033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645931)"; flow:established,from_client; content:"GET"; http_method; content:"/photo_shinremont/pub/info.zip"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.98.241.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645931/; classtype:trojan-activity;sid:84509031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645932)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.98.241.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645932/; classtype:trojan-activity;sid:84509032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645930)"; flow:established,from_client; content:"GET"; http_method; content:"/photo/info.zip"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"87.98.241.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645930/; classtype:trojan-activity;sid:84509030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645916)"; flow:established,from_client; content:"GET"; http_method; content:"/photo/video.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"87.98.241.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645916/; classtype:trojan-activity;sid:84509016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645917)"; flow:established,from_client; content:"GET"; http_method; content:"/photo/av.lnk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"87.98.241.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645917/; classtype:trojan-activity;sid:84509017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645918)"; flow:established,from_client; content:"GET"; http_method; content:"/photo_shinremont/photo.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.98.241.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645918/; classtype:trojan-activity;sid:84509018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645919)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.98.241.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645919/; classtype:trojan-activity;sid:84509019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645920)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.98.241.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645920/; classtype:trojan-activity;sid:84509020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645921)"; flow:established,from_client; content:"GET"; http_method; content:"/photo_shinremont/pub/video.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.98.241.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645921/; classtype:trojan-activity;sid:84509021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645922)"; flow:established,from_client; content:"GET"; http_method; content:"/photo_shinremont/pub/temp/photo.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.98.241.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645922/; classtype:trojan-activity;sid:84509022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645923)"; flow:established,from_client; content:"GET"; http_method; content:"/photo/photo.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"87.98.241.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645923/; classtype:trojan-activity;sid:84509023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645924)"; flow:established,from_client; content:"GET"; http_method; content:"/photo_shinremont/video.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.98.241.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645924/; classtype:trojan-activity;sid:84509024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645925)"; flow:established,from_client; content:"GET"; http_method; content:"/photo_shinremont/photo.scr"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.98.241.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645925/; classtype:trojan-activity;sid:84509025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645926)"; flow:established,from_client; content:"GET"; http_method; content:"/photo_shinremont/pub/temp/av.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.98.241.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645926/; classtype:trojan-activity;sid:84509026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645927)"; flow:established,from_client; content:"GET"; http_method; content:"/photo/photo.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"87.98.241.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645927/; classtype:trojan-activity;sid:84509027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645928)"; flow:established,from_client; content:"GET"; http_method; content:"/photo_shinremont/av.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.98.241.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645928/; classtype:trojan-activity;sid:84509028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645929)"; flow:established,from_client; content:"GET"; http_method; content:"/photo_shinremont/pub/temp/video.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"87.98.241.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645929/; classtype:trojan-activity;sid:84509029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645915)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"72.204.240.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645915/; classtype:trojan-activity;sid:84509015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645914)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.78.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645914/; classtype:trojan-activity;sid:84509014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645913)"; flow:established,from_client; content:"GET"; http_method; content:"/pouyuln0vd.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"n.i-88b.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645913/; classtype:trojan-activity;sid:84509013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645912)"; flow:established,from_client; content:"GET"; http_method; content:"/mc4.google|3f|t=70l9nchz"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ew.mzvo7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645912/; classtype:trojan-activity;sid:84509012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645911)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.143.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645911/; classtype:trojan-activity;sid:84509011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645910)"; flow:established,from_client; content:"GET"; http_method; content:"/xb1r4hgvkj.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"a.qgf-5-e.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645910/; classtype:trojan-activity;sid:84509010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645909)"; flow:established,from_client; content:"GET"; http_method; content:"/mc4.google|3f|t=x4v6daou"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ew.mzvo7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645909/; classtype:trojan-activity;sid:84509009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645908)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.157.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645908/; classtype:trojan-activity;sid:84509008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645907)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.202.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645907/; classtype:trojan-activity;sid:84509007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645906)"; flow:established,from_client; content:"GET"; http_method; content:"/%e7%99%bb%e5%bd%95%e5%99%a8%e9%85%8d%e7%bd%ae%e5%99%a8.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"192.140.165.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645906/; classtype:trojan-activity;sid:84509006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645905)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.179.4.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645905/; classtype:trojan-activity;sid:84509005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645904)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.49.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645904/; classtype:trojan-activity;sid:84509004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645903)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.84.8.252"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645903/; classtype:trojan-activity;sid:84509003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645901)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.157.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645901/; classtype:trojan-activity;sid:84509001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645902)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.49.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645902/; classtype:trojan-activity;sid:84509002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645899)"; flow:established,from_client; content:"GET"; http_method; content:"/6wea8doa71.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"a.qgf-5-e.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645899/; classtype:trojan-activity;sid:84508999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645900)"; flow:established,from_client; content:"GET"; http_method; content:"/4d.check|3f|t=15y1lflv"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"et.mzvo7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645900/; classtype:trojan-activity;sid:84509000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645898)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.202.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645898/; classtype:trojan-activity;sid:84508998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645896)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.143.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645896/; classtype:trojan-activity;sid:84508996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645897)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.196.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645897/; classtype:trojan-activity;sid:84508997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645895)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/sefira%20pc/old%20pc/sefira%20data%20on%20bom001_veera/c%20drive/sefira/my%20documents/charter%20party/charter%20party/mv.dubai%20ambassador%20-%20noble%20cp%20dtd%2031-12-05/info.zip"; http_uri; depth:218; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645895/; classtype:trojan-activity;sid:84508995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645890)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/sefira%20pc/old%20pc/sefira%20data%20on%20bom001_veera/my%20documents/charter%20party/charter%20party/mv.ocean%20senang%20-%20glory%20trans%20cp%20dtd%2030-11-05/info.zip"; http_uri; depth:205; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645890/; classtype:trojan-activity;sid:84508990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645889)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/my%20pictures/neha%20imagecopy/info.zip"; http_uri; depth:159; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645889/; classtype:trojan-activity;sid:84508989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645888)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/sefira%20pc/old%20pc/sefira%20data%20on%20bom001_veera/c%20drive/sefira/my%20documents/sefira/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645888/; classtype:trojan-activity;sid:84508988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645879)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/sefira%20pc/old%20pc/sefira%20data%20on%20bom001_veera/my%20documents/charter%20party/charter%20party/mv.dubai%20ambassador%20-%20noble%20cp%20dtd%2031-12-05/info.zip"; http_uri; depth:201; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645879/; classtype:trojan-activity;sid:84508979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645878)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/sefira%20pc/old%20pc/sefira%20data%20on%20bom001_veera/c%20drive/sefira/my%20documents/charter%20party/charter%20party/mv.pos%20freedom%20-%20vikram%20ispat%20cp%20dtd%2027th%20may%20%272006/info.zip"; http_uri; depth:234; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645878/; classtype:trojan-activity;sid:84508978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645876)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/sefira%20pc/old%20pc/sefira%20data%20on%20bom001_veera/c%20drive/sefira/my%20documents/charter%20party/charter%20party/mv.ocean%20senang%20-%20glory%20trans%20cp%20dtd%2030-11-05/info.zip"; http_uri; depth:222; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645876/; classtype:trojan-activity;sid:84508976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645875)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/sefira%20pc/old%20pc/sefira%20data%20on%20bom001_veera/c%20drive/sefira/my%20documents/fixture%20notes/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645875/; classtype:trojan-activity;sid:84508975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645874)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"66.185.26.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645874/; classtype:trojan-activity;sid:84508974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645871)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/oct%202008/market%20report%20sdtd10oct%2008/info.zip"; http_uri; depth:172; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645871/; classtype:trojan-activity;sid:84508971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645870)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/oct%202008/market%20report%20dtd%201oct08/info.zip"; http_uri; depth:170; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645870/; classtype:trojan-activity;sid:84508970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645868)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/nov%202008/market%20report%20dtd%2024th%20nov/market%20report%20dtd%20%2025%20nov%2008/info.zip"; http_uri; depth:215; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645868/; classtype:trojan-activity;sid:84508968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645867)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/oct%202008/market%20report%20dtd%207%20oct%2008/info.zip"; http_uri; depth:176; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645867/; classtype:trojan-activity;sid:84508967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645866)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/aug%202008/marketreport%20dtd%2026aug08/market%20report%20dtd%2029%20aug%2008/info.zip"; http_uri; depth:206; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645866/; classtype:trojan-activity;sid:84508966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645863)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/jun%202008/market%20report%20dtd%2023june2008/info.zip"; http_uri; depth:174; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645863/; classtype:trojan-activity;sid:84508963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645862)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/sefira%20pc/old%20pc/sefira%20data%20on%20bom001_veera/sis%206326/win98me/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645862/; classtype:trojan-activity;sid:84508962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645860)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/sefira%20pc/old%20pc/sefira%20data%20on%20bom001_veera/e%20drive/outlook/ganesh/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645860/; classtype:trojan-activity;sid:84508960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645855)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/oct%202008/market%20report%20dtd%2030%20oct%202008/info.zip"; http_uri; depth:179; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645855/; classtype:trojan-activity;sid:84508955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645853)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/oct%202008/market%20report%20dtd%2015th%20oct/market%20port%20dtd%2015%20oct%202008/info.zip"; http_uri; depth:212; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645853/; classtype:trojan-activity;sid:84508953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645854)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/wallpaper/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645854/; classtype:trojan-activity;sid:84508954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645849)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/sefira%20pc/old%20pc/sefira%20data%20on%20bom001_veera/sis%206326/win98me/english/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645849/; classtype:trojan-activity;sid:84508949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645850)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/sefira%20pc/old%20pc/sefira%20data%20on%20bom001_veera/c%20drive/sefira/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645850/; classtype:trojan-activity;sid:84508950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645847)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/my%20music/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645847/; classtype:trojan-activity;sid:84508947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645845)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/oct%202008/market%20report%20dtd%2023%20oct%2008/info.zip"; http_uri; depth:177; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645845/; classtype:trojan-activity;sid:84508945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645842)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/sefira%20pc/old%20pc/sefira%20data%20on%20bom001_veera/c%20drive/sefira/address%20book/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645842/; classtype:trojan-activity;sid:84508942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645843)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/jun%202008/marketreport%20dtd%2030jun%202008/info.zip"; http_uri; depth:173; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645843/; classtype:trojan-activity;sid:84508943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645836)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/sefira%20pc/old%20pc/sefira%20data%20on%20bom001_veera/rt/outlook%20express/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645836/; classtype:trojan-activity;sid:84508936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645835)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/jun%202008/market%20report%20dtd%2024june2008/info.zip"; http_uri; depth:174; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645835/; classtype:trojan-activity;sid:84508935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645834)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/oct%202008/market%20report%20dtd%2020oct%2008/info.zip"; http_uri; depth:174; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645834/; classtype:trojan-activity;sid:84508934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645832)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/my%20scans/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645832/; classtype:trojan-activity;sid:84508932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645833)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/oct%202008/market%20report%20dtd%2021%20oct%2008/info.zip"; http_uri; depth:177; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645833/; classtype:trojan-activity;sid:84508933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645831)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/vk%20jain/unused%20desktop%20shortcuts/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645831/; classtype:trojan-activity;sid:84508931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645830)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/sefira%20pc/old%20pc/sefira%20data%20on%20bom001_veera/my%20documents/charter%20party/cps%20sent%20to%20tony%20brown/info.zip"; http_uri; depth:160; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645830/; classtype:trojan-activity;sid:84508930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645829)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/jun%202008/market%20report%20dtd%2015jul2008/info.zip"; http_uri; depth:173; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645829/; classtype:trojan-activity;sid:84508929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645828)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/oct%202008/market%20report%20dtd%209oct%2008/info.zip"; http_uri; depth:173; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645828/; classtype:trojan-activity;sid:84508928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645827)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/my%20received%20files/info.zip"; http_uri; depth:150; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645827/; classtype:trojan-activity;sid:84508927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645826)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/oct%202008/market%20report%20dtd%2029th%20oct%2008/info.zip"; http_uri; depth:179; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645826/; classtype:trojan-activity;sid:84508926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645825)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/oct%202008/market%20report%20dtd%2013%20oct%2008/info.zip"; http_uri; depth:177; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645825/; classtype:trojan-activity;sid:84508925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645824)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/sefira%20pc/old%20pc/sefira%20data%20on%20bom001_veera/my%20documents/charter%20party/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645824/; classtype:trojan-activity;sid:84508924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645823)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jan%202009%20to%20jul%202009/jan%202009/market%20report%20dtd%2014jan09/market%20report%20dtd%2014jan%2009/info.zip"; http_uri; depth:206; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645823/; classtype:trojan-activity;sid:84508923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645822)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/oct%202008/market%20report%20dtd3oct%202008/info.zip"; http_uri; depth:172; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645822/; classtype:trojan-activity;sid:84508922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645821)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/sefira%20pc/old%20pc/sefira%20data%20on%20bom001_veera/my%20documents/fixture%20notes/fixture%20notes/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645821/; classtype:trojan-activity;sid:84508921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645820)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jan%202009%20to%20jul%202009/jan%202009/market%20report%20dtd%2030%20jan%2009/info.zip"; http_uri; depth:177; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645820/; classtype:trojan-activity;sid:84508920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645819)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/jul%202008/market%20report%20dtd%2014jul2008/info.zip"; http_uri; depth:173; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645819/; classtype:trojan-activity;sid:84508919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645818)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/jul%202008/marketreport%20dtd%2023jul%202008/info.zip"; http_uri; depth:173; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645818/; classtype:trojan-activity;sid:84508918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645812)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/jul%202008/market%20report%20dtd%2031st%20july2008/info.zip"; http_uri; depth:179; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645812/; classtype:trojan-activity;sid:84508912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645811)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20ulcas_jaldhi_240409_016/charter%20parties/riders/mv%20ulcas%20-%20riders_files/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645811/; classtype:trojan-activity;sid:84508911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645810)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/nov%202008/market%20report%20dtd%206nov%2008/info.zip"; http_uri; depth:173; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645810/; classtype:trojan-activity;sid:84508910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645807)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645807/; classtype:trojan-activity;sid:84508907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645801)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jan%202009%20to%20jul%202009/jan%202009/market%20report%20dtd%209%20jan%202009/info.zip"; http_uri; depth:178; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645801/; classtype:trojan-activity;sid:84508901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645793)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/oct%202008/market%20report%20dtd%2015th%20oct/info.zip"; http_uri; depth:174; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645793/; classtype:trojan-activity;sid:84508893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645790)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/nov%202008/market%20report%20dtd%207%20nov%202008/info.zip"; http_uri; depth:178; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645790/; classtype:trojan-activity;sid:84508890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645786)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jan%202009%20to%20jul%202009/feb%202009/market%20report%20dtd%2016%20feb.%2009/info.zip"; http_uri; depth:178; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645786/; classtype:trojan-activity;sid:84508886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645780)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/jul%202008/market%20report%20dtd%2018jul%202008/info.zip"; http_uri; depth:176; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645780/; classtype:trojan-activity;sid:84508880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645778)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/sept%202008/market%20report%20dtd%2023%20sep08/info.zip"; http_uri; depth:175; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645778/; classtype:trojan-activity;sid:84508878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645779)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/sept%202008/market%20report%20dtd%2019th%20sept/info.zip"; http_uri; depth:176; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645779/; classtype:trojan-activity;sid:84508879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645774)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/sept%202008/market%20report%20dtd%2012sep2008/info.zip"; http_uri; depth:174; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645774/; classtype:trojan-activity;sid:84508874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645768)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20yue%20guan%20feng-visa%20bulk%20cpd%2021%20april%202016/charter%20party/scanned%20copy%20of%20executed%20cp/owners%20signed%20only1st%20original%20cp/info.zip"; http_uri; depth:224; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645768/; classtype:trojan-activity;sid:84508868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645769)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.4.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645769/; classtype:trojan-activity;sid:84508869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645765)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/jul%202008/marketreport%20%20dtd%2024jul2008/info.zip"; http_uri; depth:173; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645765/; classtype:trojan-activity;sid:84508865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645767)"; flow:established,from_client; content:"GET"; http_method; content:"/zq.check|3f|t=vp4ru7jc"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"es.mzvo7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645767/; classtype:trojan-activity;sid:84508867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645762)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jan%202009%20to%20jul%202009/feb%202009/market%20report%20dtd%2024%20feb%2009/info.zip"; http_uri; depth:177; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645762/; classtype:trojan-activity;sid:84508862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645763)"; flow:established,from_client; content:"GET"; http_method; content:"/6ool56a8p3.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k9.i-76t.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645763/; classtype:trojan-activity;sid:84508863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645764)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/jul%202008/market%20report%20dtd%201%20jul%202008/info.zip"; http_uri; depth:178; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645764/; classtype:trojan-activity;sid:84508864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645761)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jan%202009%20to%20jul%202009/feb%202009/market%20report%20dtd%2026%20feb%2009/info.zip"; http_uri; depth:177; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645761/; classtype:trojan-activity;sid:84508861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645759)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jan%202009%20to%20jul%202009/jan%202009/market%20report%20dtd%2019%20jan%2009/info.zip"; http_uri; depth:177; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645759/; classtype:trojan-activity;sid:84508859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645760)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/desktop/various%20files/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645760/; classtype:trojan-activity;sid:84508860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645758)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jan%202009%20to%20jul%202009/mar%202009/market%20report%20dtd%2023%20april%2009/info.zip"; http_uri; depth:179; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645758/; classtype:trojan-activity;sid:84508858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645757)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jan%202009%20to%20jul%202009/jan%202009/market%20report%20dtd%2014jan09/info.zip"; http_uri; depth:171; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645757/; classtype:trojan-activity;sid:84508857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645751)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/charter%20party/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645751/; classtype:trojan-activity;sid:84508851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645752)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jan%202009%20to%20jul%202009/jan%202009/market%20report%20dtd%2012%20jan%2009/info.zip"; http_uri; depth:177; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645752/; classtype:trojan-activity;sid:84508852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645753)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jan%202009%20to%20jul%202009/feb%202009/market%20report%20dtd%2011th%20feb%202009/info.zip"; http_uri; depth:181; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645753/; classtype:trojan-activity;sid:84508853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645754)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/sept%202008/market%20report%20dtd%2025%20sep%2008/info.zip"; http_uri; depth:178; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645754/; classtype:trojan-activity;sid:84508854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645755)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jan%202009%20to%20jul%202009/feb%202009/market%20report%20dtd%2012%20feb%202009/info.zip"; http_uri; depth:179; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645755/; classtype:trojan-activity;sid:84508855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645749)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jan%202009%20to%20jul%202009/jan%202009/market%20report%20dtd%2016%20jan%2009/info.zip"; http_uri; depth:177; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645749/; classtype:trojan-activity;sid:84508849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645750)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jan%202009%20to%20jul%202009/jan%202009/market%20report%20dtd%2020%20jan%2009/info.zip"; http_uri; depth:177; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645750/; classtype:trojan-activity;sid:84508850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645747)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/sept%202008/market%20report%20dtd%2026%20sep.08/info.zip"; http_uri; depth:176; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645747/; classtype:trojan-activity;sid:84508847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645748)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.spar%20lynx_bspl_021107_045/mv.shou%20chang%20hai_wamopl_130907_034/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:164; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645748/; classtype:trojan-activity;sid:84508848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645746)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20blue%20cat-visa%20cpd%2004%20june%2015/charter%20party/scanned%20copy%20of%20cp/mv%20blue%20cat-%20owners%20signed%201nd%20original%20cp/info.zip"; http_uri; depth:211; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645746/; classtype:trojan-activity;sid:84508846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645744)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/nov%202008/market%20report%20dtd%2020%20nov%202008/info.zip"; http_uri; depth:179; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645744/; classtype:trojan-activity;sid:84508844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645745)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/sept%202008/market%20re%5bport%20dtd%202%20sept%2008/info.zip"; http_uri; depth:181; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645745/; classtype:trojan-activity;sid:84508845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645743)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/jul%202008/market%20report%20dtd%2011jul2008/info.zip"; http_uri; depth:173; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645743/; classtype:trojan-activity;sid:84508843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645742)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/nov%202008/market%20report%20dtd%204%20nov%2008/info.zip"; http_uri; depth:176; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645742/; classtype:trojan-activity;sid:84508842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645741)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/jul%202008/market%20report%20dtd%2022jul%202008/info.zip"; http_uri; depth:176; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645741/; classtype:trojan-activity;sid:84508841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645740)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/sept%202008/market%20report%20dtd%2022sep08/info.zip"; http_uri; depth:172; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645740/; classtype:trojan-activity;sid:84508840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645738)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jan%202009%20to%20jul%202009/jan%202009/market%20report%20dtd%2027%20jan%202009/info.zip"; http_uri; depth:179; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645738/; classtype:trojan-activity;sid:84508838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645739)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/jul%202008/market%20report%20dtd%209th%20jul%202008/info.zip"; http_uri; depth:180; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645739/; classtype:trojan-activity;sid:84508839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645737)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/sept%202008/market%20report%20dtd%2030sep2008/info.zip"; http_uri; depth:174; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645737/; classtype:trojan-activity;sid:84508837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645736)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jan%202009%20to%20jul%202009/feb%202009/market%20report%20dtd%2013%20feb%2009/info.zip"; http_uri; depth:177; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645736/; classtype:trojan-activity;sid:84508836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645735)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20yue%20guan%20feng-visa%20bulk%20cpd%2021%20april%202016/charter%20party/scanned%20copy%20of%20executed%20cp/owners%20signed%20only%202nd%20original%20cp/info.zip"; http_uri; depth:227; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645735/; classtype:trojan-activity;sid:84508835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645734)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/jul%202008/market%20report%20dtd%2029jul2008/info.zip"; http_uri; depth:173; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645734/; classtype:trojan-activity;sid:84508834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645731)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/sept%202008/market%20report%20dtd%209sep2008/info.zip"; http_uri; depth:173; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645731/; classtype:trojan-activity;sid:84508831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645732)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/nov%202008/market%20report%20dtd%2017%20nov%202008/info.zip"; http_uri; depth:179; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645732/; classtype:trojan-activity;sid:84508832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645727)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/sept%202008/market%20report%20dtd%2016sep%202008/info.zip"; http_uri; depth:177; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645727/; classtype:trojan-activity;sid:84508827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645728)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.spar%20lynx_bspl_021107_045/mv.shou%20chang%20hai_wamopl_130907_034/charter%20parties/main%20body/info.zip"; http_uri; depth:160; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645728/; classtype:trojan-activity;sid:84508828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645729)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/jul%202008/market%20report%20dtd%204jul2008/info.zip"; http_uri; depth:172; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645729/; classtype:trojan-activity;sid:84508829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645725)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jan%202009%20to%20jul%202009/jan%202009/market%20report%20dtd%2015jan%2009/info.zip"; http_uri; depth:174; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645725/; classtype:trojan-activity;sid:84508825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645726)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jan%202009%20to%20jul%202009/mar%202009/market%20report%20dtd%204%20mar%2009/info.zip"; http_uri; depth:176; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645726/; classtype:trojan-activity;sid:84508826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645722)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20blue%20cat-visa%20cpd%2004%20june%2015/charter%20party/scanned%20copy%20of%20cp/mv%20blue%20cat-%20owners%20signed%202nd%20original%20cp/info.zip"; http_uri; depth:211; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645722/; classtype:trojan-activity;sid:84508822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645719)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/sept%202008/market%20report%20dtd%2029sept/info.zip"; http_uri; depth:171; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645719/; classtype:trojan-activity;sid:84508819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645720)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jan%202009%20to%20jul%202009/jan%202009/market%20report%20dtd%2021%20jan%2009/info.zip"; http_uri; depth:177; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645720/; classtype:trojan-activity;sid:84508820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645714)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jan%202009%20to%20jul%202009/jan%202009/market%20report%20dtd%2023%20jan%2009/info.zip"; http_uri; depth:177; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645714/; classtype:trojan-activity;sid:84508814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645711)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/nov%202008/market%20report%20dtd%2021%20nov%202008/info.zip"; http_uri; depth:179; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645711/; classtype:trojan-activity;sid:84508811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645712)"; flow:established,from_client; content:"GET"; http_method; content:"/4d.check|3f|t=vsggfzco"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"et.mzvo7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645712/; classtype:trojan-activity;sid:84508812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645710)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jan%202009%20to%20jul%202009/mar%202009/market%20report%20dtd%209%20mar%2009/info.zip"; http_uri; depth:176; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645710/; classtype:trojan-activity;sid:84508810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645709)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jan%202009%20to%20jul%202009/mar%202009/market%20report%20dtd%2010%20mar%2009/info.zip"; http_uri; depth:177; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645709/; classtype:trojan-activity;sid:84508809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645707)"; flow:established,from_client; content:"GET"; http_method; content:"/f1p0ox57o4.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k9.i-76t.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645707/; classtype:trojan-activity;sid:84508807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645705)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/mumbai%20operations/charter%20parties/2011/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645705/; classtype:trojan-activity;sid:84508805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645698)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/azelie%20corporation%20background/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645698/; classtype:trojan-activity;sid:84508798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645697)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20vikas%20-%20acct%20siva%20bulk%20cpd%2005%20sept%202012/charter%20party/working%20charter%20party/info.zip"; http_uri; depth:181; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645697/; classtype:trojan-activity;sid:84508797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645696)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/hayne/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645696/; classtype:trojan-activity;sid:84508796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645695)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20vinay-acct%20lss-%20cpd%2013%20jan%202017/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645695/; classtype:trojan-activity;sid:84508795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645694)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/milaha%20maritime/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645694/; classtype:trojan-activity;sid:84508794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645693)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20vinay-acct%20lss-%20cpd%2013%20jan%202017/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645693/; classtype:trojan-activity;sid:84508793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645687)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20murshidabad_nob_041108%20_033/charter%20parties/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645687/; classtype:trojan-activity;sid:84508787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645688)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/shri%20bajrang%20power%20and%20ispat/info.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645688/; classtype:trojan-activity;sid:84508788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645689)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixture_reports/2011/february/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645689/; classtype:trojan-activity;sid:84508789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645690)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20hydrus-%20usl-%20cpd%2028%20july%202016/charter%20party/proforma%20cp/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645690/; classtype:trojan-activity;sid:84508790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645691)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20vijeta-%20smitra%20-%20cpd%2004%20june%2015/charter%20party/proforma%20cp/info.zip"; http_uri; depth:157; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645691/; classtype:trojan-activity;sid:84508791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645692)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/vk%20jain/my%20skype%20pictures/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645692/; classtype:trojan-activity;sid:84508792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645685)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20ken%20orchid-propel-cpd%2027%20august%202016/fixture%20note/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645685/; classtype:trojan-activity;sid:84508785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645686)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/winking%20bg/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645686/; classtype:trojan-activity;sid:84508786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645684)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20apj%20kais_noble_090709_028/charter%20parties/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645684/; classtype:trojan-activity;sid:84508784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645683)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/167_woodstar_synergy/final/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645683/; classtype:trojan-activity;sid:84508783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645682)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20vikas%20-%20siva%20bulk%20-%20cpd%2013%20november%202012/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:181; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645682/; classtype:trojan-activity;sid:84508782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645681)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20yuan%20shun%20hai_nedstar_180610_016/charter%20parties/main%20body/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645681/; classtype:trojan-activity;sid:84508781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645680)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/551%20-%20mv%20eships%20dugon%20-%20arcelormittal%20cp%20dtd%20%2026.02.2020%20-%20file%20no.%20551/brokerage%20invoice/info.zip"; http_uri; depth:219; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645680/; classtype:trojan-activity;sid:84508780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645679)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/oct%202008/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645679/; classtype:trojan-activity;sid:84508779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645677)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/desktop/bhushan/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645677/; classtype:trojan-activity;sid:84508777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645678)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/maheshwari%20bros%20profile/info.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645678/; classtype:trojan-activity;sid:84508778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645676)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2013/281_seaspace/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645676/; classtype:trojan-activity;sid:84508776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645675)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/aug%202008/market%20report%20dtd%2012aug%202008/info.zip"; http_uri; depth:176; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645675/; classtype:trojan-activity;sid:84508775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645673)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20densa%20cougar-shreeji%20global%20cpd%208%20june%202018/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:161; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645673/; classtype:trojan-activity;sid:84508773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645674)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.apj%20jad_ssoe_050607_020/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645674/; classtype:trojan-activity;sid:84508774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645671)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20jag%20ratan_bulkmarine_090709_039/charter%20parties/main%20body/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645671/; classtype:trojan-activity;sid:84508771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645672)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20fu%20ming%20%20-%20visa%20cp%20dated%2020%20november%202015/charter%20party/info.zip"; http_uri; depth:150; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645672/; classtype:trojan-activity;sid:84508772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645670)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/china%20resource%20chartering/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645670/; classtype:trojan-activity;sid:84508770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645669)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2013/262_vlzazkis/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645669/; classtype:trojan-activity;sid:84508769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645668)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/renju/renju_company_directory_/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645668/; classtype:trojan-activity;sid:84508768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645665)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/charter%20parties/great%20motion/info.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645665/; classtype:trojan-activity;sid:84508765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645666)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20devprayag_nob_230409_015/charter%20parties/main%20body/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645666/; classtype:trojan-activity;sid:84508766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645667)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20cs%20brave%20(mv%20devongate%20)-acct%20aegis%20overseas%20ltd%20or%20nominee-cpd%2024%20november%202016/charter%20party/info.zip"; http_uri; depth:195; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645667/; classtype:trojan-activity;sid:84508767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645664)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/sefira%20pc/old%20pc/sefira%20data%20on%20bom001_veera/outlook/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645664/; classtype:trojan-activity;sid:84508764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645663)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20apj%20kais_noble_090709_028/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645663/; classtype:trojan-activity;sid:84508763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645662)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20darya%20shaan%20-%20chun%20an%20cpd%2021%20feb%202018/charter%20party/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645662/; classtype:trojan-activity;sid:84508762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645660)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.dubai%20crown%20_%20ispat_250907_036/charter%20parties/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645660/; classtype:trojan-activity;sid:84508760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645661)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/daily%20menu/info.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645661/; classtype:trojan-activity;sid:84508761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645659)"; flow:established,from_client; content:"GET"; http_method; content:"/7fah77fxwj.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m7.i-76t.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645659/; classtype:trojan-activity;sid:84508759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645658)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/557%20-%20mv%20nautical%20madison%20-%20bajrang%20-%20cp%20dtd%2008.05.2020%20-%20file%20no.%20557/charter%20party/info.zip"; http_uri; depth:214; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645658/; classtype:trojan-activity;sid:84508758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645656)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/173_zhong%20xiang/info.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645656/; classtype:trojan-activity;sid:84508756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645657)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/550%20-%20mv%20pan%20crocus%20-%20scmc%20cp%20dtd%2026.02.2020%20-%20file%20no.%20550/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:216; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645657/; classtype:trojan-activity;sid:84508757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645654)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/magnifico/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645654/; classtype:trojan-activity;sid:84508754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645655)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/556%20-%20mv%20top%20fair%20-%20scmc%20cp%20%20dtd%2007.05.2020%20-%20file%20no.%20556/misc%20attachments/info.zip"; http_uri; depth:205; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645655/; classtype:trojan-activity;sid:84508755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645651)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2013/300_jia%20tai/working%20cp/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645651/; classtype:trojan-activity;sid:84508751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645652)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.port%20melbourne_ispat_221107_050/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645652/; classtype:trojan-activity;sid:84508752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645653)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vigor%20sw%20-%20usl%20shipping%20cp%20dated%2008%20dec%2015%20-%20copy/charter%20party/proforma%20cp/info.zip"; http_uri; depth:176; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645653/; classtype:trojan-activity;sid:84508753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645648)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20primrose_wamspl_041009_044/charter%20parties/riders/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645648/; classtype:trojan-activity;sid:84508748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645649)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.dubai%20crown%20_%20ispat_250907_036/info.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645649/; classtype:trojan-activity;sid:84508749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645650)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/torq%20commodities/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645650/; classtype:trojan-activity;sid:84508750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645644)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20ocean%20pearl%20-%20seapol%20cp%20dtd%2017.07.2019/charter%20party/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645644/; classtype:trojan-activity;sid:84508744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645645)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/siddharth/new%20employment%20contracts/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645645/; classtype:trojan-activity;sid:84508745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645646)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20dubai%20crown_bilgent_040209_006/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645646/; classtype:trojan-activity;sid:84508746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645647)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/charter%20parties/mv%20agios%20nektarios/mv%20agios%20nektarios/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645647/; classtype:trojan-activity;sid:84508747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645641)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20theometor-%20everbright%20cpd%2010%20feb%2016/cancelled%20bl/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645641/; classtype:trojan-activity;sid:84508741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645642)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20christina%20iv%20-%20ripley%20cpd%2007%20october%202019/loi/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645642/; classtype:trojan-activity;sid:84508742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645643)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20sdtr%20tbn%20%20ashapura%20cp%20dated%2004%20dec%202015/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645643/; classtype:trojan-activity;sid:84508743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645639)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.captain%20george%20ii_ispat_161107_049/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645639/; classtype:trojan-activity;sid:84508739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645640)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/86_crossbridge_tbn_unity_12_05_2011/working_copy/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645640/; classtype:trojan-activity;sid:84508740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645638)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20evnia%20-%20essar%20cp%20dted%2005%20april%202019/charter%20party/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645638/; classtype:trojan-activity;sid:84508738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645636)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/process%20minerals%20international/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645636/; classtype:trojan-activity;sid:84508736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645637)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/isl%20background/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645637/; classtype:trojan-activity;sid:84508737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645634)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20bandhan%20-%20acct%20siva%20bulk%20cpd%2006%20nov%202012/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645634/; classtype:trojan-activity;sid:84508734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645635)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20kanpur_noble_080110_001/charter%20parties/riders/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645635/; classtype:trojan-activity;sid:84508735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645631)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/charter%20parties/mv%20achilleas-saitrans/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645631/; classtype:trojan-activity;sid:84508731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645632)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20superior%20-%20visa%20cp%20dated%2004th%20sept%202015/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:169; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645632/; classtype:trojan-activity;sid:84508732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645633)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20super%20star_prime%20east_171209_051/charter%20parties/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645633/; classtype:trojan-activity;sid:84508733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645630)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20tomini%20sincerity-propel-cpd%2005%20jan%202017/charter%20party/proforma%20cp/info.zip"; http_uri; depth:152; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645630/; classtype:trojan-activity;sid:84508730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645627)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/dhanraj/info.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645627/; classtype:trojan-activity;sid:84508727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645628)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20union%20explorer%20-%20isl%20cp%20dtd%2002%20may%202019/mv%20unico%20jianna-%20lss%20ocean%20cpd%2022%20jan%202016/brokerage%20invoice/info.zip"; http_uri; depth:209; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645628/; classtype:trojan-activity;sid:84508728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645629)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20heilan%20song-fomento%20cp%20dtd%2005%20feb%202018/charter%20party/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645629/; classtype:trojan-activity;sid:84508729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645626)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/coa%20documents/1_unity_crossbridge_09_02_10/82_wadi_ferran_unity_7_29_04_11/misc_docs/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645626/; classtype:trojan-activity;sid:84508726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645624)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/amarante%20background/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645624/; classtype:trojan-activity;sid:84508724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645625)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20wadi%20feran-acct%20everbright/charter%20party/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645625/; classtype:trojan-activity;sid:84508725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645623)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20vijay%20-%20sdtr%20-%20cpdd%2024%20jan%202018/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:170; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645623/; classtype:trojan-activity;sid:84508723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645621)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20trans%20spring-%20propel-%20cpd%2007%20aug%202015/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:165; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645621/; classtype:trojan-activity;sid:84508721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645622)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20yasa%20ozcan_jaldhi_231009_045/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645622/; classtype:trojan-activity;sid:84508722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645620)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/prajakta/research/info.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645620/; classtype:trojan-activity;sid:84508720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645618)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20star%20crimson-everbright%20cpd%2027%20july%202016/brokerage%20invoice/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645618/; classtype:trojan-activity;sid:84508718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645619)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/southern%20bulk/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645619/; classtype:trojan-activity;sid:84508719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645613)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.gem%20of%20kilakarai_ispat_051007_038/charter%20parties/main%20body/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645613/; classtype:trojan-activity;sid:84508713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645614)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20bda%20shipping%20tbn-acct%20hc%20trading-cpd%2018%20november%202016/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645614/; classtype:trojan-activity;sid:84508714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645615)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20harmony%20tbn%20(mv%20angelina%20the%20great%20n%20)%20-%20smal%20-%20cp%20dated%2020th%20nov%2015/charter%20party/proforma%20cp/info.zip"; http_uri; depth:203; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645615/; classtype:trojan-activity;sid:84508715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645616)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20bandhan%20-%20acct%20siva%20bulk%20cpd%2006%20nov%202012/charter%20party/working%20charter%20party/info.zip"; http_uri; depth:182; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645616/; classtype:trojan-activity;sid:84508716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645617)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20maithili%20-%20essar%20cp%20dtd%2007.09.2019/ltc/new%20folder/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645617/; classtype:trojan-activity;sid:84508717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645612)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20fuat%20bey%20-%20acct%20transbulk-cpd%2008%20august%202017/charter%20party/info.zip"; http_uri; depth:149; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645612/; classtype:trojan-activity;sid:84508712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645611)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/aht%20background/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645611/; classtype:trojan-activity;sid:84508711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645607)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20bk%20alice-simtra-cpd%2009%20dec%202016/charter%20party/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645607/; classtype:trojan-activity;sid:84508707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645608)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20panoria%20-%20visa%20cpd%2025%20aug%202017/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:148; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645608/; classtype:trojan-activity;sid:84508708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645609)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20firm%20offer%20format/emars/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645609/; classtype:trojan-activity;sid:84508709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645610)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20star%20crimson-everbright%20cpd%2027%20july%202016/charter%20party/proforma%20cp/info.zip"; http_uri; depth:155; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645610/; classtype:trojan-activity;sid:84508710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645605)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/dec%202008/market%20report%20dtd%201%20dec%2008/info.zip"; http_uri; depth:176; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645605/; classtype:trojan-activity;sid:84508705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645606)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20kanpur_noble_080110_001/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645606/; classtype:trojan-activity;sid:84508706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645603)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20trans%20spring-%20propel-%20cpd%2007%20aug%202015/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645603/; classtype:trojan-activity;sid:84508703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645604)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/221_guanhai%20228/working%20copy/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645604/; classtype:trojan-activity;sid:84508704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645600)"; flow:established,from_client; content:"GET"; http_method; content:"/microsoft/windows/powershell/info.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645600/; classtype:trojan-activity;sid:84508700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645601)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20lok%20rajeshwari_stxpanocean_040209_007/reacp-fixture%20note/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645601/; classtype:trojan-activity;sid:84508701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645602)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20tesoro-acct%20hms%20-%20cpd%2019%20april%202017/charter%20party/proforma%20cp/info.zip"; http_uri; depth:152; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645602/; classtype:trojan-activity;sid:84508702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645599)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vigor%20sw%20-%20usl%20shipping%20cp%20dated%2030%20nov%2015/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:176; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645599/; classtype:trojan-activity;sid:84508699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645598)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.evnia_wamopl_200308_006/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645598/; classtype:trojan-activity;sid:84508698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645594)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/562%20-%20mv%20mermaid%20star%20-%20singh%20group%20cp%20dtd%2017.06.2020%20-%20file%20no.%20562/charter%20party/info.zip"; http_uri; depth:212; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645594/; classtype:trojan-activity;sid:84508694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645595)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20four%20mogami_ispat_0160709_032/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645595/; classtype:trojan-activity;sid:84508695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645592)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20sinin_ssoe_030210_010/charter%20parties/main%20body/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645592/; classtype:trojan-activity;sid:84508692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645591)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/charter%20parties/mv%20vien%20dong%205/1st%20voyage/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645591/; classtype:trojan-activity;sid:84508691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645590)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20saubaagya%205%20-%20mcs%20cpd%2010%20nov%202015/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:163; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645590/; classtype:trojan-activity;sid:84508690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645586)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20iron%20man_jaldhi_080809_035/charter%20parties/riders/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645586/; classtype:trojan-activity;sid:84508686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645587)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20stelios%20b-primarina%20cpd%209%20oct%2015/fixture%20note/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645587/; classtype:trojan-activity;sid:84508687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645588)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/109_agi_gst/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645588/; classtype:trojan-activity;sid:84508688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645584)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/charter%20parties/mv%20mary%20f/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645584/; classtype:trojan-activity;sid:84508684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645585)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20norvic%20tbn(mv%20ionic%20storm)%20-%20lss%20cpd%2025%20april%202016/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645585/; classtype:trojan-activity;sid:84508685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645581)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/dec%202008/marketreport%20dtd%2018dec%2008/info.zip"; http_uri; depth:171; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645581/; classtype:trojan-activity;sid:84508681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645577)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv%20uttarkashi_nob_310707_029/charter%20parties/info.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645577/; classtype:trojan-activity;sid:84508677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645573)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/vessel%20lineup%20at%20ports/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645573/; classtype:trojan-activity;sid:84508673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645574)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20densa%20eagle%20-%20bagadiya%20cp%20dtd%2013.08.2019/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645574/; classtype:trojan-activity;sid:84508674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645575)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/vessel%20details/pallonji%20vsls/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645575/; classtype:trojan-activity;sid:84508675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645576)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/coa%20documents/5_pcl_core%20mineral/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645576/; classtype:trojan-activity;sid:84508676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645571)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vigor%20sw%20-%20usl%20shipping%20cp%20dated%2008%20dec%2015%20-%20copy/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:187; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645571/; classtype:trojan-activity;sid:84508671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645572)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20frontier%20angel_eta_201108/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645572/; classtype:trojan-activity;sid:84508672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645569)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645569/; classtype:trojan-activity;sid:84508669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645568)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20clipper%20vision%20-%20orissa%20metalikes%20cpd%2024%20june%202019/charter%20party/info.zip"; http_uri; depth:157; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645568/; classtype:trojan-activity;sid:84508668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645566)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20margrave_nedstar_190109_001/charter%20parties/main%20body/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645566/; classtype:trojan-activity;sid:84508666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645567)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/207_global%20triumph/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645567/; classtype:trojan-activity;sid:84508667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645565)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.alaknanda_ncs_070507_16/recap-fixture%20notes/info.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645565/; classtype:trojan-activity;sid:84508665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645563)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20kanpur_noble_080110_001/charter%20parties/main%20body/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645563/; classtype:trojan-activity;sid:84508663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645559)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/543%20-%20mv%20dessert%20spring%20-%20isl%20-%20cpd%2004.02.2020%20-%20file%20no.%20543/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:218; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645559/; classtype:trojan-activity;sid:84508659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645560)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/pda%20for%20eci/dhamara/sea%20trans%20pda/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645560/; classtype:trojan-activity;sid:84508660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645558)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.alaknanda_ncs%20_311007_044/charter%20parties/info.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645558/; classtype:trojan-activity;sid:84508658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645554)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/swati/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645554/; classtype:trojan-activity;sid:84508654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645553)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/sefira%20pc/old%20pc/sefira%20data%20on%20bom001_veera/e%20drive/info.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645553/; classtype:trojan-activity;sid:84508653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645551)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/sefira%20pc/old%20pc/sefira%20data%20on%20bom001_veera/sefira_addressbook/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645551/; classtype:trojan-activity;sid:84508651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645552)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.captain%20george%20ii_ispat_161107_049/charter%20parties/main%20body/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645552/; classtype:trojan-activity;sid:84508652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645547)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/563%20-%20mv%20nd%20aristeia%20-%20bagadiya%20cp%20dtd%2019.06.2020%20-%20file%20no.563/timeline/info.zip"; http_uri; depth:196; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645547/; classtype:trojan-activity;sid:84508647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645548)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/martrade/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645548/; classtype:trojan-activity;sid:84508648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645546)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/193_chennai_selvami/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645546/; classtype:trojan-activity;sid:84508646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645541)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/scan%20documents/scan%20doc/china-india%20iron%20ore%20summit%20beijing%202008/list%20of%20participants%20for%20%20ciios/info.zip"; http_uri; depth:164; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645541/; classtype:trojan-activity;sid:84508641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645542)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/70_hoa_nam_ssipl_23_03_11/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645542/; classtype:trojan-activity;sid:84508642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645543)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/debit%20notes/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645543/; classtype:trojan-activity;sid:84508643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645544)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jan%202009%20to%20jul%202009/feb%202009/market%20report%20dtd%202%20feb%2009/info.zip"; http_uri; depth:176; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645544/; classtype:trojan-activity;sid:84508644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645540)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/sefira%20pc/charter%20parties/main%20body/cps%20sent%20to%20tony%20brown/cps%20sent%20to%20tony%20brown/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645540/; classtype:trojan-activity;sid:84508640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645533)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/transchart/new%20briefcase/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645533/; classtype:trojan-activity;sid:84508633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645534)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/crossbridge(sterling%20infotech)/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645534/; classtype:trojan-activity;sid:84508634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645535)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/scan%20documents/scan%20doc/emirates%20trading%2026-6-08/info.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645535/; classtype:trojan-activity;sid:84508635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645536)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.murshidabad_noble_250408_012/charter%20parties/main%20body/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645536/; classtype:trojan-activity;sid:84508636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645537)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20vinay-caravel%20cpd%2020%20april%202016/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:164; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645537/; classtype:trojan-activity;sid:84508637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645538)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/aug%202008/market%20report%20dtd%205%20aug%202008/info.zip"; http_uri; depth:178; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645538/; classtype:trojan-activity;sid:84508638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645529)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20maithili%20-%20essar%20cp%20dtd%2007.09.2019/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645529/; classtype:trojan-activity;sid:84508629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645530)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20rainbow%20lucky-acct%20propel-cpd%2027%20oct%202016/charter%20party/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645530/; classtype:trojan-activity;sid:84508630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645528)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20lok%20rajeshwari_noble_140110_005/charter%20parties/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645528/; classtype:trojan-activity;sid:84508628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645527)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/asian%20gypsy%20moth%20details/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645527/; classtype:trojan-activity;sid:84508627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645525)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20union%20explorer%20-%20isl%20cp%20dtd%2002%20may%202019/mv%20unico%20jianna-%20lss%20ocean%20cpd%2022%20jan%202016/charter%20party/info.zip"; http_uri; depth:205; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645525/; classtype:trojan-activity;sid:84508625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645526)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20apj%20suryavir_seafreight_080509_018/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645526/; classtype:trojan-activity;sid:84508626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645524)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/sci%20documents/mv%20tamil%20nadu%20decsription/untitled_files/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645524/; classtype:trojan-activity;sid:84508624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645523)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20darya%20shaan%20-%20chun%20an%20cpd%2021%20feb%202018/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645523/; classtype:trojan-activity;sid:84508623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645521)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20jyoti-sdtr%20cpd%2025th%20may%202018/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:161; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645521/; classtype:trojan-activity;sid:84508621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645522)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20anna%20meta-acct%20everbright-cpd%2011%20jan%202017/charter%20party/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645522/; classtype:trojan-activity;sid:84508622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645519)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20indus%20prosperity%20-%20bulk%20marine%20cpd%2004%20october%202019/brokerage%20invoice/info.zip"; http_uri; depth:161; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645519/; classtype:trojan-activity;sid:84508619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645518)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/231_ozgur%20aksoy/info.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645518/; classtype:trojan-activity;sid:84508618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645517)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20greco%20libero-acct%20vedanta-cpd%2028%20oct%202016/fixture%20note/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645517/; classtype:trojan-activity;sid:84508617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645516)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/deepak/my%20docs/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645516/; classtype:trojan-activity;sid:84508616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645515)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20aranda%20colossus_nob_061008_030/market%20report/market%20report%20dtd%207%20nov%202008/info.zip"; http_uri; depth:152; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645515/; classtype:trojan-activity;sid:84508615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645513)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/deepak/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645513/; classtype:trojan-activity;sid:84508613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645514)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/dec%202008/market%20report%20dtd%204%20dec%202008/info.zip"; http_uri; depth:178; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645514/; classtype:trojan-activity;sid:84508614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645512)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20lok%20rajeshwari_noble_140110_005/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645512/; classtype:trojan-activity;sid:84508612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645509)"; flow:established,from_client; content:"GET"; http_method; content:"/j7t.check|3f|t=9gwl5hzj"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"er.mzvo7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645509/; classtype:trojan-activity;sid:84508609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645510)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20greco%20libero-acct%20vedanta-cpd%2028%20oct%202016/charter%20party/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645510/; classtype:trojan-activity;sid:84508610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645511)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/552%20-%20mv%20jewel%20of%20shinas%20-%20delta%20cp%20dtd%2014.04.2020%20-%20file%20no.%20552/vessel%20desc/info.zip"; http_uri; depth:207; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645511/; classtype:trojan-activity;sid:84508611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645508)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/547%20-%20mv%20rowan%202%20-%20scmc%20-%20cpdtd%2019.02.2020%20-%20file%20no.%20547/hire%20statements%20or%20freight%20invoices/info.zip"; http_uri; depth:227; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645508/; classtype:trojan-activity;sid:84508608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645503)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20fuat%20bey%20-%20acct%20transbulk-cpd%2008%20august%202017/pre-arrv/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645503/; classtype:trojan-activity;sid:84508603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645505)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20intrepid-propel-cpd%2018%20august%202016/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645505/; classtype:trojan-activity;sid:84508605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645506)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20four%20mogami_ispat_0160709_032/charter%20parties/main%20body/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645506/; classtype:trojan-activity;sid:84508606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645507)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20uttarkashi_ncs_110908_029/charter%20parties/info.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645507/; classtype:trojan-activity;sid:84508607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645502)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2013/275_ithomi/info.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645502/; classtype:trojan-activity;sid:84508602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645500)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2013/294_silvia%20glory-emerald/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645500/; classtype:trojan-activity;sid:84508600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645499)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20bda%20tbn%20-%20acct%20hc%20trading-%2006%20oct%202016/charter%20party/proforma%20cp/info.zip"; http_uri; depth:159; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645499/; classtype:trojan-activity;sid:84508599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645498)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.christos_eta_180607_021/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645498/; classtype:trojan-activity;sid:84508598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645497)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.mandakini_ncs_030108_001/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645497/; classtype:trojan-activity;sid:84508597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645496)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20anna%20meta-acct%20everbright-cpd%2011%20jan%202017/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645496/; classtype:trojan-activity;sid:84508596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645495)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20superior%20-%20visa%20cp%20dated%2004th%20sept%202015/charter%20party/proforma%20cp/info.zip"; http_uri; depth:158; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645495/; classtype:trojan-activity;sid:84508595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645492)"; flow:established,from_client; content:"GET"; http_method; content:"/suvjmmq23u.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"a.qgf-5-e.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645492/; classtype:trojan-activity;sid:84508592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645493)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/sci%20documents/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645493/; classtype:trojan-activity;sid:84508593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645494)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/pda%20for%20eci/haldia/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645494/; classtype:trojan-activity;sid:84508594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645491)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20evnia%20-%20essar%20cp%20dted%2005%20april%202019/brokerage%20invoice/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645491/; classtype:trojan-activity;sid:84508591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645486)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/pda%20for%20eci/dhamara/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645486/; classtype:trojan-activity;sid:84508586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645487)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/68_apj_kais_mpallonji_17_02_11/working_copy/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645487/; classtype:trojan-activity;sid:84508587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645488)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20eco%20vanguard-visa%20cpd%2026%20-%20may-15/charter%20party/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645488/; classtype:trojan-activity;sid:84508588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645489)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/sci%20documents/mv%20tamil%20nadu%20decsription/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645489/; classtype:trojan-activity;sid:84508589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645490)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20dubai%20crown%20-%20jaldi%20cpdd%2023%20jan%202018/brokerage%20invoice/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645490/; classtype:trojan-activity;sid:84508590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645485)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jan%202009%20to%20jul%202009/feb%202009/market%20report%20dtd%2019%20feb%2009/info.zip"; http_uri; depth:177; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645485/; classtype:trojan-activity;sid:84508585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645483)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.evnia_wamopl_200308_006/charter%20parties/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645483/; classtype:trojan-activity;sid:84508583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645484)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jan%202009%20to%20jul%202009/feb%202009/market%20%20report%20dtd%2006%20feb%2009/info.zip"; http_uri; depth:180; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645484/; classtype:trojan-activity;sid:84508584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645480)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jan%202009%20to%20jul%202009/feb%202009/market%20report%20dtd%2023%20feb%2009/info.zip"; http_uri; depth:177; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645480/; classtype:trojan-activity;sid:84508580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645481)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/sefira%20pc/old%20pc/sefira%20data%20on%20bom001_veera/ganesh/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645481/; classtype:trojan-activity;sid:84508581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645482)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20bomar%20oyster%20-%20primarina%20cpd%2001%20march%202018/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645482/; classtype:trojan-activity;sid:84508582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645476)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20dubai%20energy_ispat_010409_012/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645476/; classtype:trojan-activity;sid:84508576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645477)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/dec%202008/market%20report%20dtd%209dec%202008/info.zip"; http_uri; depth:175; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645477/; classtype:trojan-activity;sid:84508577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645478)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20al%20yasat%20ii%20-%20power%20international%20cpd%2016%20nov%202019/charter%20party/info.zip"; http_uri; depth:158; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645478/; classtype:trojan-activity;sid:84508578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645479)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20primrose_wamspl_041009_044/charter%20parties/main%20body/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645479/; classtype:trojan-activity;sid:84508579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645475)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20diksha%20-%20siva%20bulk%20-%20cpd%2001%20august%202012/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:180; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645475/; classtype:trojan-activity;sid:84508575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645474)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.196.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645474/; classtype:trojan-activity;sid:84508574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645473)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/559%20-%20mv%20stonington%20eagle%20-power%20international%20cp%20dtd%2022.05.2020%20-%20file%20no.559/misc%20attachments/info.zip"; http_uri; depth:221; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645473/; classtype:trojan-activity;sid:84508573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645472)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/542%20-%20mv%20dessert%20spring%20-%20power%20international%20-%20cpd%2030.01.2020%20-%20file%20no.%20542/hire%20statements%20or%20freight%20invoices/info.zip"; http_uri; depth:249; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645472/; classtype:trojan-activity;sid:84508572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645471)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20san%20nicolas%20-%20saii%20resources%20cpd%2012%20nov%202018/brokerage%20invoice/info.zip"; http_uri; depth:155; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645471/; classtype:trojan-activity;sid:84508571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645470)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2013/269_heilan%20rising/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645470/; classtype:trojan-activity;sid:84508570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645467)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20intrepid-propel-cpd%2018%20august%202016/charter%20party/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645467/; classtype:trojan-activity;sid:84508567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645468)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.dubai%20crown_jki_160707_027/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645468/; classtype:trojan-activity;sid:84508568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645469)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/557%20-%20mv%20nautical%20madison%20-%20bajrang%20-%20cp%20dtd%2008.05.2020%20-%20file%20no.%20557/misc%20attachments/info.zip"; http_uri; depth:217; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645469/; classtype:trojan-activity;sid:84508569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645464)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20dubai%20crown_bilgent_040209_006/charter%20parties/main%20body/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645464/; classtype:trojan-activity;sid:84508564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645465)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.port%20melbourne_ispat_221107_050/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645465/; classtype:trojan-activity;sid:84508565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645463)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20teo_eta_050310_012/charter%20parties/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645463/; classtype:trojan-activity;sid:84508563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645455)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/150_xinhongbaoshi/info.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645455/; classtype:trojan-activity;sid:84508555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645456)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20union%20explorer%20-%20isl%20cp%20dtd%2002%20may%202019/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:161; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645456/; classtype:trojan-activity;sid:84508556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645457)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixture_reports/2013/january/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645457/; classtype:trojan-activity;sid:84508557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645458)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20cemtex%20orient_kispl_311208_038/charter%20parties/main%20body/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645458/; classtype:trojan-activity;sid:84508558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645459)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/565%20-%20mv%20woohyun%20green%20-%20singh%20group%20cp%20dtd%2003.07.2020%20-%20file%20no.%20565/brokerage%20invoice/info.zip"; http_uri; depth:217; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645459/; classtype:trojan-activity;sid:84508559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645460)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixture_reports/2011/september/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645460/; classtype:trojan-activity;sid:84508560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645461)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/scan%20documents/scan%20doc/bulk%20marine/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645461/; classtype:trojan-activity;sid:84508561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645462)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20pola%20ladoga-essar%20cpd%2029th%20may%202018/brokerage%20invoice/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645462/; classtype:trojan-activity;sid:84508562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645454)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20unity%20spirit-acct%20propel-cpd%2024%20jan%202017/charter%20party/proforma%20cp/info.zip"; http_uri; depth:155; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645454/; classtype:trojan-activity;sid:84508554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645452)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20uni%20auc%20one-integrity%20bulk%20cpd%2013%20feb%202018/charter%20party/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645452/; classtype:trojan-activity;sid:84508552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645453)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/184_tennei_maru_liannex/new%20folder/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645453/; classtype:trojan-activity;sid:84508553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645448)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20frontier%20angel_eta_201108/charter%20parties/main%20body/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645448/; classtype:trojan-activity;sid:84508548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645449)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2013/263_romanos/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645449/; classtype:trojan-activity;sid:84508549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645450)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20evangelia%20m%20-rashmi-cpd%2012%20june%202017/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:162; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645450/; classtype:trojan-activity;sid:84508550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645451)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20star%20crimson-everbright%20cpd%2027%20july%202016/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645451/; classtype:trojan-activity;sid:84508551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645445)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.yangtze%20river_wamopl_161007_041/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645445/; classtype:trojan-activity;sid:84508545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645446)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/mumbai%20operations/charter%20parties/2011/mv%20columbia%20--%20constantia/working/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645446/; classtype:trojan-activity;sid:84508546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645447)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/scan%20documents/scan%20doc/emloyment/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645447/; classtype:trojan-activity;sid:84508547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645443)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.mp%20panamax%202_nob_120707_026/charter%20parties/main%20body/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645443/; classtype:trojan-activity;sid:84508543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645444)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/vk%20jain/cargo/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645444/; classtype:trojan-activity;sid:84508544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645441)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/excel%20sheet%20documents/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645441/; classtype:trojan-activity;sid:84508541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645442)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/realm%20bg%20of%2023%20may%202011/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645442/; classtype:trojan-activity;sid:84508542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645440)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/fixture%20list%20wct-2010/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645440/; classtype:trojan-activity;sid:84508540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645439)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20dubai%20crown%20-%20jaldi%20cpdd%2023%20jan%202018/charter%20party/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645439/; classtype:trojan-activity;sid:84508539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645438)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20nidhi%20-%20siva%20cpd%2008%20september%202012/charter%20party/working%20charter%20party/info.zip"; http_uri; depth:172; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645438/; classtype:trojan-activity;sid:84508538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645437)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20jiu%20hua%20hai_ispat_250509_022/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645437/; classtype:trojan-activity;sid:84508537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645436)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20maratha%20providence%20%20acct%20harmony%20innovation%20%e2%80%93%20cpd%2007%20august%202014/charter%20party/info.zip"; http_uri; depth:183; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645436/; classtype:trojan-activity;sid:84508536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645435)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20ekta%20%20simtra%20cpd%2006%20aug%202015/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645435/; classtype:trojan-activity;sid:84508535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645431)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/scan%20documents/biofach/info.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645431/; classtype:trojan-activity;sid:84508531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645432)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/567%20-%20mv%20pangeo%20-%20seapol%20cp%20dtd%2004.08.2020%20-%20file%20no.%20567/info.zip"; http_uri; depth:181; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645432/; classtype:trojan-activity;sid:84508532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645433)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20vijeta-propel-cpd%2027%20september%202016/pfh%20docs/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645433/; classtype:trojan-activity;sid:84508533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645434)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/scan%20documents/scan%20doc/info.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645434/; classtype:trojan-activity;sid:84508534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645428)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.alaknanda_ncs%20_311007_044/recap-fixture%20notes/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645428/; classtype:trojan-activity;sid:84508528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645429)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv%20uttarkashi_ncs_151007_040/charter%20parties/riders/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645429/; classtype:trojan-activity;sid:84508529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645430)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20stelios%20b-primarina%20cpd%209%20oct%2015/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645430/; classtype:trojan-activity;sid:84508530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645427)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/182_tian%20tong%20feng/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645427/; classtype:trojan-activity;sid:84508527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645425)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20hydrus-usl%20cpd%2019%20aug%202016/charter%20party/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645425/; classtype:trojan-activity;sid:84508525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645426)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20apj%20mahadeva-mcs%20cp%20dtd%2013th%20aug%202015/brokerage%20invoice/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645426/; classtype:trojan-activity;sid:84508526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645423)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jan%202009%20to%20jul%202009/may-2009/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645423/; classtype:trojan-activity;sid:84508523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645424)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2014/ocean%20merry/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645424/; classtype:trojan-activity;sid:84508524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645422)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vinalines%20green-visa%20cp%20dated%2002%20dec%202015/charter%20party/proforma%20cp/info.zip"; http_uri; depth:158; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645422/; classtype:trojan-activity;sid:84508522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645420)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20maritime%20alliance_jaldhi_310709_034/charter%20parties/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645420/; classtype:trojan-activity;sid:84508520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645421)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/aug%202008/market%20reoport%20dtd%2019aug%202008/info.zip"; http_uri; depth:177; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645421/; classtype:trojan-activity;sid:84508521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645419)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20spinel%20-%20seapol%20cp%20dtd%2004%20july%202019/brokerage%20invoice/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645419/; classtype:trojan-activity;sid:84508519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645417)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20cemtex%20orient_kispl_311208_038/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645417/; classtype:trojan-activity;sid:84508517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645414)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/89_apj_suryavir_libra_23_05_11/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645414/; classtype:trojan-activity;sid:84508514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645415)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/vk%20jain/company%20profile/info.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645415/; classtype:trojan-activity;sid:84508515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645413)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20cs%20sonoma-safesea%20cpd%2014%20may%202018/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645413/; classtype:trojan-activity;sid:84508513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645411)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20wadi%20albostan-acct%20visa%20-%20cpd%2003%20june%202017/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:172; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645411/; classtype:trojan-activity;sid:84508511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645410)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20firm%20offer%20format/libra/lss%20ocean%20transport%20(new%202018)%20terms/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645410/; classtype:trojan-activity;sid:84508510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645408)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/aug%202008/market%20report%20dtd%2014aug%202008/info.zip"; http_uri; depth:176; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645408/; classtype:trojan-activity;sid:84508508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645409)"; flow:established,from_client; content:"GET"; http_method; content:"/j7t.check|3f|t=890f61l9"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"er.mzvo7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645409/; classtype:trojan-activity;sid:84508509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645402)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20htk%20lucky-%20essar%20cpd%202%20aug%202018/brokerage%20invoice/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645402/; classtype:trojan-activity;sid:84508502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645403)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/formal%20class%20certificate%20or%20document%20required%20for%20helicopter%20approval%20effective%201%20august%202010/info.zip"; http_uri; depth:160; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645403/; classtype:trojan-activity;sid:84508503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645404)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/dec%202008/market%20report%20dtd%2012%20dec%2008/info.zip"; http_uri; depth:177; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645404/; classtype:trojan-activity;sid:84508504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645405)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20harmony%20tbn%20(mv%20ce%20guardian)%20-%20acct%20surya%20exim-cpd%2009%20march%202017/charter%20party/info.zip"; http_uri; depth:177; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645405/; classtype:trojan-activity;sid:84508505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645406)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jan%202009%20to%20jul%202009/jul-2009/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645406/; classtype:trojan-activity;sid:84508506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645407)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/228_harmony%20tbn/info.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645407/; classtype:trojan-activity;sid:84508507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645401)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20kang%20yao_jaldhi_220109_003/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645401/; classtype:trojan-activity;sid:84508501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645399)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/191_miletus/working%20cp/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645399/; classtype:trojan-activity;sid:84508499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645400)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2014/314_amoy%20action/info.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645400/; classtype:trojan-activity;sid:84508500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645397)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20yfsl%20tbn%28amis%20orchid%29%20-%20scmc%20cpd%2008%20dec%202017/charter%20party/scanned%20copy%20of%20executed%20cp/info.zip"; http_uri; depth:191; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645397/; classtype:trojan-activity;sid:84508497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645395)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/fixture%20record/info.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645395/; classtype:trojan-activity;sid:84508495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645394)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/minmetals/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645394/; classtype:trojan-activity;sid:84508494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645392)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20devprayag_nob_230409_015/certificates/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645392/; classtype:trojan-activity;sid:84508492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645393)"; flow:established,from_client; content:"GET"; http_method; content:"/ya03.google|3f|t=z5lfter5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"z9m.bowibo.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645393/; classtype:trojan-activity;sid:84508493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645390)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vega%20mars-propel%20cpd%2018-jan-2016/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645390/; classtype:trojan-activity;sid:84508490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645389)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20yue%20guan%20feng-visa%20bulk%20cpd%2021%20april%202016/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:171; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645389/; classtype:trojan-activity;sid:84508489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645387)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/gst%20registration/rinl/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645387/; classtype:trojan-activity;sid:84508487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645388)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20densa%20panther-surya%20exim%20cpd%2022%20oct%202015/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:168; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645388/; classtype:trojan-activity;sid:84508488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645385)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.apj%20jad_ssoe_050607_020/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645385/; classtype:trojan-activity;sid:84508485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645386)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20rishikesh_nob_010409_011/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645386/; classtype:trojan-activity;sid:84508486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645383)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/553%20-%20mv%20pacific%20advance%20-%20power%20international%20cp%20dtd%2018.04.2020%20-%20file%20nor.%20553/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:239; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645383/; classtype:trojan-activity;sid:84508483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645384)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/sefira%20pc/old%20pc/sefira%20data%20on%20bom001_veera/internet%20explorer%206.0%20%28full%29/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645384/; classtype:trojan-activity;sid:84508484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645381)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/scan%20documents/info.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645381/; classtype:trojan-activity;sid:84508481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645382)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20magic_jaldhi_210110_007/charter%20parties/riders/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645382/; classtype:trojan-activity;sid:84508482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645378)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jan%202009%20to%20jul%202009/jan%202009/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645378/; classtype:trojan-activity;sid:84508478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645377)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/154_hibernia/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645377/; classtype:trojan-activity;sid:84508477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645374)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20rainbow%20lucky-acct%20propel-cpd%2027%20oct%202016/charter%20party/proforma%20cp/info.zip"; http_uri; depth:156; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645374/; classtype:trojan-activity;sid:84508474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645375)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/excel%20sheet%20documents/info.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645375/; classtype:trojan-activity;sid:84508475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645376)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20stelios%20b-primarina%20cpd%209%20oct%2015/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:158; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645376/; classtype:trojan-activity;sid:84508476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645373)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/psons%20bg/psons/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645373/; classtype:trojan-activity;sid:84508473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645371)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20prabhu%20gopal%20-%20acct%20usl-%20cpd%2027%20july%202017/charter%20party/info.zip"; http_uri; depth:148; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645371/; classtype:trojan-activity;sid:84508471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645372)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20rosita%20-vedanta%20-%20cpd%2030%20aug%202018/brokerage%20invoice/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645372/; classtype:trojan-activity;sid:84508472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645370)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/tony/my%20paperport%20documents/samples/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645370/; classtype:trojan-activity;sid:84508470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645369)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20yue%20guan%20feng-visa%20bulk%20cpd%2021%20april%202016/charter%20party/scanned%20copy%20of%20executed%20cp/info.zip"; http_uri; depth:182; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645369/; classtype:trojan-activity;sid:84508469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645367)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20captainyannis%20l%20-%20saraogi%20udyog%20-%20cpd%2027%20september%202016/loi/info.zip"; http_uri; depth:152; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645367/; classtype:trojan-activity;sid:84508467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645368)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2013/301_beautiful%20rena/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645368/; classtype:trojan-activity;sid:84508468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645366)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20archagelos%20michael%20-%20scmc%2017.12.18/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645366/; classtype:trojan-activity;sid:84508466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645363)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/aug%202008/market%20report%20dtd%2015aug2008/info.zip"; http_uri; depth:173; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645363/; classtype:trojan-activity;sid:84508463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645364)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20yfsl%20%28mv%20sarwar%20jahan%29-acct%20scmc-%2018%20november%202016/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:184; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645364/; classtype:trojan-activity;sid:84508464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645365)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20wadi%20feran-acct%20everbright/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645365/; classtype:trojan-activity;sid:84508465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645361)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20sibi-acct%20visa%20-%20cpd%2024%20march%202017/brokerage%20invoice/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645361/; classtype:trojan-activity;sid:84508461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645362)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/bunker%20prices/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645362/; classtype:trojan-activity;sid:84508462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645360)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20densa%20cougar-%20bostomar%20cpd%207%20june%202018/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645360/; classtype:trojan-activity;sid:84508460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645359)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20cs%20brave%20(mv%20devongate%20)-acct%20aegis%20overseas%20ltd%20or%20nominee-cpd%2024%20november%202016/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:220; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645359/; classtype:trojan-activity;sid:84508459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645357)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20densa%20dolphin%20-%20propel%20cpd%2007%20december%202018/charter%20party/info.zip"; http_uri; depth:148; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645357/; classtype:trojan-activity;sid:84508457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645358)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20transpower%20tbn%20-%20jsw%20steel%20cpd%2017%20march%202016/charter%20party/proforma%20cp/info.zip"; http_uri; depth:165; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645358/; classtype:trojan-activity;sid:84508458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645356)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20port%20estoril%20-%20scmc-%20cpd%2026%20oct%202018/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:156; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645356/; classtype:trojan-activity;sid:84508456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645353)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20firm%20offer%20format/adnatco/info.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645353/; classtype:trojan-activity;sid:84508453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645354)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/coa%20-mv%20perfect%20bulk%20tbn%20-%20scmc%20cpd%2022nd%20april%202019/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:172; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645354/; classtype:trojan-activity;sid:84508454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645355)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixture_reports/2012/january/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645355/; classtype:trojan-activity;sid:84508455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645351)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.uttarkashi_nob_310707_029/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645351/; classtype:trojan-activity;sid:84508451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645352)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/vba%20bg/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645352/; classtype:trojan-activity;sid:84508452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645350)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20anand-acct%20guodian-cpd%2007%20march%202017/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:169; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645350/; classtype:trojan-activity;sid:84508450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645348)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2013/256_fareast%20harmony/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645348/; classtype:trojan-activity;sid:84508448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645349)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20devigloryi_seatrek_180509_022/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645349/; classtype:trojan-activity;sid:84508449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645345)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/charter%20parties/aqaba%20jan%202014/info.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645345/; classtype:trojan-activity;sid:84508445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645346)"; flow:established,from_client; content:"GET"; http_method; content:"/ugc9dur3sb.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k9.i-76t.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645346/; classtype:trojan-activity;sid:84508446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645347)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20theometor-%20everbright%20cpd%2010%20feb%2016/charter%20party/proforma%20cp/info.zip"; http_uri; depth:150; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645347/; classtype:trojan-activity;sid:84508447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645344)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/pda%20for%20wci/goa%20or%20panaji%20or%20panjim%20or%20marmagao/tbn%2055k/info.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645344/; classtype:trojan-activity;sid:84508444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645341)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20aranda%20colossus_nob_061008_030/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645341/; classtype:trojan-activity;sid:84508441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645342)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2014/trans%20spring/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645342/; classtype:trojan-activity;sid:84508442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645343)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20lok%20pratap_hct_230609_025/charter%20parties/main%20body/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645343/; classtype:trojan-activity;sid:84508443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645340)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/556%20-%20mv%20top%20fair%20-%20scmc%20cp%20%20dtd%2007.05.2020%20-%20file%20no.%20556/info.zip"; http_uri; depth:186; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645340/; classtype:trojan-activity;sid:84508440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645337)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/backgrounds/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645337/; classtype:trojan-activity;sid:84508437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645338)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.spar%20scorpio_ispat_081107_046/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645338/; classtype:trojan-activity;sid:84508438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645339)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20malhar%20-%20hmm%20cpd%2006%20june%202013/charter%20party/working%20charter%20party/info.zip"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645339/; classtype:trojan-activity;sid:84508439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645329)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20sophia%20k-%20surya%20exim%20cpd%2017th%20may%202018/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:168; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645329/; classtype:trojan-activity;sid:84508429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645330)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/vk%20jain/my%20webs/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645330/; classtype:trojan-activity;sid:84508430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645331)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/woohyun%20shipping/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645331/; classtype:trojan-activity;sid:84508431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645332)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20lok%20maheshwari_nob_050908_027/recap-fixture%20note/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645332/; classtype:trojan-activity;sid:84508432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645333)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20sealight_hct_050509_017/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645333/; classtype:trojan-activity;sid:84508433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645334)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/coa%20documents/1_unity_crossbridge_09_02_10/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645334/; classtype:trojan-activity;sid:84508434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645335)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.falcon_ispat_050907_035/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645335/; classtype:trojan-activity;sid:84508435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645336)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/dec%202008/market%20report%20dtd%2019dec%2008/info.zip"; http_uri; depth:174; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645336/; classtype:trojan-activity;sid:84508436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645328)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/charter%20parties/mv%20vien%20dong%205/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645328/; classtype:trojan-activity;sid:84508428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645325)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/charter%20parties%202011/mv%20chandi%20prasad/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645325/; classtype:trojan-activity;sid:84508425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645326)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20apj%20suryavir_seafreight_080509_018/charter%20parties/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645326/; classtype:trojan-activity;sid:84508426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645327)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/sefira%20pc/old%20pc/sefira%20data%20on%20bom001_veera/sis%206326/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645327/; classtype:trojan-activity;sid:84508427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645320)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/vessel%20details/emarat/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645320/; classtype:trojan-activity;sid:84508420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645321)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20sandpiper%20-%20scmc%20-%20cpd%2028%20october%202019/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:168; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645321/; classtype:trojan-activity;sid:84508421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645322)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/desktop/tai%20ping%20shan-phaethon-cp/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645322/; classtype:trojan-activity;sid:84508422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645323)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20moonvazs_hct_090908_028/charter%20parties/main%20body/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645323/; classtype:trojan-activity;sid:84508423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645324)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/549%20-%20mv%20milos%20-%20power%20international%20cp%20dtd%2026.02.2020/misc%20attachments/info.zip"; http_uri; depth:191; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645324/; classtype:trojan-activity;sid:84508424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645319)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/564%20-%20mv%20banglar%20joyjatra%20-%20martrade%20cp%20dtd%2001.07.2020%20-%20file%20no.%20564/charter%20party/info.zip"; http_uri; depth:211; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645319/; classtype:trojan-activity;sid:84508419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645315)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/crossbridge_unity%20coa%20dtd%209th%20feb%202010/riders/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645315/; classtype:trojan-activity;sid:84508415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645316)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/insight%20maritime%20profile/info.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645316/; classtype:trojan-activity;sid:84508416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645317)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20ken%20orchid-propel-cpd%2027%20august%202016/charter%20party/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645317/; classtype:trojan-activity;sid:84508417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645318)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20triton%20seahawk%20-%20propel%20shipping%2004%20jan%202019/charter%20party/info.zip"; http_uri; depth:149; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645318/; classtype:trojan-activity;sid:84508418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645313)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/sdtr/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645313/; classtype:trojan-activity;sid:84508413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645314)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20yue%20guan%20feng-visa%20bulk%20cpd%2021%20april%202016/brokerage%20invoice/info.zip"; http_uri; depth:150; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645314/; classtype:trojan-activity;sid:84508414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645311)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20super%20star_prime%20east_171209_051/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645311/; classtype:trojan-activity;sid:84508411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645312)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20ocean%20crown_wbc_100209_008/charter%20parties/main%20body/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645312/; classtype:trojan-activity;sid:84508412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645308)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20an%20fu%20star-%20imr%20cpd%2027%20nov%202015/brokerage%20invoice/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645308/; classtype:trojan-activity;sid:84508408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645309)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20anand-acct%20guodian-cpd%2007%20march%202017/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645309/; classtype:trojan-activity;sid:84508409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645310)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20anand-acct%20guodian-cpd%2007%20march%202017/charter%20party/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645310/; classtype:trojan-activity;sid:84508410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645305)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/545%20-%20mv%20navios%20ulysses%20-%20power%20international%20-%20cpd%2007.02.2020%20-%20file%20no.%20545/certificates/info.zip"; http_uri; depth:218; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645305/; classtype:trojan-activity;sid:84508405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645306)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/566%20-%20mv%20vitaspirit%20-%20am%20commodities%20cp%20dtd%2028.07.2020%20-%20file%20no.%20566/info.zip"; http_uri; depth:195; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645306/; classtype:trojan-activity;sid:84508406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645307)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20tomini%20sincerity-propel-cpd%2005%20jan%202017/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:163; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645307/; classtype:trojan-activity;sid:84508407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645304)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/96_akij_glory_usl/info.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645304/; classtype:trojan-activity;sid:84508404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645300)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20pataliputra_noble_290808_025/charter%20parties/main%20body/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645300/; classtype:trojan-activity;sid:84508400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645301)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20jbu%20orient_sinoway_290110_009/charter%20parties/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645301/; classtype:trojan-activity;sid:84508401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645302)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/transchart/my%20pictures/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645302/; classtype:trojan-activity;sid:84508402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645303)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20al%20yasat%20ii%20-%20power%20international%20cpd%2016%20nov%202019/certificates/info.zip"; http_uri; depth:155; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645303/; classtype:trojan-activity;sid:84508403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645297)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/pan%20world%20bg/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645297/; classtype:trojan-activity;sid:84508397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645298)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/elim%20spring/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645298/; classtype:trojan-activity;sid:84508398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645299)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/sapphire%20pacific%20pte%20ltd/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645299/; classtype:trojan-activity;sid:84508399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645294)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20hydrus-%20usl-%20cpd%2028%20july%202016/brokerage%20invoice/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645294/; classtype:trojan-activity;sid:84508394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645295)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/bda%20shipping/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645295/; classtype:trojan-activity;sid:84508395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645296)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/111_moon_enterprise/working%20copy/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645296/; classtype:trojan-activity;sid:84508396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645292)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/sefira%20pc/old%20pc/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645292/; classtype:trojan-activity;sid:84508392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645293)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/560%20-%20mv%20peace%20angel%20-%20scmc%20-%20cp%20dtd%2005.06.2020%20-%20file%20no%20560/charter%20party/info.zip"; http_uri; depth:205; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645293/; classtype:trojan-activity;sid:84508393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645289)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.joviality_wamopl_220208_004/charter%20parties/main%20body/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645289/; classtype:trojan-activity;sid:84508389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645290)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/147_ding%20xiang%20hai_synergy/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645290/; classtype:trojan-activity;sid:84508390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645291)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/fixtures/fortune%20express/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645291/; classtype:trojan-activity;sid:84508391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645287)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20therese%20selmer-%20acct%20visa%20bulk%20-%20cpd%2005-05-2016/charter%20party/proforma%20cp/info.zip"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645287/; classtype:trojan-activity;sid:84508387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645288)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20harmony%20tbn(%20mv%20vlazakis%20i%20)-%20synergy/charter%20party/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645288/; classtype:trojan-activity;sid:84508388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645285)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/dec%202008/market%20report%20dtd%2010dec%2008/info.zip"; http_uri; depth:174; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645285/; classtype:trojan-activity;sid:84508385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645286)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/542%20-%20mv%20dessert%20spring%20-%20power%20international%20-%20cpd%2030.01.2020%20-%20file%20no.%20542/brokerage%20invoice/info.zip"; http_uri; depth:225; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645286/; classtype:trojan-activity;sid:84508386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645284)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20hai%20qing%20-%20lss%20cpd%2029%20june%202015/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:161; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645284/; classtype:trojan-activity;sid:84508384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645282)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jan%202009%20to%20jul%202009/feb%202009/market%20report%20dtd%2018%20feb%2009/info.zip"; http_uri; depth:177; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645282/; classtype:trojan-activity;sid:84508382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645283)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20lok%20maheshwari_nob_050908_027/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645283/; classtype:trojan-activity;sid:84508383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645278)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20vinay-caravel%20cpd%2020%20april%202016/charter%20party/proforma%20cp/info.zip"; http_uri; depth:153; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645278/; classtype:trojan-activity;sid:84508378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645279)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20sdtr%20tbn%20%20ashapura%20cp%20dated%2004%20dec%202015/charter%20party/performa%20cp/info.zip"; http_uri; depth:160; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645279/; classtype:trojan-activity;sid:84508379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645280)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20young%20spirit%20-%20acct%20everbright%20-%20cpd%2001%20october%202016/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:186; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645280/; classtype:trojan-activity;sid:84508380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645281)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jan%202009%20to%20jul%202009/feb%202009/market%20report%20dtd%2017%20feb%2009/info.zip"; http_uri; depth:177; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645281/; classtype:trojan-activity;sid:84508381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645276)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/champion%20ocean%20background/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645276/; classtype:trojan-activity;sid:84508376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645277)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20bk%20alice-simtra-cpd%2009%20dec%202016/charter%20party/proforma%20cp/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645277/; classtype:trojan-activity;sid:84508377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645275)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20great%20fortune-acc%20propelship%20cpdated%2016%20april%202018/charter%20party/proforma%20cp/info.zip"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645275/; classtype:trojan-activity;sid:84508375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645271)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/sefira%20pc/old%20pc/sefira%20data%20on%20bom001_veera/win98/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645271/; classtype:trojan-activity;sid:84508371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645272)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20htk%20lucky-%20essar%20cpd%202%20aug%202018/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645272/; classtype:trojan-activity;sid:84508372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645273)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20bda%20shipping%20tbn-acct%20hc%20trading-cpd%2018%20november%202016/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:183; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645273/; classtype:trojan-activity;sid:84508373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645274)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/65_hanaro_melody_jaldi_14_01_11/working_copy/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645274/; classtype:trojan-activity;sid:84508374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645265)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/125_siam_opal/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645265/; classtype:trojan-activity;sid:84508365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645266)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.falcon_ispat_050907_035/charter%20parties/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645266/; classtype:trojan-activity;sid:84508366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645267)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/surya%20exim%20fixture/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645267/; classtype:trojan-activity;sid:84508367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645268)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/scan%20documents/scan%20doc/cingler%20shipping%20background%20dtd%206%20nov%2008/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645268/; classtype:trojan-activity;sid:84508368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645269)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20symphony-acct%20propel%20-%20cpd%2022%20november%202016/brokerage%20invoice/info.zip"; http_uri; depth:150; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645269/; classtype:trojan-activity;sid:84508369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645270)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.spar%20scorpio_ispat_261007_043/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645270/; classtype:trojan-activity;sid:84508370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645264)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20chris%20gr%20-%20scmc%20-%201st%20shipment/charter%20party/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645264/; classtype:trojan-activity;sid:84508364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645263)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20vijay%20-%20sdtr%20-%20cpdd%2024%20jan%202018/charter%20party/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645263/; classtype:trojan-activity;sid:84508363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645261)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20apj%20kais_noble_090709_028/charter%20parties/main%20body/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645261/; classtype:trojan-activity;sid:84508361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645262)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv%20spar%20lynx_bspl_021107_045/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645262/; classtype:trojan-activity;sid:84508362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645255)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20heilan%20song-fomento%20cp%20dtd%2005%20feb%202018/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:156; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645255/; classtype:trojan-activity;sid:84508355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645256)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20symphony-acct%20propel%20-%20cpd%2008%20november%202016/charter%20party/proforma%20cp/info.zip"; http_uri; depth:160; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645256/; classtype:trojan-activity;sid:84508356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645257)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20milos%20-%20scmc%20cp%20dtd%2017%20january%202019/charter%20party/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645257/; classtype:trojan-activity;sid:84508357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645258)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20rhodos%20-%20torq%20cpd%2005%20july%202019/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:148; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645258/; classtype:trojan-activity;sid:84508358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645259)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv%20shou%20chang%20hai_wamopl_130907_034/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645259/; classtype:trojan-activity;sid:84508359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645260)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/surya%20voy%20estimates/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645260/; classtype:trojan-activity;sid:84508360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645251)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/renju/operations/info.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645251/; classtype:trojan-activity;sid:84508351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645252)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/dec%202008/market%20report%20dtd%2022%20dec%202008/info.zip"; http_uri; depth:179; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645252/; classtype:trojan-activity;sid:84508352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645253)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20infinity%20v-magnifico%20cpd%2013%20aug%202018/charter%20party/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645253/; classtype:trojan-activity;sid:84508353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645254)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20umm%20al%20dalkh-%20hudson%20cpd%2010%20may%202018/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645254/; classtype:trojan-activity;sid:84508354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645249)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20yue%20guan%20feng-visa%20bulk%20cpd%2021%20april%202016/charter%20party/proforma%20cp/info.zip"; http_uri; depth:160; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645249/; classtype:trojan-activity;sid:84508349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645250)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/dec%202008/market%20report%20dtd%205%20dec%202008/info.zip"; http_uri; depth:178; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645250/; classtype:trojan-activity;sid:84508350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645248)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/vk%20jain/my%20webs/_vti_pvt/info.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645248/; classtype:trojan-activity;sid:84508348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645247)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/desktop/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645247/; classtype:trojan-activity;sid:84508347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645246)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20sanko%20king_bulkmarine_040209_013/charter%20parties/riders/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645246/; classtype:trojan-activity;sid:84508346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645244)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.joviality_wamopl_220208_004/charter%20parties/info.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645244/; classtype:trojan-activity;sid:84508344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645245)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20rosita%20-vedanta%20-%20cpd%2030%20aug%202018/charter%20party/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645245/; classtype:trojan-activity;sid:84508345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645243)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/century%20scope/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645243/; classtype:trojan-activity;sid:84508343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645238)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20apostolos%20ii%20-%20indo%20international%20cpd%2012%20march%202018/charter%20party/info.zip"; http_uri; depth:158; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645238/; classtype:trojan-activity;sid:84508338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645239)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.dubai%20crown_jki_160707_027/charter%20parties/main%20body/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645239/; classtype:trojan-activity;sid:84508339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645240)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20san%20nicolas%20-%20essar%20cpd%2015.11.2018/brokerage%20invoice/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645240/; classtype:trojan-activity;sid:84508340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645241)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20fanoula_crossbridge_201109_049/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645241/; classtype:trojan-activity;sid:84508341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645242)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/sefira%20pc/charter%20parties/main%20body/mv.dubai%20ambassador%20-%20noble%20cp%20dtd%2031-12-05/dubai%20crown%20noble%2031-12-05/info.zip"; http_uri; depth:174; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645242/; classtype:trojan-activity;sid:84508342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645237)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20unity%20spirit-acct%20propel-cpd%2024%20jan%202017/charter%20party/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645237/; classtype:trojan-activity;sid:84508337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645232)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2010/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645232/; classtype:trojan-activity;sid:84508332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645233)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/sci%20covering%20letter/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645233/; classtype:trojan-activity;sid:84508333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645234)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/cp%20transchart/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645234/; classtype:trojan-activity;sid:84508334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645235)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/vikram/dev%20prayag%201/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645235/; classtype:trojan-activity;sid:84508335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645236)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2013/244_yellow%20fin/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645236/; classtype:trojan-activity;sid:84508336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645231)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/vk%20jain/imp%20info/helga%20selmar/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645231/; classtype:trojan-activity;sid:84508331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645228)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20al%20yasat%20ii%20-%20power%20international%20cpd%2016%20nov%202019/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:173; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645228/; classtype:trojan-activity;sid:84508328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645229)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/coa%20documents/3_synergy_harmony_24_05_11/92_sea_star_8_synergy_coa_1/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645229/; classtype:trojan-activity;sid:84508329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645230)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jan%202009%20to%20jul%202009/feb%202009/market%20report%20dtd%209feb%202009/info.zip"; http_uri; depth:175; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645230/; classtype:trojan-activity;sid:84508330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645226)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/spar%20leo/info.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645226/; classtype:trojan-activity;sid:84508326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645227)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.33.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645227/; classtype:trojan-activity;sid:84508327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645224)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.prabhu%20parvati_refined%20sucess_270407_015/charter%20parties/main%20body/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645224/; classtype:trojan-activity;sid:84508324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645225)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20ocean%20crown_wbc_100209_008/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645225/; classtype:trojan-activity;sid:84508325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645221)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/jiancheng%20trade/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645221/; classtype:trojan-activity;sid:84508321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645222)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/547%20-%20mv%20rowan%202%20-%20scmc%20-%20cpdtd%2019.02.2020%20-%20file%20no.%20547/charter%20party/info.zip"; http_uri; depth:199; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645222/; classtype:trojan-activity;sid:84508322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645223)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20firm%20offer%20format/sci/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645223/; classtype:trojan-activity;sid:84508323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645216)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/67_lok_prem_hmm_02_03_2011/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645216/; classtype:trojan-activity;sid:84508316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645217)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20nidhi-acct%20propel-cpd%2021%20oct%202016/charter%20party/proforma%20cp/info.zip"; http_uri; depth:155; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645217/; classtype:trojan-activity;sid:84508317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645218)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/imr/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645218/; classtype:trojan-activity;sid:84508318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645219)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20dubai%20guardian_nob_300808_026/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645219/; classtype:trojan-activity;sid:84508319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645220)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20four%20mogami_ispat_0160709_032/charter%20parties/riders/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645220/; classtype:trojan-activity;sid:84508320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645214)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20sophia%20k-%20surya%20exim%20cpd%2017th%20may%202018/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645214/; classtype:trojan-activity;sid:84508314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645215)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20tesoro-acct%20hms%20-%20cpd%2019%20april%202017/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:163; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645215/; classtype:trojan-activity;sid:84508315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645213)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/citic%20ship%20background/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645213/; classtype:trojan-activity;sid:84508313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645210)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20hydrus-usl%20cpd%2019%20aug%202016/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645210/; classtype:trojan-activity;sid:84508310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645211)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20donghae-acct%20bulk%20marine%20cpd%2014%20nov%202016/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645211/; classtype:trojan-activity;sid:84508311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645212)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.dubai%20crown_jki_160707_027/charter%20parties/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645212/; classtype:trojan-activity;sid:84508312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645209)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.hardwar_ncs_020807_030/charter%20parties/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645209/; classtype:trojan-activity;sid:84508309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645207)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2013/299_spar%20lynx/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645207/; classtype:trojan-activity;sid:84508307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645208)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/aug%202008/market%20dtd%207%20aug%202008/info.zip"; http_uri; depth:169; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645208/; classtype:trojan-activity;sid:84508308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645205)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/mansi/maria%20v%20livanos/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645205/; classtype:trojan-activity;sid:84508305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645206)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixture_reports/2011/june/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645206/; classtype:trojan-activity;sid:84508306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645204)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vigor%20sw%20-%20usl%20shipping%20cp%20dated%2030%20nov%2015/brokerage%20invoice/info.zip"; http_uri; depth:155; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645204/; classtype:trojan-activity;sid:84508304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645202)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20genco%20auvergne-acct%20rashmi%20-%20cpd%2018%20august%202017/brokerage%20invoice/info.zip"; http_uri; depth:156; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645202/; classtype:trojan-activity;sid:84508302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645203)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/sefira%20pc/charter%20parties/main%20body/mv.dubai%20ambassador%20-%20noble%20cp%20dtd%2031-12-05/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645203/; classtype:trojan-activity;sid:84508303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645201)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20voc%20progress_eta_290509_023/charter%20parties/main%20body/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645201/; classtype:trojan-activity;sid:84508301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645200)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202006/mv%20china%20trader_eta_020806_032/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645200/; classtype:trojan-activity;sid:84508300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645199)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20sibi-acct%20visa%20-%20cpd%2024%20march%202017/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:162; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645199/; classtype:trojan-activity;sid:84508299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645196)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv%20spar%20scorpio_ispat_261007_043/charter%20parties/riders/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645196/; classtype:trojan-activity;sid:84508296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645197)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20unity%20spirit-acct%20propel-cpd%2024%20jan%202017/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645197/; classtype:trojan-activity;sid:84508297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645198)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/128_ikan_senyur/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645198/; classtype:trojan-activity;sid:84508298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645195)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20rishikesh_nob_010409_011/recap-fixture%20note/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645195/; classtype:trojan-activity;sid:84508295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645193)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20tomini%20sincerity-propel-cpd%2005%20jan%202017/charter%20party/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645193/; classtype:trojan-activity;sid:84508293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645194)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20therese%20selmer%20-%20martrade%20cpd%2005%20march%202018/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:173; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645194/; classtype:trojan-activity;sid:84508294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645192)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20ece%20nur%20bayraktar-usl%20cpd%2030%20oct%202015/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645192/; classtype:trojan-activity;sid:84508292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645191)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20crimson%20knight-caravel%20cpd%207%20may%202018/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:163; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645191/; classtype:trojan-activity;sid:84508291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645190)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20ocean%20pearl%20-%20seapol%20cp%20dtd%2017.07.2019/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645190/; classtype:trojan-activity;sid:84508290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645189)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20umm%20al%20dalkh-%20hudson%20cpd%2010%20may%202018/charter%20party/scanned%20copy%20of%20executed%20cp/info.zip"; http_uri; depth:177; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645189/; classtype:trojan-activity;sid:84508289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645187)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/aug%202008/marketreport%20dtd%2026aug08/info.zip"; http_uri; depth:168; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645187/; classtype:trojan-activity;sid:84508287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645188)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20devigloryi_seatrek_180509_022/riders/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645188/; classtype:trojan-activity;sid:84508288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645186)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/hermes%20background/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645186/; classtype:trojan-activity;sid:84508286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645185)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixture_reports/2013/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645185/; classtype:trojan-activity;sid:84508285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645183)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/551%20-%20mv%20eships%20dugon%20-%20arcelormittal%20cp%20dtd%20%2026.02.2020%20-%20file%20no.%20551/hire%20statements%20or%20freight%20invoices/info.zip"; http_uri; depth:243; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645183/; classtype:trojan-activity;sid:84508283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645184)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/551%20-%20mv%20eships%20dugon%20-%20arcelormittal%20cp%20dtd%20%2026.02.2020%20-%20file%20no.%20551/info.zip"; http_uri; depth:199; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645184/; classtype:trojan-activity;sid:84508284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645180)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/scan%20documents/scan%20doc/mercator/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645180/; classtype:trojan-activity;sid:84508280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645181)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/88_furness_melbourne_raymetals_23_05_11/working_copy/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645181/; classtype:trojan-activity;sid:84508281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645182)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20captain%20george%20ii_nedstar_151208_037/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645182/; classtype:trojan-activity;sid:84508282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645177)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/114_tai_happiness/info.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645177/; classtype:trojan-activity;sid:84508277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645178)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/108_ikan_serong_mms/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645178/; classtype:trojan-activity;sid:84508278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645179)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/543%20-%20mv%20dessert%20spring%20-%20isl%20-%20cpd%2004.02.2020%20-%20file%20no.%20543/brokerage%20invoice/info.zip"; http_uri; depth:207; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645179/; classtype:trojan-activity;sid:84508279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645176)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20apj%20jai%20-%20visa%20bulk%20-%20cpd%2016%20april%202016/charter%20party/info.zip"; http_uri; depth:148; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645176/; classtype:trojan-activity;sid:84508276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645175)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/aug%202008/market%20report%20dtd%201aug%202008/info.zip"; http_uri; depth:175; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645175/; classtype:trojan-activity;sid:84508275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645174)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/sinoway%20chartering%20background/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645174/; classtype:trojan-activity;sid:84508274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645171)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20harmony%20tbn%20(mv%20angelina%20the%20great%20n%20)%20-%20smal%20-%20cp%20dated%2020th%20nov%2015/info.zip"; http_uri; depth:173; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645171/; classtype:trojan-activity;sid:84508271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645172)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/sefira%20pc/old%20pc/sefira%20data%20on%20bom001_veera/notes%20of%20windows/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645172/; classtype:trojan-activity;sid:84508272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645173)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20sibi-acct%20visa%20-%20cpd%2024%20march%202017/charter%20party/proforma%20cp/info.zip"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645173/; classtype:trojan-activity;sid:84508273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645169)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2013/235_heilan%20brothers/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645169/; classtype:trojan-activity;sid:84508269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645170)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20indus%20prosperity%20-%20bulk%20marine%20cpd%2004%20october%202019/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:182; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645170/; classtype:trojan-activity;sid:84508270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645168)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20thor%20madoc%20-%20scmc%20%20cp%20dtd%2006.08.2019/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:156; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645168/; classtype:trojan-activity;sid:84508268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645166)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/134_id%20tide_vba/info.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645166/; classtype:trojan-activity;sid:84508266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645167)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/software/info.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645167/; classtype:trojan-activity;sid:84508267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645160)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20vijeta-%20smitra%20-%20cpd%2004%20june%2015/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:168; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645160/; classtype:trojan-activity;sid:84508260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645161)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20devprayag_nob_230409_015/recap-fixture%20note/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645161/; classtype:trojan-activity;sid:84508261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645162)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20dubai%20crown%20-%20jaldi%20cpdd%2023%20jan%202018/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:156; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645162/; classtype:trojan-activity;sid:84508262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645163)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/intermarine%20background/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645163/; classtype:trojan-activity;sid:84508263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645164)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/tony/info.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645164/; classtype:trojan-activity;sid:84508264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645165)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.prabhu%20parvati_ispat_020607_019/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645165/; classtype:trojan-activity;sid:84508265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645153)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/dec%202008/market%20report%20dtd%208%20dec%202008/info.zip"; http_uri; depth:178; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645153/; classtype:trojan-activity;sid:84508253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645154)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/dbc%20shipping%20background/info.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645154/; classtype:trojan-activity;sid:84508254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645155)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20san%20nicolas%20-%20saii%20resources%20cpd%2012%20nov%202018/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645155/; classtype:trojan-activity;sid:84508255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645156)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20triton%20seahawk%20-%20acct%20propel%20cpd%2006%20dec%202018/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:176; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645156/; classtype:trojan-activity;sid:84508256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645157)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/ark%20shipping%20company/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645157/; classtype:trojan-activity;sid:84508257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645158)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/transchart/my%20music/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645158/; classtype:trojan-activity;sid:84508258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645159)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/vithoba%20global%20pte%20ltd/info.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645159/; classtype:trojan-activity;sid:84508259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645149)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/mohit%20minerals%20pvt%20ltd/info.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645149/; classtype:trojan-activity;sid:84508249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645150)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20greco%20libero-acct%20vedanta-cpd%2028%20oct%202016/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645150/; classtype:trojan-activity;sid:84508250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645151)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20superior%20-%20visa%20cp%20dated%2004th%20sept%202015/charter%20party/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645151/; classtype:trojan-activity;sid:84508251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645152)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.aranda%20colossus_ncs_230408_011/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645152/; classtype:trojan-activity;sid:84508252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645148)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.apj%20jad_noble_230408_010/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645148/; classtype:trojan-activity;sid:84508248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645147)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20sea%20arrow%20-%20visa%20bulk%20cpd%2012%20may%202016/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:169; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645147/; classtype:trojan-activity;sid:84508247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645144)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/asia%20business%20partners%20inc/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645144/; classtype:trojan-activity;sid:84508244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645145)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.mp%20panamax%201_nob_240707_028/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645145/; classtype:trojan-activity;sid:84508245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645146)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20sandpiper%20-%20scmc%20-%20cpd%2028%20october%202019/misc%20attachments/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645146/; classtype:trojan-activity;sid:84508246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645142)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20balaban%20-%20power%20international%20cpd%2017%20december%202019/hire%20statements%20or%20freight%20invoices/info.zip"; http_uri; depth:183; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645142/; classtype:trojan-activity;sid:84508242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645143)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/107_ikan_sagai_core/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645143/; classtype:trojan-activity;sid:84508243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645141)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/scan%20documents/scan%20doc/alaknanda%20%20cse/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645141/; classtype:trojan-activity;sid:84508241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645139)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645139/; classtype:trojan-activity;sid:84508239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645140)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/crossbridge_unity%20coa%20dtd%209th%20feb%202010/info.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645140/; classtype:trojan-activity;sid:84508240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645138)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20maharashtra%20%20acct%20crossbridge%20cpd%2024%20june%202011/charter%20party/working%20charter%20party/info.zip"; http_uri; depth:177; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645138/; classtype:trojan-activity;sid:84508238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645136)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/visa%20letters/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645136/; classtype:trojan-activity;sid:84508236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645137)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/217_hawk/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645137/; classtype:trojan-activity;sid:84508237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645134)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/pda%20for%20wci/goa%20or%20panaji%20or%20panjim%20or%20marmagao/tbn%2062k%20for%20coal/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645134/; classtype:trojan-activity;sid:84508234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645135)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/209_sagar%20ratan/info.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645135/; classtype:trojan-activity;sid:84508235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645133)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20anna%20elizabeth-ss%20intl-cpd%2017%20dec%202016/charter%20party/proforma%20cp/info.zip"; http_uri; depth:153; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645133/; classtype:trojan-activity;sid:84508233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645131)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20apj%20jai%20-%20visa%20bulk%20-%20cpd%2016%20april%202016/charter%20party/proforma%20cp/info.zip"; http_uri; depth:162; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645131/; classtype:trojan-activity;sid:84508231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645132)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20genco%20auvergne-acct%20rashmi%20-%20cpd%2018%20august%202017/fixture%20note/info.zip"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645132/; classtype:trojan-activity;sid:84508232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645130)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/backgrounds/aquavita/info.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645130/; classtype:trojan-activity;sid:84508230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645129)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/holcim/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645129/; classtype:trojan-activity;sid:84508229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645126)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/scan%20documents/scan%20doc/sci%20latter%20copy/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645126/; classtype:trojan-activity;sid:84508226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645127)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20therese%20selmer-%20acct%20visa%20bulk%20-%20cpd%2005-05-2016/charter%20party/info.zip"; http_uri; depth:152; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645127/; classtype:trojan-activity;sid:84508227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645128)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/vithoba%20global%20pte%20ltd/vithoba%20full%20style/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645128/; classtype:trojan-activity;sid:84508228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645125)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/emerald%20maritime/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645125/; classtype:trojan-activity;sid:84508225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645121)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/port%20and%20terminal%20rules%20and%20regulations/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645121/; classtype:trojan-activity;sid:84508221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645122)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20sfl%20humber%20-%20tata%20nyk%20cpd%2002%20april%202015/charter%20party/scanned%20copy%20of%20executed%20cp/info.zip"; http_uri; depth:182; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645122/; classtype:trojan-activity;sid:84508222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645123)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20nantor_aht_190110_006/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645123/; classtype:trojan-activity;sid:84508223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645124)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20yasa%20ozcan_jaldhi_231009_045/charter%20parties/main%20body/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645124/; classtype:trojan-activity;sid:84508224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645115)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/pgsc%20bg/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645115/; classtype:trojan-activity;sid:84508215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645116)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/aquavita/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645116/; classtype:trojan-activity;sid:84508216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645117)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/jitf%20profile/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645117/; classtype:trojan-activity;sid:84508217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645118)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20nazia%20jahan%20-%20scmc%20-%201st%20optional%20shipment/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:162; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645118/; classtype:trojan-activity;sid:84508218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645119)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/silkroad/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645119/; classtype:trojan-activity;sid:84508219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645120)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20ulcas_jaldhi_240409_016/charter%20parties/vsssl%20descrp/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645120/; classtype:trojan-activity;sid:84508220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645111)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.dubai%20galactic_jki_101007_039/charter%20parties/main%20body/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645111/; classtype:trojan-activity;sid:84508211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645112)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20primrose_wamspl_041009_044/charter%20parties/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645112/; classtype:trojan-activity;sid:84508212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645113)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/69_pfs_narayana_unity_18_03_2011/draft/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645113/; classtype:trojan-activity;sid:84508213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645114)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2013/270_spar%20capella/info.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645114/; classtype:trojan-activity;sid:84508214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645108)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.mandakini_noble_030408_007/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645108/; classtype:trojan-activity;sid:84508208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645109)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20pataliputra_nob_100309_010/charter%20parties/main%20body/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645109/; classtype:trojan-activity;sid:84508209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645110)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.alaknanda_ncs%20_311007_044/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645110/; classtype:trojan-activity;sid:84508210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645104)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.dubai%20crown_ispat_300607_024/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645104/; classtype:trojan-activity;sid:84508204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645105)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/200_genco%20spirit/info.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645105/; classtype:trojan-activity;sid:84508205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645106)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/dec%202008/market%20report%20dtd%2016dec2008/info.zip"; http_uri; depth:173; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645106/; classtype:trojan-activity;sid:84508206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645107)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/employee%20appraisal/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645107/; classtype:trojan-activity;sid:84508207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645103)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20alaknanda_nob_140509_019/charter%20parties/main%20body/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645103/; classtype:trojan-activity;sid:84508203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645100)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/aug%202008/market%20report%20dtd%2021aug2008/info.zip"; http_uri; depth:173; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645100/; classtype:trojan-activity;sid:84508200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645101)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20theoskepasti%20-%20primarina%20cpd%2025%20august%202015/charter%20party/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645101/; classtype:trojan-activity;sid:84508201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645102)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20vijeta-propel-cpd%2027%20september%202016/fixture%20note/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645102/; classtype:trojan-activity;sid:84508202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645098)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/bagadia%20brothers%20background/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645098/; classtype:trojan-activity;sid:84508198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645099)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20kanpur_trimex_061108_034/recap-fixture%20note/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645099/; classtype:trojan-activity;sid:84508199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645094)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.gem%20of%20kilakarai_ispat_051007_038/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645094/; classtype:trojan-activity;sid:84508194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645095)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/jul%202008/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645095/; classtype:trojan-activity;sid:84508195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645096)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20goa_china%20national_140110_004/recap-fixture%20note/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645096/; classtype:trojan-activity;sid:84508196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645097)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixture_reports/2011/may/info.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645097/; classtype:trojan-activity;sid:84508197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645093)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jan%202009%20to%20jul%202009/feb%202009/market%20report%20dtd%20%2027%20feb/info.zip"; http_uri; depth:175; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645093/; classtype:trojan-activity;sid:84508193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645088)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20young%20spirit%20-%20acct%20everbright%20-%20cpd%2001%20october%202016/brokerage%20invoice/info.zip"; http_uri; depth:165; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645088/; classtype:trojan-activity;sid:84508188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645089)"; flow:established,from_client; content:"GET"; http_method; content:"/ar4zcw1mby.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"a.qgf-5-e.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645089/; classtype:trojan-activity;sid:84508189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645090)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vigor%20sw%20-%20usl%20shipping%20cp%20dated%2030%20nov%2015/charter%20party/proforma%20cp/info.zip"; http_uri; depth:165; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645090/; classtype:trojan-activity;sid:84508190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645091)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20yue%20guan%20feng-visa%20bulk%20cpd%2021%20april%202016/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645091/; classtype:trojan-activity;sid:84508191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645092)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20magic_jaldhi_210110_007/charter%20parties/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645092/; classtype:trojan-activity;sid:84508192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645087)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/pda%20for%20wci/pipavav/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645087/; classtype:trojan-activity;sid:84508187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645085)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20maritime%20alliance_jaldhi_310709_034/charter%20parties/main%20body/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645085/; classtype:trojan-activity;sid:84508185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645086)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/gst%20registration/sci/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645086/; classtype:trojan-activity;sid:84508186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645084)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/59_fermita_ssoe_13_01_11/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645084/; classtype:trojan-activity;sid:84508184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645076)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20faneromeni%20-%20psons%20-%20cpd%2027%20july%202017/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645076/; classtype:trojan-activity;sid:84508176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645077)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2013/246_clipper_kamoshio/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645077/; classtype:trojan-activity;sid:84508177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645078)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20pola%20ladoga-essar%20cpd%2029th%20may%202018/charter%20party/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645078/; classtype:trojan-activity;sid:84508178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645079)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/charter%20parties/mv%20crested%20eagle/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645079/; classtype:trojan-activity;sid:84508179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645080)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20qatar%20spirit%20-%20xianglong%20cpd%2020%20sep%202018/certificates/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645080/; classtype:trojan-activity;sid:84508180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645081)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20lok%20pratap_hct_230609_025/charter%20parties/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645081/; classtype:trojan-activity;sid:84508181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645082)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20pola%20muron-%20essar%20cpd%2010%20may%202018/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645082/; classtype:trojan-activity;sid:84508182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645083)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.mandakini_ncs_030108_001/recap-fixture%20notes/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645083/; classtype:trojan-activity;sid:84508183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645075)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/bimco/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645075/; classtype:trojan-activity;sid:84508175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645074)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.gem%20of%20kilakarai_ispat_051007_038/charter%20parties/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645074/; classtype:trojan-activity;sid:84508174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645073)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/dreamtech/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645073/; classtype:trojan-activity;sid:84508173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645067)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20star%20crimson-everbright%20cpd%2027%20july%202016/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645067/; classtype:trojan-activity;sid:84508167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645068)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20rainbow%20lucky-%20propel%20cp%20dated%2019%20oct%202015/charter%20party/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645068/; classtype:trojan-activity;sid:84508168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645069)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/554%20-%20mv%20martrade%20tbn%20-%20indo%20international%20cp%20dtd%2021.04.2020%20-%20file%20no.%20554%20(cancelled)/info.zip"; http_uri; depth:217; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645069/; classtype:trojan-activity;sid:84508169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645070)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/541%20-%20mv%20great%20amity%20-%20isl%20-%20cpd%2030%20jan%202020%20-%20file%20no.%20541/brokerage%20invoice/info.zip"; http_uri; depth:209; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645070/; classtype:trojan-activity;sid:84508170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645071)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/167_woodstar_synergy/working%20copy/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645071/; classtype:trojan-activity;sid:84508171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645072)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20anna%20elizabeth-ss%20intl-cpd%2017%20dec%202016/brokerage%20invoice/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645072/; classtype:trojan-activity;sid:84508172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645066)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20wadi%20albostan-acct%20visa%20-%20cpd%2003%20june%202017/charter%20party/proforma%20cp/clean%20recap/info.zip"; http_uri; depth:175; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645066/; classtype:trojan-activity;sid:84508166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645065)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20vancouver%20victory_jaldhi_300109_005/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645065/; classtype:trojan-activity;sid:84508165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645064)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/charter%20parties/mv%20jbu%20orient/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645064/; classtype:trojan-activity;sid:84508164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645062)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/vikram/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645062/; classtype:trojan-activity;sid:84508162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645063)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20umm%20al%20dalkh-%20hudson%20cpd%2010%20may%202018/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645063/; classtype:trojan-activity;sid:84508163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645061)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20magnum%20fortune%20-%20essar%20cpd%2027th%20july%202018/certificates/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645061/; classtype:trojan-activity;sid:84508161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645060)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2013/268_spar%20lyca/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645060/; classtype:trojan-activity;sid:84508160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645058)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20great%20fortune-acc%20propelship%20cpdated%2016%20april%202018/brokerage%20invoice/info.zip"; http_uri; depth:157; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645058/; classtype:trojan-activity;sid:84508158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645059)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/varsha/new%20folder/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645059/; classtype:trojan-activity;sid:84508159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645057)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/rainbow%20success/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645057/; classtype:trojan-activity;sid:84508157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645055)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.dubai%20crown_ispat_300607_024/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645055/; classtype:trojan-activity;sid:84508155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645056)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20therese%20selmer-%20acct%20visa%20bulk%20-%20cpd%2005-05-2016/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:177; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645056/; classtype:trojan-activity;sid:84508156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645053)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixture%20records/info.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645053/; classtype:trojan-activity;sid:84508153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645054)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20falcon%20triumph%20-%20additional%20shipment/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:150; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645054/; classtype:trojan-activity;sid:84508154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645051)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/539%20-%20mv%20pacific%20advance%20-%20power%20international%20-%20cpd%2010%20jan%202020%20-%20file%20no.%20539/misc%20attachments/info.zip"; http_uri; depth:230; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645051/; classtype:trojan-activity;sid:84508151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645052)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20nidhi-acct%20propel-cpd%2021%20oct%202016/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645052/; classtype:trojan-activity;sid:84508152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645050)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/540%20-%20mv%20stove%20friend%20-%20scmc%20-%20cpdd%2013.01.2020%20-%20file%20no.%20540/brokerage%20invoice/info.zip"; http_uri; depth:207; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645050/; classtype:trojan-activity;sid:84508150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645049)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.alaknanda_ncs_070507_016/charter%20parties/main%20body/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645049/; classtype:trojan-activity;sid:84508149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645047)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/senseico%20profile/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645047/; classtype:trojan-activity;sid:84508147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645048)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20goa_china%20national_140110_004/charter%20parties/riders/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645048/; classtype:trojan-activity;sid:84508148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645046)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/charter%20parties%202011/mv%20hanaro%20melody/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645046/; classtype:trojan-activity;sid:84508146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645044)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/87_genco_carrier_eagle_bulk_19_05_2011/working_copy/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645044/; classtype:trojan-activity;sid:84508144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645045)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/pda%20for%20eci/kakinada/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645045/; classtype:trojan-activity;sid:84508145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645043)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jan%202009%20to%20jul%202009/feb%202009/market%20report%204%20feb%20dtd%2009/info.zip"; http_uri; depth:176; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645043/; classtype:trojan-activity;sid:84508143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645042)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/scan%20documents/scan%20doc/china-india%20iron%20ore%20summit%20beijing%202008/name%20list%20of%20attendees%20for%20%20ciios/info.zip"; http_uri; depth:168; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645042/; classtype:trojan-activity;sid:84508142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645041)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/glgl%20background/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645041/; classtype:trojan-activity;sid:84508141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645039)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20fu%20ming%20%20-%20visa%20cp%20dated%2020%20november%202015/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:175; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645039/; classtype:trojan-activity;sid:84508139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645040)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/sara%20group/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645040/; classtype:trojan-activity;sid:84508140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645037)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/dec%202008/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645037/; classtype:trojan-activity;sid:84508137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645038)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/yfsl/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645038/; classtype:trojan-activity;sid:84508138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645035)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20vijeta-propel-cpd%2027%20september%202016/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645035/; classtype:trojan-activity;sid:84508135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645036)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20saubaagya%205%20-%20mcs%20cpd%2010%20nov%202015/charter%20party/performa%20cp/info.zip"; http_uri; depth:152; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645036/; classtype:trojan-activity;sid:84508136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645034)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20sdtr%20tbn%20%20ashapura%20cp%20dated%2004%20dec%202015/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:171; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645034/; classtype:trojan-activity;sid:84508134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645030)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20id%20tide_ispat_080709_027/charter%20parties/riders/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645030/; classtype:trojan-activity;sid:84508130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645031)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20moonvazs_hct_090908_028/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645031/; classtype:trojan-activity;sid:84508131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645032)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/benemar%20background/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645032/; classtype:trojan-activity;sid:84508132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645033)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/vk%20jain/my%20received%20files/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645033/; classtype:trojan-activity;sid:84508133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645023)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixture_reports/2012/february/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645023/; classtype:trojan-activity;sid:84508123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645024)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20pacific%20island-joy%20sky%20mineral%20cpd%2022-jan-2015/brokerage%20invoice/info.zip"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645024/; classtype:trojan-activity;sid:84508124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645025)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20captain%20george%20ii_nedstar_151208_037/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645025/; classtype:trojan-activity;sid:84508125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645026)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/scan%20documents/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645026/; classtype:trojan-activity;sid:84508126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645027)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/pending%20cp/centrans%20hermes/info.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645027/; classtype:trojan-activity;sid:84508127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645028)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20densa%20panther-surya%20exim%20cpd%2022%20oct%202015/brokerage%20invoice/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645028/; classtype:trojan-activity;sid:84508128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645029)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2013/254_montecristo_emerald/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645029/; classtype:trojan-activity;sid:84508129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645021)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20alaknanda_nob_140509_019/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645021/; classtype:trojan-activity;sid:84508121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645022)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20wadi%20albostan-acct%20visa%20-%20cpd%2003%20june%202017/charter%20party/proforma%20cp/info.zip"; http_uri; depth:161; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645022/; classtype:trojan-activity;sid:84508122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645018)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/krunal%20desk%20bkp%20210410/lodestar/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645018/; classtype:trojan-activity;sid:84508118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645019)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20sanko%20king_bulkmarine_040209_013/info.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645019/; classtype:trojan-activity;sid:84508119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645020)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20umm%20al%20dalkh-%20hudson%20cpd%2010%20may%202018/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:156; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645020/; classtype:trojan-activity;sid:84508120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645016)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20anna%20meta-acct%20everbright-cpd%2011%20jan%202017/charter%20party/proforma%20cp/info.zip"; http_uri; depth:156; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645016/; classtype:trojan-activity;sid:84508116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645017)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20blue%20cat-visa%20cpd%2004%20june%2015/charter%20party/courier%20receipt/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645017/; classtype:trojan-activity;sid:84508117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645015)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20hydrus-usl%20cpd%2019%20aug%202016/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:150; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645015/; classtype:trojan-activity;sid:84508115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645014)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/transchart/maersk%20photos/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645014/; classtype:trojan-activity;sid:84508114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645013)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20devprayag_nob_230409_015/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645013/; classtype:trojan-activity;sid:84508113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645012)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/aug%202008/market%20report%20dtd%2013aug%202008/info.zip"; http_uri; depth:176; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645012/; classtype:trojan-activity;sid:84508112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645011)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20symphony-acct%20propel%20-%20cpd%2022%20november%202016/charter%20party/proforma%20cp/info.zip"; http_uri; depth:160; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645011/; classtype:trojan-activity;sid:84508111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645010)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20chetna%20-%20dhlcp%20dtd%2018%20dec%202015/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645010/; classtype:trojan-activity;sid:84508110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645007)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/vk%20jain/maersk%20photos/info.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645007/; classtype:trojan-activity;sid:84508107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645008)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/90_serasih_2_crossbridge_20_05_11/working_copy/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645008/; classtype:trojan-activity;sid:84508108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645009)"; flow:established,from_client; content:"GET"; http_method; content:"/5k79d37wo1.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"a.qgf-5-e.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645009/; classtype:trojan-activity;sid:84508109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645006)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/dec%202008/marketreport%20dtd%2011%20dec%2008/info.zip"; http_uri; depth:174; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645006/; classtype:trojan-activity;sid:84508106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645005)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20hay_bulk%20marine_180808_024/charter%20parties/main%20body/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645005/; classtype:trojan-activity;sid:84508105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645003)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/dec%202008/market%20report%20dtd%2017dec08/info.zip"; http_uri; depth:171; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645003/; classtype:trojan-activity;sid:84508103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645004)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202006/mv%20china%20trader_eta_020806_032/charter%20parties/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645004/; classtype:trojan-activity;sid:84508104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645001)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/sefira%20pc/charter%20parties/main%20body/mv.pos%20freedom%20-%20vikram%20ispat%20cp%20dtd%2027th%20may%20%272006/info.zip"; http_uri; depth:157; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645001/; classtype:trojan-activity;sid:84508101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645002)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/backgrounds/pwsl/info.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645002/; classtype:trojan-activity;sid:84508102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644999)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/globe%20chart%20ltd%20of%20hongkong%20background/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644999/; classtype:trojan-activity;sid:84508099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645000)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20dalmatia%20g-everbright%20cpd%2031%20march%202016/charter%20party/proforma%20cp/info.zip"; http_uri; depth:154; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645000/; classtype:trojan-activity;sid:84508100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644998)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20symphony-acct%20propel%20-%20cpd%2008%20november%202016/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:171; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644998/; classtype:trojan-activity;sid:84508098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644996)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vega%20mars-propel%20cpd%2018-jan-2016/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:154; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644996/; classtype:trojan-activity;sid:84508096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644997)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/550%20-%20mv%20pan%20crocus%20-%20scmc%20cp%20dtd%2026.02.2020%20-%20file%20no.%20550/info.zip"; http_uri; depth:185; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644997/; classtype:trojan-activity;sid:84508097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644994)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.dubai%20galactic_jki_101007_039/charter%20parties/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644994/; classtype:trojan-activity;sid:84508094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644995)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/dec%202008/market%20report%20dtd%2015dec%202008/info.zip"; http_uri; depth:176; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644995/; classtype:trojan-activity;sid:84508095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644993)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/561%20-%20mv%20minoan%20glory%20-%20propel%20-%20cp%20dtd%2009.06.2020%20-%20file%20no.%20561/charter%20party/info.zip"; http_uri; depth:209; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644993/; classtype:trojan-activity;sid:84508093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644990)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.dubai%20energy_noble_100508_001/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644990/; classtype:trojan-activity;sid:84508090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644991)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/port%20da/vizag%20for%20smax/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644991/; classtype:trojan-activity;sid:84508091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644992)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.murshidabad_noble_250408_012/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644992/; classtype:trojan-activity;sid:84508092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644988)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/arihant/info.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644988/; classtype:trojan-activity;sid:84508088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644989)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20dubai%20guardian_ispat_040808_023/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644989/; classtype:trojan-activity;sid:84508089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644987)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20anand-acct%20guodian-cpd%2007%20march%202017/charter%20party/proforma%20cp/info.zip"; http_uri; depth:158; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644987/; classtype:trojan-activity;sid:84508087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644986)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20dubai%20energy_ispat_010409_012/charter%20parties/main%20body/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644986/; classtype:trojan-activity;sid:84508086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644983)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/553%20-%20mv%20pacific%20advance%20-%20power%20international%20cp%20dtd%2018.04.2020%20-%20file%20nor.%20553/certificates/info.zip"; http_uri; depth:221; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644983/; classtype:trojan-activity;sid:84508083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644984)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/pda%20for%20eci/paradip/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644984/; classtype:trojan-activity;sid:84508084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644985)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.uttarkashi_ncs_151007_040/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644985/; classtype:trojan-activity;sid:84508085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644981)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20mandarin%20fortune_wbc_160209_009/charter%20parties/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644981/; classtype:trojan-activity;sid:84508081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644982)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20crimson%20knight-caravel%20cpd%207%20may%202018/charter%20party/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644982/; classtype:trojan-activity;sid:84508082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644978)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20major_jaldhi_210909_040/charter%20parties/riders/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644978/; classtype:trojan-activity;sid:84508078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644979)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20triton%20seahawk%20-%20propel%20shipping%2004%20jan%202019/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:174; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644979/; classtype:trojan-activity;sid:84508079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644980)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20nazia%20jahan%20-%20scmc%20-%201st%20optional%20shipment/brokerage%20invoice/info.zip"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644980/; classtype:trojan-activity;sid:84508080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644977)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20trans%20spring-%20propel-%20cpd%2007%20aug%202015/charter%20party/proforma%20cp/info.zip"; http_uri; depth:154; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644977/; classtype:trojan-activity;sid:84508077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644975)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/2010%20ship%20pte%20ltd/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644975/; classtype:trojan-activity;sid:84508075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644976)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20dalmatia%20g-everbright%20cpd%2031%20march%202016/courier%20receipt/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644976/; classtype:trojan-activity;sid:84508076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644971)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20captain%20george%20ii_nedstar_151208_037/charter%20parties/main%20body/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644971/; classtype:trojan-activity;sid:84508071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644972)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/539%20-%20mv%20pacific%20advance%20-%20power%20international%20-%20cpd%2010%20jan%202020%20-%20file%20no.%20539/certificates/info.zip"; http_uri; depth:224; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644972/; classtype:trojan-activity;sid:84508072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644973)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/221_guanhai%20228/info.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644973/; classtype:trojan-activity;sid:84508073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644974)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2010/55_asia_ocean_fortune_15_12_10/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644974/; classtype:trojan-activity;sid:84508074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644970)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20glovis%20maine%20-%20tata%20nyk%20cpd%2025%20june%2015/charter%20party/proforma%20cp/info.zip"; http_uri; depth:159; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644970/; classtype:trojan-activity;sid:84508070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644967)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv%20shou%20chang%20hai_wamopl_130907_034/charter%20parties/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644967/; classtype:trojan-activity;sid:84508067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644968)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/torrent%20power/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644968/; classtype:trojan-activity;sid:84508068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644969)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20bao%20wealth_kispl_073009_33/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644969/; classtype:trojan-activity;sid:84508069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644966)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/224_cedar%206/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644966/; classtype:trojan-activity;sid:84508066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644961)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/aruna%20shipping/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644961/; classtype:trojan-activity;sid:84508061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644962)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/brokerage%20invoices/settled/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644962/; classtype:trojan-activity;sid:84508062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644963)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20four%20mogami_ispat_0160709_032/charter%20parties/addendum/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644963/; classtype:trojan-activity;sid:84508063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644964)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.rishikesh_ncs_291107_051/charter%20parties/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644964/; classtype:trojan-activity;sid:84508064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644965)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20vijeta-propel-cpd%2027%20september%202016/charter%20party/proforma%20cp/info.zip"; http_uri; depth:155; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644965/; classtype:trojan-activity;sid:84508065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644960)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20bda%20tbn%20-%20acct%20hc%20trading-%2006%20oct%202016/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644960/; classtype:trojan-activity;sid:84508060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644958)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20ptolemeos%20-%20psons%20cp%20dtd%2023%20nov%202017/brokerage%20invoice/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644958/; classtype:trojan-activity;sid:84508058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644959)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20union%20explorer-scmc%20-%20cpdtd%2002%20may%202019/hire%20statements%20or%20freight%20invoices/info.zip"; http_uri; depth:170; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644959/; classtype:trojan-activity;sid:84508059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644954)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/dec%202008/market%20report%20dtd%202%20dec%202008/info.zip"; http_uri; depth:178; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644954/; classtype:trojan-activity;sid:84508054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644955)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/swift%20shipping%20bg/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644955/; classtype:trojan-activity;sid:84508055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644956)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/556%20-%20mv%20top%20fair%20-%20scmc%20cp%20%20dtd%2007.05.2020%20-%20file%20no.%20556/hire%20statements%20or%20freight%20invoices/info.zip"; http_uri; depth:230; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644956/; classtype:trojan-activity;sid:84508056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644957)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/vk%20jain/new%20briefcase/info.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644957/; classtype:trojan-activity;sid:84508057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644953)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20densa%20jaguar%20-%20saraogi%20cpd%206th%20feb%202019/hire%20statements%20or%20freight%20invoices/info.zip"; http_uri; depth:172; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644953/; classtype:trojan-activity;sid:84508053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644950)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/pda%20for%20wci/goa%20or%20panaji%20or%20panjim%20or%20marmagao/tbn%2055k%20for%20coal/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644950/; classtype:trojan-activity;sid:84508050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644951)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20alaknanda_nob_140509_019/charter%20parties/riders/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644951/; classtype:trojan-activity;sid:84508051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644952)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/tony/my%20paperport%20documents/taxes/03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644952/; classtype:trojan-activity;sid:84508052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644947)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/scan%20documents/scan%20doc/new%20folder%20(2)/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644947/; classtype:trojan-activity;sid:84508047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644948)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/others/mv%20gold%20star/info.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644948/; classtype:trojan-activity;sid:84508048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644949)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/scan%20documents/scan%20doc/dubai%20guardian/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644949/; classtype:trojan-activity;sid:84508049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644946)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20tesoro-acct%20hms%20-%20cpd%2019%20april%202017/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644946/; classtype:trojan-activity;sid:84508046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644945)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/jun%202008/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644945/; classtype:trojan-activity;sid:84508045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644942)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/147_ding%20xiang%20hai_synergy/working%20copy/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644942/; classtype:trojan-activity;sid:84508042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644943)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/allianz%20bulk/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644943/; classtype:trojan-activity;sid:84508043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644944)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/sefira%20pc/old%20pc/sefira%20data%20on%20bom001_veera/c%20drive/info.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644944/; classtype:trojan-activity;sid:84508044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644941)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20evnia%20-%20essar%20cp%20dted%2005%20april%202019/hire%20statements%20or%20freight%20invoices/info.zip"; http_uri; depth:168; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644941/; classtype:trojan-activity;sid:84508041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644939)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/544%20-%20mv%20ksl%20qingyang%20-%20power%20international%20cpd%2004.02.2020%20-%20file%20no.%20544/misc%20attachments/loi/info.zip"; http_uri; depth:222; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644939/; classtype:trojan-activity;sid:84508039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644940)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20atlantic%20diana-propel%20pcd%209july%202018/brokerage%20invoice/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644940/; classtype:trojan-activity;sid:84508040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644938)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv.ocean%20crown_wbc_100209_008/charter%20parties/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644938/; classtype:trojan-activity;sid:84508038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644937)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20lietta_crossbridge_121109_046/charter%20parties/main%20body/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644937/; classtype:trojan-activity;sid:84508037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644935)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/high%20way%20shipping%20ltd/info.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644935/; classtype:trojan-activity;sid:84508035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644936)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/sefira%20pc/charter%20parties/mv.blue%20coral%20-%20bmm%20-%20org%20cp/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644936/; classtype:trojan-activity;sid:84508036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644934)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/553%20-%20mv%20pacific%20advance%20-%20power%20international%20cp%20dtd%2018.04.2020%20-%20file%20nor.%20553/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:249; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644934/; classtype:trojan-activity;sid:84508034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644932)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20prabhu%20gopal%20-%20acct%20usl-%20cpd%2027%20july%202017/fixture%20note/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644932/; classtype:trojan-activity;sid:84508032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644933)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20yk%20sentosa_noble_230109_004/charter%20parties/main%20body/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644933/; classtype:trojan-activity;sid:84508033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644924)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/559%20-%20mv%20stonington%20eagle%20-power%20international%20cp%20dtd%2022.05.2020%20-%20file%20no.559/certificates/info.zip"; http_uri; depth:215; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644924/; classtype:trojan-activity;sid:84508024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644925)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/565%20-%20mv%20woohyun%20green%20-%20singh%20group%20cp%20dtd%2003.07.2020%20-%20file%20no.%20565/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:228; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644925/; classtype:trojan-activity;sid:84508025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644926)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2013/302_mv%20norvic%20tbn_core/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644926/; classtype:trojan-activity;sid:84508026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644927)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2014/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644927/; classtype:trojan-activity;sid:84508027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644928)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/541%20-%20mv%20great%20amity%20-%20isl%20-%20cpd%2030%20jan%202020%20-%20file%20no.%20541/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:220; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644928/; classtype:trojan-activity;sid:84508028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644929)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20dubai%20crown%20-%20aastha%20cpd%2014%20nov%202014/brokerage%20invoice/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644929/; classtype:trojan-activity;sid:84508029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644930)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20captainyannis%20l%20-%20saraogi%20udyog%20-%20cpd%2027%20september%202016/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:189; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644930/; classtype:trojan-activity;sid:84508030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644931)"; flow:established,from_client; content:"GET"; http_method; content:"/zq.check|3f|t=4wso6gxb"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"es.mzvo7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644931/; classtype:trojan-activity;sid:84508031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644920)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20murshidabad_nob_041108%20_033/recap-fixture%20note/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644920/; classtype:trojan-activity;sid:84508020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644921)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20varanasi_noble_160310_013/recap-fixture%20note/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644921/; classtype:trojan-activity;sid:84508021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644922)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20theometor-%20everbright%20cpd%2010%20feb%2016/charter%20party/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644922/; classtype:trojan-activity;sid:84508022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644923)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/gladstone%20helicopter%20cl/info.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644923/; classtype:trojan-activity;sid:84508023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644919)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/charter%20parties/mv%20angwreck/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644919/; classtype:trojan-activity;sid:84508019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644913)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20indus%20prosperity%20-%20bulk%20marine%20cpd%2004%20october%202019/hire%20statements%20or%20freight%20invoices/info.zip"; http_uri; depth:185; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644913/; classtype:trojan-activity;sid:84508013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644914)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20apj%20kais_noble_090709_028/charter%20parties/riders/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644914/; classtype:trojan-activity;sid:84508014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644915)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/transchart/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644915/; classtype:trojan-activity;sid:84508015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644916)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2013/233_hong%20yu/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644916/; classtype:trojan-activity;sid:84508016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644917)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.alaknanda_ncs_070507_16/charter%20parties/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644917/; classtype:trojan-activity;sid:84508017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644918)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/medi%20carriers/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644918/; classtype:trojan-activity;sid:84508018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644910)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20engiadina%20-acct%20everbright-cpd-17%20june%202015/charter%20party/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644910/; classtype:trojan-activity;sid:84508010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644911)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.uttarkashi_ncs_151007_040/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644911/; classtype:trojan-activity;sid:84508011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644912)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/vessel%20details/wam%20vsl%20dtl/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644912/; classtype:trojan-activity;sid:84508012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644904)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/556%20-%20mv%20top%20fair%20-%20scmc%20cp%20%20dtd%2007.05.2020%20-%20file%20no.%20556/charter%20party/info.zip"; http_uri; depth:202; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644904/; classtype:trojan-activity;sid:84508004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644905)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jan%202009%20to%20jul%202009/feb%202009/market%20report%20dtd%2020%20feb%2009/info.zip"; http_uri; depth:177; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644905/; classtype:trojan-activity;sid:84508005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644906)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20royal%20samurai%20-propel%2013%20april%202019/charter%20party/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644906/; classtype:trojan-activity;sid:84508006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644907)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.falcon_ispat_050907_035/charter%20parties/main%20body/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644907/; classtype:trojan-activity;sid:84508007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644908)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/565%20-%20mv%20woohyun%20green%20-%20singh%20group%20cp%20dtd%2003.07.2020%20-%20file%20no.%20565/misc%20attachments/info.zip"; http_uri; depth:216; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644908/; classtype:trojan-activity;sid:84508008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644909)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2013/243_spar%20spica/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644909/; classtype:trojan-activity;sid:84508009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644903)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.alaknanda_ncs_070507_16/charter%20parties/main%20body/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644903/; classtype:trojan-activity;sid:84508003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644902)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/ray%20metal%20bg-fixtures/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644902/; classtype:trojan-activity;sid:84508002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644899)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv%20yangtze%20river_wamopl_161007_041/charter%20parties/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644899/; classtype:trojan-activity;sid:84507999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644900)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/bimco%20clauses/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644900/; classtype:trojan-activity;sid:84508000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644901)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixture_reports/2012/november/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644901/; classtype:trojan-activity;sid:84508001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644898)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20dubai%20guardian_ispat_040808_023/charter%20parties/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644898/; classtype:trojan-activity;sid:84507998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644895)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/sefira%20pc/old%20pc/sefira%20data%20on%20bom001_veera/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644895/; classtype:trojan-activity;sid:84507995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644896)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20varanasi_noble_160310_013/charter%20parties/main%20body/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644896/; classtype:trojan-activity;sid:84507996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644897)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vigor%20sw%20-%20usl%20shipping%20cp%20dated%2008%20dec%2015%20-%20copy/charter%20party/scanned%20copy%20of%20executed%20cp/info.zip"; http_uri; depth:198; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644897/; classtype:trojan-activity;sid:84507997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644893)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20ocean%20hope%20-%20propelshipping%20cpd%2019%20nov%202015/fixture%20note/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644893/; classtype:trojan-activity;sid:84507993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644894)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20shropshire%20-%20surya%20exim%20cpd%2008%20march%202018/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:171; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644894/; classtype:trojan-activity;sid:84507994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644892)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20desert%20hawk_eta_aplspore_111008/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644892/; classtype:trojan-activity;sid:84507992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644891)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20apj%20mahadeva-mcs%20cp%20dtd%2013th%20aug%202015/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644891/; classtype:trojan-activity;sid:84507991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644890)"; flow:established,from_client; content:"GET"; http_method; content:"/ya03.google|3f|t=tc1cj8b9"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"z9m.bowibo.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644890/; classtype:trojan-activity;sid:84507990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644888)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.dubai%20galactic_ispat_241207_054/charter%20parties/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644888/; classtype:trojan-activity;sid:84507988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644889)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20vijeta-propel-cpd%2027%20september%202016/charter%20party/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644889/; classtype:trojan-activity;sid:84507989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644885)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/mumbai%20operations/charter%20parties/2011/mv%20columbia%20--%20constantia/base/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644885/; classtype:trojan-activity;sid:84507985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644886)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/552%20-%20mv%20jewel%20of%20shinas%20-%20delta%20cp%20dtd%2014.04.2020%20-%20file%20no.%20552/brokerage%20invoice/info.zip"; http_uri; depth:213; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644886/; classtype:trojan-activity;sid:84507986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644887)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.captain%20george%20ii_ispat_161107_049/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644887/; classtype:trojan-activity;sid:84507987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644883)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20renos_ssoe_240910_019/charter%20parties/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644883/; classtype:trojan-activity;sid:84507983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644884)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/akij%20glory%20cp/info.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644884/; classtype:trojan-activity;sid:84507984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644878)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20papillon_aquavita_230610_017/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644878/; classtype:trojan-activity;sid:84507978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644879)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/sefira%20pc/old%20pc/sefira%20data%20on%20bom001_veera/adobereader6/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644879/; classtype:trojan-activity;sid:84507979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644880)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20santa%20monic_visa%20%20cp%20dated%2004%20july15/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:164; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644880/; classtype:trojan-activity;sid:84507980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644881)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/rare%20earth%20arya%20group/info.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644881/; classtype:trojan-activity;sid:84507981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644882)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20pataliputra_nob_100309_010/recap-fixture%20note/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644882/; classtype:trojan-activity;sid:84507982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644873)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/546%20-%20mv%20oktem%20aksoy%20-%20scmc%20-%20cpd%2018.02.2020%20-%20file%20no.%20546/certificates/info.zip"; http_uri; depth:198; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644873/; classtype:trojan-activity;sid:84507973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644874)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20gem%20of%20haldia_noble_191109_048/charter%20parties/main%20body/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644874/; classtype:trojan-activity;sid:84507974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644875)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20moonvazs_hct_090908_028/charter%20parties/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644875/; classtype:trojan-activity;sid:84507975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644876)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/perfectbulk/info.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644876/; classtype:trojan-activity;sid:84507976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644877)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/167_woodstar_synergy/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644877/; classtype:trojan-activity;sid:84507977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644872)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/sefira%20pc/old%20pc/sefira%20data%20on%20bom001_veera/acrobat/adobe%20acrobat%20writer%205.0/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644872/; classtype:trojan-activity;sid:84507972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644869)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/templates/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644869/; classtype:trojan-activity;sid:84507969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644870)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20vinay-acct%20lss-%20cpd%2013%20jan%202017/charter%20party/proforma%20cp/info.zip"; http_uri; depth:155; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644870/; classtype:trojan-activity;sid:84507970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644871)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.gem%20of%20aqaba_daewoo_300408_013/charter%20parties/main%20body/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644871/; classtype:trojan-activity;sid:84507971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644868)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixture_reports/2011/december/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644868/; classtype:trojan-activity;sid:84507968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644867)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20clipper%20vision%20-%20orissa%20metalikes%20cpd%2024%20june%202019/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:182; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644867/; classtype:trojan-activity;sid:84507967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644866)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vega%20mars-propel%20cpd%2018-jan-2016/charter%20party/proforma%20cp/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644866/; classtype:trojan-activity;sid:84507966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644863)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/ocpl%20fixture%20list/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644863/; classtype:trojan-activity;sid:84507963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644864)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/sefira%20pc/charter%20parties/main%20body/mv.ocean%20senang%20-%20glory%20trans%20cp%20dtd%2030-11-05/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644864/; classtype:trojan-activity;sid:84507964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644865)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/charter%20parties/mv%20furness%20melbourne/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644865/; classtype:trojan-activity;sid:84507965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644854)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/nov%202008/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644854/; classtype:trojan-activity;sid:84507954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644855)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixture_reports/2011/january/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644855/; classtype:trojan-activity;sid:84507955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644856)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.rishikesh_ncs_291107_051/bunkers/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644856/; classtype:trojan-activity;sid:84507956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644857)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20vijay%20-%20sdtr%20-%20cpdd%2024%20jan%202018/charter%20party/proforma%20cp/info.zip"; http_uri; depth:159; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644857/; classtype:trojan-activity;sid:84507957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644858)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/sefira%20pc/old%20pc/sefira%20data%20on%20bom001_veera/acrobat/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644858/; classtype:trojan-activity;sid:84507958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644859)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20transpower%20tbn%20-%20jsw%20steel%20cpd%2017%20march%202016/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:176; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644859/; classtype:trojan-activity;sid:84507959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644860)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/68_apj_kais_mpallonji_17_02_11/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644860/; classtype:trojan-activity;sid:84507960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644861)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/jaldhi%20background/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644861/; classtype:trojan-activity;sid:84507961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644862)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20polyworld%20-%20scmc%20cpd%2018th%20jan%202019/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:152; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644862/; classtype:trojan-activity;sid:84507962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644853)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/75_id_tide_ameropa_14_04_2011/working_copy/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644853/; classtype:trojan-activity;sid:84507953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644851)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.m.p.panamax%201_nob_301107_052/charter%20parties/main%20body/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644851/; classtype:trojan-activity;sid:84507951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644852)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20clipper%20vision%20-%20orissa%20metalikes%20cpd%2024%20june%202019/certificates/info.zip"; http_uri; depth:154; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644852/; classtype:trojan-activity;sid:84507952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644849)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.st.paul_nsi_211107_053/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644849/; classtype:trojan-activity;sid:84507949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644850)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/ss%20international%20shipping/acct%20details/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644850/; classtype:trojan-activity;sid:84507950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644845)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/108_ikan_serong_mms/working%20copy/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644845/; classtype:trojan-activity;sid:84507945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644846)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20dubai%20guardian_nob_300808_026/charter%20parties/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644846/; classtype:trojan-activity;sid:84507946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644847)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20nidhi-acct%20propel-cpd%2021%20oct%202016/brokerage%20invoice/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644847/; classtype:trojan-activity;sid:84507947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644848)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20archagelos%20michael%20-%20scmc%2017.12.18/brokerage%20invoice/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644848/; classtype:trojan-activity;sid:84507948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644842)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/vk%20jain/imp%20info/info.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644842/; classtype:trojan-activity;sid:84507942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644843)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20prabhu%20gopal%20-%20acct%20visa%20-%20cpd%2016%20april%202016/charter%20party/info.zip"; http_uri; depth:153; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644843/; classtype:trojan-activity;sid:84507943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644844)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20rainbow%20lucky-acct%20propel-cpd%2027%20oct%202016/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644844/; classtype:trojan-activity;sid:84507944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644838)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/vk%20jain/sail%20coa%207%20jan08/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644838/; classtype:trojan-activity;sid:84507938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644839)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.mp%20panamax%202_nob_120707_026/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644839/; classtype:trojan-activity;sid:84507939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644840)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/83_haowang_synergy_05_05_2011/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644840/; classtype:trojan-activity;sid:84507940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644841)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/billion%20gain/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644841/; classtype:trojan-activity;sid:84507941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644834)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.gem%20of%20aqaba_daewoo_300408_013/charter%20parties/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644834/; classtype:trojan-activity;sid:84507934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644835)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20dubai%20ambassador%20-%20%20jiancheng%20cpd%2023%20nov%202017/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644835/; classtype:trojan-activity;sid:84507935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644836)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/mayank/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644836/; classtype:trojan-activity;sid:84507936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644837)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/545%20-%20mv%20navios%20ulysses%20-%20power%20international%20-%20cpd%2007.02.2020%20-%20file%20no.%20545/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:236; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644837/; classtype:trojan-activity;sid:84507937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644833)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20dubai%20crown%20-%20jaldi%20cpdd%2023%20jan%202018/certificates/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644833/; classtype:trojan-activity;sid:84507933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644830)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jan%202009%20to%20jul%202009/june%202009/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644830/; classtype:trojan-activity;sid:84507930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644831)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20fuat%20bey%20-%20acct%20transbulk-cpd%2008%20august%202017/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:174; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644831/; classtype:trojan-activity;sid:84507931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644832)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20triton%20swan%20-%20visa%20bulk%20cpd%2013%20december%202018/hire%20statements%20or%20freight%20invoices/info.zip"; http_uri; depth:179; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644832/; classtype:trojan-activity;sid:84507932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644827)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20sbi%20hermes-surya%20exim%20cpd%2022%20sep%202017/charter%20party/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644827/; classtype:trojan-activity;sid:84507927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644828)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20young%20spirit%20-%20acct%20everbright%20-%20cpd%2001%20october%202016/charter%20party/proforma%20cp/info.zip"; http_uri; depth:175; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644828/; classtype:trojan-activity;sid:84507928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644829)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.barcelona%20bright_metchart_3000408_014/charter%20parties/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644829/; classtype:trojan-activity;sid:84507929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644826)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20sea%20arrow%20-%20visa%20bulk%20cpd%2012%20may%202016/brokerage%20invoice/info.zip"; http_uri; depth:148; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644826/; classtype:trojan-activity;sid:84507926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644825)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20densa%20eagle-shreeji%20global%20cpd%2012%20oct%202018/template%20folders/timeline/info.zip"; http_uri; depth:157; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644825/; classtype:trojan-activity;sid:84507925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644824)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/194_genco_spirit/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644824/; classtype:trojan-activity;sid:84507924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644821)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20milos%20-%20scmc%20cp%20dtd%2017%20january%202019/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644821/; classtype:trojan-activity;sid:84507921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644822)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/197_maritime%20lijian/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644822/; classtype:trojan-activity;sid:84507922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644823)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20bomar%20oyster%20-%20primarina%20cpd%2001%20march%202018/brokerage%20invoice/info.zip"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644823/; classtype:trojan-activity;sid:84507923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644819)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.alaknanda_nob_140208_003/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644819/; classtype:trojan-activity;sid:84507919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644820)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/meadway/info.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644820/; classtype:trojan-activity;sid:84507920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644817)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20jyoti-sdtr%20cpd%2025th%20may%202018/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644817/; classtype:trojan-activity;sid:84507917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644818)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20therese%20selmer%20-%20martrade%20cpd%2005%20march%202018/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644818/; classtype:trojan-activity;sid:84507918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644815)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/bzh/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644815/; classtype:trojan-activity;sid:84507915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644816)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20devprayag_nob_201008_032/recap-fixture%20note/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644816/; classtype:trojan-activity;sid:84507916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644809)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2013/crown%20voyager/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644809/; classtype:trojan-activity;sid:84507909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644810)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/553%20-%20mv%20pacific%20advance%20-%20power%20international%20cp%20dtd%2018.04.2020%20-%20file%20nor.%20553/brokerage%20invoice/info.zip"; http_uri; depth:228; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644810/; classtype:trojan-activity;sid:84507910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644811)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20atlantic%20diana-propel%20pcd%209july%202018/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644811/; classtype:trojan-activity;sid:84507911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644812)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/sefira%20pc/old%20pc/sefira%20data%20on%20bom001_veera/my%20documents/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644812/; classtype:trojan-activity;sid:84507912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644813)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20goa_china%20national_140110_004/charter%20parties/main%20body/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644813/; classtype:trojan-activity;sid:84507913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644814)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/90_serasih_2_crossbridge_20_05_11/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644814/; classtype:trojan-activity;sid:84507914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644802)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20theometor-%20everbright%20cpd%2010%20feb%2016/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:161; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644802/; classtype:trojan-activity;sid:84507902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644803)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20wadi%20feran-acct%20everbright/charter%20party/proforma%20cp/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644803/; classtype:trojan-activity;sid:84507903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644804)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.rishikesh_ncs_291107_051/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644804/; classtype:trojan-activity;sid:84507904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644805)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.uttarkashi_nob_250208_005/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644805/; classtype:trojan-activity;sid:84507905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644806)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/vk%20jain/my%20videos/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644806/; classtype:trojan-activity;sid:84507906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644807)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/daewoo%20background/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644807/; classtype:trojan-activity;sid:84507907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644808)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jan%202009%20to%20jul%202009/mar%202009/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644808/; classtype:trojan-activity;sid:84507908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644795)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/middle%20east%20mining%20resources%20dmcc/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644795/; classtype:trojan-activity;sid:84507895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644796)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/163_iliana/info.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644796/; classtype:trojan-activity;sid:84507896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644797)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20al%20yasat%20ii%20-%20power%20international%20cpd%2016%20nov%202019/brokerage%20invoice/info.zip"; http_uri; depth:162; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644797/; classtype:trojan-activity;sid:84507897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644798)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/operations%20handover/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644798/; classtype:trojan-activity;sid:84507898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644799)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/dec%202008/market%20report%20dtd%203dec%202008/info.zip"; http_uri; depth:175; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644799/; classtype:trojan-activity;sid:84507899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644800)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/ripley/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644800/; classtype:trojan-activity;sid:84507900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644801)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/tony/my%20paperport%20documents/taxes/02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644801/; classtype:trojan-activity;sid:84507901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644792)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20stelios%20b-primarina%20cpd%209%20oct%2015/charter%20party/proforma%20cp/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644792/; classtype:trojan-activity;sid:84507892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644793)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/tony/my%20paperport%20documents/taxes/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644793/; classtype:trojan-activity;sid:84507893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644794)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20stelios%20b-primarina%20cpd%209%20oct%2015/charter%20party/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644794/; classtype:trojan-activity;sid:84507894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644789)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/seapol/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644789/; classtype:trojan-activity;sid:84507889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644790)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/coa%20documents/1_unity_crossbridge_09_02_10/82_wadi_ferran_unity_7_29_04_11/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644790/; classtype:trojan-activity;sid:84507890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644791)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20uday-acct%20caravel%20-%20cpd%2003%20jul%202015/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644791/; classtype:trojan-activity;sid:84507891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644787)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20ekta%20%20simtra%20cpd%2006%20aug%202015/charter%20party/proforma%20cp/info.zip"; http_uri; depth:154; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644787/; classtype:trojan-activity;sid:84507887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644788)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/taichi%20shipping/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644788/; classtype:trojan-activity;sid:84507888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644785)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/sept%202008/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644785/; classtype:trojan-activity;sid:84507885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644786)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/76_triton_bulker_isl_15_04_2011/working_copy/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644786/; classtype:trojan-activity;sid:84507886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644783)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20sdtr%20tbn%20%20ashapura%20cp%20dated%2004%20dec%202015/charter%20party/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644783/; classtype:trojan-activity;sid:84507883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644784)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/desktop/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644784/; classtype:trojan-activity;sid:84507884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644779)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/adnatco%20sulphur%20coa/info.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644779/; classtype:trojan-activity;sid:84507879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644780)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/vk%20jain/my%20music/info.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644780/; classtype:trojan-activity;sid:84507880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644781)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20panoria%20-%20visa%20cpd%2025%20aug%202017/brokerage%20invoice/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644781/; classtype:trojan-activity;sid:84507881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644782)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20jabal%20shams%20-%20oman%20ship%20-%20cpd%2023.11.2019/certificates/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644782/; classtype:trojan-activity;sid:84507882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644777)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/78_siam-garnet_benemar_29_04_11/working_copy/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644777/; classtype:trojan-activity;sid:84507877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644778)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/109_agi_gst/cp/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644778/; classtype:trojan-activity;sid:84507878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644776)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vinalines%20green-visa%20cp%20dated%2002%20dec%202015/charter%20party/scanned%20copy%20of%20executed%20cp/info.zip"; http_uri; depth:180; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644776/; classtype:trojan-activity;sid:84507876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644775)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/543%20-%20mv%20dessert%20spring%20-%20isl%20-%20cpd%2004.02.2020%20-%20file%20no.%20543/certificates/info.zip"; http_uri; depth:200; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644775/; classtype:trojan-activity;sid:84507875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644773)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/chirai%20salt/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644773/; classtype:trojan-activity;sid:84507873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644774)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/amit%20acetylene/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644774/; classtype:trojan-activity;sid:84507874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644772)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/557%20-%20mv%20nautical%20madison%20-%20bajrang%20-%20cp%20dtd%2008.05.2020%20-%20file%20no.%20557/info.zip"; http_uri; depth:198; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644772/; classtype:trojan-activity;sid:84507872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644771)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20archagelos%20michael%20-%20scmc%2017.12.18/hire%20statements%20or%20freight%20invoices/info.zip"; http_uri; depth:161; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644771/; classtype:trojan-activity;sid:84507871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644762)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/560%20-%20mv%20peace%20angel%20-%20scmc%20-%20cp%20dtd%2005.06.2020%20-%20file%20no%20560/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:220; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644762/; classtype:trojan-activity;sid:84507862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644763)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20tomini%20sincerity-propel-cpd%2005%20jan%202017/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644763/; classtype:trojan-activity;sid:84507863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644764)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.prabhu%20mihika_refined%20sucess_270407_015/charter%20parties/main%20body/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644764/; classtype:trojan-activity;sid:84507864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644765)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/185_outrivling/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644765/; classtype:trojan-activity;sid:84507865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644766)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20saubaagya%205%20-%20mcs%20cpd%2010%20nov%202015/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644766/; classtype:trojan-activity;sid:84507866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644767)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2013/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644767/; classtype:trojan-activity;sid:84507867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644768)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/charter%20parties/mv%20sifnos%20sun/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644768/; classtype:trojan-activity;sid:84507868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644769)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20tamil%20nadu%20-acct%20simtra%20-%20cpd%2010%20feb%202017/brokerage%20invoice/info.zip"; http_uri; depth:152; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644769/; classtype:trojan-activity;sid:84507869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644770)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20dubai%20crown%20-%20jaldi%20cpdd%2023%20jan%202018/timeline/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644770/; classtype:trojan-activity;sid:84507870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644756)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20bao%20success_ispahia_161109_047/charter%20parties/riders/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644756/; classtype:trojan-activity;sid:84507856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644757)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20danceflora%20sw-%20transbulk%20cpd%2013%20july%202018/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:159; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644757/; classtype:trojan-activity;sid:84507857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644758)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20lok%20rajeshwari_stxpanocean_040209_007/charter%20parties/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644758/; classtype:trojan-activity;sid:84507858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644759)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20royal%20innovation-acct%20propel-%20cpd%2006%20jan%202017/brokerage%20invoice/info.zip"; http_uri; depth:152; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644759/; classtype:trojan-activity;sid:84507859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644760)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/61_stx_begonia_untiy_see_coa_folder/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644760/; classtype:trojan-activity;sid:84507860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644761)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20kanpur_noble_080110_001/charter%20parties/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644761/; classtype:trojan-activity;sid:84507861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644754)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/ssipl%20bg-fixture/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644754/; classtype:trojan-activity;sid:84507854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644755)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/547%20-%20mv%20rowan%202%20-%20scmc%20-%20cpdtd%2019.02.2020%20-%20file%20no.%20547/misc%20attachments/info.zip"; http_uri; depth:202; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644755/; classtype:trojan-activity;sid:84507855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644752)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20global%20harmony%20-%20acct%20sul%20-%20cpd%2011%20march%202017/brokerage%20invoice/info.zip"; http_uri; depth:158; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644752/; classtype:trojan-activity;sid:84507852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644753)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/sefira%20pc/charter%20parties/main%20body/cps%20sent%20to%20tony%20brown/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644753/; classtype:trojan-activity;sid:84507853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644751)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/pda%20for%20wci/bhavnagar/info.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644751/; classtype:trojan-activity;sid:84507851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644749)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/vessel%20details/essars%20vsl%20dtl/info.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644749/; classtype:trojan-activity;sid:84507849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644750)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.bulk%20saturn_eta_141107_048/charter%20parties/main%20body/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644750/; classtype:trojan-activity;sid:84507850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644745)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/platina%20profile/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644745/; classtype:trojan-activity;sid:84507845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644746)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20maratha%20providence%20%20acct%20harmony%20innovation%20%e2%80%93%20cpd%2007%20august%202014/brokerage%20invoice/info.zip"; http_uri; depth:187; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644746/; classtype:trojan-activity;sid:84507846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644747)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20densa%20jaguar%20-%20saraogi%20cpd%206th%20feb%202019/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:159; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644747/; classtype:trojan-activity;sid:84507847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644748)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20vikas%20-%20acct%20siva%20bulk%20cpd%2005%20sept%202012/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644748/; classtype:trojan-activity;sid:84507848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644742)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20yfsl%20tbn(amis%20orchid)%20-%20scmc%20cpd%2008%20dec%202017/charter%20party/info.zip"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644742/; classtype:trojan-activity;sid:84507842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644743)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20maratha%20providence%20%20acct%20harmony%20innovation%20%e2%80%93%20cpd%2007%20august%202014/info.zip"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644743/; classtype:trojan-activity;sid:84507843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644744)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20desert%20hawk_nedstar_101108_035/charter%20parties/addendum/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644744/; classtype:trojan-activity;sid:84507844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644741)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20ap%20ston%20-%20scmc%20-%202nd%20optional%20shipment/charter%20party/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644741/; classtype:trojan-activity;sid:84507841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644738)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixture_reports/2011/april/info.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644738/; classtype:trojan-activity;sid:84507838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644739)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2014/329_zheng%20rong/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644739/; classtype:trojan-activity;sid:84507839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644740)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/transglobe%20dmcc%20dubai/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644740/; classtype:trojan-activity;sid:84507840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644736)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.christos_eta_180607_021/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644736/; classtype:trojan-activity;sid:84507836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644737)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.goldmar_ssoe_230508_001/charter%20parties/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644737/; classtype:trojan-activity;sid:84507837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644735)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20faneromeni%20-%20psons%20-%20cpd%2027%20july%202017/fixture%20note/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644735/; classtype:trojan-activity;sid:84507835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644730)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.alaknanda_ncs%20_311007_044/charter%20parties/main%20body/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644730/; classtype:trojan-activity;sid:84507830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644731)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20therese%20selmer%20-%20martrade%20cpd%2005%20march%202018/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:163; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644731/; classtype:trojan-activity;sid:84507831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644732)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/agio%20efraim/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644732/; classtype:trojan-activity;sid:84507832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644733)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20vinay-acct%20lss-%20cpd%2013%20jan%202017/fixture%20note/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644733/; classtype:trojan-activity;sid:84507833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644734)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.fratzis%20star_eta_230108_002/charter%20parties/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644734/; classtype:trojan-activity;sid:84507834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644727)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20densa%20eagle-shreeji%20global%20cpd%2012%20oct%202018/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:160; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644727/; classtype:trojan-activity;sid:84507827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644728)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20dn%20millet-surya%20exim-cpd%2010%20feb%202017/charter%20party/proforma%20cp/info.zip"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644728/; classtype:trojan-activity;sid:84507828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644729)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/port%20da/navlakhi%20for%20smax/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644729/; classtype:trojan-activity;sid:84507829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644724)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20magic_jaldhi_210110_007/charter%20parties/main%20body/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644724/; classtype:trojan-activity;sid:84507824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644725)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/mahalaxmi%20continental%20ltd/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644725/; classtype:trojan-activity;sid:84507825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644726)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/gagan%20coal/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644726/; classtype:trojan-activity;sid:84507826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644718)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20al%20yasat%20ii%20-%20power%20international%20cpd%2016%20nov%202019/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:183; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644718/; classtype:trojan-activity;sid:84507818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644719)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20infinity%20v-magnifico%20cpd%2013%20aug%202018/charter%20party/scanned%20copy%20of%20executed%20cp/info.zip"; http_uri; depth:173; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644719/; classtype:trojan-activity;sid:84507819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644720)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/ocean%20fortune%20carrier%20ltd/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644720/; classtype:trojan-activity;sid:84507820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644721)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20lok%20rajeshwari_noble_140110_005/charter%20parties/main%20body/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644721/; classtype:trojan-activity;sid:84507821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644722)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20iran%20yazd_jaldhi_240809_038/charter%20parties/main%20body/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644722/; classtype:trojan-activity;sid:84507822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644723)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/192_abdullah/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644723/; classtype:trojan-activity;sid:84507823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644715)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20uday-acct%20caravel%20-%20cpd%2003%20jul%202015/charter%20party/corrections%20on%20cp%20frm%20owns/info.zip"; http_uri; depth:182; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644715/; classtype:trojan-activity;sid:84507815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644716)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/115_uttarkashi/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644716/; classtype:trojan-activity;sid:84507816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644717)"; flow:established,from_client; content:"GET"; http_method; content:"/1n7.check|3f|t=q8ptw0j6"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"qb.bowibo.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644717/; classtype:trojan-activity;sid:84507817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644714)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20san%20nicolas%20-%20essar%20cpd%2015.11.2018/charter%20party/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644714/; classtype:trojan-activity;sid:84507814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644712)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/usl/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644712/; classtype:trojan-activity;sid:84507812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644713)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.bulk%20saturn_eta_141107_048/charter%20parties/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644713/; classtype:trojan-activity;sid:84507813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644709)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/caria%20shipping/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644709/; classtype:trojan-activity;sid:84507809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644710)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20kanpur_trimex_061108_034/charter%20parties/info.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644710/; classtype:trojan-activity;sid:84507810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644711)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2014/324_stellar%20eagle/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644711/; classtype:trojan-activity;sid:84507811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644703)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/charter%20parties/mv%20sagittarius/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644703/; classtype:trojan-activity;sid:84507803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644704)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20uttarkashi_nob_250208_005/charter%20parties/info.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644704/; classtype:trojan-activity;sid:84507804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644705)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20balaban%20-%20power%20international%20cpd%2017%20december%202019/charter%20party/info.zip"; http_uri; depth:155; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644705/; classtype:trojan-activity;sid:84507805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644706)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/rigveda/info.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644706/; classtype:trojan-activity;sid:84507806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644707)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.jbu%20orient_ispat_121107_047/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644707/; classtype:trojan-activity;sid:84507807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644708)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20bostomor%20tbn%20-%20acct%20shree%20coal-cpd%2004%20march%202017/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644708/; classtype:trojan-activity;sid:84507808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644702)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20densa%20eagle-shreeji%20global%20cpd%2012%20oct%202018/vessel%20desc/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644702/; classtype:trojan-activity;sid:84507802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644699)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/544%20-%20mv%20ksl%20qingyang%20-%20power%20international%20cpd%2004.02.2020%20-%20file%20no.%20544/info.zip"; http_uri; depth:199; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644699/; classtype:trojan-activity;sid:84507799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644700)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20yk%20sentosa_noble_230109_004/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644700/; classtype:trojan-activity;sid:84507800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644701)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/backgrounds/sai%20trans%2016%20january%202013/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644701/; classtype:trojan-activity;sid:84507801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644696)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.blue%20coral_bcm_010607_018/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644696/; classtype:trojan-activity;sid:84507796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644697)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/word%20documents/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644697/; classtype:trojan-activity;sid:84507797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644698)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.port%20mouton_ispat_080408_008/charter%20parties/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644698/; classtype:trojan-activity;sid:84507798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644694)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20limas-%20simtra%20cpd%2010%20june%202015/charter%20party/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644694/; classtype:trojan-activity;sid:84507794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644695)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20karolina_jaldhi_260609_026/charter%20parties/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644695/; classtype:trojan-activity;sid:84507795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644692)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20fuat%20bey%20-%20acct%20transbulk-cpd%2008%20august%202017/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644692/; classtype:trojan-activity;sid:84507792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644693)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/transchart/my%20skype%20pictures/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644693/; classtype:trojan-activity;sid:84507793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644690)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/559%20-%20mv%20stonington%20eagle%20-power%20international%20cp%20dtd%2022.05.2020%20-%20file%20no.559/hire%20statements%20or%20freight%20invoices/info.zip"; http_uri; depth:246; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644690/; classtype:trojan-activity;sid:84507790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644691)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2013/254_montecristo_emerald/working%20copy/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644691/; classtype:trojan-activity;sid:84507791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644686)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv%20spar%20scorpio_ispat_261007_043/charter%20parties/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644686/; classtype:trojan-activity;sid:84507786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644687)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/company%20directives/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644687/; classtype:trojan-activity;sid:84507787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644688)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20union%20explorer-scmc%20-%20cpdtd%2002%20may%202019/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:157; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644688/; classtype:trojan-activity;sid:84507788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644689)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20therese%20selmer%20-%20martrade%20cpd%2005%20march%202018/charter%20party/info.zip"; http_uri; depth:148; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644689/; classtype:trojan-activity;sid:84507789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644683)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/noor%20enterprise_unity%20cp%20dtd%2015th%20apr%202010/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644683/; classtype:trojan-activity;sid:84507783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644684)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv.ocean%20crown_wbc_100209_008/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644684/; classtype:trojan-activity;sid:84507784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644685)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/charter%20parties%202011/mv%20yoma%206/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644685/; classtype:trojan-activity;sid:84507785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644681)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixture_reports/2013/february/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644681/; classtype:trojan-activity;sid:84507781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644682)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20magnum%20power%20-%20acct%20primarina%20cpd%2027%20april%202016/charter%20party/info.zip"; http_uri; depth:154; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644682/; classtype:trojan-activity;sid:84507782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644680)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20tesoro-acct%20hms%20-%20cpd%2019%20april%202017/charter%20party/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644680/; classtype:trojan-activity;sid:84507780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644678)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.devprayag_noble_180408_009/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644678/; classtype:trojan-activity;sid:84507778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644679)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.bulk%20saturn_eta_141107_048/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644679/; classtype:trojan-activity;sid:84507779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644675)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/scan%20documents/scan%20doc/p%20r%20arya%20kingfisher%20delhi%20ticket%20copy/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644675/; classtype:trojan-activity;sid:84507775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644676)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20karolina_jaldhi_160709_031/rider%20clauses/info.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644676/; classtype:trojan-activity;sid:84507776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644677)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20polyworld%20-%20scmc%20cpd%2018th%20jan%202019/brokerage%20invoice/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644677/; classtype:trojan-activity;sid:84507777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644674)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/89_apj_suryavir_libra_23_05_11/misc_docs/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644674/; classtype:trojan-activity;sid:84507774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644672)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20dn%20millet-surya%20exim-cpd%2010%20feb%202017/fixture%20note/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644672/; classtype:trojan-activity;sid:84507772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644673)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20engiadina%20-acct%20everbright-cpd-17%20june%202015/charter%20party/scanned%20copy%20of%20executed%20cp/info.zip"; http_uri; depth:178; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644673/; classtype:trojan-activity;sid:84507773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644669)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20atlantic%20diana-propel%20pcd%209july%202018/certificates/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644669/; classtype:trojan-activity;sid:84507769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644670)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/prajakta/accountant%20cvs/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644670/; classtype:trojan-activity;sid:84507770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644671)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20sophia%20k-%20surya%20exim%20cpd%2017th%20may%202018/charter%20party/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644671/; classtype:trojan-activity;sid:84507771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644668)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/tony/gp/info.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644668/; classtype:trojan-activity;sid:84507768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644666)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.m.p.panamax%201_nob_301107_052/charter%20parties/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644666/; classtype:trojan-activity;sid:84507766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644667)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20lok%20pratap_hct_230609_025/reacp-fixture%20note/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644667/; classtype:trojan-activity;sid:84507767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644662)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20harmony%20tbn%20(mv%20ce%20guardian)%20-%20acct%20surya%20exim-cpd%2009%20march%202017/info.zip"; http_uri; depth:161; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644662/; classtype:trojan-activity;sid:84507762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644663)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20jbu%20orient_sinoway_290110_009/charter%20parties/riders/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644663/; classtype:trojan-activity;sid:84507763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644664)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20maithili%20-%20essar%20cp%20dtd%2007.09.2019/hire%20statements%20or%20freight%20invoices/info.zip"; http_uri; depth:163; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644664/; classtype:trojan-activity;sid:84507764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644665)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/83_haowang_synergy_05_05_2011/final_draft/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644665/; classtype:trojan-activity;sid:84507765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644657)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20pataliputra_noble_290808_025/charter%20parties/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644657/; classtype:trojan-activity;sid:84507757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644658)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.falcon_ispat_050907_035/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644658/; classtype:trojan-activity;sid:84507758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644659)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20pacific%20island-joy%20sky%20mineral%20cpd%2022-jan-2015/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644659/; classtype:trojan-activity;sid:84507759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644660)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20jyoti-sdtr%20cpd%2025th%20may%202018/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644660/; classtype:trojan-activity;sid:84507760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644661)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vinalines%20green-visa%20cp%20dated%2002%20dec%202015/brokerage%20invoice/info.zip"; http_uri; depth:148; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644661/; classtype:trojan-activity;sid:84507761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644655)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/amarante%20background/delta%20corp/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644655/; classtype:trojan-activity;sid:84507755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644656)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.rishikesh_nob_210507_017/charter%20parties/main%20body/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644656/; classtype:trojan-activity;sid:84507756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644652)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/renju/renju_company_directory_/working/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644652/; classtype:trojan-activity;sid:84507752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644653)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20sibi-acct%20visa%20-%20cpd%2024%20march%202017/fixture%20note/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644653/; classtype:trojan-activity;sid:84507753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644654)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20ece%20nur%20bayraktar-usl%20cpd%2030%20oct%202015/brokerage%20invoice/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644654/; classtype:trojan-activity;sid:84507754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644650)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20magnum%20fortune%20-%20essar%20cpd%2027th%20july%202018/brokerage%20invoice/info.zip"; http_uri; depth:150; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644650/; classtype:trojan-activity;sid:84507750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644651)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/havi%20shipping/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644651/; classtype:trojan-activity;sid:84507751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644648)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20genco%20auvergne-acct%20rashmi%20-%20cpd%2018%20august%202017/charter%20party/info.zip"; http_uri; depth:152; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644648/; classtype:trojan-activity;sid:84507748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644649)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/88_furness_melbourne_raymetals_23_05_11/misc_docs/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644649/; classtype:trojan-activity;sid:84507749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644646)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20talisman_ispat_230508_019/charter%20parties/main%20body/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644646/; classtype:trojan-activity;sid:84507746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644647)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20oriental%20angel%20-%20gagan%20coal%20cpd%2004%20jan%202019/brokerage%20invoice/info.zip"; http_uri; depth:154; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644647/; classtype:trojan-activity;sid:84507747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644642)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20doro%20-%20acct%20propel%20-%20cpd%2003%20june%202016/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644642/; classtype:trojan-activity;sid:84507742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644643)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/99_marine_king_ark/info.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644643/; classtype:trojan-activity;sid:84507743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644644)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20atlantic%20diana-propel%20pcd%209july%202018/charter%20party/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644644/; classtype:trojan-activity;sid:84507744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644645)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.m.p.panamax%201_nob_301107_052/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644645/; classtype:trojan-activity;sid:84507745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644640)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/204_apj%20kais/working%20cp/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644640/; classtype:trojan-activity;sid:84507740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644641)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/561%20-%20mv%20minoan%20glory%20-%20propel%20-%20cp%20dtd%2009.06.2020%20-%20file%20no.%20561/hire%20statements%20or%20freight%20invoices/info.zip"; http_uri; depth:237; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644641/; classtype:trojan-activity;sid:84507741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644639)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/sai%20trans/info.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644639/; classtype:trojan-activity;sid:84507739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644636)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/203_deribas/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644636/; classtype:trojan-activity;sid:84507736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644637)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/555%20-%20mv%20pacific%20advance%20-%20isl%20cp%20dtd%2028.04.2020%20-%20file%20no.%20555/misc%20attachments/info.zip"; http_uri; depth:208; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644637/; classtype:trojan-activity;sid:84507737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644638)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20dn%20millet-surya%20exim-cpd%2010%20feb%202017/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644638/; classtype:trojan-activity;sid:84507738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644634)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/transchart/my%20webs/info.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644634/; classtype:trojan-activity;sid:84507734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644635)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20captainyannis%20l%20-%20saraogi%20udyog%20-%20cpd%2027%20september%202016/charter%20party/info.zip"; http_uri; depth:164; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644635/; classtype:trojan-activity;sid:84507735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644633)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20evangelia%20m%20-rashmi-cpd%2012%20june%202017/charter%20party/proforma%20cp/info.zip"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644633/; classtype:trojan-activity;sid:84507733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644630)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20diksha%20-%20siva%20bulk%20-%20cpd%2001%20august%202012/courier%20receipt/info.zip"; http_uri; depth:157; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644630/; classtype:trojan-activity;sid:84507730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644631)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20oriental%20angel%20-%20gagan%20coal%20cpd%2004%20jan%202019/charter%20party/info.zip"; http_uri; depth:150; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644631/; classtype:trojan-activity;sid:84507731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644632)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20cheshire-usl-cpd%2015%20july%202016/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644632/; classtype:trojan-activity;sid:84507732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644627)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20apostolos%20ii%20-%20indo%20international%20cpd%2012%20march%202018/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:183; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644627/; classtype:trojan-activity;sid:84507727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644628)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20jahan%20moni%20-%20scmc%20-%202nd%20shipment/charter%20party/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644628/; classtype:trojan-activity;sid:84507728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644629)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20vinay-caravel%20cpd%2020%20april%202016/brokerage%20invoice/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644629/; classtype:trojan-activity;sid:84507729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644623)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20bda%20tbn%20-%20acct%20hc%20trading-%2006%20oct%202016/charter%20party/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644623/; classtype:trojan-activity;sid:84507723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644624)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.christos_eta_180607_021/charter%20parties/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644624/; classtype:trojan-activity;sid:84507724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644625)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.murshidabad_noble_250408_012/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644625/; classtype:trojan-activity;sid:84507725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644626)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20carola-acct%20visa-%20cpd%2010%20may%202015/fixture%20note/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644626/; classtype:trojan-activity;sid:84507726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644619)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20sandpiper%20-%20scmc%20-%20cpd%2028%20october%202019/certificates/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644619/; classtype:trojan-activity;sid:84507719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644620)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.uttarkashi_nob_250208_005/charter%20parties/main%20body/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644620/; classtype:trojan-activity;sid:84507720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644621)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/transchart/my%20webs/_vti_pvt/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644621/; classtype:trojan-activity;sid:84507721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644622)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/551%20-%20mv%20eships%20dugon%20-%20arcelormittal%20cp%20dtd%20%2026.02.2020%20-%20file%20no.%20551/certificates/info.zip"; http_uri; depth:212; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644622/; classtype:trojan-activity;sid:84507722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644614)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20mandarin%20river%20-%20shipment%20no%203/brokerage%20invoice/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644614/; classtype:trojan-activity;sid:84507714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644615)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.star%20canopus_allocean_261007_042/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644615/; classtype:trojan-activity;sid:84507715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644616)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20triton%20swan%20-%20visa%20bulk%20cpd%2013%20december%202018/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644616/; classtype:trojan-activity;sid:84507716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644617)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/82_wadi_feran_unity_see_coa_folder/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644617/; classtype:trojan-activity;sid:84507717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644618)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv%20uttarkashi_ncs_151007_040/charter%20parties/main%20body/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644618/; classtype:trojan-activity;sid:84507718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644611)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20lok%20maheshwari_nob_050908_027/charter%20parties/main%20body/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644611/; classtype:trojan-activity;sid:84507711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644612)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.dubai%20galactic_jki_101007_039/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644612/; classtype:trojan-activity;sid:84507712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644613)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/essar%20shipping%20dmcc/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644613/; classtype:trojan-activity;sid:84507713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644609)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/bimco/div/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644609/; classtype:trojan-activity;sid:84507709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644610)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/90_serasih_2_crossbridge_20_05_11/misc_docs/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644610/; classtype:trojan-activity;sid:84507710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644604)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20areti.gr%20-%20essar%20cpd%2018%20april%202019/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644604/; classtype:trojan-activity;sid:84507704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644605)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/segal%20group%20of%20co/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644605/; classtype:trojan-activity;sid:84507705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644606)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/scan%20documents/scan%20doc/desert%20hawk%20debit%20note%2019%20dec/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644606/; classtype:trojan-activity;sid:84507706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644607)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20faneromeni%20-%20psons%20-%20cpd%2027%20july%202017/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644607/; classtype:trojan-activity;sid:84507707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644608)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/transchart/my%20videos/info.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644608/; classtype:trojan-activity;sid:84507708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644602)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.port%20mouton_ispat_080408_008/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644602/; classtype:trojan-activity;sid:84507702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644603)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20skatzoura%20-shri%20barjrang%20power%20and%20ispat%20cpd%2029.04.2019/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644603/; classtype:trojan-activity;sid:84507703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644600)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.dubai%20galactic_jki_101007_039/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644600/; classtype:trojan-activity;sid:84507700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644601)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/61_stx_begonia_untiy_see_coa_folder/misc_docs/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644601/; classtype:trojan-activity;sid:84507701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644598)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20pataliputra_noble_290808_025/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644598/; classtype:trojan-activity;sid:84507698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644599)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/sharene/info.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644599/; classtype:trojan-activity;sid:84507699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644596)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/charter%20parties/mv%20shanghai%20venture/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644596/; classtype:trojan-activity;sid:84507696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644597)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.dubai%20energy_noble_100508_001/charter%20parties/main%20body/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644597/; classtype:trojan-activity;sid:84507697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644591)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/190_ocean_flower/working%20copy/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644591/; classtype:trojan-activity;sid:84507691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644592)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/77_sea_emerald_crossbridge_16_04_2011/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644592/; classtype:trojan-activity;sid:84507692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644593)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20pola%20muron-%20essar%20cpd%2010%20may%202018/charter%20party/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644593/; classtype:trojan-activity;sid:84507693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644594)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/pacific%20refulgence%20bg%207%20fixture/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644594/; classtype:trojan-activity;sid:84507694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644595)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/111_moon_enterprise/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644595/; classtype:trojan-activity;sid:84507695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644590)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20densa%20jaguar%20-%20saraogi%20cpd%206th%20feb%202019/brokerage%20invoice/info.zip"; http_uri; depth:148; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644590/; classtype:trojan-activity;sid:84507690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644587)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20tamarita%20-%20hyundai%20glovis%20-%20cpd%201%20april%202014/scanned%20charter%20party/info.zip"; http_uri; depth:161; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644587/; classtype:trojan-activity;sid:84507687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644588)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/brownstone%20background/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644588/; classtype:trojan-activity;sid:84507688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644589)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/553%20-%20mv%20pacific%20advance%20-%20power%20international%20cp%20dtd%2018.04.2020%20-%20file%20nor.%20553/charter%20party/info.zip"; http_uri; depth:224; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644589/; classtype:trojan-activity;sid:84507689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644584)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20jbu%20orient_ssoe_090110_003/charter%20parties/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644584/; classtype:trojan-activity;sid:84507684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644585)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20major_jaldhi_210909_040/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644585/; classtype:trojan-activity;sid:84507685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644586)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/others/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644586/; classtype:trojan-activity;sid:84507686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644580)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20harmony%20tbn(%20mv%20vlazakis%20i%20)-%20synergy/brokerage%20invoice/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644580/; classtype:trojan-activity;sid:84507680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644581)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/170_melo_ocpl/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644581/; classtype:trojan-activity;sid:84507681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644582)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/551%20-%20mv%20eships%20dugon%20-%20arcelormittal%20cp%20dtd%20%2026.02.2020%20-%20file%20no.%20551/charter%20party/info.zip"; http_uri; depth:215; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644582/; classtype:trojan-activity;sid:84507682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644583)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20sandpiper%20-%20scmc%20-%20cpd%2028%20october%202019/charter%20party/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644583/; classtype:trojan-activity;sid:84507683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644577)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20maithili%20-%20essar%20cp%20dtd%2007.09.2019/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:160; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644577/; classtype:trojan-activity;sid:84507677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644578)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/spartan%20affreightments%20pte%20ltd/info.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644578/; classtype:trojan-activity;sid:84507678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644579)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20ocean%20crown_wbc_100209_008/charter%20parties/riders/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644579/; classtype:trojan-activity;sid:84507679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644575)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/74_gulf_riyad_kunlun_05_04_2011/working_copy/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644575/; classtype:trojan-activity;sid:84507675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644576)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20yue%20guan%20feng-visa%20bulk%20cpd%2021%20april%202016/charter%20party/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644576/; classtype:trojan-activity;sid:84507676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644574)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20maithili%20-%20essar%20cp%20dtd%2007.09.2019/brokerage%20invoice/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644574/; classtype:trojan-activity;sid:84507674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644571)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20tamil%20nadu%20-acct%20simtra%20-%20cpd%2010%20feb%202017/charter%20party/info.zip"; http_uri; depth:148; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644571/; classtype:trojan-activity;sid:84507671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644572)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20harmony%20tbn%20(mv%20ce%20guardian)%20-%20acct%20surya%20exim-cpd%2009%20march%202017/brokerage%20invoice/info.zip"; http_uri; depth:181; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644572/; classtype:trojan-activity;sid:84507672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644573)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/fixtures/info.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644573/; classtype:trojan-activity;sid:84507673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644570)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/liyang/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644570/; classtype:trojan-activity;sid:84507670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644564)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/backgrounds/info.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644564/; classtype:trojan-activity;sid:84507664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644565)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/charter%20parties/mv%20noor%20enterprise/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644565/; classtype:trojan-activity;sid:84507665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644566)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/charter%20parties/mv%20sanko%20king/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644566/; classtype:trojan-activity;sid:84507666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644567)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixture_reports/2012/september/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644567/; classtype:trojan-activity;sid:84507667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644568)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/axle%20marine%20singapore/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644568/; classtype:trojan-activity;sid:84507668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644569)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20san%20nicolas%20-%20saii%20resources%20cpd%2012%20nov%202018/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644569/; classtype:trojan-activity;sid:84507669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644561)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20harmony%20tbn%20(mv%20angelina%20the%20great%20n%20)%20-%20smal%20-%20cp%20dated%2020th%20nov%2015/charter%20party/info.zip"; http_uri; depth:189; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644561/; classtype:trojan-activity;sid:84507661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644562)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/pending%20cp/info.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644562/; classtype:trojan-activity;sid:84507662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644563)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/charter%20parties%202011/brokerage%20invoices/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644563/; classtype:trojan-activity;sid:84507663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644558)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20spinel%20-%20seapol%20cp%20dtd%2004%20july%202019/charter%20party/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644558/; classtype:trojan-activity;sid:84507658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644559)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20js%20amazon-acct%20psons%20or%20nominee-cpd%2010%20jan%202016/brokerage%20invoice/info.zip"; http_uri; depth:156; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644559/; classtype:trojan-activity;sid:84507659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644560)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/master%20fixture%20list%20for%20aryacorp%20(all%20offices)/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644560/; classtype:trojan-activity;sid:84507660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644556)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20four%20shinano_ispat_110708_022/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644556/; classtype:trojan-activity;sid:84507656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644557)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20cs%20sonoma-safesea%20cpd%2014%20may%202018/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:159; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644557/; classtype:trojan-activity;sid:84507657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644554)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20kanpur_trimex_061108_034/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644554/; classtype:trojan-activity;sid:84507654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644555)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/template%20folders/info.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644555/; classtype:trojan-activity;sid:84507655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644551)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vega%20mars-propel%20cpd%2018-jan-2016/charter%20party/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644551/; classtype:trojan-activity;sid:84507651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644552)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/226_great%20mind/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644552/; classtype:trojan-activity;sid:84507652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644553)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixture_reports/2012/october/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644553/; classtype:trojan-activity;sid:84507653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644550)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/send%20individually%20outlook%20add-in/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644550/; classtype:trojan-activity;sid:84507650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644548)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20gem%20of%20kilakarai_uniwell_300310_015/charter%20parties/main%20body/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644548/; classtype:trojan-activity;sid:84507648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644549)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixture_reports/2012/march/info.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644549/; classtype:trojan-activity;sid:84507649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644544)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/176_propel_progress/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644544/; classtype:trojan-activity;sid:84507644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644545)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2013/267_apj%20mahakali/working%20cp/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644545/; classtype:trojan-activity;sid:84507645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644546)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/98_ikan_sagai_core_mineral/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644546/; classtype:trojan-activity;sid:84507646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644547)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/charter%20parties/mv%20sea%20flourish/proforma%20cp/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644547/; classtype:trojan-activity;sid:84507647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644543)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20dubai%20knight_noble_220109_002/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644543/; classtype:trojan-activity;sid:84507643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644542)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/540%20-%20mv%20stove%20friend%20-%20scmc%20-%20cpdd%2013.01.2020%20-%20file%20no.%20540/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:218; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644542/; classtype:trojan-activity;sid:84507642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644537)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20global%20harmony%20-%20acct%20sul%20-%20cpd%2011%20march%202017/charter%20party/info.zip"; http_uri; depth:154; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644537/; classtype:trojan-activity;sid:84507637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644538)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20magnum%20power%20-%20acct%20primarina%20cpd%2027%20april%202016/fixture%20note/info.zip"; http_uri; depth:153; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644538/; classtype:trojan-activity;sid:84507638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644539)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.st.paul_nsi_211107_053/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644539/; classtype:trojan-activity;sid:84507639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644540)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20desert%20hawk_eta_aplspore_111008/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644540/; classtype:trojan-activity;sid:84507640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644541)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20indus%20prosperity%20-%20bulk%20marine%20cpd%2004%20october%202019/attachments/info.zip"; http_uri; depth:153; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644541/; classtype:trojan-activity;sid:84507641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644536)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/daily%20menu/daily%20direct%20orders/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644536/; classtype:trojan-activity;sid:84507636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644530)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/coa%20-mv%20perfect%20bulk%20tbn%20-%20scmc%20cpd%2022nd%20april%202019/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644530/; classtype:trojan-activity;sid:84507630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644531)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20transpower%20tbn%20-%20jsw%20steel%20cpd%2017%20march%202016/fixture%20note/info.zip"; http_uri; depth:150; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644531/; classtype:trojan-activity;sid:84507631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644532)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20sdtr%20tbn%20%20ashapura%20cp%20dated%2004%20dec%202015/brokerage%20invoice/info.zip"; http_uri; depth:150; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644532/; classtype:trojan-activity;sid:84507632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644533)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/transasia%20marine%20co%20bg-fixture/info.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644533/; classtype:trojan-activity;sid:84507633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644534)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20gem%20of%20haldia_noble_191109_048/charter%20parties/riders/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644534/; classtype:trojan-activity;sid:84507634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644535)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20firm%20offer%20format/agarwal%20coal/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644535/; classtype:trojan-activity;sid:84507635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644528)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20nidhi-acct%20propel-cpd%2021%20oct%202016/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644528/; classtype:trojan-activity;sid:84507628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644529)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/coa%20documents/4_isl_energy/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644529/; classtype:trojan-activity;sid:84507629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644527)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/sandchart(brilliant%20dragon%20shipping)/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644527/; classtype:trojan-activity;sid:84507627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644525)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/rio%20gold/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644525/; classtype:trojan-activity;sid:84507625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644526)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2014/310_everwin/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644526/; classtype:trojan-activity;sid:84507626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644522)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20lietta_crossbridge_121109_046/charter%20parties/riders/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644522/; classtype:trojan-activity;sid:84507622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644523)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20sfl%20humber%20-%20tata%20nyk%20cpd%2002%20april%202015/charter%20party/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644523/; classtype:trojan-activity;sid:84507623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644524)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20firm%20offer%20format/bagadiya%20bros/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644524/; classtype:trojan-activity;sid:84507624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644521)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.joviality_wamopl_220208_004/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644521/; classtype:trojan-activity;sid:84507621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644519)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20woodstar_stxpanocean_091209_050/charter%20parties/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644519/; classtype:trojan-activity;sid:84507619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644520)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/196_vishva%20vikas/info.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644520/; classtype:trojan-activity;sid:84507620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644517)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/pda%20for%20eci/gangavaram/info.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644517/; classtype:trojan-activity;sid:84507617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644518)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20privmed%20-%20visa%20cpd%2012%20april%202016/brokerage%20invoice/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644518/; classtype:trojan-activity;sid:84507618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644514)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/indo%20international/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644514/; classtype:trojan-activity;sid:84507614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644515)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/sefira%20pc/charter%20parties/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644515/; classtype:trojan-activity;sid:84507615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644516)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/pda%20for%20wci/sanghi/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644516/; classtype:trojan-activity;sid:84507616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644512)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/116_isabelita/working%20copy/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644512/; classtype:trojan-activity;sid:84507612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644513)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20serasih_primeeast_091009_043/charter%20parties/main%20body/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644513/; classtype:trojan-activity;sid:84507613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644510)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644510/; classtype:trojan-activity;sid:84507610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644511)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20wadi%20albostan-acct%20visa%20-%20cpd%2003%20june%202017/charter%20party/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644511/; classtype:trojan-activity;sid:84507611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644507)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2013/257_yong%20an%202/info.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644507/; classtype:trojan-activity;sid:84507607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644508)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20triton%20seahawk%20-%20acct%20propel%20cpd%2006%20dec%202018/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644508/; classtype:trojan-activity;sid:84507608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644509)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2013/265_jindal%20varad/info.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644509/; classtype:trojan-activity;sid:84507609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644505)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.alaknanda_ncs%20_311007_044/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644505/; classtype:trojan-activity;sid:84507605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644506)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.prabhu%20mihika_refined%20sucess_270407_015/recap-fixture%20notes/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644506/; classtype:trojan-activity;sid:84507606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644499)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20dubai%20guardian_ispat_040808_023/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644499/; classtype:trojan-activity;sid:84507599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644500)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/polaris%20shipping%20bg/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644500/; classtype:trojan-activity;sid:84507600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644501)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/124_harvest%20rising/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644501/; classtype:trojan-activity;sid:84507601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644502)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.devprayag_noble_180408_009/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644502/; classtype:trojan-activity;sid:84507602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644503)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/sl%20shipping%20pte/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644503/; classtype:trojan-activity;sid:84507603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644504)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20papillon_copenship_210110_008/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644504/; classtype:trojan-activity;sid:84507604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644495)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/541%20-%20mv%20great%20amity%20-%20isl%20-%20cpd%2030%20jan%202020%20-%20file%20no.%20541/misc%20attachments/info.zip"; http_uri; depth:208; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644495/; classtype:trojan-activity;sid:84507595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644496)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/2018%20-%20circulation%20list%20project/info.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644496/; classtype:trojan-activity;sid:84507596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644497)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/556%20-%20mv%20top%20fair%20-%20scmc%20cp%20%20dtd%2007.05.2020%20-%20file%20no.%20556/brokerage%20invoice/info.zip"; http_uri; depth:206; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644497/; classtype:trojan-activity;sid:84507597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644498)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/pda%20for%20eci/sagar/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644498/; classtype:trojan-activity;sid:84507598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644493)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20firm%20offer%20format/fomento/info.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644493/; classtype:trojan-activity;sid:84507593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644494)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20sbi%20hermes-surya%20exim%20cpd%2022%20sep%202017/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:155; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644494/; classtype:trojan-activity;sid:84507594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644491)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/tony/market%20reports/info.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644491/; classtype:trojan-activity;sid:84507591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644492)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.talisman_ispat_230508_001/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644492/; classtype:trojan-activity;sid:84507592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644490)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20bk%20alice-simtra-cpd%2009%20dec%202016/brokerage%20invoice/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644490/; classtype:trojan-activity;sid:84507590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644484)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/133_four%20kitakami/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644484/; classtype:trojan-activity;sid:84507584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644485)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20bao%20success_ispahia_161109_047/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644485/; classtype:trojan-activity;sid:84507585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644486)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.spar%20lynx_bspl_021107_045/mv.shou%20chang%20hai_wamopl_130907_034/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644486/; classtype:trojan-activity;sid:84507586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644487)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/great%20rich/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644487/; classtype:trojan-activity;sid:84507587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644488)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20vancouver%20victory_jaldhi_300109_005/charter%20parties/main%20body/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644488/; classtype:trojan-activity;sid:84507588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644489)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/asian%20express%20background/info.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644489/; classtype:trojan-activity;sid:84507589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644483)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20dubai%20guardian_ispat_131108_036/charter%20parties/main%20body/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644483/; classtype:trojan-activity;sid:84507583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644482)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/vsp%20limestone%20uae/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644482/; classtype:trojan-activity;sid:84507582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644480)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/emarat%20maritime/info.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644480/; classtype:trojan-activity;sid:84507580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644481)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20lietta_crossbridge_121109_046/charter%20parties/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644481/; classtype:trojan-activity;sid:84507581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644477)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/usl/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644477/; classtype:trojan-activity;sid:84507577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644478)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/siddharth/operators/info.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644478/; classtype:trojan-activity;sid:84507578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644479)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/562%20-%20mv%20mermaid%20star%20-%20singh%20group%20cp%20dtd%2017.06.2020%20-%20file%20no.%20562/certificates/info.zip"; http_uri; depth:209; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644479/; classtype:trojan-activity;sid:84507579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644475)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20vijay%20-%20sdtr%20-%20cpdd%2024%20jan%202018/brokerage%20invoice/info.zip"; http_uri; depth:149; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644475/; classtype:trojan-activity;sid:84507575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644476)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/172_tamil%20nadu/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644476/; classtype:trojan-activity;sid:84507576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644473)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/scan%20documents/scan%20doc/wni/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644473/; classtype:trojan-activity;sid:84507573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644474)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.captain%20george%20ii_ispat_161107_049/charter%20parties/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644474/; classtype:trojan-activity;sid:84507574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644471)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20wadi%20albostan-acct%20visa%20-%20cpd%2003%20june%202017/fixture%20note/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644471/; classtype:trojan-activity;sid:84507571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644472)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20evangelia%20m%20-rashmi-cpd%2012%20june%202017/addendum/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644472/; classtype:trojan-activity;sid:84507572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644468)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/sefira%20pc/charter%20parties/main%20body/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644468/; classtype:trojan-activity;sid:84507568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644469)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/tony/my%20paperport%20documents/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644469/; classtype:trojan-activity;sid:84507569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644470)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/spl%20bg/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644470/; classtype:trojan-activity;sid:84507570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644466)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20tamarita%20-%20hyundai%20glovis%20-%20cpd%201%20april%202014/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644466/; classtype:trojan-activity;sid:84507566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644467)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/148_ding%20xiang%20hai_isl/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644467/; classtype:trojan-activity;sid:84507567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644464)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/148_ding%20xiang%20hai_isl/ding%20xiang%20hai_isl/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644464/; classtype:trojan-activity;sid:84507564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644465)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/havi%20trading%20shipping/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644465/; classtype:trojan-activity;sid:84507565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644460)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2014/clementine/info.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644460/; classtype:trojan-activity;sid:84507560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644461)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/cnbm%20shipping/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644461/; classtype:trojan-activity;sid:84507561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644462)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/191_miletus/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644462/; classtype:trojan-activity;sid:84507562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644463)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644463/; classtype:trojan-activity;sid:84507563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644457)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20ken%20orchid-propel-cpd%2027%20august%202016/brokerage%20invoice/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644457/; classtype:trojan-activity;sid:84507557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644458)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/551%20-%20mv%20eships%20dugon%20-%20arcelormittal%20cp%20dtd%20%2026.02.2020%20-%20file%20no.%20551/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:230; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644458/; classtype:trojan-activity;sid:84507558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644459)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20sealight_hct_050509_017/charter%20parties/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644459/; classtype:trojan-activity;sid:84507559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644456)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20devprayag_nob_230409_015/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644456/; classtype:trojan-activity;sid:84507556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644453)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2013/239_ilia/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644453/; classtype:trojan-activity;sid:84507553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644454)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/vocean%20shipping/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644454/; classtype:trojan-activity;sid:84507554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644455)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/backgrounds/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644455/; classtype:trojan-activity;sid:84507555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644450)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20sea%20arrow%20-%20visa%20bulk%20cpd%2012%20may%202016/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644450/; classtype:trojan-activity;sid:84507550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644451)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/mallikarjun-profile/malikarjun%20company%20profile/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644451/; classtype:trojan-activity;sid:84507551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644452)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20skatzoura%20-shri%20barjrang%20power%20and%20ispat%20cpd%2029.04.2019/charter%20party/info.zip"; http_uri; depth:160; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644452/; classtype:trojan-activity;sid:84507552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644449)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/56_free_envoy_carlon_05_01_11/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644449/; classtype:trojan-activity;sid:84507549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644446)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20sibi-acct%20visa%20-%20cpd%2024%20march%202017/charter%20party/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644446/; classtype:trojan-activity;sid:84507546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644447)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20ece%20nur%20bayraktar-usl%20cpd%2030%20oct%202015/charter%20party/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644447/; classtype:trojan-activity;sid:84507547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644448)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.ocean%20predator_ispat_080907_033/cp%20sent%20glorywealth/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644448/; classtype:trojan-activity;sid:84507548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644442)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.goldmar_ssoe_230508_001/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644442/; classtype:trojan-activity;sid:84507542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644443)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/rinl/info.zip"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644443/; classtype:trojan-activity;sid:84507543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644444)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20norvic%20tbn(mv%20jupiter)%20%20-%20lss%20-%20cpd%2028%20april%202016/fixture%20note/info.zip"; http_uri; depth:159; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644444/; classtype:trojan-activity;sid:84507544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644445)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.dubai%20galactic_jki_101007_039/recap-fixture%20notes/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644445/; classtype:trojan-activity;sid:84507545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644441)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv%20spar%20lynx_bspl_021107_045/charter%20parties/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644441/; classtype:trojan-activity;sid:84507541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644439)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/554%20-%20mv%20martrade%20tbn%20-%20indo%20international%20cp%20dtd%2021.04.2020%20-%20file%20no.%20554%20(cancelled)/charter%20party/info.zip"; http_uri; depth:233; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644439/; classtype:trojan-activity;sid:84507539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644440)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/xiang%20sheng%20shipping/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644440/; classtype:trojan-activity;sid:84507540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644436)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/mondex/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644436/; classtype:trojan-activity;sid:84507536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644437)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20apostolos%20ii%20-%20indo%20international%20cpd%2012%20march%202018/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:173; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644437/; classtype:trojan-activity;sid:84507537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644438)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/winning%20shipping%20bg/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644438/; classtype:trojan-activity;sid:84507538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644434)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/134_id%20tide_vba/working%20copy/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644434/; classtype:trojan-activity;sid:84507534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644435)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/540%20-%20mv%20stove%20friend%20-%20scmc%20-%20cpdd%2013.01.2020%20-%20file%20no.%20540/misc%20attachments/info.zip"; http_uri; depth:206; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644435/; classtype:trojan-activity;sid:84507535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644428)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20anand-acct%20guodian-cpd%2007%20march%202017/brokerage%20invoice/info.zip"; http_uri; depth:148; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644428/; classtype:trojan-activity;sid:84507528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644429)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/201_astra%20centauraus/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644429/; classtype:trojan-activity;sid:84507529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644430)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/sci%20documents/lok%20maheshwari/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644430/; classtype:trojan-activity;sid:84507530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644431)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20rainbow%20lucky-acct%20propel-cpd%2027%20oct%202016/brokerage%20invoice/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644431/; classtype:trojan-activity;sid:84507531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644432)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20vancouver%20victory_jaldhi_300109_005/charter%20parties/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644432/; classtype:trojan-activity;sid:84507532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644433)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20polyworld%20-%20scmc%20cpd%2018th%20jan%202019/hire%20statements%20or%20freight%20invoices/info.zip"; http_uri; depth:165; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644433/; classtype:trojan-activity;sid:84507533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644426)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/europa%20maritime%20background/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644426/; classtype:trojan-activity;sid:84507526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644427)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/siddharth/scan%20doc/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644427/; classtype:trojan-activity;sid:84507527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644425)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20milos%20-%20scmc%20cp%20dtd%2017%20january%202019/brokerage%20invoice/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644425/; classtype:trojan-activity;sid:84507525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644420)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.murshidabad_noble_250408_012/recap-fixture%20notes/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644420/; classtype:trojan-activity;sid:84507520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644421)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20bandhan%20-%20acct%20siva%20bulk%20cpd%2006%20nov%202012/charter%20party/info.zip"; http_uri; depth:156; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644421/; classtype:trojan-activity;sid:84507521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644422)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/reliance%20and%20airtel%20%20bills/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644422/; classtype:trojan-activity;sid:84507522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644423)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20margrave_nedstar_190109_001/charter%20parties/addendum/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644423/; classtype:trojan-activity;sid:84507523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644424)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.dubai%20energy_noble_100508_001/charter%20parties/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644424/; classtype:trojan-activity;sid:84507524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644418)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/bilsea%20group%20(billion%20gain)/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644418/; classtype:trojan-activity;sid:84507518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644419)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/563%20-%20mv%20nd%20aristeia%20-%20bagadiya%20cp%20dtd%2019.06.2020%20-%20file%20no.563/info.zip"; http_uri; depth:187; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644419/; classtype:trojan-activity;sid:84507519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644415)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv.ocean%20crown_wbc_100209_008/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644415/; classtype:trojan-activity;sid:84507515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644416)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/564%20-%20mv%20banglar%20joyjatra%20-%20martrade%20cp%20dtd%2001.07.2020%20-%20file%20no.%20564/hire%20statements%20or%20freight%20invoices/info.zip"; http_uri; depth:239; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644416/; classtype:trojan-activity;sid:84507516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644417)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20pistis%20-%20visa%20cpd%2015%20march%202016/charter%20party/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644417/; classtype:trojan-activity;sid:84507517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644413)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/charter%20parties/mv%20vinashin%20beach/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644413/; classtype:trojan-activity;sid:84507513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644414)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20sophia%20k-%20surya%20exim%20cpd%2017th%20may%202018/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:158; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644414/; classtype:trojan-activity;sid:84507514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644411)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/power%20international/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644411/; classtype:trojan-activity;sid:84507511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644412)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20zsq%20star_eta_071309_030/zsq%20star/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644412/; classtype:trojan-activity;sid:84507512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644408)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20port%20estoril%20-%20scmc-%20cpd%2026%20oct%202018/brokerage%20invoice/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644408/; classtype:trojan-activity;sid:84507508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644409)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20densa%20eagle-shreeji%20global%20cpd%2012%20oct%202018/hire%20statements%20or%20freight%20invoices/info.zip"; http_uri; depth:173; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644409/; classtype:trojan-activity;sid:84507509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644410)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.mandakini_ncs_030108_001/charter%20parties/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644410/; classtype:trojan-activity;sid:84507510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644407)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixture_reports/2012/december/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644407/; classtype:trojan-activity;sid:84507507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644406)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/transpower/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644406/; classtype:trojan-activity;sid:84507506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644405)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20js%20amazon-acct%20psons%20or%20nominee-cpd%2010%20jan%202016/charter%20party/proforma%20cp/info.zip"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644405/; classtype:trojan-activity;sid:84507505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644401)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/vessel%20details/mercator%20vsl%20dtls/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644401/; classtype:trojan-activity;sid:84507501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644402)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644402/; classtype:trojan-activity;sid:84507502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644403)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.rishikesh_nob_210507_017/recap-fixture%20notes/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644403/; classtype:trojan-activity;sid:84507503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644404)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20alaknanda_nob_140509_019/recap-fixture%20note/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644404/; classtype:trojan-activity;sid:84507504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644396)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report%20form%20apr%202010/oct-2010/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644396/; classtype:trojan-activity;sid:84507496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644397)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20vijay%20-%20sdtr%20-%20cpdd%2024%20jan%202018/timeline/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644397/; classtype:trojan-activity;sid:84507497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644398)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/ilc%20company%20profile/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644398/; classtype:trojan-activity;sid:84507498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644399)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/nsel/nsel/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644399/; classtype:trojan-activity;sid:84507499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644400)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/blue%20sky%20background/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644400/; classtype:trojan-activity;sid:84507500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644393)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20umm%20al%20dalkh-%20hudson%20cpd%2010%20may%202018/charter%20party/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644393/; classtype:trojan-activity;sid:84507493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644394)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/565%20-%20mv%20woohyun%20green%20-%20singh%20group%20cp%20dtd%2003.07.2020%20-%20file%20no.%20565/info.zip"; http_uri; depth:197; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644394/; classtype:trojan-activity;sid:84507494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644395)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/113_safeer%20express/working%20copy/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644395/; classtype:trojan-activity;sid:84507495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644391)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/pda%20for%20wci/goa%20or%20panaji%20or%20panjim%20or%20marmagao/tbn%2093k/info.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644391/; classtype:trojan-activity;sid:84507491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644392)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/global%20american%20transport/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644392/; classtype:trojan-activity;sid:84507492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644389)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/553%20-%20mv%20pacific%20advance%20-%20power%20international%20cp%20dtd%2018.04.2020%20-%20file%20nor.%20553/misc%20attachments/info.zip"; http_uri; depth:227; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644389/; classtype:trojan-activity;sid:84507489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644390)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/backgrounds/backgounds/info.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644390/; classtype:trojan-activity;sid:84507490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644387)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20js%20amazon-acct%20psons%20or%20nominee-cpd%2010%20jan%202016/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644387/; classtype:trojan-activity;sid:84507487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644388)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.apj%20jad_nob_300807_032/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644388/; classtype:trojan-activity;sid:84507488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644383)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20an%20fu%20star-%20imr%20cpd%2027%20nov%202015/charter%20party/performa%20cp/info.zip"; http_uri; depth:150; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644383/; classtype:trojan-activity;sid:84507483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644384)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/190_ocean_flower/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644384/; classtype:trojan-activity;sid:84507484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644385)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/pwsl%20bg/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644385/; classtype:trojan-activity;sid:84507485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644386)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/546%20-%20mv%20oktem%20aksoy%20-%20scmc%20-%20cpd%2018.02.2020%20-%20file%20no.%20546/misc%20attachments/info.zip"; http_uri; depth:204; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644386/; classtype:trojan-activity;sid:84507486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644381)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20yk%20sentosa_noble_230109_004/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644381/; classtype:trojan-activity;sid:84507481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644382)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/goodrich%20maritime%20dmc%20est-bg%20oct%202015/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644382/; classtype:trojan-activity;sid:84507482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644378)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/acc%20general%20trading/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644378/; classtype:trojan-activity;sid:84507478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644379)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/67_lok_prem_hmm_02_03_2011/working%20copy/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644379/; classtype:trojan-activity;sid:84507479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644380)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20firm%20offer%20format/kispl/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644380/; classtype:trojan-activity;sid:84507480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644377)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/68_mandarin_fortune_kyori_10_03_2011/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644377/; classtype:trojan-activity;sid:84507477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644376)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/ps%20exim%20bg/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644376/; classtype:trojan-activity;sid:84507476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644373)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.uttarkashi_nob_250208_005/recap-fixture%20notes/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644373/; classtype:trojan-activity;sid:84507473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644374)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/phaethon/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644374/; classtype:trojan-activity;sid:84507474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644375)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20jbu%20orient_bulk%20marine_170609_024/charter%20parties/riders/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644375/; classtype:trojan-activity;sid:84507475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644371)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20four%20shinano_ispat_110708_022/charter%20parties/main%20body/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644371/; classtype:trojan-activity;sid:84507471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644372)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20genco%20knight_wamopl_080508_016/charter%20parties/main%20body/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644372/; classtype:trojan-activity;sid:84507472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644370)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/transchart%20enq/mmtc/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644370/; classtype:trojan-activity;sid:84507470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644366)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/charter%20parties%202011/mv%20harmony%20-%20unity%20coa/mv%20harmony%20-%20unity%20coa/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644366/; classtype:trojan-activity;sid:84507466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644367)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/job%20adverts/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644367/; classtype:trojan-activity;sid:84507467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644368)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20mp%20panamax%204-jeirui%20cpd%206%20aug%202018/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:162; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644368/; classtype:trojan-activity;sid:84507468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644369)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/vessel%20details/gesco%20vls%20dtl/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644369/; classtype:trojan-activity;sid:84507469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644365)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.bonasia_ispat_090707_025/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644365/; classtype:trojan-activity;sid:84507465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644362)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/550%20-%20mv%20pan%20crocus%20-%20scmc%20cp%20dtd%2026.02.2020%20-%20file%20no.%20550/vessel%20desc/info.zip"; http_uri; depth:199; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644362/; classtype:trojan-activity;sid:84507462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644363)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/zatal%20emad%20bg/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644363/; classtype:trojan-activity;sid:84507463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644364)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20super%20star_prime%20east_171209_051/charter%20parties/riders/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644364/; classtype:trojan-activity;sid:84507464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644358)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/113_safeer%20express/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644358/; classtype:trojan-activity;sid:84507458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644359)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/562%20-%20mv%20mermaid%20star%20-%20singh%20group%20cp%20dtd%2017.06.2020%20-%20file%20no.%20562/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:227; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644359/; classtype:trojan-activity;sid:84507459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644360)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/139_salaminia_ivs/info.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644360/; classtype:trojan-activity;sid:84507460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644361)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/pda%20for%20eci/vizag/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644361/; classtype:trojan-activity;sid:84507461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644357)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/548%20-%20mv%20amfitriti%20-%20visa%20bulk%20cp%20dtd%2021.02.2020%20-%20file%20no.%20548/brokerage%20invoice/info.zip"; http_uri; depth:209; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644357/; classtype:trojan-activity;sid:84507457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644356)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/scan%20documents/scan%20doc/cpm%20corporation%20background/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644356/; classtype:trojan-activity;sid:84507456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644355)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2014/311_bulkmarine%20tbn/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644355/; classtype:trojan-activity;sid:84507455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644351)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20vba%20tbn_maheshwari_290710_018/charter%20parties/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644351/; classtype:trojan-activity;sid:84507451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644352)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20gem%20of%20kilakarai_uniwell_300310_015/charter%20parties/riders/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644352/; classtype:trojan-activity;sid:84507452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644353)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20apj%20mahadeva-mcs%20cp%20dtd%2013th%20aug%202015/charter%20party/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644353/; classtype:trojan-activity;sid:84507453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644354)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20ap%20ston%20-%20scmc%20-%202nd%20optional%20shipment/hire%20statements%20or%20freight%20invoices/info.zip"; http_uri; depth:171; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644354/; classtype:trojan-activity;sid:84507454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644349)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/549%20-%20mv%20milos%20-%20power%20international%20cp%20dtd%2026.02.2020/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:203; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644349/; classtype:trojan-activity;sid:84507449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644350)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20apj%20jai%20-%20visa%20bulk%20-%20cpd%2016%20april%202016/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644350/; classtype:trojan-activity;sid:84507450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644347)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/charter%20parties/mv%20cebu%20star/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644347/; classtype:trojan-activity;sid:84507447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644348)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/felix%20background/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644348/; classtype:trojan-activity;sid:84507448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644341)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2013/286_arrilah%201/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644341/; classtype:trojan-activity;sid:84507441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644342)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/landa%20bg%20jan%202015/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644342/; classtype:trojan-activity;sid:84507442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644343)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixture_reports/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644343/; classtype:trojan-activity;sid:84507443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644344)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.jbu%20orient_ispat_121107_047/charter%20parties/main%20body/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644344/; classtype:trojan-activity;sid:84507444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644345)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20dubai%20energy_ispat_010409_012/charter%20parties/riders/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644345/; classtype:trojan-activity;sid:84507445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644346)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20vikas%20-%20acct%20siva%20bulk%20cpd%2005%20sept%202012/charter%20party/info.zip"; http_uri; depth:155; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644346/; classtype:trojan-activity;sid:84507446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644340)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/huadao/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644340/; classtype:trojan-activity;sid:84507440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644339)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644339/; classtype:trojan-activity;sid:84507439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644338)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20vikas%20-%20siva%20bulk%20-%20cpd%2013%20november%202012/charter%20party/info.zip"; http_uri; depth:156; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644338/; classtype:trojan-activity;sid:84507438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644337)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv%20yangtze%20river_wamopl_161007_041/charter%20parties/riders/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644337/; classtype:trojan-activity;sid:84507437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644332)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2013/237_kinda/237_kinda/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644332/; classtype:trojan-activity;sid:84507432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644333)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20yfsl%20tbn(amis%20orchid)%20-%20scmc%20cpd%2008%20dec%202017/fixture%20note/info.zip"; http_uri; depth:150; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644333/; classtype:trojan-activity;sid:84507433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644334)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/pda%20for%20eci/ennore/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644334/; classtype:trojan-activity;sid:84507434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644335)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20vinay-acct%20lss-%20cpd%2013%20jan%202017/brokerage%20invoice/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644335/; classtype:trojan-activity;sid:84507435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644336)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20falcon%20triumph%20-%20additional%20shipment/brokerage%20invoice/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644336/; classtype:trojan-activity;sid:84507436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644330)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20norvic%20tbn(mv%20jupiter)%20%20-%20lss%20-%20cpd%2028%20april%202016/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:185; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644330/; classtype:trojan-activity;sid:84507430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644331)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20crimson%20knight-caravel%20cpd%207%20may%202018/certificates/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644331/; classtype:trojan-activity;sid:84507431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644326)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20uttarkashi_nob_250208_005/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644326/; classtype:trojan-activity;sid:84507426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644327)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20four%20mogami_ispat_0160709_032/charter%20parties/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644327/; classtype:trojan-activity;sid:84507427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644328)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20egil%20tbn%20-%20gagan%20coal%20cpd%2015%20arpil%202019%20(cancelled)/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:175; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644328/; classtype:trojan-activity;sid:84507428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644329)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20jbu%20orient_bulk%20marine_170609_024/charter%20parties/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644329/; classtype:trojan-activity;sid:84507429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644325)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20balaban%20-%20power%20international%20cpd%2017%20december%202019/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644325/; classtype:trojan-activity;sid:84507425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644319)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20ulcas_jaldhi_151009_044/rider%20clauses/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644319/; classtype:trojan-activity;sid:84507419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644320)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/brokerage%20invoices/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644320/; classtype:trojan-activity;sid:84507420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644321)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20mekong-ss%20international-cpd%2027%20august%202016/brokerage%20invoice/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644321/; classtype:trojan-activity;sid:84507421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644322)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/ark%20shipping%20company/ark%20shipping/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644322/; classtype:trojan-activity;sid:84507422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644323)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.port%20melbourne_ispat_221107_050/charter%20parties/copy%20of%201st%20org.cp%20sent%20to%20punit/info.zip"; http_uri; depth:159; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644323/; classtype:trojan-activity;sid:84507423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644324)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/553%20-%20mv%20pacific%20advance%20-%20power%20international%20cp%20dtd%2018.04.2020%20-%20file%20nor.%20553/info.zip"; http_uri; depth:208; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644324/; classtype:trojan-activity;sid:84507424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644317)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20donghae-acct%20bulk%20marine%20cpd%2014%20nov%202016/brokerage%20invoice/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644317/; classtype:trojan-activity;sid:84507417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644318)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20id%20integrity_bulk%20marine_100409_014/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644318/; classtype:trojan-activity;sid:84507418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644315)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20kang%20yao_jaldhi_220109_003/charter%20parties/main%20body/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644315/; classtype:trojan-activity;sid:84507415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644316)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.uttarkashi_nob_250208_005/charter%20parties/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644316/; classtype:trojan-activity;sid:84507416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644314)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/pacific%20glory/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644314/; classtype:trojan-activity;sid:84507414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644308)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.jbu%20orient_ispat_121107_047/charter%20parties/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644308/; classtype:trojan-activity;sid:84507408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644309)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/e-mails/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644309/; classtype:trojan-activity;sid:84507409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644310)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv%20rishikesh_ncs_291107_051/charter%20parties/main%20body/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644310/; classtype:trojan-activity;sid:84507410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644311)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20pataliputra_noble_290808_025/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644311/; classtype:trojan-activity;sid:84507411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644312)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20id%20integrity_bulk%20marine_100409_014/charter%20parties/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644312/; classtype:trojan-activity;sid:84507412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644313)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20densa%20cougar-shreeji%20global%20cpd%208%20june%202018/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644313/; classtype:trojan-activity;sid:84507413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644307)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/indonesia%20coal%20port%20details/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644307/; classtype:trojan-activity;sid:84507407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644306)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/118_dubai_ambassador/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644306/; classtype:trojan-activity;sid:84507406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644300)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20royal%20samurai%20-propel%2013%20april%202019/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644300/; classtype:trojan-activity;sid:84507400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644301)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2013/285_michele%20iuluano/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644301/; classtype:trojan-activity;sid:84507401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644302)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/65_hanaro_melody_jaldi_14_01_11/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644302/; classtype:trojan-activity;sid:84507402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644303)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/mayank/arya%20corp%20pending/brokerage%20invoice/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644303/; classtype:trojan-activity;sid:84507403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644304)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/charter%20parties/mv%20harmony%20innovation%20-%20ssoe/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644304/; classtype:trojan-activity;sid:84507404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644305)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/pda%20for%20wci/navlakhi/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644305/; classtype:trojan-activity;sid:84507405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644295)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20ap%20ston%20-%20scmc%20-%202nd%20optional%20shipment/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:158; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644295/; classtype:trojan-activity;sid:84507395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644296)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/wamopl/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644296/; classtype:trojan-activity;sid:84507396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644297)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20margrave_nedstar_190109_001/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644297/; classtype:trojan-activity;sid:84507397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644298)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/company%20directives/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644298/; classtype:trojan-activity;sid:84507398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644299)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.m.p.panamax%201_nob_301107_052/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644299/; classtype:trojan-activity;sid:84507399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644293)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/91_marine_king_vba_24_05_11/misc_docs/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644293/; classtype:trojan-activity;sid:84507393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644294)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20sandpiper%20-%20scmc%20-%20cpd%2028%20october%202019/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:158; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644294/; classtype:trojan-activity;sid:84507394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644292)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20densa%20cougar-%20bostomar%20cpd%207%20june%202018/charter%20party/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644292/; classtype:trojan-activity;sid:84507392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644287)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/charter%20parties/mv%20tongli%20tbn/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644287/; classtype:trojan-activity;sid:84507387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644288)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20murshidabad_nob_041108%20_033/charter%20parties/main%20body/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644288/; classtype:trojan-activity;sid:84507388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644289)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20star%20crimson-everbright%20cpd%2027%20july%202016/charter%20party/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644289/; classtype:trojan-activity;sid:84507389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644290)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20triton%20seahawk%20-%20acct%20propel%20cpd%2006%20dec%202018/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644290/; classtype:trojan-activity;sid:84507390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644291)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20shropshire%20-%20surya%20exim%20cpd%2008%20march%202018/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644291/; classtype:trojan-activity;sid:84507391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644285)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/76_triton_bulker_isl_15_04_2011/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644285/; classtype:trojan-activity;sid:84507385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644286)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644286/; classtype:trojan-activity;sid:84507386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644282)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20uni%20auc%20one-integrity%20bulk%20cpd%2013%20feb%202018/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:162; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644282/; classtype:trojan-activity;sid:84507382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644283)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20symphony-acct%20propel%20-%20cpd%2008%20november%202016/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644283/; classtype:trojan-activity;sid:84507383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644284)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/smm%20invoices/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644284/; classtype:trojan-activity;sid:84507384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644279)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv%20uttarkashi_nob_310707_029/charter%20parties/riders/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644279/; classtype:trojan-activity;sid:84507379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644280)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20evangelia%20m%20-rashmi-cpd%2012%20june%202017/fixture%20note/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644280/; classtype:trojan-activity;sid:84507380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644281)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/singapore%20printer%20drivers/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644281/; classtype:trojan-activity;sid:84507381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644278)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20royal%20innovation-acct%20propel-%20cpd%2006%20jan%202017/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644278/; classtype:trojan-activity;sid:84507378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644276)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20christina%20iv%20-%20ripley%20cpd%2007%20october%202019/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644276/; classtype:trojan-activity;sid:84507376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644277)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20jag%20ratan_bulkmarine_090709_039/charter%20parties/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644277/; classtype:trojan-activity;sid:84507377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644275)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20qatar%20spirit%20-%20xianglong%20cpd%2020%20sep%202018/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:160; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644275/; classtype:trojan-activity;sid:84507375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644274)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20yuan%20shun%20hai_nedstar_180610_016/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644274/; classtype:trojan-activity;sid:84507374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644273)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/104_ken_sea_unity/info.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644273/; classtype:trojan-activity;sid:84507373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644271)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20yfsl%20tbn(amis%20orchid)%20-%20scmc%20cpd%2008%20dec%202017/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644271/; classtype:trojan-activity;sid:84507371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644272)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20desert%20hawk_nedstar_101108_035/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644272/; classtype:trojan-activity;sid:84507372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644268)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20aranda%20colossus_nob_061008_030/charter%20parties/main%20body/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644268/; classtype:trojan-activity;sid:84507368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644269)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20jbu%20orient_crossbridge_080110_002/info.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644269/; classtype:trojan-activity;sid:84507369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644270)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/misc%20docs/info.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644270/; classtype:trojan-activity;sid:84507370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644264)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/asan%20mm%20fixture%20list/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644264/; classtype:trojan-activity;sid:84507364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644265)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20stelios%20b-primarina%20cpd%209%20oct%2015/brokerage%20invoice/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644265/; classtype:trojan-activity;sid:84507365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644266)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20falcon%20triumph%20-%20additional%20shipment/hire%20statements%20or%20freight%20invoices/info.zip"; http_uri; depth:163; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644266/; classtype:trojan-activity;sid:84507366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644267)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20bomar%20oyster%20-%20primarina%20cpd%2001%20march%202018/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:172; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644267/; classtype:trojan-activity;sid:84507367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644262)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/81_iyo_wind_ssoe_29_04_2011/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644262/; classtype:trojan-activity;sid:84507362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644263)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.dubai%20knight_noble_210607_022/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644263/; classtype:trojan-activity;sid:84507363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644258)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/charter%20parties/mv%20july%20m/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644258/; classtype:trojan-activity;sid:84507358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644259)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20pola%20muron-%20essar%20cpd%2010%20may%202018/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644259/; classtype:trojan-activity;sid:84507359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644260)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/training%20and%20study%20documents/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644260/; classtype:trojan-activity;sid:84507360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644261)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/shanghai%20leading%20energy%20authorization%20letter/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644261/; classtype:trojan-activity;sid:84507361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644257)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/vessel%20list%20jan-feb%202012/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644257/; classtype:trojan-activity;sid:84507357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644254)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20varanasi_noble_160310_013/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644254/; classtype:trojan-activity;sid:84507354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644255)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/540%20-%20mv%20stove%20friend%20-%20scmc%20-%20cpdd%2013.01.2020%20-%20file%20no.%20540/vessel%20desc/info.zip"; http_uri; depth:201; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644255/; classtype:trojan-activity;sid:84507355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644256)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20eco%20vanguard-visa%20cpd%2026%20-%20may-15/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644256/; classtype:trojan-activity;sid:84507356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644252)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/546%20-%20mv%20oktem%20aksoy%20-%20scmc%20-%20cpd%2018.02.2020%20-%20file%20no.%20546/charter%20party/info.zip"; http_uri; depth:201; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644252/; classtype:trojan-activity;sid:84507352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644253)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/183_universal%20barcelona_isl/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644253/; classtype:trojan-activity;sid:84507353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644250)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20serasih_primeeast_091009_043/charter%20parties/riders/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644250/; classtype:trojan-activity;sid:84507350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644251)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/relliance%20airtel%20bills/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644251/; classtype:trojan-activity;sid:84507351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644249)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/charter%20parties/mv%20copenship%20tbn%20-%20ssoe/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644249/; classtype:trojan-activity;sid:84507349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644247)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20densa%20cougar-shreeji%20global%20cpd%208%20june%202018/charter%20party/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644247/; classtype:trojan-activity;sid:84507347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644248)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/554%20-%20mv%20martrade%20tbn%20-%20indo%20international%20cp%20dtd%2021.04.2020%20-%20file%20no.%20554%20(cancelled)/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:248; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644248/; classtype:trojan-activity;sid:84507348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644246)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20skatzoura%20-shri%20barjrang%20power%20and%20ispat%20cpd%2029.04.2019/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:175; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644246/; classtype:trojan-activity;sid:84507346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644242)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/faizan/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644242/; classtype:trojan-activity;sid:84507342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644243)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20devprayag_nob_230409_015/charter%20parties/info.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644243/; classtype:trojan-activity;sid:84507343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644244)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/558%20-%20mv%20marylisa%20v%20-%20bajrang%20-%20cp%20dtd%2019.05.2020%20-%20file%20no.%20558/charter%20party/info.zip"; http_uri; depth:208; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644244/; classtype:trojan-activity;sid:84507344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644245)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2013/267_apj%20mahakali/info.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644245/; classtype:trojan-activity;sid:84507345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644238)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/cpm%20background/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644238/; classtype:trojan-activity;sid:84507338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644239)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20royal%20samurai%20-propel%2013%20april%202019/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644239/; classtype:trojan-activity;sid:84507339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644240)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/540%20-%20mv%20stove%20friend%20-%20scmc%20-%20cpdd%2013.01.2020%20-%20file%20no.%20540/info.zip"; http_uri; depth:187; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644240/; classtype:trojan-activity;sid:84507340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644241)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20polyworld%20-%20scmc%20cpd%2018th%20jan%202019/charter%20party/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644241/; classtype:trojan-activity;sid:84507341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644233)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20major_jaldhi_210909_040/charter%20parties/main%20body/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644233/; classtype:trojan-activity;sid:84507333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644234)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/sci_nob_260107_003/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644234/; classtype:trojan-activity;sid:84507334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644235)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20apostolos%20ii%20-%20indo%20international%20cpd%2012%20march%202018/brokerage%20invoice/info.zip"; http_uri; depth:162; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644235/; classtype:trojan-activity;sid:84507335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644236)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644236/; classtype:trojan-activity;sid:84507336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644237)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20pataliputra_nob_100309_010/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644237/; classtype:trojan-activity;sid:84507337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644232)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20vijeta-%20smitra%20-%20cpd%2004%20june%2015/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644232/; classtype:trojan-activity;sid:84507332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644231)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/223_jay/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644231/; classtype:trojan-activity;sid:84507331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644227)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20densa%20eagle-shreeji%20global%20cpd%2012%20oct%202018/template%20folders/info.zip"; http_uri; depth:148; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644227/; classtype:trojan-activity;sid:84507327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644228)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/118_dubai_ambassador/working%20cp/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644228/; classtype:trojan-activity;sid:84507328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644229)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20malhar%20-%20hmm%20cpd%2006%20june%202013/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644229/; classtype:trojan-activity;sid:84507329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644230)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20vinay-caravel%20cpd%2020%20april%202016/charter%20party/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644230/; classtype:trojan-activity;sid:84507330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644224)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vigor%20sw%20-%20usl%20shipping%20cp%20dated%2008%20dec%2015%20-%20copy/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644224/; classtype:trojan-activity;sid:84507324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644225)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/sagar%20ship%20management%20pte%20ltd/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644225/; classtype:trojan-activity;sid:84507325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644226)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/safesea/info.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644226/; classtype:trojan-activity;sid:84507326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644220)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/539%20-%20mv%20pacific%20advance%20-%20power%20international%20-%20cpd%2010%20jan%202020%20-%20file%20no.%20539/info.zip"; http_uri; depth:211; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644220/; classtype:trojan-activity;sid:84507320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644221)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/227_blue%20ocean/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644221/; classtype:trojan-activity;sid:84507321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644222)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.rishikesh_ncs_291107_051/recap-fixture%20notes/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644222/; classtype:trojan-activity;sid:84507322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644223)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/sci%20documents/lok%20maheshwari/fixture%20note/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644223/; classtype:trojan-activity;sid:84507323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644216)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20dubai%20guardian_nob_300808_026/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644216/; classtype:trojan-activity;sid:84507316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644217)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20doro%20-%20acct%20propel%20-%20cpd%2003%20june%202016/charter%20party/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644217/; classtype:trojan-activity;sid:84507317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644218)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/charter%20parties%202011/mv%20apj%20kais/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644218/; classtype:trojan-activity;sid:84507318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644219)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20jbu%20orient_ssoe_090110_003/charter%20parties/riders/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644219/; classtype:trojan-activity;sid:84507319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644213)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2013/274_mv%20asali/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644213/; classtype:trojan-activity;sid:84507313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644214)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20htk%20lucky-%20essar%20cpd%202%20aug%202018/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:149; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644214/; classtype:trojan-activity;sid:84507314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644215)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/vessel%20details/sci%20vssls/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644215/; classtype:trojan-activity;sid:84507315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644210)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20harmony%20tbn%20(mv%20angelina%20the%20great%20n%20)%20-%20smal%20-%20cp%20dated%2020th%20nov%2015/fixture%20note/info.zip"; http_uri; depth:188; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644210/; classtype:trojan-activity;sid:84507310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644211)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/tme%20bg/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644211/; classtype:trojan-activity;sid:84507311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644212)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20fu%20ming%20%20-%20visa%20cp%20dated%2020%20november%202015/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644212/; classtype:trojan-activity;sid:84507312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644205)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/558%20-%20mv%20marylisa%20v%20-%20bajrang%20-%20cp%20dtd%2019.05.2020%20-%20file%20no.%20558/misc%20attachments/info.zip"; http_uri; depth:211; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644205/; classtype:trojan-activity;sid:84507305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644206)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2013/264_tai%20ping%20shan/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644206/; classtype:trojan-activity;sid:84507306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644207)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/info.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644207/; classtype:trojan-activity;sid:84507307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644208)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/566%20-%20mv%20vitaspirit%20-%20am%20commodities%20cp%20dtd%2028.07.2020%20-%20file%20no.%20566/hire%20statements%20or%20freight%20invoices/info.zip"; http_uri; depth:239; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644208/; classtype:trojan-activity;sid:84507308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644209)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.bonasia_ispat_090707_025/recap-fixture%20notes/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644209/; classtype:trojan-activity;sid:84507309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644204)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20trans%20spring-%20propel-%20cpd%2007%20aug%202015/brokerage%20invoice/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644204/; classtype:trojan-activity;sid:84507304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644203)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20sfl%20humber%20-%20tata%20nyk%20cpd%2002%20april%202015/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644203/; classtype:trojan-activity;sid:84507303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644202)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/victory-bg/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644202/; classtype:trojan-activity;sid:84507302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644199)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/vessel%20details/klaveness%20vls/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644199/; classtype:trojan-activity;sid:84507299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644200)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/539%20-%20mv%20pacific%20advance%20-%20power%20international%20-%20cpd%2010%20jan%202020%20-%20file%20no.%20539/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:242; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644200/; classtype:trojan-activity;sid:84507300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644201)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/j%20ocean%20background/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644201/; classtype:trojan-activity;sid:84507301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644196)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20densa%20jaguar%20-%20saraogi%20cpd%206th%20feb%202019/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644196/; classtype:trojan-activity;sid:84507296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644197)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.aranda%20colossus_ncs_230408_011/charter%20parties/main%20body/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644197/; classtype:trojan-activity;sid:84507297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644198)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/pda%20for%20eci/tuticorin/info.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644198/; classtype:trojan-activity;sid:84507298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644194)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20great%20fortune-acc%20propelship%20cpdated%2016%20april%202018/certificates/info.zip"; http_uri; depth:150; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644194/; classtype:trojan-activity;sid:84507294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644195)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/pda%20for%20wci/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644195/; classtype:trojan-activity;sid:84507295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644192)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/550%20-%20mv%20pan%20crocus%20-%20scmc%20cp%20dtd%2026.02.2020%20-%20file%20no.%20550/certificates/info.zip"; http_uri; depth:198; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644192/; classtype:trojan-activity;sid:84507292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644193)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/rao/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644193/; classtype:trojan-activity;sid:84507293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644189)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/vessel%20details/info.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644189/; classtype:trojan-activity;sid:84507289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644190)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/send%20individually%20outlook%20add-in/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644190/; classtype:trojan-activity;sid:84507290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644191)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20mp%20panamax%204-jeirui%20cpd%206%20aug%202018/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644191/; classtype:trojan-activity;sid:84507291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644188)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/operations%20and%20post%20fixture/debit%20notes/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644188/; classtype:trojan-activity;sid:84507288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644187)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20darya%20shaan%20-%20chun%20an%20cpd%2021%20feb%202018/brokerage%20invoice/info.zip"; http_uri; depth:148; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644187/; classtype:trojan-activity;sid:84507287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644185)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/550%20-%20mv%20pan%20crocus%20-%20scmc%20cp%20dtd%2026.02.2020%20-%20file%20no.%20550/misc%20attachments/info.zip"; http_uri; depth:204; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644185/; classtype:trojan-activity;sid:84507285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644186)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/101_heilan_hmm/working%20copy/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644186/; classtype:trojan-activity;sid:84507286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644184)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20hai%20qing%20-%20lss%20cpd%2029%20june%202015/brokerage%20invoice/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644184/; classtype:trojan-activity;sid:84507284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644172)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2013/234_mandarin%20hantong/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644172/; classtype:trojan-activity;sid:84507272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644173)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20jabal%20shams%20-%20oman%20ship%20-%20cpd%2023.11.2019/charter%20party/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644173/; classtype:trojan-activity;sid:84507273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644174)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20unity%20spirit-acct%20propel-cpd%2024%20jan%202017/brokerage%20invoice/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644174/; classtype:trojan-activity;sid:84507274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644175)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.star%20canopus_allocean_261007_042/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644175/; classtype:trojan-activity;sid:84507275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644176)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20christina%20iv%20-%20ripley%20cpd%2007%20october%202019/attachments/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644176/; classtype:trojan-activity;sid:84507276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644177)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv%20spar%20lynx_bspl_021107_045/charter%20parties/riders/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644177/; classtype:trojan-activity;sid:84507277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644178)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20kanpur_trimex_061108_034/charter%20parties/main%20body/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644178/; classtype:trojan-activity;sid:84507278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644179)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20lok%20rajeshwari_stxpanocean_040209_007/charter%20parties/main%20body/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644179/; classtype:trojan-activity;sid:84507279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644180)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/charter%20parties/mv%20asia/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644180/; classtype:trojan-activity;sid:84507280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644181)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20captainyannis%20l%20-%20saraogi%20udyog%20-%20cpd%2027%20september%202016/info.zip"; http_uri; depth:148; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644181/; classtype:trojan-activity;sid:84507281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644182)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20densa%20dolphin%20-%20propel%20cpd%2007%20december%202018/brokerage%20invoice/info.zip"; http_uri; depth:152; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644182/; classtype:trojan-activity;sid:84507282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644183)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20shropshire%20-%20surya%20exim%20cpd%2008%20march%202018/charter%20party/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644183/; classtype:trojan-activity;sid:84507283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644170)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.aranda%20colossus_ncs_230408_011/charter%20parties/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644170/; classtype:trojan-activity;sid:84507270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644171)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20firm%20offer%20format/jspl%20iore%20pellets%20order%20terms/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644171/; classtype:trojan-activity;sid:84507271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644166)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20desert%20hawk_nedstar_101108_035/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644166/; classtype:trojan-activity;sid:84507266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644167)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20tamil%20nadu%20-acct%20simtra%20-%20cpd%2010%20feb%202017/fixture%20note/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644167/; classtype:trojan-activity;sid:84507267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644168)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20fuat%20bey%20-%20acct%20transbulk-cpd%2008%20august%202017/fixture%20note/info.zip"; http_uri; depth:148; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644168/; classtype:trojan-activity;sid:84507268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644169)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644169/; classtype:trojan-activity;sid:84507269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644163)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/kings%20ocean%20shipping/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644163/; classtype:trojan-activity;sid:84507263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644164)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/scan%20documents/scan%20doc/citi%20bank%20card%20payment/info.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644164/; classtype:trojan-activity;sid:84507264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644165)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2013/273_glory%20rotterdam/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644165/; classtype:trojan-activity;sid:84507265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644158)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/comtrack%20fixture%20list/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644158/; classtype:trojan-activity;sid:84507258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644159)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20rhodos%20-%20scmc%20cpd%207%20sept%202018/charter%20party/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644159/; classtype:trojan-activity;sid:84507259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644160)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20ulcas_jaldhi_240409_016/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644160/; classtype:trojan-activity;sid:84507260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644161)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20infinity%20v-magnifico%20cpd%2013%20aug%202018/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644161/; classtype:trojan-activity;sid:84507261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644162)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/sagabulk/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644162/; classtype:trojan-activity;sid:84507262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644154)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20balaban%20-%20power%20international%20cpd%2017%20december%202019/brokerage%20invoice/info.zip"; http_uri; depth:159; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644154/; classtype:trojan-activity;sid:84507254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644155)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/149_hawk%20i_isl/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644155/; classtype:trojan-activity;sid:84507255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644156)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/vessel%20details/tgp%20vsl%20dtl/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644156/; classtype:trojan-activity;sid:84507256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644157)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/east%20sunshine%20group%20co%20ltd/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644157/; classtype:trojan-activity;sid:84507257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644151)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixture_reports/2011/march/info.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644151/; classtype:trojan-activity;sid:84507251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644152)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report%20form%20apr%202010/sep-2010/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644152/; classtype:trojan-activity;sid:84507252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644153)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20hay_bulk%20marine_180808_024/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644153/; classtype:trojan-activity;sid:84507253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644148)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/aug%202009/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644148/; classtype:trojan-activity;sid:84507248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644149)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/155_cs_calla/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644149/; classtype:trojan-activity;sid:84507249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644150)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/delta%20corp/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644150/; classtype:trojan-activity;sid:84507250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644147)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20desert%20hawk_nedstar_101108_035/recap-fixture%20note/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644147/; classtype:trojan-activity;sid:84507247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644146)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/543%20-%20mv%20dessert%20spring%20-%20isl%20-%20cpd%2004.02.2020%20-%20file%20no.%20543/hire%20statements%20or%20freight%20invoices/info.zip"; http_uri; depth:231; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644146/; classtype:trojan-activity;sid:84507246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644145)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20bomar%20oyster%20-%20primarina%20cpd%2001%20march%202018/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:162; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644145/; classtype:trojan-activity;sid:84507245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644144)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20zsq%20star_spartan_071309_029/charter%20parties/main%20body/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644144/; classtype:trojan-activity;sid:84507244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644143)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/107_ikan_sagai_core/working%20copy/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644143/; classtype:trojan-activity;sid:84507243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644142)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20cheshire-usl-cpd%2015%20july%202016/brokerage%20invoice/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644142/; classtype:trojan-activity;sid:84507242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644141)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/80_marcarolina_coscol_29_04_2011/working_copy/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644141/; classtype:trojan-activity;sid:84507241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644140)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20zsq%20star_spartan_071309_029/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644140/; classtype:trojan-activity;sid:84507240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644138)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20karolina_jaldhi_260609_026/charter%20parties/main%20body/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644138/; classtype:trojan-activity;sid:84507238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644139)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2013/236_cinzia%20d%20amato/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644139/; classtype:trojan-activity;sid:84507239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644134)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/rcf/info.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644134/; classtype:trojan-activity;sid:84507234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644135)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20murshidabad_nob_041108%20_033/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644135/; classtype:trojan-activity;sid:84507235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644136)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv%20rishikesh_ncs_291107_051/charter%20parties/riders/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644136/; classtype:trojan-activity;sid:84507236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644137)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20thor%20madoc%20-%20scmc%20%20cp%20dtd%2006.08.2019/brokerage%20invoice/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644137/; classtype:trojan-activity;sid:84507237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644128)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20haci%20ali%20sari%20-%20torq%20-%20cp%20dtd%2021.08.2019/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644128/; classtype:trojan-activity;sid:84507228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644129)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20port%20estoril%20-%20scmc-%20cpd%2026%20oct%202018/hire%20statements%20or%20freight%20invoices/info.zip"; http_uri; depth:169; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644129/; classtype:trojan-activity;sid:84507229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644130)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.rishikesh_nob_210507_017/charter%20parties/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644130/; classtype:trojan-activity;sid:84507230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644131)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/202_balaban/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644131/; classtype:trojan-activity;sid:84507231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644132)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20global%20harmony%20-%20acct%20sul%20-%20cpd%2011%20march%202017/charter%20party/proforma%20cp/info.zip"; http_uri; depth:168; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644132/; classtype:trojan-activity;sid:84507232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644133)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.ocean%20predator_ispat_080907_033/hire%20statements/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644133/; classtype:trojan-activity;sid:84507233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644123)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20mekong-ss%20international-cpd%2027%20august%202016/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644123/; classtype:trojan-activity;sid:84507223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644124)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixture%20records/fixture%20list/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644124/; classtype:trojan-activity;sid:84507224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644125)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/utkal/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644125/; classtype:trojan-activity;sid:84507225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644126)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/primetransport%20bg/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644126/; classtype:trojan-activity;sid:84507226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644127)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/rinl%20empanelment/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644127/; classtype:trojan-activity;sid:84507227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644122)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20yasa%20ozcan_jaldhi_231009_045/charter%20parties/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644122/; classtype:trojan-activity;sid:84507222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644116)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixture_reports/2012/may/info.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644116/; classtype:trojan-activity;sid:84507216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644117)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/propel%20shipping/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644117/; classtype:trojan-activity;sid:84507217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644118)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/noor%20enterprise_unity%20cp%20dtd%2015th%20apr%202010/riders/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644118/; classtype:trojan-activity;sid:84507218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644119)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20rishikesh_nob_010409_011/charter%20parties/main%20body/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644119/; classtype:trojan-activity;sid:84507219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644120)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20yfsl%20tbn(amis%20orchid)%20-%20scmc%20cpd%2008%20dec%202017/certificates/info.zip"; http_uri; depth:148; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644120/; classtype:trojan-activity;sid:84507220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644121)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2013/298_sino%206/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644121/; classtype:trojan-activity;sid:84507221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644115)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20goa_china%20national_140110_004/charter%20parties/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644115/; classtype:trojan-activity;sid:84507215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644110)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.alaknanda_nob_140208_003/charter%20parties/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644110/; classtype:trojan-activity;sid:84507210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644111)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20sea%20arrow%20-%20visa%20bulk%20cpd%2012%20may%202016/charter%20party/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644111/; classtype:trojan-activity;sid:84507211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644112)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vigor%20sw%20-%20usl%20shipping%20cp%20dated%2030%20nov%2015/charter%20party/info.zip"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644112/; classtype:trojan-activity;sid:84507212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644113)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20heilan%20song-fomento%20cp%20dtd%2005%20feb%202018/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644113/; classtype:trojan-activity;sid:84507213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644114)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/saraogi%20udyog/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644114/; classtype:trojan-activity;sid:84507214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644109)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20murshidabad_nob_041108%20_033/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644109/; classtype:trojan-activity;sid:84507209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644106)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/101_heilan_hmm/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644106/; classtype:trojan-activity;sid:84507206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644107)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.mp%20panamax%201_nob_240707_028/charter%20parties/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644107/; classtype:trojan-activity;sid:84507207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644108)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/pending%20cp/spar%20rigel/info.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644108/; classtype:trojan-activity;sid:84507208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644105)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20umm%20al%20dalkh-%20hudson%20cpd%2010%20may%202018/brokerage%20invoice/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644105/; classtype:trojan-activity;sid:84507205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644104)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20infinity%20v-magnifico%20cpd%2013%20aug%202018/brokerage%20invoice/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644104/; classtype:trojan-activity;sid:84507204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644102)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20dubai%20guardian_ispat_040808_023/charter%20parties/main%20body/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644102/; classtype:trojan-activity;sid:84507202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644103)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/chennai%20jaym%20tc%20particulars/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644103/; classtype:trojan-activity;sid:84507203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644101)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/renju/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644101/; classtype:trojan-activity;sid:84507201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644098)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20rhodos%20-%20torq%20cpd%2005%20july%202019/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644098/; classtype:trojan-activity;sid:84507198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644099)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20triton%20swan%20-%20visa%20bulk%20cpd%2013%20december%202018/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644099/; classtype:trojan-activity;sid:84507199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644100)"; flow:established,from_client; content:"GET"; http_method; content:"/db6tqy6prh.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m7.i-76t.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644100/; classtype:trojan-activity;sid:84507200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644097)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/transbulk/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644097/; classtype:trojan-activity;sid:84507197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644096)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/siddharth/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644096/; classtype:trojan-activity;sid:84507196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644095)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/tcl-bg/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644095/; classtype:trojan-activity;sid:84507195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644093)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20haci%20ali%20sari%20-%20torq%20-%20cp%20dtd%2021.08.2019/charter%20party/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644093/; classtype:trojan-activity;sid:84507193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644094)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20jbu%20orient_ssoe_090110_003/charter%20parties/main%20body/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644094/; classtype:trojan-activity;sid:84507194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644092)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/wedding/info.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644092/; classtype:trojan-activity;sid:84507192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644089)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/545%20-%20mv%20navios%20ulysses%20-%20power%20international%20-%20cpd%2007.02.2020%20-%20file%20no.%20545/hire%20statements%20or%20freight%20invoices/info.zip"; http_uri; depth:249; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644089/; classtype:trojan-activity;sid:84507189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644090)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/aryacorp%20mumbai/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644090/; classtype:trojan-activity;sid:84507190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644091)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixture_reports/2012/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644091/; classtype:trojan-activity;sid:84507191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644085)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20varanasi_noble_160310_013/charter%20parties/riders/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644085/; classtype:trojan-activity;sid:84507185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644086)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/golden%20alliance%20shipping/info.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644086/; classtype:trojan-activity;sid:84507186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644087)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20areti.gr%20-%20essar%20cpd%2018%20april%202019/charter%20party/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644087/; classtype:trojan-activity;sid:84507187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644088)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20cs%20sonoma-safesea%20cpd%2014%20may%202018/certificates/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644088/; classtype:trojan-activity;sid:84507188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644081)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.apj%20jad_noble_230408_010/charter%20parties/info.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644081/; classtype:trojan-activity;sid:84507181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644082)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/zalco%20maritime%20services%20pte%20ltd/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644082/; classtype:trojan-activity;sid:84507182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644083)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/bulk%20marine%20ltd/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644083/; classtype:trojan-activity;sid:84507183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644084)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20anna%20meta-acct%20everbright-cpd%2011%20jan%202017/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644084/; classtype:trojan-activity;sid:84507184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644079)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/diwali_gifting_customer_list/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644079/; classtype:trojan-activity;sid:84507179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644080)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/letters%20to%20bank/info.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644080/; classtype:trojan-activity;sid:84507180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644077)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20zsq%20star_spartan_071309_029/charter%20parties/riders/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644077/; classtype:trojan-activity;sid:84507177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644078)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.blue%20coral_bcm_010607_018/charter%20parties/main%20body/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644078/; classtype:trojan-activity;sid:84507178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644075)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixture_reports/2011/october/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644075/; classtype:trojan-activity;sid:84507175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644076)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/unitaf%20(vitaf)/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644076/; classtype:trojan-activity;sid:84507176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644073)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixture_reports/2011/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644073/; classtype:trojan-activity;sid:84507173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644074)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/pending%20cp/byron%20-%20kyori/info.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644074/; classtype:trojan-activity;sid:84507174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644072)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20woodstar_stxpanocean_091209_050/charter%20parties/riders/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644072/; classtype:trojan-activity;sid:84507172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644067)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/blank%20charter%20party%20forms/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644067/; classtype:trojan-activity;sid:84507167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644068)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/krunal%20desk%20bkp%20210410/goldenrod-lucky%20cement%20-%20corrected%20cp/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644068/; classtype:trojan-activity;sid:84507168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644069)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20harmony%20tbn(%20mv%20vlazakis%20i%20)-%20synergy/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644069/; classtype:trojan-activity;sid:84507169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644070)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20papillon_copenship_210110_008/charter%20parties/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644070/; classtype:trojan-activity;sid:84507170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644071)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20coal%20pride_wamspl_190809_037/charter%20parties/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644071/; classtype:trojan-activity;sid:84507171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644066)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/global%20steel%20background/info.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644066/; classtype:trojan-activity;sid:84507166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644063)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/siva%20bulk/info.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644063/; classtype:trojan-activity;sid:84507163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644064)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.dubai%20crown%20_%20ispat_250907_036/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644064/; classtype:trojan-activity;sid:84507164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644065)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20densa%20cougar-%20bostomar%20cpd%207%20june%202018/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:156; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644065/; classtype:trojan-activity;sid:84507165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644062)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vigor%20sw%20-%20usl%20shipping%20cp%20dated%2008%20dec%2015%20-%20copy/brokerage%20invoice/info.zip"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644062/; classtype:trojan-activity;sid:84507162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644060)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.alaknanda_ncs_070507_016/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644060/; classtype:trojan-activity;sid:84507160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644061)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20triton%20seahawk%20-%20propel%20shipping%2004%20jan%202019/brokerage%20invoice/info.zip"; http_uri; depth:153; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644061/; classtype:trojan-activity;sid:84507161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644059)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.mandakini_ncs_030108_001/charter%20parties/main%20body/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644059/; classtype:trojan-activity;sid:84507159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644057)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20nantor_aht_190110_006/charter%20parties/main%20body/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644057/; classtype:trojan-activity;sid:84507157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644058)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20ptolemeos%20-%20psons%20cp%20dtd%2023%20nov%202017/timeline/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644058/; classtype:trojan-activity;sid:84507158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644055)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20uni%20auc%20one-integrity%20bulk%20cpd%2013%20feb%202018/brokerage%20invoice/info.zip"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644055/; classtype:trojan-activity;sid:84507155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644056)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644056/; classtype:trojan-activity;sid:84507156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644052)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20therese%20selmer%20-%20martrade%20cpd%2005%20march%202018/brokerage%20invoice/info.zip"; http_uri; depth:152; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644052/; classtype:trojan-activity;sid:84507152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644053)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.rishikesh_nob_210507_017/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644053/; classtype:trojan-activity;sid:84507153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644054)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20karolina_jaldhi_160709_031/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644054/; classtype:trojan-activity;sid:84507154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644050)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20ptolemeos%20-%20psons%20cp%20dtd%2023%20nov%202017/fixture%20note/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644050/; classtype:trojan-activity;sid:84507150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644051)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20evangelia%20m%20-rashmi-cpd%2012%20june%202017/charter%20party/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644051/; classtype:trojan-activity;sid:84507151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644046)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/87_genco_carrier_eagle_bulk_19_05_2011/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644046/; classtype:trojan-activity;sid:84507146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644047)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20danceflora%20sw-%20transbulk%20cpd%2013%20july%202018/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644047/; classtype:trojan-activity;sid:84507147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644048)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.star%20canopus_allocean_261007_042/charter%20parties/main%20body/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644048/; classtype:trojan-activity;sid:84507148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644049)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20dalmatia%20g-everbright%20cpd%2031%20march%202016/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:165; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644049/; classtype:trojan-activity;sid:84507149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644042)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/charter%20parties%202011/mv%20free%20envoy/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644042/; classtype:trojan-activity;sid:84507142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644043)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/company%20directives/new%20employee%20records%20to%20be%20obtained/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644043/; classtype:trojan-activity;sid:84507143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644044)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/noble%20questionnaire/info.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644044/; classtype:trojan-activity;sid:84507144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644045)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.gem%20of%20kilakarai_ispat_051007_038/info.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644045/; classtype:trojan-activity;sid:84507145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644041)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20tesoro-acct%20hms%20-%20cpd%2019%20april%202017/certificates/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644041/; classtype:trojan-activity;sid:84507141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644038)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20dn%20millet-surya%20exim-cpd%2010%20feb%202017/charter%20party/scanned%20copy%20of%20executed%20cp/info.zip"; http_uri; depth:173; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644038/; classtype:trojan-activity;sid:84507138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644039)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20teo_eta_050310_012/charter%20parties/riders/info.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644039/; classtype:trojan-activity;sid:84507139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644040)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/crown%20voyager%20norvic/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644040/; classtype:trojan-activity;sid:84507140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644037)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/scan%20documents/25-jan-2011/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644037/; classtype:trojan-activity;sid:84507137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644034)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/bulk%20marine%20ltd/bulk%20marine%20hk%20ltd/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644034/; classtype:trojan-activity;sid:84507134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644035)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.talisman_ispat_230508_001/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644035/; classtype:trojan-activity;sid:84507135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644036)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20dalmatia%20g-everbright%20cpd%2031%20march%202016/charter%20party/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644036/; classtype:trojan-activity;sid:84507136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644033)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20lok%20rajeshwari_stxpanocean_040209_007/charter%20parties/riders/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644033/; classtype:trojan-activity;sid:84507133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644030)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20tomini%20sincerity-propel-cpd%2005%20jan%202017/brokerage%20invoice/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644030/; classtype:trojan-activity;sid:84507130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644031)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/546%20-%20mv%20oktem%20aksoy%20-%20scmc%20-%20cpd%2018.02.2020%20-%20file%20no.%20546/info.zip"; http_uri; depth:185; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644031/; classtype:trojan-activity;sid:84507131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644032)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/charter%20parties/mv%20achilleas-saitrans/mv%20pfs%20narayana%20-%20vba/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644032/; classtype:trojan-activity;sid:84507132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644029)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.apj%20jad_nob_300807_032/charter%20parties/main%20body/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644029/; classtype:trojan-activity;sid:84507129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644028)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20rainbow%20quest-propel%20shipping-cpd%2017%20oct%202016/fixture%20note/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644028/; classtype:trojan-activity;sid:84507128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644027)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/98_ikan_sagai_core_mineral/proforma%20cp/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644027/; classtype:trojan-activity;sid:84507127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644023)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/558%20-%20mv%20marylisa%20v%20-%20bajrang%20-%20cp%20dtd%2019.05.2020%20-%20file%20no.%20558/info.zip"; http_uri; depth:192; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644023/; classtype:trojan-activity;sid:84507123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644024)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20htc%20alfa-acct%20sudima%20-%20charter%20party%20dated%2026th%20%20november%20-%20fixture%20note/fixture%20note/info.zip"; http_uri; depth:186; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644024/; classtype:trojan-activity;sid:84507124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644025)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20genco%20knight_wamopl_080508_016/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644025/; classtype:trojan-activity;sid:84507125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644026)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20magic_jaldhi_210110_007/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644026/; classtype:trojan-activity;sid:84507126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644022)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/charter%20parties/mv%20ocean%20grace%20-%20crossbridge/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644022/; classtype:trojan-activity;sid:84507122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644021)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/scan%20documents/scan%20doc/loi%20kanpur/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644021/; classtype:trojan-activity;sid:84507121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644019)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.fratzis%20star_eta_230108_002/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644019/; classtype:trojan-activity;sid:84507119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644020)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixture_reports/2012/april/info.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644020/; classtype:trojan-activity;sid:84507120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644016)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20byron%20-%20visa%20cp%20dated%2023rd%20july%202015/charter%20party/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644016/; classtype:trojan-activity;sid:84507116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644017)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20maritime%20alliance_jaldhi_310709_034/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644017/; classtype:trojan-activity;sid:84507117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644018)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/customer%20lists/info.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644018/; classtype:trojan-activity;sid:84507118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644013)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20santa%20monic_visa%20%20cp%20dated%2004%20july15/charter%20party/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644013/; classtype:trojan-activity;sid:84507113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644014)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/pda%20for%20wci/new%20mangalore/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644014/; classtype:trojan-activity;sid:84507114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644015)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/bright%20future%20background/info.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644015/; classtype:trojan-activity;sid:84507115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644012)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20carola-acct%20visa-%20cpd%2010%20may%202015/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644012/; classtype:trojan-activity;sid:84507112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644010)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/aryacorp%20company%20introduction/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644010/; classtype:trojan-activity;sid:84507110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644011)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv%20shou%20chang%20hai_wamopl_130907_034/charter%20parties/main%20body/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644011/; classtype:trojan-activity;sid:84507111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644007)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/coa%20documents/2_unity_harmony_29_12_10/info.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644007/; classtype:trojan-activity;sid:84507107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644008)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20crimson%20knight-caravel%20cpd%207%20may%202018/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644008/; classtype:trojan-activity;sid:84507108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644009)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/mumbai%20operations/info.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644009/; classtype:trojan-activity;sid:84507109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644006)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20bao%20success_ispahia_161109_047/charter%20parties/main%20body/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644006/; classtype:trojan-activity;sid:84507106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644004)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/shraddha/uttarkashi()stx-10%20aug/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644004/; classtype:trojan-activity;sid:84507104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644005)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20dubai%20ambassador%20-%20%20jiancheng%20cpd%2023%20nov%202017/certificates/info.zip"; http_uri; depth:149; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644005/; classtype:trojan-activity;sid:84507105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644002)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/umesh/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644002/; classtype:trojan-activity;sid:84507102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644003)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20firm%20offer%20format/surya%20exim/info.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644003/; classtype:trojan-activity;sid:84507103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644001)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20renos_ssoe_240910_019/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644001/; classtype:trojan-activity;sid:84507101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643996)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/grand%20ocean%20shipping%20holding%20bg%20new/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643996/; classtype:trojan-activity;sid:84507096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643997)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20heilan%20song-fomento%20cp%20dtd%2005%20feb%202018/brokerage%20invoice/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643997/; classtype:trojan-activity;sid:84507097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643998)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20genco%20knight_wamopl_080508_016/charter%20parties/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643998/; classtype:trojan-activity;sid:84507098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643999)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20dubai%20crown%20-%20jaldi%20cpdd%2023%20jan%202018/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643999/; classtype:trojan-activity;sid:84507099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644000)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report%20form%20apr%202010/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644000/; classtype:trojan-activity;sid:84507100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643994)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.dubai%20crown%20_%20ispat_250907_036/charter%20parties/main%20body/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643994/; classtype:trojan-activity;sid:84507094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643995)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20bostomor%20tbn%20-%20acct%20shree%20coal-cpd%2004%20march%202017/fixture%20note/info.zip"; http_uri; depth:154; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643995/; classtype:trojan-activity;sid:84507095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643993)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.apj%20jad_noble_230408_010/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643993/; classtype:trojan-activity;sid:84507093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643992)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20jiu%20hua%20hai_ispat_250509_022/charter%20parties/riders/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643992/; classtype:trojan-activity;sid:84507092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643987)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.goldmar_ssoe_230508_001/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643987/; classtype:trojan-activity;sid:84507087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643988)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20ulcas_jaldhi_240409_016/charter%20parties/main%20body/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643988/; classtype:trojan-activity;sid:84507088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643989)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/68_mandarin_fortune_kyori_10_03_2011/working_copy/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643989/; classtype:trojan-activity;sid:84507089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643990)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/86_crossbridge_tbn_unity_12_05_2011/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643990/; classtype:trojan-activity;sid:84507090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643991)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/folders%20to%20be%20copied/info.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643991/; classtype:trojan-activity;sid:84507091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643986)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/efe%20shipping%20backgorund/info.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643986/; classtype:trojan-activity;sid:84507086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643984)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20union%20explorer-scmc%20-%20cpdtd%2002%20may%202019/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643984/; classtype:trojan-activity;sid:84507084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643985)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/transchart/my%20music/my%20playlists/info.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643985/; classtype:trojan-activity;sid:84507085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643979)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20chetna%20-%20dhlcp%20dtd%2018%20dec%202015/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643979/; classtype:trojan-activity;sid:84507079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643980)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20superior%20-%20visa%20cp%20dated%2004th%20sept%202015/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643980/; classtype:trojan-activity;sid:84507080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643981)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20maharashtra%20%20acct%20crossbridge%20cpd%2024%20june%202011/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643981/; classtype:trojan-activity;sid:84507081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643982)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/scan%20documents/scan%20doc/maheshwari%20group/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643982/; classtype:trojan-activity;sid:84507082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643983)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/126_yasa%20gulten_plutus/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643983/; classtype:trojan-activity;sid:84507083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643974)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20captain%20george%20ii_nedstar_151208_037/charter%20parties/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643974/; classtype:trojan-activity;sid:84507074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643975)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vinalines%20green-visa%20cp%20dated%2002%20dec%202015/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643975/; classtype:trojan-activity;sid:84507075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643976)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/scan%20documents/scan%20doc/lok%20maheshwari%20cer/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643976/; classtype:trojan-activity;sid:84507076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643977)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/transchart/company%20profile/info.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643977/; classtype:trojan-activity;sid:84507077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643978)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20lok%20pratap_hct_230609_025/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643978/; classtype:trojan-activity;sid:84507078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643973)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.dubai%20galactic_ispat_241207_054/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643973/; classtype:trojan-activity;sid:84507073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643970)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/563%20-%20mv%20nd%20aristeia%20-%20bagadiya%20cp%20dtd%2019.06.2020%20-%20file%20no.563/vessel%20desc/info.zip"; http_uri; depth:201; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643970/; classtype:trojan-activity;sid:84507070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643971)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/132_safeer%20express_champion%20ocean/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643971/; classtype:trojan-activity;sid:84507071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643972)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20haci%20ali%20sari%20-%20torq%20-%20cp%20dtd%2021.08.2019/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:162; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643972/; classtype:trojan-activity;sid:84507072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643969)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/backgrounds/precious%20charm/info.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643969/; classtype:trojan-activity;sid:84507069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643968)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/nova%20commodities%20bg/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643968/; classtype:trojan-activity;sid:84507068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643964)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/platinum%20maritime/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643964/; classtype:trojan-activity;sid:84507064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643965)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.st.paul_nsi_211107_053/charter%20parties/main%20body/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643965/; classtype:trojan-activity;sid:84507065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643966)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/marine%20fortune%20carrier/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643966/; classtype:trojan-activity;sid:84507066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643967)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20glovis%20maine%20-%20tata%20nyk%20cpd%2025%20june%2015/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643967/; classtype:trojan-activity;sid:84507067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643959)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20voc%20progress_eta_290509_023/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643959/; classtype:trojan-activity;sid:84507059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643960)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/558%20-%20mv%20marylisa%20v%20-%20bajrang%20-%20cp%20dtd%2019.05.2020%20-%20file%20no.%20558/hire%20statements%20or%20freight%20invoices/info.zip"; http_uri; depth:236; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643960/; classtype:trojan-activity;sid:84507060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643961)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/543%20-%20mv%20dessert%20spring%20-%20isl%20-%20cpd%2004.02.2020%20-%20file%20no.%20543/charter%20party/info.zip"; http_uri; depth:203; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643961/; classtype:trojan-activity;sid:84507061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643962)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20iron%20man_jaldhi_080809_035/charter%20parties/main%20body/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643962/; classtype:trojan-activity;sid:84507062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643963)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/dahua/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643963/; classtype:trojan-activity;sid:84507063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643956)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/sefira%20pc/miscellaneous/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643956/; classtype:trojan-activity;sid:84507056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643957)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20cheshire-usl-cpd%2015%20july%202016/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643957/; classtype:trojan-activity;sid:84507057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643958)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20blue%20cat-visa%20cpd%2004%20june%2015/brokerage%20invoice/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643958/; classtype:trojan-activity;sid:84507058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643950)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.yangtze%20river_wamopl_161007_041/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643950/; classtype:trojan-activity;sid:84507050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643951)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20serasih_primeeast_091009_043/charter%20parties/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643951/; classtype:trojan-activity;sid:84507051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643952)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20global%20harmony%20-%20acct%20sul%20-%20cpd%2011%20march%202017/fixture%20note/info.zip"; http_uri; depth:153; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643952/; classtype:trojan-activity;sid:84507052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643953)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/69_pfs_narayana_unity_18_03_2011/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643953/; classtype:trojan-activity;sid:84507053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643954)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20uttarkashi_ncs_110908_029/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643954/; classtype:trojan-activity;sid:84507054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643955)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.spar%20lynx_bspl_021107_045/miscellaneous/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643955/; classtype:trojan-activity;sid:84507055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643947)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/85_malathi_eta_09_05_2011/working_copy/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643947/; classtype:trojan-activity;sid:84507047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643948)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.dubai%20knight_noble_210607_022/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643948/; classtype:trojan-activity;sid:84507048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643949)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/diryoung/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643949/; classtype:trojan-activity;sid:84507049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643945)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/kyori%20bg/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643945/; classtype:trojan-activity;sid:84507045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643946)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/msa%20dubai%20bg/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643946/; classtype:trojan-activity;sid:84507046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643942)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/charter%20parties/mv%20harkripa/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643942/; classtype:trojan-activity;sid:84507042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643943)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/pda%20for%20wci/goa%20or%20panaji%20or%20panjim%20or%20marmagao/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643943/; classtype:trojan-activity;sid:84507043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643944)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20anna%20meta-acct%20everbright-cpd%2011%20jan%202017/brokerage%20invoice/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643944/; classtype:trojan-activity;sid:84507044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643940)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/charter%20parties/mv%20renos/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643940/; classtype:trojan-activity;sid:84507040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643941)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.dubai%20galactic_ispat_241207_054/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643941/; classtype:trojan-activity;sid:84507041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643939)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/fc%20agarwal%20coal/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643939/; classtype:trojan-activity;sid:84507039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643938)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20anna%20elisabeth%20-%20arihant%20cpd%2019%20feb%2015/charter%20party/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643938/; classtype:trojan-activity;sid:84507038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643937)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixture_reports/2012/july/aryacorp/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643937/; classtype:trojan-activity;sid:84507037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643936)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/charter%20parties%202011/info.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643936/; classtype:trojan-activity;sid:84507036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643935)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20norvic%20tbn(mv%20jupiter)%20%20-%20lss%20-%20cpd%2028%20april%202016/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643935/; classtype:trojan-activity;sid:84507035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643933)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.bulk%20saturn_eta_141107_048/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643933/; classtype:trojan-activity;sid:84507033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643934)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/charter%20parties/tai%20ping%20shan-phaethon-cp/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643934/; classtype:trojan-activity;sid:84507034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643931)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/112_ikan_serong_uiipl/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643931/; classtype:trojan-activity;sid:84507031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643932)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/79_thor_independence_eta_07_04_2011/working_copy/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643932/; classtype:trojan-activity;sid:84507032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643930)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20royal%20samurai%20-propel%2013%20april%202019/hire%20statements%20or%20freight%20invoices/info.zip"; http_uri; depth:164; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643930/; classtype:trojan-activity;sid:84507030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643926)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/prajakta/ship%20broker/info.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643926/; classtype:trojan-activity;sid:84507026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643927)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20ap%20ston%20-%20scmc%20-%202nd%20optional%20shipment/certificates/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643927/; classtype:trojan-activity;sid:84507027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643928)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20harmony%20tbn%20(mv%20ce%20guardian)%20-%20acct%20surya%20exim-cpd%2009%20march%202017/fixture%20note/info.zip"; http_uri; depth:176; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643928/; classtype:trojan-activity;sid:84507028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643929)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20nazia%20jahan%20-%20scmc%20-%201st%20optional%20shipment/charter%20party/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643929/; classtype:trojan-activity;sid:84507029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643920)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20indus%20prosperity%20-%20bulk%20marine%20cpd%2004%20october%202019/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:172; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643920/; classtype:trojan-activity;sid:84507020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643921)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20sibi-acct%20visa%20-%20cpd%2024%20march%202017/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643921/; classtype:trojan-activity;sid:84507021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643922)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/incomplete%20cp%20list/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643922/; classtype:trojan-activity;sid:84507022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643923)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20densa%20cougar-%20bostomar%20cpd%207%20june%202018/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643923/; classtype:trojan-activity;sid:84507023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643924)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/varsha/varsha/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643924/; classtype:trojan-activity;sid:84507024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643925)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/558%20-%20mv%20marylisa%20v%20-%20bajrang%20-%20cp%20dtd%2019.05.2020%20-%20file%20no.%20558/brokerage%20invoice/info.zip"; http_uri; depth:212; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643925/; classtype:trojan-activity;sid:84507025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643919)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/shah%20coal%20bg/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643919/; classtype:trojan-activity;sid:84507019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643916)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20dubai%20crown%20-%20aastha%20cpd%2014%20nov%202014/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643916/; classtype:trojan-activity;sid:84507016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643917)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.aranda%20colossus_ncs_230408_011/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643917/; classtype:trojan-activity;sid:84507017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643918)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/117_ikan_kurau/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643918/; classtype:trojan-activity;sid:84507018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643912)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20densa%20panther-surya%20exim%20cpd%2022%20oct%202015/charter%20party/proforma%20cp/info.zip"; http_uri; depth:157; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643912/; classtype:trojan-activity;sid:84507012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643913)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/cp%20-%20status%202011-12/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643913/; classtype:trojan-activity;sid:84507013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643914)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv%20syriotissa_bmm_270607_023/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643914/; classtype:trojan-activity;sid:84507014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643915)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/varsha/new%20folder%20(2)/info.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643915/; classtype:trojan-activity;sid:84507015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643909)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.rishikesh_nob_210507_017/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643909/; classtype:trojan-activity;sid:84507009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643910)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20uttarkashi_ncs_110908_029/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643910/; classtype:trojan-activity;sid:84507010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643911)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/tongli/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643911/; classtype:trojan-activity;sid:84507011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643906)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/84_ocean_phoenix_05_05_2011/working_copy/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643906/; classtype:trojan-activity;sid:84507006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643907)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/charter%20parties/mv%20star%20sea%20cosmos/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643907/; classtype:trojan-activity;sid:84507007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643908)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv%20uttarkashi_nob_310707_029/recap-fixture%20note/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643908/; classtype:trojan-activity;sid:84507008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643895)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20wadi%20albostan-acct%20visa%20-%20cpd%2003%20june%202017/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643895/; classtype:trojan-activity;sid:84506995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643896)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20privmed%20-%20visa%20cpd%2012%20april%202016/charter%20party/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643896/; classtype:trojan-activity;sid:84506996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643897)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20jbu%20orient_bulk%20marine_170609_024/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643897/; classtype:trojan-activity;sid:84506997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643898)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/210_apj%20shirin/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643898/; classtype:trojan-activity;sid:84506998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643899)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20triton%20seahawk%20-%20acct%20propel%20cpd%2006%20dec%202018/charter%20party/info.zip"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643899/; classtype:trojan-activity;sid:84506999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643900)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20greco%20libero-acct%20vedanta-cpd%2028%20oct%202016/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643900/; classtype:trojan-activity;sid:84507000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643901)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/vessel%20details/cosco%20vsl%20dtls/info.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643901/; classtype:trojan-activity;sid:84507001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643902)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20thor%20madoc%20-%20scmc%20%20cp%20dtd%2006.08.2019/charter%20party/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643902/; classtype:trojan-activity;sid:84507002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643903)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/eusuf/info.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643903/; classtype:trojan-activity;sid:84507003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643904)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20jiu%20hua%20hai_ispat_250509_022/charter%20parties/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643904/; classtype:trojan-activity;sid:84507004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643905)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20maritime%20alliance_jaldhi_310709_034/charter%20parties/riders/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643905/; classtype:trojan-activity;sid:84507005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643891)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/75_id_tide_ameropa_14_04_2011/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643891/; classtype:trojan-activity;sid:84506991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643892)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20magnum%20fortune%20-%20essar%20cpd%2027th%20july%202018/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:161; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643892/; classtype:trojan-activity;sid:84506992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643893)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/541%20-%20mv%20great%20amity%20-%20isl%20-%20cpd%2030%20jan%202020%20-%20file%20no.%20541/info.zip"; http_uri; depth:189; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643893/; classtype:trojan-activity;sid:84506993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643894)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202006/mv%20china%20trader_eta_020806_032/charter%20parties/main%20body/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643894/; classtype:trojan-activity;sid:84506994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643887)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/84_ocean_phoenix_05_05_2011/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643887/; classtype:trojan-activity;sid:84506987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643888)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/krunal%20desk%20bkp%20210410/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643888/; classtype:trojan-activity;sid:84506988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643889)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20uttarkashi_ncs_110908_029/charter%20parties/main%20body/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643889/; classtype:trojan-activity;sid:84506989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643890)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/184_tennei_maru_liannex/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643890/; classtype:trojan-activity;sid:84506990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643885)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20yfsl%20(mv%20sarwar%20jahan)-acct%20scmc-%2018%20november%202016/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643885/; classtype:trojan-activity;sid:84506985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643886)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20oriental%20angel%20-%20gagan%20coal%20cpd%2004%20jan%202019/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643886/; classtype:trojan-activity;sid:84506986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643884)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/athena%20shipping%20pte%20ltd/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643884/; classtype:trojan-activity;sid:84506984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643881)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20densa%20cougar-shreeji%20global%20cpd%208%20june%202018/charter%20party/addendum%20no.%201/info.zip"; http_uri; depth:165; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643881/; classtype:trojan-activity;sid:84506981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643882)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20faneromeni%20-%20psons%20-%20cpd%2027%20july%202017/charter%20party/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643882/; classtype:trojan-activity;sid:84506982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643883)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/chen%20hong/info.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643883/; classtype:trojan-activity;sid:84506983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643879)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20tesoro-acct%20hms%20-%20cpd%2019%20april%202017/fixture%20note/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643879/; classtype:trojan-activity;sid:84506979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643880)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20archagelos%20michael%20-%20scmc%2017.12.18/charter%20party/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643880/; classtype:trojan-activity;sid:84506980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643878)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20nidhi%20-%20siva%20cpd%2008%20september%202012/charter%20party/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643878/; classtype:trojan-activity;sid:84506978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643877)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.dubai%20crown_ispat_300607_024/charter%20parties/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643877/; classtype:trojan-activity;sid:84506977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643876)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/544%20-%20mv%20ksl%20qingyang%20-%20power%20international%20cpd%2004.02.2020%20-%20file%20no.%20544/brokerage%20invoice/info.zip"; http_uri; depth:219; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643876/; classtype:trojan-activity;sid:84506976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643873)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/scan%20documents/skaarup%20fortune%20shipping%20ltd%20background/info.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643873/; classtype:trojan-activity;sid:84506973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643874)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20firm%20offer%20format/m%20pallonji/info.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643874/; classtype:trojan-activity;sid:84506974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643875)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.mp%20panamax%202_nob_120707_026/charter%20parties/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643875/; classtype:trojan-activity;sid:84506975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643872)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20vijay%20-%20sdtr%20-%20cpdd%2024%20jan%202018/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643872/; classtype:trojan-activity;sid:84506972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643871)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20milos%20-%20scmc%20cp%20dtd%2017%20january%202019/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:155; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643871/; classtype:trojan-activity;sid:84506971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643867)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.talisman_ispat_230508_001/charter%20parties/main%20body/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643867/; classtype:trojan-activity;sid:84506967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643868)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/charter%20parties/info.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643868/; classtype:trojan-activity;sid:84506968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643869)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20nantor_aht_190110_006/riders/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643869/; classtype:trojan-activity;sid:84506969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643870)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20woodstar_stxpanocean_091209_050/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643870/; classtype:trojan-activity;sid:84506970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643863)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/564%20-%20mv%20banglar%20joyjatra%20-%20martrade%20cp%20dtd%2001.07.2020%20-%20file%20no.%20564/vessel%20desc/info.zip"; http_uri; depth:209; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643863/; classtype:trojan-activity;sid:84506963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643864)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20kang%20yao_jaldhi_220109_003/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643864/; classtype:trojan-activity;sid:84506964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643865)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/206_harmony%20tbn/info.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643865/; classtype:trojan-activity;sid:84506965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643866)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/scan%20documents/scan%20doc/china-india%20iron%20ore%20summit%20beijing%202008/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643866/; classtype:trojan-activity;sid:84506966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643856)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2014/307_sagar%20katan/info.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643856/; classtype:trojan-activity;sid:84506956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643857)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/sharda%20ma%20company%20profile/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643857/; classtype:trojan-activity;sid:84506957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643858)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20vijeta-propel-cpd%2027%20september%202016/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643858/; classtype:trojan-activity;sid:84506958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643859)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20ocean%20pearl%20-%20seapol%20cp%20dtd%2017.07.2019/hire%20statements%20or%20freight%20invoices/info.zip"; http_uri; depth:169; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643859/; classtype:trojan-activity;sid:84506959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643860)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/552%20-%20mv%20jewel%20of%20shinas%20-%20delta%20cp%20dtd%2014.04.2020%20-%20file%20no.%20552/hire%20statements%20or%20freight%20invoices/info.zip"; http_uri; depth:237; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643860/; classtype:trojan-activity;sid:84506960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643861)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20sandpiper%20-%20scmc%20-%20cpd%2028%20october%202019/hire%20statements%20or%20freight%20invoices/info.zip"; http_uri; depth:171; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643861/; classtype:trojan-activity;sid:84506961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643862)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/norvic%20profile/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643862/; classtype:trojan-activity;sid:84506962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643853)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20nidhi%20-%20siva%20cpd%2008%20september%202012/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643853/; classtype:trojan-activity;sid:84506953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643854)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20captainyannis%20l%20-%20saraogi%20udyog%20-%20cpd%2027%20september%202016/charter%20party/proforma%20cp/info.zip"; http_uri; depth:178; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643854/; classtype:trojan-activity;sid:84506954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643855)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20mandarin%20fortune_wbc_160209_009/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643855/; classtype:trojan-activity;sid:84506955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643852)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/542%20-%20mv%20dessert%20spring%20-%20power%20international%20-%20cpd%2030.01.2020%20-%20file%20no.%20542/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:236; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643852/; classtype:trojan-activity;sid:84506952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643851)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.talisman_ispat_230508_001/charter%20parties/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643851/; classtype:trojan-activity;sid:84506951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643845)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20an%20fu%20star-%20imr%20cpd%2027%20nov%202015/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643845/; classtype:trojan-activity;sid:84506945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643846)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20skatzoura%20-shri%20barjrang%20power%20and%20ispat%20cpd%2029.04.2019/brokerage%20invoice/info.zip"; http_uri; depth:164; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643846/; classtype:trojan-activity;sid:84506946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643847)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20firm%20offer%20format/kyori/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643847/; classtype:trojan-activity;sid:84506947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643848)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/alsaa%20petroleum%20background/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643848/; classtype:trojan-activity;sid:84506948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643849)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/543%20-%20mv%20dessert%20spring%20-%20isl%20-%20cpd%2004.02.2020%20-%20file%20no.%20543/misc%20attachments/info.zip"; http_uri; depth:206; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643849/; classtype:trojan-activity;sid:84506949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643850)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20san%20nicolas%20-%20essar%20cpd%2015.11.2018/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643850/; classtype:trojan-activity;sid:84506950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643844)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20mekong-ss%20international-cpd%2027%20august%202016/charter%20party/proforma%20cp/info.zip"; http_uri; depth:155; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643844/; classtype:trojan-activity;sid:84506944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643843)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/work/desktop/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643843/; classtype:trojan-activity;sid:84506943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643841)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20dubai%20knight_noble_220109_002/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643841/; classtype:trojan-activity;sid:84506941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643842)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/pioneer%20right%20bg/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643842/; classtype:trojan-activity;sid:84506942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643839)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.port%20melbourne_ispat_221107_050/charter%20parties/main%20body/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643839/; classtype:trojan-activity;sid:84506939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643840)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/94_akij_wave_everbright_11_06_2011/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643840/; classtype:trojan-activity;sid:84506940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643838)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/transchart%20enq/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643838/; classtype:trojan-activity;sid:84506938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643837)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/181_ibis%20bulker/info.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643837/; classtype:trojan-activity;sid:84506937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643836)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20engiadina%20-acct%20everbright-cpd-17%20june%202015/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643836/; classtype:trojan-activity;sid:84506936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643833)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/pda%20and%20agent%20details/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643833/; classtype:trojan-activity;sid:84506933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643834)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.bonasia_ispat_090707_025/charter%20parties/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643834/; classtype:trojan-activity;sid:84506934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643835)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20prabhu%20gopal%20-%20acct%20visa%20-%20cpd%2016%20april%202016/brokerage%20invoice/info.zip"; http_uri; depth:157; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643835/; classtype:trojan-activity;sid:84506935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643829)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/coa%20-mv%20perfect%20bulk%20tbn%20-%20scmc%20cpd%2022nd%20april%202019/charter%20party/info.zip"; http_uri; depth:157; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643829/; classtype:trojan-activity;sid:84506929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643830)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vigor%20sw%20-%20usl%20shipping%20cp%20dated%2030%20nov%2015/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643830/; classtype:trojan-activity;sid:84506930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643831)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20great%20fortune-acc%20propelship%20cpdated%2016%20april%202018/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:178; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643831/; classtype:trojan-activity;sid:84506931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643832)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20dubai%20crown_bilgent_040209_006/charter%20parties/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643832/; classtype:trojan-activity;sid:84506932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643826)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/operations%20and%20post%20fixture/cp%20menu/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643826/; classtype:trojan-activity;sid:84506926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643827)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2013/280_daebo%20yesu/working%20copy/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643827/; classtype:trojan-activity;sid:84506927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643828)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/deepak/daily%20report/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643828/; classtype:trojan-activity;sid:84506928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643824)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/charter%20parties/mv%20grand%20way/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643824/; classtype:trojan-activity;sid:84506924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643825)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/gpn%20fixture%20list/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643825/; classtype:trojan-activity;sid:84506925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643819)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.star%20canopus_allocean_261007_042/charter%20parties/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643819/; classtype:trojan-activity;sid:84506919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643820)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/charter%20parties/d.maritime/info.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643820/; classtype:trojan-activity;sid:84506920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643821)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20ap%20ston%20-%20scmc%20-%202nd%20optional%20shipment/brokerage%20invoice/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643821/; classtype:trojan-activity;sid:84506921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643822)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2013/249_evnia_shree%20coal/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643822/; classtype:trojan-activity;sid:84506922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643823)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/pda%20for%20wci/goa%20or%20panaji%20or%20panjim%20or%20marmagao/tbn%2082k%20for%20coal/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643823/; classtype:trojan-activity;sid:84506923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643817)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20fanoula_crossbridge_201109_049/charter%20parties/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643817/; classtype:trojan-activity;sid:84506917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643818)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.spar%20lynx_bspl_021107_045/charter%20parties/info.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643818/; classtype:trojan-activity;sid:84506918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643814)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/83_haowang_synergy_05_05_2011/working_copy/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643814/; classtype:trojan-activity;sid:84506914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643815)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20papillon_aquavita_230610_017/charter%20parties/riders/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643815/; classtype:trojan-activity;sid:84506915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643816)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20hydrus-%20usl-%20cpd%2028%20july%202016/charter%20party/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643816/; classtype:trojan-activity;sid:84506916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643811)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/562%20-%20mv%20mermaid%20star%20-%20singh%20group%20cp%20dtd%2017.06.2020%20-%20file%20no.%20562/info.zip"; http_uri; depth:196; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643811/; classtype:trojan-activity;sid:84506911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643812)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20anna%20elizabeth-ss%20intl-cpd%2017%20dec%202016/charter%20party/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643812/; classtype:trojan-activity;sid:84506912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643813)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/kunlun%20shipping%20bg/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643813/; classtype:trojan-activity;sid:84506913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643810)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20clipper%20vision%20-%20orissa%20metalikes%20cpd%2024%20june%202019/brokerage%20invoice/info.zip"; http_uri; depth:161; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643810/; classtype:trojan-activity;sid:84506910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643808)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.alaknanda_nob_140208_003/charter%20parties/main%20body/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643808/; classtype:trojan-activity;sid:84506908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643809)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/102_nasco_pearl_asan/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643809/; classtype:trojan-activity;sid:84506909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643805)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/devi%20trading%20background/info.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643805/; classtype:trojan-activity;sid:84506905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643806)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/71_nasco_pearl_blue_sky_24_03_2011/working_copy/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643806/; classtype:trojan-activity;sid:84506906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643807)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20darya%20shaan%20-%20chun%20an%20cpd%2021%20feb%202018/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:159; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643807/; classtype:trojan-activity;sid:84506907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643804)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20yfsl%20tbn(amis%20orchid)%20-%20scmc%20cpd%2008%20dec%202017/timeline/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643804/; classtype:trojan-activity;sid:84506904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643803)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/usshk-bg/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643803/; classtype:trojan-activity;sid:84506903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643802)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/sinosea/info.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643802/; classtype:trojan-activity;sid:84506902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643801)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/120_clipper_valour/info.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643801/; classtype:trojan-activity;sid:84506901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643799)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20yuan%20shun%20hai_nedstar_180610_016/charter%20parties/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643799/; classtype:trojan-activity;sid:84506899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643800)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20vba%20tbn_maheshwari_290710_018/recap-fixture%20note/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643800/; classtype:trojan-activity;sid:84506900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643797)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20theometor-%20everbright%20cpd%2010%20feb%2016/brokerage%20invoice/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643797/; classtype:trojan-activity;sid:84506897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643798)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20uday-acct%20caravel%20-%20cpd%2003%20jul%202015/brokerage%20invoice/info.zip"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643798/; classtype:trojan-activity;sid:84506898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643795)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20qatar%20spirit%20-%20xianglong%20cpd%2020%20sep%202018/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643795/; classtype:trojan-activity;sid:84506895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643796)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20dubai%20ambassador%20-%20%20jiancheng%20cpd%2023%20nov%202017/timeline/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643796/; classtype:trojan-activity;sid:84506896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643793)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2014/mv%20new%20laurel/info.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643793/; classtype:trojan-activity;sid:84506893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643794)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20id%20integrity_bulk%20marine_100409_014/charter%20parties/main%20body/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643794/; classtype:trojan-activity;sid:84506894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643790)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20js%20amazon-acct%20psons%20or%20nominee-cpd%2010%20jan%202016/charter%20party/info.zip"; http_uri; depth:152; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643790/; classtype:trojan-activity;sid:84506890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643791)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20desert%20hawk_eta_aplspore_111008/charter%20parties/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643791/; classtype:trojan-activity;sid:84506891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643792)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/566%20-%20mv%20vitaspirit%20-%20am%20commodities%20cp%20dtd%2028.07.2020%20-%20file%20no.%20566/charter%20party/info.zip"; http_uri; depth:211; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643792/; classtype:trojan-activity;sid:84506892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643789)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/charter%20parties/mv%20varanasi/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643789/; classtype:trojan-activity;sid:84506889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643783)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/circ%20folder/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643783/; classtype:trojan-activity;sid:84506883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643784)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/brokerage%20invoices/crossbridge_outstanding/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643784/; classtype:trojan-activity;sid:84506884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643785)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20karolina_jaldhi_160709_031/main%20body/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643785/; classtype:trojan-activity;sid:84506885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643786)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/backgrounds/asan%20mm/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643786/; classtype:trojan-activity;sid:84506886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643787)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.aranda%20colossus_ncs_230408_011/debitnote/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643787/; classtype:trojan-activity;sid:84506887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643788)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/564%20-%20mv%20banglar%20joyjatra%20-%20martrade%20cp%20dtd%2001.07.2020%20-%20file%20no.%20564/certificates/info.zip"; http_uri; depth:208; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643788/; classtype:trojan-activity;sid:84506888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643774)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20cs%20brave%20(mv%20devongate%20)-acct%20aegis%20overseas%20ltd%20or%20nominee-cpd%2024%20november%202016/fixture%20note/info.zip"; http_uri; depth:194; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643774/; classtype:trojan-activity;sid:84506874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643775)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/545%20-%20mv%20navios%20ulysses%20-%20power%20international%20-%20cpd%2007.02.2020%20-%20file%20no.%20545/info.zip"; http_uri; depth:205; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643775/; classtype:trojan-activity;sid:84506875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643776)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/prajakta/secretary/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643776/; classtype:trojan-activity;sid:84506876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643777)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20firm%20offer%20format/noble/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643777/; classtype:trojan-activity;sid:84506877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643778)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/556%20-%20mv%20top%20fair%20-%20scmc%20cp%20%20dtd%2007.05.2020%20-%20file%20no.%20556/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:217; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643778/; classtype:trojan-activity;sid:84506878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643779)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/general%20shipping%20services/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643779/; classtype:trojan-activity;sid:84506879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643780)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.%20lok/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643780/; classtype:trojan-activity;sid:84506880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643781)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/547%20-%20mv%20rowan%202%20-%20scmc%20-%20cpdtd%2019.02.2020%20-%20file%20no.%20547/certificates/info.zip"; http_uri; depth:196; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643781/; classtype:trojan-activity;sid:84506881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643782)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/pramukh%20exim/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643782/; classtype:trojan-activity;sid:84506882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643771)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv.ocean%20crown_wbc_100209_008/charter%20parties/main%20body/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643771/; classtype:trojan-activity;sid:84506871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643772)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20fanoula_crossbridge_201109_049/charter%20parties/riders/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643772/; classtype:trojan-activity;sid:84506872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643773)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20nantor_aht_190110_006/charter%20parties/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643773/; classtype:trojan-activity;sid:84506873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643768)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20byron%20-%20visa%20cp%20dated%2023rd%20july%202015/charter%20party/proforma%20cp/info.zip"; http_uri; depth:155; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643768/; classtype:trojan-activity;sid:84506868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643769)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/renju/yellow%20fin/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643769/; classtype:trojan-activity;sid:84506869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643770)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20densa%20eagle%20-%20bagadiya%20cp%20dtd%2013.08.2019/brokerage%20invoice/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643770/; classtype:trojan-activity;sid:84506870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643766)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20karolina_jaldhi_260609_026/charter%20parties/riders/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643766/; classtype:trojan-activity;sid:84506866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643767)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/565%20-%20mv%20woohyun%20green%20-%20singh%20group%20cp%20dtd%2003.07.2020%20-%20file%20no.%20565/hire%20statements%20or%20freight%20invoices/info.zip"; http_uri; depth:241; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643767/; classtype:trojan-activity;sid:84506867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643765)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.yangtze%20river_wamopl_161007_041/charter%20parties/main%20body/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643765/; classtype:trojan-activity;sid:84506865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643760)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.devprayag_noble_180408_009/charter%20parties/info.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643760/; classtype:trojan-activity;sid:84506860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643761)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20apj%20suryavir_seafreight_080509_018/charter%20parties/main%20body/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643761/; classtype:trojan-activity;sid:84506861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643762)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20cheshire-usl-cpd%2015%20july%202016/charter%20party/proforma%20cp/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643762/; classtype:trojan-activity;sid:84506862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643763)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/110_four_shinano_jsw/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643763/; classtype:trojan-activity;sid:84506863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643764)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20hydrus-usl%20cpd%2019%20aug%202016/brokerage%20invoice/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643764/; classtype:trojan-activity;sid:84506864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643758)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20san%20nicolas%20-%20essar%20cpd%2015.11.2018/hire%20statements%20or%20freight%20invoices/info.zip"; http_uri; depth:163; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643758/; classtype:trojan-activity;sid:84506858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643759)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20dubai%20knight_ispat_091008_031/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643759/; classtype:trojan-activity;sid:84506859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643757)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20trans%20spring-%20propel-%20cpd%2007%20aug%202015/charter%20party/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643757/; classtype:trojan-activity;sid:84506857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643756)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20santa%20monic_visa%20%20cp%20dated%2004%20july15/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643756/; classtype:trojan-activity;sid:84506856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643755)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/539%20-%20mv%20pacific%20advance%20-%20power%20international%20-%20cpd%2010%20jan%202020%20-%20file%20no.%20539/hire%20statements%20or%20freight%20invoices/info.zip"; http_uri; depth:255; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643755/; classtype:trojan-activity;sid:84506855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643753)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.goldmar_ssoe_230508_001/recap-fixture%20notes/info.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643753/; classtype:trojan-activity;sid:84506853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643754)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20iran%20yazd_jaldhi_240809_038/charter%20parties/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643754/; classtype:trojan-activity;sid:84506854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643747)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20vancouver%20victory_jaldhi_300109_005/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643747/; classtype:trojan-activity;sid:84506847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643748)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20id%20tide_ispat_080709_027/charter%20parties/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643748/; classtype:trojan-activity;sid:84506848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643749)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20union%20explorer%20-%20isl%20cp%20dtd%2002%20may%202019/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643749/; classtype:trojan-activity;sid:84506849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643750)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.uttarkashi_nob_310707_029/charter%20parties/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643750/; classtype:trojan-activity;sid:84506850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643751)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.dubai%20crown_ispat_300607_024/charter%20parties/main%20body/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643751/; classtype:trojan-activity;sid:84506851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643752)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/vessel%20details/sci%20vsls%20dtls/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643752/; classtype:trojan-activity;sid:84506852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643744)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.mp%20panamax%202_nob_120707_026/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643744/; classtype:trojan-activity;sid:84506844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643745)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20great%20fortune-acc%20propelship%20cpdated%2016%20april%202018/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:168; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643745/; classtype:trojan-activity;sid:84506845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643746)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20jyoti-sdtr%20cpd%2025th%20may%202018/brokerage%20invoice/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643746/; classtype:trojan-activity;sid:84506846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643742)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20rainbow%20lucky-%20propel%20cp%20dated%2019%20oct%202015/brokerage%20invoice/info.zip"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643742/; classtype:trojan-activity;sid:84506842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643743)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20rhodos%20-%20scmc%20cpd%207%20sept%202018/brokerage%20invoice/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643743/; classtype:trojan-activity;sid:84506843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643738)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.hardwar_ncs_020807_030/recap-fixture%20notes/info.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643738/; classtype:trojan-activity;sid:84506838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643739)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20htk%20lucky-%20essar%20cpd%202%20aug%202018/charter%20party/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643739/; classtype:trojan-activity;sid:84506839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643740)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.marigold_seafreight_3000408_015/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643740/; classtype:trojan-activity;sid:84506840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643741)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/198_vishna%20nidhi/info.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643741/; classtype:trojan-activity;sid:84506841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643735)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.spar%20lynx_bspl_021107_045/mv.shou%20chang%20hai_wamopl_130907_034/charter%20parties/info.zip"; http_uri; depth:148; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643735/; classtype:trojan-activity;sid:84506835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643736)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20therese%20selmer-%20acct%20visa%20bulk%20-%20cpd%2005-05-2016/brokerage%20invoice/info.zip"; http_uri; depth:156; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643736/; classtype:trojan-activity;sid:84506836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643737)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/busisol%20credential/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643737/; classtype:trojan-activity;sid:84506837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643733)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2013/251_vinalines%20brave/working%20copy/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643733/; classtype:trojan-activity;sid:84506833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643734)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/552%20-%20mv%20jewel%20of%20shinas%20-%20delta%20cp%20dtd%2014.04.2020%20-%20file%20no.%20552/charter%20party/info.zip"; http_uri; depth:209; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643734/; classtype:trojan-activity;sid:84506834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643730)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20hay_bulk%20marine_180808_024/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643730/; classtype:trojan-activity;sid:84506830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643731)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20prabhu%20gopal%20-%20acct%20visa%20-%20cpd%2016%20april%202016/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643731/; classtype:trojan-activity;sid:84506831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643732)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2014/glovis%20melody/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643732/; classtype:trojan-activity;sid:84506832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643725)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20thor%20madoc%20-%20scmc%20%20cp%20dtd%2006.08.2019/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643725/; classtype:trojan-activity;sid:84506825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643726)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/sreekant%20shenoy/info.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643726/; classtype:trojan-activity;sid:84506826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643727)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2013/238_hong%20yu/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643727/; classtype:trojan-activity;sid:84506827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643728)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/cpc%20corp%20ltd%20dubai/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643728/; classtype:trojan-activity;sid:84506828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643729)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/89_apj_suryavir_libra_23_05_11/working_copy/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643729/; classtype:trojan-activity;sid:84506829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643722)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/180_slettnes/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643722/; classtype:trojan-activity;sid:84506822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643723)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20jiu%20hua%20hai_ispat_250509_022/charter%20parties/main%20body/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643723/; classtype:trojan-activity;sid:84506823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643724)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/samjoo%20maritime/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643724/; classtype:trojan-activity;sid:84506824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643721)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.apj%20jad_noble_230408_010/charter%20parties/main%20body/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643721/; classtype:trojan-activity;sid:84506821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643719)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20frontier%20angel_eta_201108/charter%20parties/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643719/; classtype:trojan-activity;sid:84506819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643720)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20ptolemeos%20-%20psons%20cp%20dtd%2023%20nov%202017/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643720/; classtype:trojan-activity;sid:84506820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643715)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20byron%20-%20visa%20cp%20dated%2023rd%20july%202015/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643715/; classtype:trojan-activity;sid:84506815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643716)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.spar%20lynx_bspl_021107_045/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643716/; classtype:trojan-activity;sid:84506816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643717)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/navi-trek%20bg/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643717/; classtype:trojan-activity;sid:84506817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643718)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20anna%20elisabeth%20-%20arihant%20cpd%2019%20feb%2015/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643718/; classtype:trojan-activity;sid:84506818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643711)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20densa%20eagle%20-%20bagadiya%20cp%20dtd%2013.08.2019/charter%20party/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643711/; classtype:trojan-activity;sid:84506811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643712)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20al%20yasat%20ii%20-%20power%20international%20cpd%2016%20nov%202019/misc%20attachments/info.zip"; http_uri; depth:161; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643712/; classtype:trojan-activity;sid:84506812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643713)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20sinin_ssoe_030210_010/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643713/; classtype:trojan-activity;sid:84506813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643714)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/pdf%20files/info.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643714/; classtype:trojan-activity;sid:84506814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643709)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/pda%20and%20agent%20details/agent%20details/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643709/; classtype:trojan-activity;sid:84506809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643710)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20pacific%20island-joy%20sky%20mineral%20cpd%2022-jan-2015/charter%20party/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643710/; classtype:trojan-activity;sid:84506810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643708)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/175_evnia/info.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643708/; classtype:trojan-activity;sid:84506808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643707)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/vessel%20details/apj%20vssls/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643707/; classtype:trojan-activity;sid:84506807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643705)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20densa%20dolphin%20-%20propel%20cpd%2007%20december%202018/hire%20statements%20or%20freight%20invoices/info.zip"; http_uri; depth:176; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643705/; classtype:trojan-activity;sid:84506805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643706)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv%20spar%20scorpio_ispat_261007_043/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643706/; classtype:trojan-activity;sid:84506806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643702)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.mandakini_noble_030408_007/charter%20parties/main%20body/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643702/; classtype:trojan-activity;sid:84506802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643703)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20woodstar_stxpanocean_091209_050/charter%20parties/main%20body/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643703/; classtype:trojan-activity;sid:84506803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643704)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20mp%20panamax%204-jeirui%20cpd%206%20aug%202018/charter%20party/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643704/; classtype:trojan-activity;sid:84506804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643700)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20qatar%20spirit%20-%20xianglong%20cpd%2020%20sep%202018/charter%20party/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643700/; classtype:trojan-activity;sid:84506800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643701)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/129_yellow_fin/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643701/; classtype:trojan-activity;sid:84506801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643697)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20balaban%20-%20power%20international%20cpd%2017%20december%202019/misc%20attachments/info.zip"; http_uri; depth:158; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643697/; classtype:trojan-activity;sid:84506797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643698)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/178_aom_milena/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643698/; classtype:trojan-activity;sid:84506798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643699)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20jbu%20orient_sinoway_290110_009/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643699/; classtype:trojan-activity;sid:84506799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643694)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20rhodos%20-%20torq%20cpd%2005%20july%202019/charter%20party/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643694/; classtype:trojan-activity;sid:84506794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643695)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv%20yangtze%20river_wamopl_161007_041/charter%20parties/main%20body/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643695/; classtype:trojan-activity;sid:84506795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643696)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/apl%20it/info.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643696/; classtype:trojan-activity;sid:84506796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643691)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20blue%20cat-visa%20cpd%2004%20june%2015/charter%20party/scanned%20copy%20of%20cp/info.zip"; http_uri; depth:154; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643691/; classtype:trojan-activity;sid:84506791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643692)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20flag%20gangos%20-%20lss%20cpd%2030%20may%202015/brokerage%20invoice/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643692/; classtype:trojan-activity;sid:84506792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643693)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/freight%20force/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643693/; classtype:trojan-activity;sid:84506793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643689)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.port%20mouton_ispat_080408_008/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643689/; classtype:trojan-activity;sid:84506789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643690)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/primetransport/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643690/; classtype:trojan-activity;sid:84506790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643688)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20sbi%20hermes-surya%20exim%20cpd%2022%20sep%202017/brokerage%20invoice/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643688/; classtype:trojan-activity;sid:84506788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643687)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/renju/renju_company_directory_/original/info.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643687/; classtype:trojan-activity;sid:84506787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643682)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/cos%20marine%20qingdao/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643682/; classtype:trojan-activity;sid:84506782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643683)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixture_reports/2012/july/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643683/; classtype:trojan-activity;sid:84506783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643684)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20rainbow%20lucky-%20propel%20cp%20dated%2019%20oct%202015/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643684/; classtype:trojan-activity;sid:84506784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643685)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20balaban%20-%20power%20international%20cpd%2017%20december%202019/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:170; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643685/; classtype:trojan-activity;sid:84506785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643686)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/krunal%20desk%20bkp%20210410/vsl%20dets%20isl/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643686/; classtype:trojan-activity;sid:84506786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643677)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/547%20-%20mv%20rowan%202%20-%20scmc%20-%20cpdtd%2019.02.2020%20-%20file%20no.%20547/brokerage%20invoice/info.zip"; http_uri; depth:203; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643677/; classtype:trojan-activity;sid:84506777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643678)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/544%20-%20mv%20ksl%20qingyang%20-%20power%20international%20cpd%2004.02.2020%20-%20file%20no.%20544/hire%20statements%20or%20freight%20invoices/info.zip"; http_uri; depth:243; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643678/; classtype:trojan-activity;sid:84506778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643679)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20aranda%20colossus_nob_061008_030/market%20report/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643679/; classtype:trojan-activity;sid:84506779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643680)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/174_nasco%20jade_holcim/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643680/; classtype:trojan-activity;sid:84506780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643681)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.dubai%20crown%20_%20ispat_250907_036/charter%20parties/original%20cps/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643681/; classtype:trojan-activity;sid:84506781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643675)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20rainbow%20quest-propel%20shipping-cpd%2017%20oct%202016/charter%20party/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643675/; classtype:trojan-activity;sid:84506775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643676)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20primrose_wamspl_041009_044/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643676/; classtype:trojan-activity;sid:84506776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643674)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20saubaagya%205%20-%20mcs%20cpd%2010%20nov%202015/brokerage%20invoice/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643674/; classtype:trojan-activity;sid:84506774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643672)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/548%20-%20mv%20amfitriti%20-%20visa%20bulk%20cp%20dtd%2021.02.2020%20-%20file%20no.%20548/certificates/info.zip"; http_uri; depth:202; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643672/; classtype:trojan-activity;sid:84506772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643673)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/135_cs%20calvina/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643673/; classtype:trojan-activity;sid:84506773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643669)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.murshidabad_noble_250408_012/charter%20parties/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643669/; classtype:trojan-activity;sid:84506769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643670)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/smart%20gain%20shipping/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643670/; classtype:trojan-activity;sid:84506770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643671)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/navdhenu%20vessels/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643671/; classtype:trojan-activity;sid:84506771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643660)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20ulcas_jaldhi_240409_016/charter%20parties/riders/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643660/; classtype:trojan-activity;sid:84506760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643661)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20jbu%20orient_crossbridge_080110_002/charter%20parties/main%20body/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643661/; classtype:trojan-activity;sid:84506761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643662)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20anna%20elisabeth%20-%20arihant%20cpd%2019%20feb%2015/brokerage%20invoice/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643662/; classtype:trojan-activity;sid:84506762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643663)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/jsk%20shipping%20pte%20ltd/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643663/; classtype:trojan-activity;sid:84506763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643664)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20firm%20offer%20format/libra/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643664/; classtype:trojan-activity;sid:84506764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643665)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20cemtex%20orient_kispl_311208_038/charter%20parties/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643665/; classtype:trojan-activity;sid:84506765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643666)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/pda%20for%20wci/mumbai%20or%20dharamtar/info.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643666/; classtype:trojan-activity;sid:84506766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643667)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.barcelona%20bright_metchart_3000408_014/charter%20parties/main%20body/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643667/; classtype:trojan-activity;sid:84506767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643668)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/541%20-%20mv%20great%20amity%20-%20isl%20-%20cpd%2030%20jan%202020%20-%20file%20no.%20541/charter%20party/info.zip"; http_uri; depth:205; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643668/; classtype:trojan-activity;sid:84506768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643658)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/short%20terms%20for%20govt%20chrtrs/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643658/; classtype:trojan-activity;sid:84506758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643659)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20densa%20jaguar%20-%20saraogi%20cpd%206th%20feb%202019/certificates/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643659/; classtype:trojan-activity;sid:84506759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643654)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/79_thor_independence_eta_07_04_2011/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643654/; classtype:trojan-activity;sid:84506754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643655)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/aug%202008/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643655/; classtype:trojan-activity;sid:84506755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643656)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20dubai%20energy_ispat_010409_012/charter%20parties/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643656/; classtype:trojan-activity;sid:84506756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643657)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/seatrek%20bg/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643657/; classtype:trojan-activity;sid:84506757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643651)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/graincom/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643651/; classtype:trojan-activity;sid:84506751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643652)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/marvel%20transport/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643652/; classtype:trojan-activity;sid:84506752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643653)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20devigloryi_seatrek_180509_022/main%20body/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643653/; classtype:trojan-activity;sid:84506753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643650)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/171_pacific_endeavour/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643650/; classtype:trojan-activity;sid:84506750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643649)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/559%20-%20mv%20stonington%20eagle%20-power%20international%20cp%20dtd%2022.05.2020%20-%20file%20no.559/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:233; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643649/; classtype:trojan-activity;sid:84506749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643645)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/539%20-%20mv%20pacific%20advance%20-%20power%20international%20-%20cpd%2010%20jan%202020%20-%20file%20no.%20539/charter%20party/proforma%20cp/info.zip"; http_uri; depth:241; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643645/; classtype:trojan-activity;sid:84506745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643646)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/179_transtime_isl/info.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643646/; classtype:trojan-activity;sid:84506746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643647)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/rich%20mark%20bg/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643647/; classtype:trojan-activity;sid:84506747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643648)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/545%20-%20mv%20navios%20ulysses%20-%20power%20international%20-%20cpd%2007.02.2020%20-%20file%20no.%20545/misc%20attachments/info.zip"; http_uri; depth:224; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643648/; classtype:trojan-activity;sid:84506748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643643)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/ocean%20trans%20group/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643643/; classtype:trojan-activity;sid:84506743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643644)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20dalmatia%20g-everbright%20cpd%2031%20march%202016/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643644/; classtype:trojan-activity;sid:84506744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643640)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20cheshire-usl-cpd%2015%20july%202016/charter%20party/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643640/; classtype:trojan-activity;sid:84506740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643641)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20ocean%20pearl%20-%20seapol%20cp%20dtd%2017.07.2019/brokerage%20invoice/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643641/; classtype:trojan-activity;sid:84506741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643642)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20densa%20eagle-shreeji%20global%20cpd%2012%20oct%202018/brokerage%20invoice/info.zip"; http_uri; depth:149; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643642/; classtype:trojan-activity;sid:84506742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643638)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/78_siam-garnet_benemar_29_04_11/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643638/; classtype:trojan-activity;sid:84506738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643639)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20greco%20libero-acct%20vedanta-cpd%2028%20oct%202016/charter%20party/proforma%20cp/info.zip"; http_uri; depth:156; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643639/; classtype:trojan-activity;sid:84506739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643637)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.alaknanda_ncs_070507_016/charter%20parties/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643637/; classtype:trojan-activity;sid:84506737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643633)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20serasih_primeeast_091009_043/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643633/; classtype:trojan-activity;sid:84506733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643634)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20js%20amazon-acct%20psons%20or%20nominee-cpd%2010%20jan%202016/fixture%20note/info.zip"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643634/; classtype:trojan-activity;sid:84506734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643635)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20firm%20offer%20format/isl%20dubai/info.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643635/; classtype:trojan-activity;sid:84506735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643636)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/pending%20cp/sagar%20kanta/info.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643636/; classtype:trojan-activity;sid:84506736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643632)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2014/318_silvia%20glory/info.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643632/; classtype:trojan-activity;sid:84506732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643625)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20dubai%20knight_noble_220109_002/charter%20parties/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643625/; classtype:trojan-activity;sid:84506725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643626)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20carola-acct%20visa-%20cpd%2010%20may%202015/brokerage%20invoice/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643626/; classtype:trojan-activity;sid:84506726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643627)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20firm%20offer%20format/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643627/; classtype:trojan-activity;sid:84506727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643628)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/festive%20email%20templates/info.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643628/; classtype:trojan-activity;sid:84506728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643629)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/552%20-%20mv%20jewel%20of%20shinas%20-%20delta%20cp%20dtd%2014.04.2020%20-%20file%20no.%20552/info.zip"; http_uri; depth:193; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643629/; classtype:trojan-activity;sid:84506729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643630)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20yasa%20ozcan_jaldhi_231009_045/charter%20parties/riders/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643630/; classtype:trojan-activity;sid:84506730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643631)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/unpaid%20brokerage%20list/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643631/; classtype:trojan-activity;sid:84506731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643619)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643619/; classtype:trojan-activity;sid:84506719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643620)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20htc%20alfa-acct%20sudima%20-%20charter%20party%20dated%2026th%20%20november%20-%20fixture%20note/info.zip"; http_uri; depth:171; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643620/; classtype:trojan-activity;sid:84506720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643621)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/561%20-%20mv%20minoan%20glory%20-%20propel%20-%20cp%20dtd%2009.06.2020%20-%20file%20no.%20561/info.zip"; http_uri; depth:193; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643621/; classtype:trojan-activity;sid:84506721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643622)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20magnum%20fortune%20-%20essar%20cpd%2027th%20july%202018/charter%20party/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643622/; classtype:trojan-activity;sid:84506722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643623)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/gbc%20background/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643623/; classtype:trojan-activity;sid:84506723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643624)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20rhodos%20-%20scmc%20cpd%207%20sept%202018/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643624/; classtype:trojan-activity;sid:84506724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643618)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20al%20yasat%20ii%20-%20power%20international%20cpd%2016%20nov%202019/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643618/; classtype:trojan-activity;sid:84506718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643613)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20devprayag_nob_201008_032/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643613/; classtype:trojan-activity;sid:84506713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643614)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20zhehai%20520%20-%20scmc%20-%204th%20shipment/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:150; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643614/; classtype:trojan-activity;sid:84506714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643615)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/222_sea%20wellington/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643615/; classtype:trojan-activity;sid:84506715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643616)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/88_furness_melbourne_raymetals_23_05_11/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643616/; classtype:trojan-activity;sid:84506716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643617)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.uttarkashi_ncs_151007_040/charter%20parties/main%20body/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643617/; classtype:trojan-activity;sid:84506717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643611)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/mumbai%20operations/charter%20parties/2011/mv%20columbia%20--%20constantia/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643611/; classtype:trojan-activity;sid:84506711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643612)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20danceflora%20sw-%20transbulk%20cpd%2013%20july%202018/brokerage%20invoice/info.zip"; http_uri; depth:148; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643612/; classtype:trojan-activity;sid:84506712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643609)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20royal%20samurai%20-propel%2013%20april%202019/brokerage%20invoice/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643609/; classtype:trojan-activity;sid:84506709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643610)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/566%20-%20mv%20vitaspirit%20-%20am%20commodities%20cp%20dtd%2028.07.2020%20-%20file%20no.%20566/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:226; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643610/; classtype:trojan-activity;sid:84506710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643606)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20densa%20eagle%20-%20bagadiya%20cp%20dtd%2013.08.2019/hire%20statements%20or%20freight%20invoices/charts%20pfhs/info.zip"; http_uri; depth:185; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643606/; classtype:trojan-activity;sid:84506706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643607)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/sefira%20pc/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643607/; classtype:trojan-activity;sid:84506707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643608)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20mandarin%20river%20-%20shipment%20no%203/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643608/; classtype:trojan-activity;sid:84506708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643604)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/136_goa_gps/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643604/; classtype:trojan-activity;sid:84506704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643605)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/sharda%20ma/info.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643605/; classtype:trojan-activity;sid:84506705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643603)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/falcon%20shipping/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643603/; classtype:trojan-activity;sid:84506703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643599)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20dubai%20knight_ispat_091008_031/charter%20parties/main%20body/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643599/; classtype:trojan-activity;sid:84506699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643600)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv%20uttarkashi_ncs_151007_040/recap-fixture%20note/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643600/; classtype:trojan-activity;sid:84506700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643601)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/544%20-%20mv%20ksl%20qingyang%20-%20power%20international%20cpd%2004.02.2020%20-%20file%20no.%20544/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:230; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643601/; classtype:trojan-activity;sid:84506701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643602)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.christos_eta_180607_021/charter%20parties/main%20body/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643602/; classtype:trojan-activity;sid:84506702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643598)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20gem%20of%20kilakarai_uniwell_300310_015/charter%20parties/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643598/; classtype:trojan-activity;sid:84506698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643595)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/chinaland%20shipping%20pte%20ltd/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643595/; classtype:trojan-activity;sid:84506695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643596)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/72_kanpur/info.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643596/; classtype:trojan-activity;sid:84506696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643597)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/539%20-%20mv%20pacific%20advance%20-%20power%20international%20-%20cpd%2010%20jan%202020%20-%20file%20no.%20539/brokerage%20invoice/info.zip"; http_uri; depth:231; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643597/; classtype:trojan-activity;sid:84506697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643592)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.jbu%20orient_ispat_121107_047/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643592/; classtype:trojan-activity;sid:84506692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643593)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20htc%20alfa-acct%20sudima%20-%20charter%20party%20dated%2026th%20%20november%20-%20fixture%20note/brokerage%20invoice/info.zip"; http_uri; depth:191; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643593/; classtype:trojan-activity;sid:84506693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643594)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/561%20-%20mv%20minoan%20glory%20-%20propel%20-%20cp%20dtd%2009.06.2020%20-%20file%20no.%20561/brokerage%20invoice/info.zip"; http_uri; depth:213; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643594/; classtype:trojan-activity;sid:84506694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643591)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/noble%20miracle/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643591/; classtype:trojan-activity;sid:84506691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643589)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/kookyang%20bg/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643589/; classtype:trojan-activity;sid:84506689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643590)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20cs%20sonoma-safesea%20cpd%2014%20may%202018/brokerage%20invoice/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643590/; classtype:trojan-activity;sid:84506690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643580)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20yuan%20shun%20hai_nedstar_180610_016/recap-fixture%20note/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643580/; classtype:trojan-activity;sid:84506680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643581)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/549%20-%20mv%20milos%20-%20power%20international%20cp%20dtd%2026.02.2020/info.zip"; http_uri; depth:172; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643581/; classtype:trojan-activity;sid:84506681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643582)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.st.paul_nsi_211107_053/charter%20parties/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643582/; classtype:trojan-activity;sid:84506682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643583)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.prabhu%20parvati_refined%20sucess_270407_015/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643583/; classtype:trojan-activity;sid:84506683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643584)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/scan%20documents/scan%20doc/desert%20hawk%20nd/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643584/; classtype:trojan-activity;sid:84506684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643585)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/100_maharashtra_crossbridge/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643585/; classtype:trojan-activity;sid:84506685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643586)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/168_melos/info.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643586/; classtype:trojan-activity;sid:84506686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643587)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/vessel%20details/tolani%20vssls/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643587/; classtype:trojan-activity;sid:84506687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643588)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20blue%20cat-visa%20cpd%2004%20june%2015/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643588/; classtype:trojan-activity;sid:84506688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643577)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20iran%20yazd_jaldhi_240809_038/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643577/; classtype:trojan-activity;sid:84506677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643578)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20chris%20gr%20-%20scmc%20-%201st%20shipment/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643578/; classtype:trojan-activity;sid:84506678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643579)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20jahan%20moni%20-%20scmc%20-%202nd%20shipment/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:150; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643579/; classtype:trojan-activity;sid:84506679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643576)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/pda%20for%20wci/kandla/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643576/; classtype:trojan-activity;sid:84506676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643571)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/rinl/core%20ship%20offer%20to%20rinl/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643571/; classtype:trojan-activity;sid:84506671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643572)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20anna%20elisabeth%20-%20arihant%20cpd%2019%20feb%2015/charter%20party/proforma%20cp/info.zip"; http_uri; depth:157; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643572/; classtype:trojan-activity;sid:84506672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643573)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv%20rishikesh_ncs_291107_051/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643573/; classtype:trojan-activity;sid:84506673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643574)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20triton%20seahawk%20-%20propel%20shipping%2004%20jan%202019/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:164; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643574/; classtype:trojan-activity;sid:84506674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643575)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20ulcas_jaldhi_240409_016/charter%20parties/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643575/; classtype:trojan-activity;sid:84506675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643567)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20captain%20george%20ii_nedstar_151208_037/fixture%20note/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643567/; classtype:trojan-activity;sid:84506667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643568)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2014/316_magnum_force/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643568/; classtype:trojan-activity;sid:84506668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643569)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20greco%20libero-acct%20vedanta-cpd%2028%20oct%202016/brokerage%20invoice/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643569/; classtype:trojan-activity;sid:84506669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643570)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixture_reports/2012/august/info.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643570/; classtype:trojan-activity;sid:84506670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643564)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20faneromeni%20-%20psons%20-%20cpd%2027%20july%202017/charter%20party/proforma%20cp/info.zip"; http_uri; depth:156; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643564/; classtype:trojan-activity;sid:84506664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643565)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20lok%20maheshwari_nob_050908_027/charter%20parties/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643565/; classtype:trojan-activity;sid:84506665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643566)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643566/; classtype:trojan-activity;sid:84506666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643563)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/gst%20bg/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643563/; classtype:trojan-activity;sid:84506663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643562)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/564%20-%20mv%20banglar%20joyjatra%20-%20martrade%20cp%20dtd%2001.07.2020%20-%20file%20no.%20564/info.zip"; http_uri; depth:195; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643562/; classtype:trojan-activity;sid:84506662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643561)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20chetna%20-%20dhlcp%20dtd%2018%20dec%202015/fixture%20note/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643561/; classtype:trojan-activity;sid:84506661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643559)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/charter%20parties/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643559/; classtype:trojan-activity;sid:84506659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643560)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/charter%20parties%202011/mv%20harmony%20-%20gateway/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643560/; classtype:trojan-activity;sid:84506660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643558)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20papillon_aquavita_230610_017/charter%20parties/main%20body/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643558/; classtype:trojan-activity;sid:84506658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643553)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/552%20-%20mv%20jewel%20of%20shinas%20-%20delta%20cp%20dtd%2014.04.2020%20-%20file%20no.%20552/certificates/info.zip"; http_uri; depth:206; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643553/; classtype:trojan-activity;sid:84506653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643554)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/fixture%20lists/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643554/; classtype:trojan-activity;sid:84506654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643555)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/harmony%20innovation%20fixture%20list%20as%20of%2013%20jun%202011/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643555/; classtype:trojan-activity;sid:84506655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643556)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2013/250_alpine%20trader/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643556/; classtype:trojan-activity;sid:84506656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643557)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20jag%20ratan_bulkmarine_090709_039/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643557/; classtype:trojan-activity;sid:84506657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643551)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20kanpur_trimex_061108_034/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643551/; classtype:trojan-activity;sid:84506651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643552)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20voc%20progress_eta_290509_023/charter%20parties/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643552/; classtype:trojan-activity;sid:84506652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643548)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/ffa/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643548/; classtype:trojan-activity;sid:84506648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643549)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20intrepid-propel-cpd%2018%20august%202016/brokerage%20invoice/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643549/; classtype:trojan-activity;sid:84506649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643550)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.apj%20jad_nob_300807_032/charter%20parties/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643550/; classtype:trojan-activity;sid:84506650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643547)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/mallikarjun-profile/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643547/; classtype:trojan-activity;sid:84506647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643540)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20vinay-caravel%20cpd%2020%20april%202016/charter%20party/corrections%20to%20cp%20from%20owns/info.zip"; http_uri; depth:175; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643540/; classtype:trojan-activity;sid:84506640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643541)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/renju/smartek/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643541/; classtype:trojan-activity;sid:84506641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643542)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20frontier%20angel_eta_201108/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643542/; classtype:trojan-activity;sid:84506642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643543)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv%20spar%20scorpio_ispat_261007_043/charter%20parties/main%20body/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643543/; classtype:trojan-activity;sid:84506643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643544)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20privmed%20-%20visa%20cpd%2012%20april%202016/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643544/; classtype:trojan-activity;sid:84506644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643545)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20qatar%20spirit%20-%20xianglong%20cpd%2020%20sep%202018/brokerage%20invoice/info.zip"; http_uri; depth:149; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643545/; classtype:trojan-activity;sid:84506645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643546)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20mp%20panamax%204-jeirui%20cpd%206%20aug%202018/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:152; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643546/; classtype:trojan-activity;sid:84506646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643536)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.mp%20panamax%201_nob_240707_028/charter%20parties/main%20body/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643536/; classtype:trojan-activity;sid:84506636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643537)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/ss%20international%20shipping/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643537/; classtype:trojan-activity;sid:84506637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643538)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/seafreight%20bg/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643538/; classtype:trojan-activity;sid:84506638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643539)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20maithili%20-%20essar%20cp%20dtd%2007.09.2019/ltc/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643539/; classtype:trojan-activity;sid:84506639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643535)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20port%20estoril%20-%20scmc-%20cpd%2026%20oct%202018/charter%20party/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643535/; classtype:trojan-activity;sid:84506635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643531)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20firm%20offer%20format/brpl/info.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643531/; classtype:trojan-activity;sid:84506631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643532)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/mayank/outlook/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643532/; classtype:trojan-activity;sid:84506632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643533)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.dubai%20energy_noble_100508_001/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643533/; classtype:trojan-activity;sid:84506633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643534)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/ocean%20wide%20services/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643534/; classtype:trojan-activity;sid:84506634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643528)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2013/249_evnia_shree%20coal/working%20cp/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643528/; classtype:trojan-activity;sid:84506628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643529)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20mekong-ss%20international-cpd%2027%20august%202016/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643529/; classtype:trojan-activity;sid:84506629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643530)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/192_abdullah/working%20copy/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643530/; classtype:trojan-activity;sid:84506630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643523)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20union%20explorer%20-%20isl%20cp%20dtd%2002%20may%202019/hire%20statements%20or%20freight%20invoices/info.zip"; http_uri; depth:174; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643523/; classtype:trojan-activity;sid:84506623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643524)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.mandakini_noble_030408_007/charter%20parties/info.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643524/; classtype:trojan-activity;sid:84506624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643525)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/eta/weather%20news/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643525/; classtype:trojan-activity;sid:84506625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643526)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20flag%20gangos%20-%20lss%20cpd%2030%20may%202015/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643526/; classtype:trojan-activity;sid:84506626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643527)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20chris%20gr%20-%20scmc%20-%201st%20shipment/brokerage%20invoice/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643527/; classtype:trojan-activity;sid:84506627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643520)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/tranvast%20marine%20bg-fixture/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643520/; classtype:trojan-activity;sid:84506620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643521)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/charter%20parties/mv%20achilleas-eta%20dubai/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643521/; classtype:trojan-activity;sid:84506621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643522)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20zengjun-everbright/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643522/; classtype:trojan-activity;sid:84506622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643516)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20blue%20cat-visa%20cpd%2004%20june%2015/charter%20party/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643516/; classtype:trojan-activity;sid:84506616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643517)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/152_serasih%202_sw%20shipping/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643517/; classtype:trojan-activity;sid:84506617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643518)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv%20uttarkashi_ncs_151007_040/charter%20parties/info.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643518/; classtype:trojan-activity;sid:84506618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643519)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20captainyannis%20l%20-%20saraogi%20udyog%20-%20cpd%2027%20september%202016/brokerage%20invoice/info.zip"; http_uri; depth:168; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643519/; classtype:trojan-activity;sid:84506619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643515)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20uni%20auc%20one-integrity%20bulk%20cpd%2013%20feb%202018/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643515/; classtype:trojan-activity;sid:84506615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643514)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20vinay-acct%20lss-%20cpd%2013%20jan%202017/charter%20party/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643514/; classtype:trojan-activity;sid:84506614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643512)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20jbu%20orient_sinoway_290110_009/charter%20parties/main%20body/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643512/; classtype:trojan-activity;sid:84506612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643513)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20nidhi-acct%20propel-cpd%2021%20oct%202016/documents/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643513/; classtype:trojan-activity;sid:84506613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643508)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.mp%20panamax%201_nob_240707_028/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643508/; classtype:trojan-activity;sid:84506608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643509)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20pataliputra_noble_290808_025/recap%20-%20fixture%20notes/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643509/; classtype:trojan-activity;sid:84506609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643510)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixture_reports/2013/march/info.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643510/; classtype:trojan-activity;sid:84506610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643511)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20anna%20elizabeth-ss%20intl-cpd%2017%20dec%202016/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643511/; classtype:trojan-activity;sid:84506611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643506)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vega%20mars-propel%20cpd%2018-jan-2016/brokerage%20invoice/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643506/; classtype:trojan-activity;sid:84506606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643507)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20cemtex%20orient_kispl_311208_038/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643507/; classtype:trojan-activity;sid:84506607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643504)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20ken%20orchid-propel-cpd%2027%20august%202016/charter%20party/proforma%20cp/info.zip"; http_uri; depth:149; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643504/; classtype:trojan-activity;sid:84506604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643505)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2013/303_mv%20norvic%20tbn%20-ktp/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643505/; classtype:trojan-activity;sid:84506605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643502)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20chris%20gr%20-%20scmc%20-%201st%20shipment/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:148; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643502/; classtype:trojan-activity;sid:84506602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643503)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/bigor%20ltd/info.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643503/; classtype:trojan-activity;sid:84506603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643501)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20spinel%20-%20seapol%20cp%20dtd%2004%20july%202019/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643501/; classtype:trojan-activity;sid:84506601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643496)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20evangelia%20m%20-rashmi-cpd%2012%20june%202017/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643496/; classtype:trojan-activity;sid:84506596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643497)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20theoskepasti%20-%20primarina%20cpd%2025%20august%202015/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643497/; classtype:trojan-activity;sid:84506597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643498)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/prime%20east/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643498/; classtype:trojan-activity;sid:84506598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643499)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/simtra%20bg/info.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643499/; classtype:trojan-activity;sid:84506599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643500)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20firm%20offer%20format/rashmi%20metaliks/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643500/; classtype:trojan-activity;sid:84506600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643495)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20uday-acct%20caravel%20-%20cpd%2003%20jul%202015/charter%20party/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643495/; classtype:trojan-activity;sid:84506595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643492)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/scan%20documents/scan%20doc/arya%20marine/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643492/; classtype:trojan-activity;sid:84506592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643493)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/gencon%20cp%20(wam_mspl%20coa)/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643493/; classtype:trojan-activity;sid:84506593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643494)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.bulk%20saturn_eta_141107_048/commission%20invoices/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643494/; classtype:trojan-activity;sid:84506594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643487)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20zhehai%20520%20-%20scmc%20-%204th%20shipment/hire%20statements%20or%20freight%20invoices/info.zip"; http_uri; depth:163; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643487/; classtype:trojan-activity;sid:84506587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643488)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/psons%20bg/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643488/; classtype:trojan-activity;sid:84506588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643489)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/81_iyo_wind_ssoe_29_04_2011/working_copy/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643489/; classtype:trojan-activity;sid:84506589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643490)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/547%20-%20mv%20rowan%202%20-%20scmc%20-%20cpdtd%2019.02.2020%20-%20file%20no.%20547/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:214; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643490/; classtype:trojan-activity;sid:84506590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643491)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/83_haowang_synergy_05_05_2011/misc_docs/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643491/; classtype:trojan-activity;sid:84506591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643485)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20densa%20eagle-shreeji%20global%20cpd%2012%20oct%202018/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643485/; classtype:trojan-activity;sid:84506585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643486)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/harmony%20innovation/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643486/; classtype:trojan-activity;sid:84506586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643484)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20bda%20tbn%20-%20acct%20hc%20trading-%2006%20oct%202016/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:170; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643484/; classtype:trojan-activity;sid:84506584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643481)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20norvic%20tbn(mv%20ionic%20storm)%20-%20lss%20cpd%2025%20april%202016/brokerage%20invoice/info.zip"; http_uri; depth:163; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643481/; classtype:trojan-activity;sid:84506581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643482)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20goldenroad_lucky%20cements_%20270310_014/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643482/; classtype:trojan-activity;sid:84506582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643483)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643483/; classtype:trojan-activity;sid:84506583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643477)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20apj%20suryavir_seafreight_080509_018/charter%20parties/riders/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643477/; classtype:trojan-activity;sid:84506577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643478)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/spur%20shipping/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643478/; classtype:trojan-activity;sid:84506578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643479)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/gp/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643479/; classtype:trojan-activity;sid:84506579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643480)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/sefira%20pc/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643480/; classtype:trojan-activity;sid:84506580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643475)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202006/mv%20china%20trader_eta_020806_032/charter%20parties/riders/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643475/; classtype:trojan-activity;sid:84506575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643476)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20talisman_ispat_230508_019/charter%20parties/riders/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643476/; classtype:trojan-activity;sid:84506576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643473)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20rainbow%20quest-propel%20shipping-cpd%2017%20oct%202016/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643473/; classtype:trojan-activity;sid:84506573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643474)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/coupleocean%20background/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643474/; classtype:trojan-activity;sid:84506574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643467)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20rosita%20-vedanta%20-%20cpd%2030%20aug%202018/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643467/; classtype:trojan-activity;sid:84506567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643468)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/renju/bulk%20carriers/info.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643468/; classtype:trojan-activity;sid:84506568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643469)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20harmony%20tbn%20(mv%20angelina%20the%20great%20n%20)%20-%20smal%20-%20cp%20dated%2020th%20nov%2015/brokerage%20invoice/info.zip"; http_uri; depth:193; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643469/; classtype:trojan-activity;sid:84506569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643470)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/eastar%20shipping/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643470/; classtype:trojan-activity;sid:84506570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643471)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.dubai%20crown_ispat_300607_024/notices/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643471/; classtype:trojan-activity;sid:84506571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643472)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20rainbow%20quest-propel%20shipping-cpd%2017%20oct%202016/brokerage%20invoice/info.zip"; http_uri; depth:150; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643472/; classtype:trojan-activity;sid:84506572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643466)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/rashmi%20fixture%20list/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643466/; classtype:trojan-activity;sid:84506566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643465)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/91_marine_king_vba_24_05_11/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643465/; classtype:trojan-activity;sid:84506565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643463)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20theometor-%20everbright%20cpd%2010%20feb%2016/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643463/; classtype:trojan-activity;sid:84506563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643464)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20haci%20ali%20sari%20-%20torq%20-%20cp%20dtd%2021.08.2019/brokerage%20invoice/info.zip"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643464/; classtype:trojan-activity;sid:84506564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643461)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20anand-acct%20guodian-cpd%2007%20march%202017/fixture%20note/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643461/; classtype:trojan-activity;sid:84506561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643462)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20densa%20jaguar%20-%20saraogi%20cpd%206th%20feb%202019/charter%20party/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643462/; classtype:trojan-activity;sid:84506562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643459)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.yangtze%20river_wamopl_161007_041/charter%20parties/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643459/; classtype:trojan-activity;sid:84506559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643460)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv%20uttarkashi_nob_310707_029/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643460/; classtype:trojan-activity;sid:84506560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643458)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/operations%20and%20post%20fixture/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643458/; classtype:trojan-activity;sid:84506558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643456)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20cs%20brave%20(mv%20devongate%20)-acct%20aegis%20overseas%20ltd%20or%20nominee-cpd%2024%20november%202016/charter%20party/proforma%20cp/info.zip"; http_uri; depth:209; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643456/; classtype:trojan-activity;sid:84506556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643457)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/amber%20background/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643457/; classtype:trojan-activity;sid:84506557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643453)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20panoria%20-%20visa%20cpd%2025%20aug%202017/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643453/; classtype:trojan-activity;sid:84506553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643454)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/charter%20parties/mv%20ocean%20grace%20-%20snergy/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643454/; classtype:trojan-activity;sid:84506554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643455)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/vessel%20details/havi/info.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643455/; classtype:trojan-activity;sid:84506555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643452)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20pola%20muron-%20essar%20cpd%2010%20may%202018/brokerage%20invoice/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643452/; classtype:trojan-activity;sid:84506552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643450)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/556%20-%20mv%20top%20fair%20-%20scmc%20cp%20%20dtd%2007.05.2020%20-%20file%20no.%20556/certificates/info.zip"; http_uri; depth:199; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643450/; classtype:trojan-activity;sid:84506550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643451)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20atlantic%20diana-propel%20pcd%209july%202018/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:160; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643451/; classtype:trojan-activity;sid:84506551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643448)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20hay_bulk%20marine_180808_024/charter%20parties/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643448/; classtype:trojan-activity;sid:84506548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643449)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/188_vishva_prerna/info.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643449/; classtype:trojan-activity;sid:84506549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643445)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20firm%20offer%20format/maheshwari%20bros/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643445/; classtype:trojan-activity;sid:84506545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643446)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20densa%20panther-surya%20exim%20cpd%2022%20oct%202015/fixture%20note/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643446/; classtype:trojan-activity;sid:84506546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643447)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20pistis%20-%20visa%20cpd%2015%20march%202016/fixture%20note/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643447/; classtype:trojan-activity;sid:84506547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643444)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20transpower%20tbn%20-%20jsw%20steel%20cpd%2017%20march%202016/charter%20party/info.zip"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643444/; classtype:trojan-activity;sid:84506544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643443)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.alaknanda_ncs_070507_16/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643443/; classtype:trojan-activity;sid:84506543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643440)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20sandpiper%20-%20scmc%20-%20cpd%2028%20october%202019/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643440/; classtype:trojan-activity;sid:84506540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643441)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20bk%20alice-simtra-cpd%2009%20dec%202016/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:155; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643441/; classtype:trojan-activity;sid:84506541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643442)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20gem%20of%20haldia_noble_191109_048/info.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643442/; classtype:trojan-activity;sid:84506542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643433)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20great%20rich-mcs%20cpd%2031-7-15/brokerage%20invoice/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643433/; classtype:trojan-activity;sid:84506533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643434)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/scan%20documents/scan%20doc/bpl%20bill/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643434/; classtype:trojan-activity;sid:84506534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643435)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/charter%20parties/mv%20vien%20dong%205/vsl%20certs/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643435/; classtype:trojan-activity;sid:84506535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643436)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20prabhu%20gopal%20-%20acct%20usl-%20cpd%2027%20july%202017/prabhu%20gopal%20certificates/info.zip"; http_uri; depth:162; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643436/; classtype:trojan-activity;sid:84506536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643437)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/542%20-%20mv%20dessert%20spring%20-%20power%20international%20-%20cpd%2030.01.2020%20-%20file%20no.%20542/charter%20party/info.zip"; http_uri; depth:221; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643437/; classtype:trojan-activity;sid:84506537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643438)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20cs%20sonoma-safesea%20cpd%2014%20may%202018/charter%20party/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643438/; classtype:trojan-activity;sid:84506538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643439)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2013/271_spar%20taurus/info.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643439/; classtype:trojan-activity;sid:84506539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643430)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20lok%20rajeshwari_stxpanocean_040209_007/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643430/; classtype:trojan-activity;sid:84506530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643431)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/scan%20documents/scan%20doc/mv%20chimes%20-%20fixture%20recap/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643431/; classtype:trojan-activity;sid:84506531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643432)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20jahan%20moni%20-%20scmc%20-%202nd%20shipment/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643432/; classtype:trojan-activity;sid:84506532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643429)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20densa%20cougar-%20bostomar%20cpd%207%20june%202018/brokerage%20invoice/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643429/; classtype:trojan-activity;sid:84506529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643425)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20hai%20qing%20-%20lss%20cpd%2029%20june%202015/charter%20party/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643425/; classtype:trojan-activity;sid:84506525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643426)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.alaknanda_nob_140208_003/recap-fixture%20notes/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643426/; classtype:trojan-activity;sid:84506526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643427)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/sefira%20pc/fixture%20note%20and%20recaps/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643427/; classtype:trojan-activity;sid:84506527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643428)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20talisman_ispat_230508_019/charter%20parties/info.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643428/; classtype:trojan-activity;sid:84506528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643422)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/imsbc%20code/info.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643422/; classtype:trojan-activity;sid:84506522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643423)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/charter%20parties/mv%20rosita/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643423/; classtype:trojan-activity;sid:84506523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643424)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20uttarkashi_nob_250208_005/recap-fixture%20note/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643424/; classtype:trojan-activity;sid:84506524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643421)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20genco%20auvergne-acct%20rashmi%20-%20cpd%2018%20august%202017/charter%20party/proforma%20cp/info.zip"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643421/; classtype:trojan-activity;sid:84506521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643419)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20sanko%20king_bulkmarine_040209_013/charter%20parties/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643419/; classtype:trojan-activity;sid:84506519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643420)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20zsq%20star_eta_071309_030/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643420/; classtype:trojan-activity;sid:84506520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643418)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.evnia_wamopl_200308_006/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643418/; classtype:trojan-activity;sid:84506518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643415)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20jabal%20shams%20-%20oman%20ship%20-%20cpd%2023.11.2019/misc%20attachments/info.zip"; http_uri; depth:148; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643415/; classtype:trojan-activity;sid:84506515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643416)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20voc%20progress_eta_290509_023/charter%20parties/riders/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643416/; classtype:trojan-activity;sid:84506516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643417)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/desktop/aryacorp/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643417/; classtype:trojan-activity;sid:84506517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643414)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/template%20folders/charter%20party/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643414/; classtype:trojan-activity;sid:84506514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643411)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/550%20-%20mv%20pan%20crocus%20-%20scmc%20cp%20dtd%2026.02.2020%20-%20file%20no.%20550/hire%20statements%20or%20freight%20invoices/info.zip"; http_uri; depth:229; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643411/; classtype:trojan-activity;sid:84506511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643412)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/heidelberg%20cement/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643412/; classtype:trojan-activity;sid:84506512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643413)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.hardwar_ncs_020807_030/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643413/; classtype:trojan-activity;sid:84506513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643409)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20super%20star_prime%20east_171209_051/charter%20parties/main%20body/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643409/; classtype:trojan-activity;sid:84506509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643410)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202006/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643410/; classtype:trojan-activity;sid:84506510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643407)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20vijeta-%20smitra%20-%20cpd%2004%20june%2015/charter%20party/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643407/; classtype:trojan-activity;sid:84506507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643408)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/pending%20cp/centrans%20hermes%20-%20kyori/info.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643408/; classtype:trojan-activity;sid:84506508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643406)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20haci%20ali%20sari%20-%20torq%20-%20cp%20dtd%2021.08.2019/attachements/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643406/; classtype:trojan-activity;sid:84506506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643401)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20dn%20millet-surya%20exim-cpd%2010%20feb%202017/charter%20party/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643401/; classtype:trojan-activity;sid:84506501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643402)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20ocean%20hope%20-%20propelshipping%20cpd%2019%20nov%202015/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643402/; classtype:trojan-activity;sid:84506502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643403)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20pataliputra_nob_100309_010/charter%20parties/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643403/; classtype:trojan-activity;sid:84506503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643404)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20diksha%20-%20siva%20bulk%20-%20cpd%2001%20august%202012/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643404/; classtype:trojan-activity;sid:84506504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643405)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/osho%20presentation/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643405/; classtype:trojan-activity;sid:84506505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643396)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20oriental%20angel%20-%20gagan%20coal%20cpd%2004%20jan%202019/certificates/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643396/; classtype:trojan-activity;sid:84506496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643397)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20desert%20hawk_nedstar_101108_035/charter%20parties/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643397/; classtype:trojan-activity;sid:84506497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643398)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/119_agi_110811/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643398/; classtype:trojan-activity;sid:84506498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643399)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.apj%20jad_ssoe_050607_020/hire%20statements/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643399/; classtype:trojan-activity;sid:84506499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643400)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20apj%20jai%20-%20visa%20bulk%20-%20cpd%2016%20april%202016/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:173; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643400/; classtype:trojan-activity;sid:84506500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643392)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/circulation%20list/info.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643392/; classtype:trojan-activity;sid:84506492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643393)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/seafront%20marine/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643393/; classtype:trojan-activity;sid:84506493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643394)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.prabhu%20parvati_refined%20sucess_270407_015/info.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643394/; classtype:trojan-activity;sid:84506494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643395)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20maharashtra%20%20acct%20crossbridge%20cpd%2024%20june%202011/charter%20party/info.zip"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643395/; classtype:trojan-activity;sid:84506495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643390)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/546%20-%20mv%20oktem%20aksoy%20-%20scmc%20-%20cpd%2018.02.2020%20-%20file%20no.%20546/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:216; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643390/; classtype:trojan-activity;sid:84506490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643391)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20gem%20of%20haldia_noble_191109_048/charter%20parties/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643391/; classtype:trojan-activity;sid:84506491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643389)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2010/39_cebu_star_jaldhi_14_10_10/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643389/; classtype:trojan-activity;sid:84506489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643387)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20sinin_ssoe_030210_010/charter%20parties/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643387/; classtype:trojan-activity;sid:84506487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643388)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20papillon_aquavita_230610_017/charter%20parties/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643388/; classtype:trojan-activity;sid:84506488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643385)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20fanoula_crossbridge_201109_049/charter%20parties/main%20body/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643385/; classtype:trojan-activity;sid:84506485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643386)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20kang%20yao_jaldhi_220109_003/charter%20parties/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643386/; classtype:trojan-activity;sid:84506486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643382)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20maithili%20-%20essar%20cp%20dtd%2007.09.2019/charter%20party/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643382/; classtype:trojan-activity;sid:84506482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643383)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/540%20-%20mv%20stove%20friend%20-%20scmc%20-%20cpdd%2013.01.2020%20-%20file%20no.%20540/hire%20statements%20or%20freight%20invoices/info.zip"; http_uri; depth:231; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643383/; classtype:trojan-activity;sid:84506483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643384)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/jaldhi%20overseas%20background/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643384/; classtype:trojan-activity;sid:84506484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643379)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20densa%20eagle%20-%20bagadiya%20cp%20dtd%2013.08.2019/hire%20statements%20or%20freight%20invoices/info.zip"; http_uri; depth:171; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643379/; classtype:trojan-activity;sid:84506479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643380)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2013/291_pacific%20pioneer/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643380/; classtype:trojan-activity;sid:84506480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643381)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20apostolos%20ii%20-%20indo%20international%20cpd%2012%20march%202018/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643381/; classtype:trojan-activity;sid:84506481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643378)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20jbu%20orient_crossbridge_080110_002/charter%20parties/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643378/; classtype:trojan-activity;sid:84506478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643375)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.prabhu%20mihika_refined%20sucess_270407_015/charter%20parties/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643375/; classtype:trojan-activity;sid:84506475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643376)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/nsel/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643376/; classtype:trojan-activity;sid:84506476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643377)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv%20uttarkashi_nob_310707_029/charter%20parties/main%20body/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643377/; classtype:trojan-activity;sid:84506477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643374)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20ocean%20hope%20-%20propelshipping%20cpd%2019%20nov%202015/charter%20party/info.zip"; http_uri; depth:148; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643374/; classtype:trojan-activity;sid:84506474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643372)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20margrave_nedstar_190109_001/recap%20-%20fixture%20note/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643372/; classtype:trojan-activity;sid:84506472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643373)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.hardwar_ncs_020807_030/charter%20parties/main%20body/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643373/; classtype:trojan-activity;sid:84506473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643371)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/555%20-%20mv%20pacific%20advance%20-%20isl%20cp%20dtd%2028.04.2020%20-%20file%20no.%20555/hire%20statements%20or%20freight%20invoices/info.zip"; http_uri; depth:233; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643371/; classtype:trojan-activity;sid:84506471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643369)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/charter%20parties/mv%20agios%20nektarios/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643369/; classtype:trojan-activity;sid:84506469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643370)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20cs%20sonoma-safesea%20cpd%2014%20may%202018/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:149; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643370/; classtype:trojan-activity;sid:84506470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643367)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/operations%20and%20post%20fixture/operations%20timeline%20format/info.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643367/; classtype:trojan-activity;sid:84506467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643368)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20goa_china%20national_140110_004/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643368/; classtype:trojan-activity;sid:84506468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643365)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/bulk%20union/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643365/; classtype:trojan-activity;sid:84506465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643366)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20ulcas_jaldhi_151009_044/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643366/; classtype:trojan-activity;sid:84506466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643364)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/synergy%20resources/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643364/; classtype:trojan-activity;sid:84506464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643360)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/company%20letters%20to%20employees/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643360/; classtype:trojan-activity;sid:84506460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643361)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20falcon%20triumph%20-%20additional%20shipment/charter%20party/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643361/; classtype:trojan-activity;sid:84506461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643362)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/552%20-%20mv%20jewel%20of%20shinas%20-%20delta%20cp%20dtd%2014.04.2020%20-%20file%20no.%20552/misc%20attachments/info.zip"; http_uri; depth:212; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643362/; classtype:trojan-activity;sid:84506462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643363)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20symphony-acct%20propel%20-%20cpd%2008%20november%202016/brokerage%20invoice/info.zip"; http_uri; depth:150; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643363/; classtype:trojan-activity;sid:84506463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643358)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/rahul%20kapoor/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643358/; classtype:trojan-activity;sid:84506458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643359)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.devprayag_noble_180408_009/recap-fixture%20notes/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643359/; classtype:trojan-activity;sid:84506459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643355)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/visa%20bulk%20shipping/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643355/; classtype:trojan-activity;sid:84506455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643356)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/jaldhi%20bothra-bg/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643356/; classtype:trojan-activity;sid:84506456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643357)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jan%202009%20to%20jul%202009/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643357/; classtype:trojan-activity;sid:84506457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643349)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20mp%20panamax%204-jeirui%20cpd%206%20aug%202018/brokerage%20invoice/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643349/; classtype:trojan-activity;sid:84506449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643350)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.marigold_seafreight_3000408_015/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643350/; classtype:trojan-activity;sid:84506450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643351)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20limas-%20simtra%20cpd%2010%20june%202015/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643351/; classtype:trojan-activity;sid:84506451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643352)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20magnum%20fortune%20-%20essar%20cpd%2027th%20july%202018/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:171; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643352/; classtype:trojan-activity;sid:84506452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643353)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20lok%20rajeshwari_noble_140110_005/charter%20parties/riders/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643353/; classtype:trojan-activity;sid:84506453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643354)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/551%20-%20mv%20eships%20dugon%20-%20arcelormittal%20cp%20dtd%20%2026.02.2020%20-%20file%20no.%20551/vessel%20desc/info.zip"; http_uri; depth:213; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643354/; classtype:trojan-activity;sid:84506454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643345)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20mandarin%20river%20-%20shipment%20no%203/charter%20party/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643345/; classtype:trojan-activity;sid:84506445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643346)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20devprayag_nob_201008_032/charter%20parties/info.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643346/; classtype:trojan-activity;sid:84506446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643347)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/tony/my%20data%20sources/info.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643347/; classtype:trojan-activity;sid:84506447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643348)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/renju/renju_company_directory_/final/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643348/; classtype:trojan-activity;sid:84506448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643343)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20apj%20jai%20-%20visa%20bulk%20-%20cpd%2016%20april%202016/brokerage%20invoice/info.zip"; http_uri; depth:152; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643343/; classtype:trojan-activity;sid:84506443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643344)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20unity%20spirit-acct%20propel-cpd%2024%20jan%202017/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643344/; classtype:trojan-activity;sid:84506444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643339)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20mandarin%20fortune_wbc_160209_009/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643339/; classtype:trojan-activity;sid:84506439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643340)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20evnia%20-%20essar%20cp%20dted%2005%20april%202019/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643340/; classtype:trojan-activity;sid:84506440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643341)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20great%20rich-mcs%20cpd%2031-7-15/info.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643341/; classtype:trojan-activity;sid:84506441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643342)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/charter%20parties%202011/mv%20harmony%20-%20synergy%20feb%202011/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643342/; classtype:trojan-activity;sid:84506442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643337)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/daily%20menu/daily%20direct%20tonnage/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643337/; classtype:trojan-activity;sid:84506437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643338)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/541%20-%20mv%20great%20amity%20-%20isl%20-%20cpd%2030%20jan%202020%20-%20file%20no.%20541/hire%20statements%20or%20freight%20invoices/info.zip"; http_uri; depth:233; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643338/; classtype:trojan-activity;sid:84506438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643335)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20triton%20seahawk%20-%20propel%20shipping%2004%20jan%202019/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643335/; classtype:trojan-activity;sid:84506435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643336)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20talisman_ispat_230508_019/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643336/; classtype:trojan-activity;sid:84506436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643333)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/scan%20documents/scan%20doc/reena%20khair%20afidevit/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643333/; classtype:trojan-activity;sid:84506433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643334)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20bao%20success_ispahia_161109_047/charter%20parties/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643334/; classtype:trojan-activity;sid:84506434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643331)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20dubai%20guardian_ispat_131108_036/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643331/; classtype:trojan-activity;sid:84506431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643332)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/charter%20parties%202011/mv%20ocean%20president/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643332/; classtype:trojan-activity;sid:84506432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643327)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.hardwar_ncs_020807_030/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643327/; classtype:trojan-activity;sid:84506427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643328)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/china%20shipping%20development%20co/info.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643328/; classtype:trojan-activity;sid:84506428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643329)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.bonasia_ispat_090707_025/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643329/; classtype:trojan-activity;sid:84506429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643330)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20dubai%20knight_ispat_091008_031/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643330/; classtype:trojan-activity;sid:84506430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643325)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20four%20shinano_ispat_110708_022/charter%20parties/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643325/; classtype:trojan-activity;sid:84506425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643326)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/cmc%20profile/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643326/; classtype:trojan-activity;sid:84506426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643323)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/charter%20parties/mv%20oxygen/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643323/; classtype:trojan-activity;sid:84506423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643324)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.ocean%20predator_ispat_080907_033/charter%20parties/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643324/; classtype:trojan-activity;sid:84506424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643320)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20desert%20hawk_nedstar_101108_035/charter%20parties/main%20body/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643320/; classtype:trojan-activity;sid:84506420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643321)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20vinay-caravel%20cpd%2020%20april%202016/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643321/; classtype:trojan-activity;sid:84506421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643322)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20panoria%20-%20visa%20cpd%2025%20aug%202017/charter%20party/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643322/; classtype:trojan-activity;sid:84506422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643319)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20cs%20brave%20(mv%20devongate%20)-acct%20aegis%20overseas%20ltd%20or%20nominee-cpd%2024%20november%202016/statment%20of%20fact/info.zip"; http_uri; depth:200; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643319/; classtype:trojan-activity;sid:84506419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643317)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20donghae-acct%20bulk%20marine%20cpd%2014%20nov%202016/charter%20party/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643317/; classtype:trojan-activity;sid:84506417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643318)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.gem%20of%20aqaba_daewoo_300408_013/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643318/; classtype:trojan-activity;sid:84506418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643315)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20chetna%20-%20dhlcp%20dtd%2018%20dec%202015/charter%20party/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643315/; classtype:trojan-activity;sid:84506415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643316)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/charter%20parties/mv%20maritime%20harmony/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643316/; classtype:trojan-activity;sid:84506416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643313)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/scan%20documents/scan%20doc/gini%20contraction/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643313/; classtype:trojan-activity;sid:84506413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643314)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.barcelona%20bright_metchart_3000408_014/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643314/; classtype:trojan-activity;sid:84506414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643310)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/crossbridge_unity%20coa%20dtd%209th%20feb%202010/main%20body/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643310/; classtype:trojan-activity;sid:84506410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643311)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20vinay-caravel%20cpd%2020%20april%202016/fixture%20note/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643311/; classtype:trojan-activity;sid:84506411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643312)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20pola%20ladoga-essar%20cpd%2029th%20may%202018/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643312/; classtype:trojan-activity;sid:84506412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643307)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20dubai%20knight_ispat_091008_031/charter%20parties/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643307/; classtype:trojan-activity;sid:84506407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643308)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/555%20-%20mv%20pacific%20advance%20-%20isl%20cp%20dtd%2028.04.2020%20-%20file%20no.%20555/info.zip"; http_uri; depth:189; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643308/; classtype:trojan-activity;sid:84506408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643309)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/hind%20energy%20and%20coal%20benefication(india)%20ltd/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643309/; classtype:trojan-activity;sid:84506409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643302)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20jahan%20moni%20-%20scmc%20-%202nd%20shipment/brokerage%20invoice/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643302/; classtype:trojan-activity;sid:84506402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643303)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20polyworld%20-%20scmc%20cpd%2018th%20jan%202019/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643303/; classtype:trojan-activity;sid:84506403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643304)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.spar%20lynx_bspl_021107_045/charter%20parties/main%20body/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643304/; classtype:trojan-activity;sid:84506404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643305)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20ocean%20hope%20-%20propelshipping%20cpd%2019%20nov%202015/brokerage%20invoice/info.zip"; http_uri; depth:152; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643305/; classtype:trojan-activity;sid:84506405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643306)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2013/konstantinos/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643306/; classtype:trojan-activity;sid:84506406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643301)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/kineta/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643301/; classtype:trojan-activity;sid:84506401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643299)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/97_kang_ning_uiipl/info.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643299/; classtype:trojan-activity;sid:84506399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643300)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20infinity%20v-magnifico%20cpd%2013%20aug%202018/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:162; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643300/; classtype:trojan-activity;sid:84506400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643298)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/mumbai%20operations/charter%20parties/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643298/; classtype:trojan-activity;sid:84506398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643296)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/sigma%20shipping%20inc/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643296/; classtype:trojan-activity;sid:84506396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643297)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/aegis%20background/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643297/; classtype:trojan-activity;sid:84506397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643290)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/543%20-%20mv%20dessert%20spring%20-%20isl%20-%20cpd%2004.02.2020%20-%20file%20no.%20543/info.zip"; http_uri; depth:187; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643290/; classtype:trojan-activity;sid:84506390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643291)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/prime%20east%20shipping%20ltd/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643291/; classtype:trojan-activity;sid:84506391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643292)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/shinyang%20nf%20shipping%20ltd/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643292/; classtype:trojan-activity;sid:84506392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643293)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/63_ocean_president_crossbridge_01_02_11/working_copy/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643293/; classtype:trojan-activity;sid:84506393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643294)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/212_apj%20kais/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643294/; classtype:trojan-activity;sid:84506394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643295)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/noor%20enterprise_unity%20cp%20dtd%2015th%20apr%202010/main%20body/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643295/; classtype:trojan-activity;sid:84506395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643289)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20magnum%20fortune%20-%20essar%20cpd%2027th%20july%202018/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643289/; classtype:trojan-activity;sid:84506389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643285)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/pending%20sci%20brokerage%20invoices/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643285/; classtype:trojan-activity;sid:84506385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643286)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/empros%20line%20background/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643286/; classtype:trojan-activity;sid:84506386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643287)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20fuat%20bey%20-%20acct%20transbulk-cpd%2008%20august%202017/charter%20party/proforma%20cp/info.zip"; http_uri; depth:163; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643287/; classtype:trojan-activity;sid:84506387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643288)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.marigold_seafreight_3000408_015/charter%20parties/main%20body/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643288/; classtype:trojan-activity;sid:84506388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643281)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20malhar%20-%20hmm%20cpd%2006%20june%202013/charter%20party/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643281/; classtype:trojan-activity;sid:84506381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643282)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20prabhu%20gopal%20-%20acct%20usl-%20cpd%2027%20july%202017/bills%20of%20lading/info.zip"; http_uri; depth:152; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643282/; classtype:trojan-activity;sid:84506382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643283)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20global%20harmony%20-%20acct%20sul%20-%20cpd%2011%20march%202017/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643283/; classtype:trojan-activity;sid:84506383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643284)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/187_tennei%20maru_gst/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643284/; classtype:trojan-activity;sid:84506384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643279)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20limas-%20simtra%20cpd%2010%20june%202015/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:156; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643279/; classtype:trojan-activity;sid:84506379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643280)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.alaknanda_nob_140208_003/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643280/; classtype:trojan-activity;sid:84506380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643276)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/forms/info.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643276/; classtype:trojan-activity;sid:84506376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643277)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20harmony%20tbn%20(mv%20angelina%20the%20great%20n%20)%20-%20smal%20-%20cp%20dated%2020th%20nov%2015/charter%20party/scanned%20copy%20of%20executed%20cp/info.zip"; http_uri; depth:225; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643277/; classtype:trojan-activity;sid:84506377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643278)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/siddharth/scan%20doc/passport/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643278/; classtype:trojan-activity;sid:84506378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643273)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20firm%20offer%20format/thriveni/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643273/; classtype:trojan-activity;sid:84506373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643274)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.alaknanda_ncs_070507_016/recap-fixture%20notes/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643274/; classtype:trojan-activity;sid:84506374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643275)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixture_reports/2012/june/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643275/; classtype:trojan-activity;sid:84506375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643267)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20kanpur_noble_080110_001/recap-fixture%20note/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643267/; classtype:trojan-activity;sid:84506367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643268)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20sinin_ssoe_030210_010/charter%20parties/riders/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643268/; classtype:trojan-activity;sid:84506368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643269)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20jbu%20orient_ssoe_090110_003/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643269/; classtype:trojan-activity;sid:84506369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643270)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20crimson%20knight-caravel%20cpd%207%20may%202018/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:153; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643270/; classtype:trojan-activity;sid:84506370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643271)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20teo_eta_050310_012/info.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643271/; classtype:trojan-activity;sid:84506371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643272)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20mandarin%20fortune_wbc_160209_009/charter%20parties/main%20body/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643272/; classtype:trojan-activity;sid:84506372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643265)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/pending%20cp/ce%20guardian/info.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643265/; classtype:trojan-activity;sid:84506365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643266)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20lok%20maheshwari_nob_050908_027/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643266/; classtype:trojan-activity;sid:84506366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643262)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.gem%20of%20aqaba_daewoo_300408_013/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643262/; classtype:trojan-activity;sid:84506362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643263)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20crimson%20knight-caravel%20cpd%207%20may%202018/brokerage%20invoice/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643263/; classtype:trojan-activity;sid:84506363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643264)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20evnia%20-%20essar%20cp%20dted%2005%20april%202019/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:155; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643264/; classtype:trojan-activity;sid:84506364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643261)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/69_pfs_narayana_unity_18_03_2011/misc_docs/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643261/; classtype:trojan-activity;sid:84506361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643255)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/coa%20documents/3_synergy_harmony_24_05_11/92_sea_star_8_synergy_coa_1/misc_docs/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643255/; classtype:trojan-activity;sid:84506355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643256)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20zhehai%20520%20-%20scmc%20-%204th%20shipment/brokerage%20invoice/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643256/; classtype:trojan-activity;sid:84506356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643257)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/primarina/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643257/; classtype:trojan-activity;sid:84506357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643258)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/enr%20singapore/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643258/; classtype:trojan-activity;sid:84506358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643259)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2013/255_montecristo_libra/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643259/; classtype:trojan-activity;sid:84506359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643260)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20densa%20panther-surya%20exim%20cpd%2022%20oct%202015/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643260/; classtype:trojan-activity;sid:84506360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643254)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2013/257_yong%20an%202/working%20cp/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643254/; classtype:trojan-activity;sid:84506354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643251)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2014/centrans%20hermes/info.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643251/; classtype:trojan-activity;sid:84506351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643252)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/vessel%20details/tolani%20vsl%20dtl/info.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643252/; classtype:trojan-activity;sid:84506352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643253)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20dubai%20guardian_ispat_131108_036/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643253/; classtype:trojan-activity;sid:84506353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643249)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/sam%20wolf-%20bhushan/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643249/; classtype:trojan-activity;sid:84506349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643250)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20therese%20selmer-%20acct%20visa%20bulk%20-%20cpd%2005-05-2016/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643250/; classtype:trojan-activity;sid:84506350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643243)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/bostomar/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643243/; classtype:trojan-activity;sid:84506343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643244)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20firm%20offer%20format/siva%20bulk/info.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643244/; classtype:trojan-activity;sid:84506344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643245)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/gss%20background/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643245/; classtype:trojan-activity;sid:84506345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643246)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/550%20-%20mv%20pan%20crocus%20-%20scmc%20cp%20dtd%2026.02.2020%20-%20file%20no.%20550/charter%20party/info.zip"; http_uri; depth:201; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643246/; classtype:trojan-activity;sid:84506346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643247)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/dhl/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643247/; classtype:trojan-activity;sid:84506347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643248)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/555%20-%20mv%20pacific%20advance%20-%20isl%20cp%20dtd%2028.04.2020%20-%20file%20no.%20555/certificates/info.zip"; http_uri; depth:202; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643248/; classtype:trojan-activity;sid:84506348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643240)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/mayank/arya%20corp%20pending/info.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643240/; classtype:trojan-activity;sid:84506340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643241)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/151%20kriton_gst/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643241/; classtype:trojan-activity;sid:84506341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643242)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/pda%20for%20wci/goa%20or%20panaji%20or%20panjim%20or%20marmagao/mpt%20outer%20anchorage%20goa/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643242/; classtype:trojan-activity;sid:84506342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643238)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20union%20explorer%20-%20isl%20cp%20dtd%2002%20may%202019/mv%20unico%20jianna-%20lss%20ocean%20cpd%2022%20jan%202016/info.zip"; http_uri; depth:189; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643238/; classtype:trojan-activity;sid:84506338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643239)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/144_apj%20jai_ssoe/info.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643239/; classtype:trojan-activity;sid:84506339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643236)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20bostomor%20tbn%20-%20acct%20shree%20coal-cpd%2004%20march%202017/charter%20party/info.zip"; http_uri; depth:155; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643236/; classtype:trojan-activity;sid:84506336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643237)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20union%20explorer-scmc%20-%20cpdtd%2002%20may%202019/charter%20party/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643237/; classtype:trojan-activity;sid:84506337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643234)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/maritime%20economics/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643234/; classtype:trojan-activity;sid:84506334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643235)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20vijay%20-%20sdtr%20-%20cpdd%2024%20jan%202018/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:160; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643235/; classtype:trojan-activity;sid:84506335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643230)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/error%20list/info.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643230/; classtype:trojan-activity;sid:84506330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643231)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/questionnaire%20formats/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643231/; classtype:trojan-activity;sid:84506331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643232)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/eta/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643232/; classtype:trojan-activity;sid:84506332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643233)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20sanko%20king_bulkmarine_040209_013/charter%20parties/main%20body/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643233/; classtype:trojan-activity;sid:84506333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643228)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.mandakini_noble_030408_007/recap-fixture%20notes/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643228/; classtype:trojan-activity;sid:84506328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643229)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/vessel%20list%20for%20indonesia%20coal%20loading/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643229/; classtype:trojan-activity;sid:84506329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643227)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/544%20-%20mv%20ksl%20qingyang%20-%20power%20international%20cpd%2004.02.2020%20-%20file%20no.%20544/charter%20party/info.zip"; http_uri; depth:215; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643227/; classtype:trojan-activity;sid:84506327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643223)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20fuat%20bey%20-%20acct%20transbulk-cpd%2008%20august%202017/brokerage%20invoice/info.zip"; http_uri; depth:153; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643223/; classtype:trojan-activity;sid:84506323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643224)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/219_maple%20opal/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643224/; classtype:trojan-activity;sid:84506324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643225)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20densa%20eagle%20-%20bagadiya%20cp%20dtd%2013.08.2019/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:158; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643225/; classtype:trojan-activity;sid:84506325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643226)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/apeejay%20shipping/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643226/; classtype:trojan-activity;sid:84506326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643220)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20genco%20knight_wamopl_080508_016/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643220/; classtype:trojan-activity;sid:84506320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643221)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20apostolos%20ii%20-%20indo%20international%20cpd%2012%20march%202018/certificates/info.zip"; http_uri; depth:155; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643221/; classtype:trojan-activity;sid:84506321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643222)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/544%20-%20mv%20ksl%20qingyang%20-%20power%20international%20cpd%2004.02.2020%20-%20file%20no.%20544/misc%20attachments/info.zip"; http_uri; depth:218; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643222/; classtype:trojan-activity;sid:84506322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643218)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20royal%20innovation-acct%20propel-%20cpd%2006%20jan%202017/charter%20party/info.zip"; http_uri; depth:148; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643218/; classtype:trojan-activity;sid:84506318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643219)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20cs%20brave%20(mv%20devongate%20)-acct%20aegis%20overseas%20ltd%20or%20nominee-cpd%2024%20november%202016/info.zip"; http_uri; depth:179; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643219/; classtype:trojan-activity;sid:84506319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643217)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20rainbow%20lucky-acct%20propel-cpd%2027%20oct%202016/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643217/; classtype:trojan-activity;sid:84506317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643215)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20firm%20offer%20format/sharda%20ma/info.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643215/; classtype:trojan-activity;sid:84506315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643216)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20triton%20swan%20-%20visa%20bulk%20cpd%2013%20december%202018/brokerage%20invoice/info.zip"; http_uri; depth:155; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643216/; classtype:trojan-activity;sid:84506316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643213)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20glovis%20maine%20-%20tata%20nyk%20cpd%2025%20june%2015/charter%20party/scanned%20copy%20of%20executed%20cp/info.zip"; http_uri; depth:181; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643213/; classtype:trojan-activity;sid:84506313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643214)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20indus%20prosperity%20-%20bulk%20marine%20cpd%2004%20october%202019/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643214/; classtype:trojan-activity;sid:84506314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643212)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20areti.gr%20-%20essar%20cpd%2018%20april%202019/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:152; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643212/; classtype:trojan-activity;sid:84506312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643211)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/scan%20documents/scan%20doc/coal%20markets/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643211/; classtype:trojan-activity;sid:84506311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643208)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2014/mv%20bulk%20marine/info.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643208/; classtype:trojan-activity;sid:84506308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643209)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20mekong-ss%20international-cpd%2027%20august%202016/charter%20party/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643209/; classtype:trojan-activity;sid:84506309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643210)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20rishikesh_nob_010409_011/charter%20parties/info.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643210/; classtype:trojan-activity;sid:84506310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643205)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv%20uttarkashi_ncs_151007_040/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643205/; classtype:trojan-activity;sid:84506305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643206)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/transchart/imma%20pic/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643206/; classtype:trojan-activity;sid:84506306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643207)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/540%20-%20mv%20stove%20friend%20-%20scmc%20-%20cpdd%2013.01.2020%20-%20file%20no.%20540/charter%20party/info.zip"; http_uri; depth:203; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643207/; classtype:trojan-activity;sid:84506307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643204)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20an%20fu%20star-%20imr%20cpd%2027%20nov%202015/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:161; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643204/; classtype:trojan-activity;sid:84506304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643202)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.mandakini_noble_030408_007/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643202/; classtype:trojan-activity;sid:84506302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643203)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.ocean%20predator_ispat_080907_033/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643203/; classtype:trojan-activity;sid:84506303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643198)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/mayank/dharmendra%20bhaiya%20docs/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643198/; classtype:trojan-activity;sid:84506298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643199)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.spar%20lynx_bspl_021107_045/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643199/; classtype:trojan-activity;sid:84506299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643200)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.marigold_seafreight_3000408_015/charter%20parties/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643200/; classtype:trojan-activity;sid:84506300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643201)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20major_jaldhi_210909_040/charter%20parties/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643201/; classtype:trojan-activity;sid:84506301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643194)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.port%20melbourne_ispat_221107_050/charter%20parties/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643194/; classtype:trojan-activity;sid:84506294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643195)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20zhehai%20520%20-%20scmc%20-%204th%20shipment/attachemnts/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643195/; classtype:trojan-activity;sid:84506295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643196)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/vessel%20details/mercator%20vssls/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643196/; classtype:trojan-activity;sid:84506296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643197)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20hai%20qing%20-%20lss%20cpd%2029%20june%202015/charter%20party/proforma%20cp/info.zip"; http_uri; depth:150; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643197/; classtype:trojan-activity;sid:84506297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643191)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/bimco%20reminder/info.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643191/; classtype:trojan-activity;sid:84506291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643192)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.dubai%20galactic_ispat_241207_054/charter%20parties/main%20body/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643192/; classtype:trojan-activity;sid:84506292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643193)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/sefira%20pc/offers%20and%20bids/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643193/; classtype:trojan-activity;sid:84506293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643190)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2014/309_mv%20byron/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643190/; classtype:trojan-activity;sid:84506290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643186)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/117_ikan_kurau/working%20copy/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643186/; classtype:trojan-activity;sid:84506286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643187)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/varsha/ops%20upates/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643187/; classtype:trojan-activity;sid:84506287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643188)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/info.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643188/; classtype:trojan-activity;sid:84506288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643189)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20yuan%20shun%20hai_nedstar_180610_016/charter%20parties/riders/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643189/; classtype:trojan-activity;sid:84506289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643185)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20alaknanda_nob_140509_019/charter%20parties/info.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643185/; classtype:trojan-activity;sid:84506285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643182)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.evnia_wamopl_200308_006/charter%20parties/main%20body/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643182/; classtype:trojan-activity;sid:84506282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643183)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20firm%20offer%20format/ssoe/info.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643183/; classtype:trojan-activity;sid:84506283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643184)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20firm%20offer%20format/cingler/info.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643184/; classtype:trojan-activity;sid:84506284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643179)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20nazia%20jahan%20-%20scmc%20-%201st%20optional%20shipment/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643179/; classtype:trojan-activity;sid:84506279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643180)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20triton%20seahawk%20-%20acct%20propel%20cpd%2006%20dec%202018/hire%20statements/info.zip"; http_uri; depth:153; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643180/; classtype:trojan-activity;sid:84506280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643181)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/nickel%20ore/info.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643181/; classtype:trojan-activity;sid:84506281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643176)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20vba%20tbn_maheshwari_290710_018/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643176/; classtype:trojan-activity;sid:84506276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643177)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20bk%20alice-simtra-cpd%2009%20dec%202016/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643177/; classtype:trojan-activity;sid:84506277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643178)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643178/; classtype:trojan-activity;sid:84506278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643175)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/539%20-%20mv%20pacific%20advance%20-%20power%20international%20-%20cpd%2010%20jan%202020%20-%20file%20no.%20539/charter%20party/info.zip"; http_uri; depth:227; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643175/; classtype:trojan-activity;sid:84506275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643174)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20young%20spirit%20-%20acct%20everbright%20-%20cpd%2001%20october%202016/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643174/; classtype:trojan-activity;sid:84506274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643170)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/gmt%20background/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643170/; classtype:trojan-activity;sid:84506270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643171)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2013/251_vinalines%20brave/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643171/; classtype:trojan-activity;sid:84506271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643172)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20htc%20alfa-acct%20sudima%20-%20charter%20party%20dated%2026th%20%20november%20-%20fixture%20note/charter%20party/info.zip"; http_uri; depth:187; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643172/; classtype:trojan-activity;sid:84506272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643173)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20atlantic%20diana-propel%20pcd%209july%202018/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:150; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643173/; classtype:trojan-activity;sid:84506273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643168)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20jag%20ratan_bulkmarine_090709_039/charter%20parties/riders/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643168/; classtype:trojan-activity;sid:84506268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643169)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/pda%20for%20eci/chennai/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643169/; classtype:trojan-activity;sid:84506269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643166)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixture_reports/2011/july/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643166/; classtype:trojan-activity;sid:84506266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643167)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/alam%20bulk/info.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643167/; classtype:trojan-activity;sid:84506267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643161)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/transchart/sail%20coa%207%20jan08/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643161/; classtype:trojan-activity;sid:84506261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643162)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20wadi%20albostan-acct%20visa%20-%20cpd%2003%20june%202017/brokerage%20invoice/info.zip"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643162/; classtype:trojan-activity;sid:84506262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643163)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/work/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643163/; classtype:trojan-activity;sid:84506263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643164)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.port%20mouton_ispat_080408_008/charter%20parties/main%20body/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643164/; classtype:trojan-activity;sid:84506264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643165)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20jbu%20orient_bulk%20marine_170609_024/charter%20parties/main%20body/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643165/; classtype:trojan-activity;sid:84506265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643157)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20falcon%20triumph%20-%20additional%20shipment/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643157/; classtype:trojan-activity;sid:84506257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643158)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vigor%20sw%20-%20usl%20shipping%20cp%20dated%2008%20dec%2015%20-%20copy/charter%20party/info.zip"; http_uri; depth:162; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643158/; classtype:trojan-activity;sid:84506258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643159)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20desert%20hawk_eta_aplspore_111008/charter%20parties/main%20body/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643159/; classtype:trojan-activity;sid:84506259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643160)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/77_sea_emerald_crossbridge_16_04_2011/working_copy/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643160/; classtype:trojan-activity;sid:84506260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643154)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/tony/my%20music/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643154/; classtype:trojan-activity;sid:84506254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643155)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/159_corinth/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643155/; classtype:trojan-activity;sid:84506255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643156)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/204_apj%20kais/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643156/; classtype:trojan-activity;sid:84506256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643153)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/charter%20parties/mv%20mp%20panamax%203/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643153/; classtype:trojan-activity;sid:84506253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643151)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20maithili%20-%20essar%20cp%20dtd%2007.09.2019/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:150; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643151/; classtype:trojan-activity;sid:84506251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643152)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/558%20-%20mv%20marylisa%20v%20-%20bajrang%20-%20cp%20dtd%2019.05.2020%20-%20file%20no.%20558/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:223; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643152/; classtype:trojan-activity;sid:84506252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643150)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20symphony-acct%20propel%20-%20cpd%2022%20november%202016/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643150/; classtype:trojan-activity;sid:84506250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643147)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/for%20xp%20sp2/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643147/; classtype:trojan-activity;sid:84506247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643148)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20norvic%20tbn(mv%20jupiter)%20%20-%20lss%20-%20cpd%2028%20april%202016/charter%20party/info.zip"; http_uri; depth:160; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643148/; classtype:trojan-activity;sid:84506248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643149)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/96_akij_glory_usl/working%20copy/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643149/; classtype:trojan-activity;sid:84506249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643144)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/545%20-%20mv%20navios%20ulysses%20-%20power%20international%20-%20cpd%2007.02.2020%20-%20file%20no.%20545/charter%20party/info.zip"; http_uri; depth:221; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643144/; classtype:trojan-activity;sid:84506244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643145)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20mandarin%20river%20-%20shipment%20no%203/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643145/; classtype:trojan-activity;sid:84506245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643146)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.bonasia_ispat_090707_025/notices/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643146/; classtype:trojan-activity;sid:84506246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643142)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/213_vishva%20bandhan/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643142/; classtype:trojan-activity;sid:84506242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643143)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/charter%20parties/mv%20milos/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643143/; classtype:trojan-activity;sid:84506243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643140)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/68_mandarin_fortune_kyori_10_03_2011/signed_original_scan/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643140/; classtype:trojan-activity;sid:84506240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643141)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/customer%20meeting%20minutes/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643141/; classtype:trojan-activity;sid:84506241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643138)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20beautiful%20rena-vericom%20cpd%2017%20dec%202015/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643138/; classtype:trojan-activity;sid:84506238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643139)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20lok%20rajeshwari_noble_140110_005/recap-fixture%20note/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643139/; classtype:trojan-activity;sid:84506239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643133)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20firm%20offer%20format/samchira/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643133/; classtype:trojan-activity;sid:84506233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643134)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20indus%20prosperity%20-%20bulk%20marine%20cpd%2004%20october%202019/charter%20party/info.zip"; http_uri; depth:157; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643134/; classtype:trojan-activity;sid:84506234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643135)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20ken%20orchid-propel-cpd%2027%20august%202016/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:160; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643135/; classtype:trojan-activity;sid:84506235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643136)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/vk%20jain/info.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643136/; classtype:trojan-activity;sid:84506236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643137)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/charter%20parties%202011/mv%20fermita/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643137/; classtype:trojan-activity;sid:84506237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643131)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20jbu%20orient_crossbridge_080110_002/charter%20parties/riders/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643131/; classtype:trojan-activity;sid:84506231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643132)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20goldenroad_lucky%20cements_%20270310_014/charter%20parties/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643132/; classtype:trojan-activity;sid:84506232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643130)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20rishikesh_nob_010409_011/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643130/; classtype:trojan-activity;sid:84506230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643128)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/human%20resources/info.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643128/; classtype:trojan-activity;sid:84506228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643129)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20harmony%20tbn(%20mv%20vlazakis%20i%20)-%20synergy/fixture%20note/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643129/; classtype:trojan-activity;sid:84506229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643126)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.blue%20coral_bcm_010607_018/charter%20parties/info.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643126/; classtype:trojan-activity;sid:84506226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643127)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20vikas%20-%20siva%20bulk%20-%20cpd%2013%20november%202012/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643127/; classtype:trojan-activity;sid:84506227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643125)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/vessel%20details/adnatco/info.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643125/; classtype:trojan-activity;sid:84506225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643124)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20densa%20cougar-shreeji%20global%20cpd%208%20june%202018/brokerage%20invoice/info.zip"; http_uri; depth:150; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643124/; classtype:trojan-activity;sid:84506224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643123)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20vba%20tbn_maheshwari_290710_018/charter%20parties/main%20body/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643123/; classtype:trojan-activity;sid:84506223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643122)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/ocean%20wealth%20shipping%20bg/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643122/; classtype:trojan-activity;sid:84506222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643117)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/pda%20for%20wci/goa%20or%20panaji%20or%20panjim%20or%20marmagao/tbn%2062k/info.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643117/; classtype:trojan-activity;sid:84506217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643118)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643118/; classtype:trojan-activity;sid:84506218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643119)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.uttarkashi_nob_310707_029/charter%20parties/main%20body/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643119/; classtype:trojan-activity;sid:84506219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643120)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/567%20-%20mv%20pangeo%20-%20seapol%20cp%20dtd%2004.08.2020%20-%20file%20no.%20567/charter%20party/info.zip"; http_uri; depth:197; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643120/; classtype:trojan-activity;sid:84506220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643121)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/542%20-%20mv%20dessert%20spring%20-%20power%20international%20-%20cpd%2030.01.2020%20-%20file%20no.%20542/info.zip"; http_uri; depth:205; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643121/; classtype:trojan-activity;sid:84506221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643115)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/84_ocean_phoenix_05_05_2011/misc_docs/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643115/; classtype:trojan-activity;sid:84506215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643116)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/med%20asia%20shipping/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643116/; classtype:trojan-activity;sid:84506216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643113)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20aranda%20colossus_nob_061008_030/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643113/; classtype:trojan-activity;sid:84506213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643114)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20iron%20man_jaldhi_080809_035/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643114/; classtype:trojan-activity;sid:84506214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643105)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/vikram/18-july-2011/info.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643105/; classtype:trojan-activity;sid:84506205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643106)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/559%20-%20mv%20stonington%20eagle%20-power%20international%20cp%20dtd%2022.05.2020%20-%20file%20no.559/charter%20party/info.zip"; http_uri; depth:218; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643106/; classtype:trojan-activity;sid:84506206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643107)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/ocean%20connection%20coral%20group%20rev/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643107/; classtype:trojan-activity;sid:84506207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643108)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/130_salamina/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643108/; classtype:trojan-activity;sid:84506208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643109)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.goldmar_ssoe_230508_001/charter%20parties/main%20body/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643109/; classtype:trojan-activity;sid:84506209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643110)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20devprayag_nob_201008_032/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643110/; classtype:trojan-activity;sid:84506210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643111)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/544%20-%20mv%20ksl%20qingyang%20-%20power%20international%20cpd%2004.02.2020%20-%20file%20no.%20544/certificates/info.zip"; http_uri; depth:212; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643111/; classtype:trojan-activity;sid:84506211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643112)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.dubai%20galactic_jki_101007_039/notices/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643112/; classtype:trojan-activity;sid:84506212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643102)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20firm%20offer%20format/shri%20bajrang%20power%20and%20ispat/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643102/; classtype:trojan-activity;sid:84506202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643103)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20carola-acct%20visa-%20cpd%2010%20may%202015/charter%20party/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643103/; classtype:trojan-activity;sid:84506203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643104)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/coa%20documents/3_synergy_harmony_24_05_11/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643104/; classtype:trojan-activity;sid:84506204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643101)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/563%20-%20mv%20nd%20aristeia%20-%20bagadiya%20cp%20dtd%2019.06.2020%20-%20file%20no.563/certificates/info.zip"; http_uri; depth:200; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643101/; classtype:trojan-activity;sid:84506201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643100)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20lietta_crossbridge_121109_046/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643100/; classtype:trojan-activity;sid:84506200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643097)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/92_sea_star_8_synergy_see_coa_folder/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643097/; classtype:trojan-activity;sid:84506197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643098)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/548%20-%20mv%20amfitriti%20-%20visa%20bulk%20cp%20dtd%2021.02.2020%20-%20file%20no.%20548/info.zip"; http_uri; depth:189; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643098/; classtype:trojan-activity;sid:84506198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643099)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20firm%20offer%20format/essar/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643099/; classtype:trojan-activity;sid:84506199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643095)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/scan%20documents/scan%20doc/desert%20hawk%20debit%20note%20sent%20roh%20prm/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643095/; classtype:trojan-activity;sid:84506195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643096)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643096/; classtype:trojan-activity;sid:84506196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643090)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/scan%20documents/scan%20doc/crownland%20intl%20co%20ltd%20background/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643090/; classtype:trojan-activity;sid:84506190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643091)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/loi%20form%20for%20cgo/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643091/; classtype:trojan-activity;sid:84506191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643092)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/199_azure%20sky_ssoe/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643092/; classtype:trojan-activity;sid:84506192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643093)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20glovis%20maine%20-%20tata%20nyk%20cpd%2025%20june%2015/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:170; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643093/; classtype:trojan-activity;sid:84506193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643094)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20four%20shinano_ispat_110708_022/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643094/; classtype:trojan-activity;sid:84506194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643084)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20young%20spirit%20-%20acct%20everbright%20-%20cpd%2001%20october%202016/charter%20party/info.zip"; http_uri; depth:161; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643084/; classtype:trojan-activity;sid:84506184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643085)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20densa%20jaguar%20-%20saraogi%20cpd%206th%20feb%202019/hire%20statements%20or%20freight%20invoices/new%20folder/info.zip"; http_uri; depth:185; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643085/; classtype:trojan-activity;sid:84506185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643086)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/225_thomas%20c/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643086/; classtype:trojan-activity;sid:84506186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643087)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jun%202008%20to%20dec%202008/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643087/; classtype:trojan-activity;sid:84506187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643088)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20margrave_nedstar_190109_001/charter%20parties/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643088/; classtype:trojan-activity;sid:84506188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643089)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/208_pos%20ovelia/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643089/; classtype:trojan-activity;sid:84506189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643083)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/fairmacs/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643083/; classtype:trojan-activity;sid:84506183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643082)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2013/268_spar%20lyca/working%20cp/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643082/; classtype:trojan-activity;sid:84506182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643080)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.bonasia_ispat_090707_025/certificates/info.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643080/; classtype:trojan-activity;sid:84506180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643081)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.prabhu%20parvati_ispat_020607_019/charter%20parties/main%20body/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643081/; classtype:trojan-activity;sid:84506181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643077)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/557%20-%20mv%20nautical%20madison%20-%20bajrang%20-%20cp%20dtd%2008.05.2020%20-%20file%20no.%20557/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:229; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643077/; classtype:trojan-activity;sid:84506177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643078)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/567%20-%20mv%20pangeo%20-%20seapol%20cp%20dtd%2004.08.2020%20-%20file%20no.%20567/hire%20statements%20or%20freight%20invoices/info.zip"; http_uri; depth:225; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643078/; classtype:trojan-activity;sid:84506178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643079)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20dubai%20guardian_nob_300808_026/charter%20parties/main%20body/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643079/; classtype:trojan-activity;sid:84506179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643074)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/bulk%20atlantic%20background/info.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643074/; classtype:trojan-activity;sid:84506174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643075)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/pda%20for%20wci/goa%20or%20panaji%20or%20panjim%20or%20marmagao/tbn%2093k%20for%20coal/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643075/; classtype:trojan-activity;sid:84506175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643076)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20ocean%20pearl%20-%20seapol%20cp%20dtd%2017.07.2019/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:156; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643076/; classtype:trojan-activity;sid:84506176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643073)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20densa%20eagle-shreeji%20global%20cpd%2012%20oct%202018/charter%20party/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643073/; classtype:trojan-activity;sid:84506173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643071)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.ocean%20predator_ispat_080907_033/charter%20parties/main%20body/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643071/; classtype:trojan-activity;sid:84506171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643072)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20captain%20evangelos%20-%20hengda%20-%20cpd%2018%20mar%2015/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643072/; classtype:trojan-activity;sid:84506172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643068)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/seashell/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643068/; classtype:trojan-activity;sid:84506168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643069)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/559%20-%20mv%20stonington%20eagle%20-power%20international%20cp%20dtd%2022.05.2020%20-%20file%20no.559/info.zip"; http_uri; depth:202; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643069/; classtype:trojan-activity;sid:84506169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643070)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20spinel%20-%20seapol%20cp%20dtd%2004%20july%202019/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:155; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643070/; classtype:trojan-activity;sid:84506170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643066)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20ekta%20%20simtra%20cpd%2006%20aug%202015/charter%20party/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643066/; classtype:trojan-activity;sid:84506166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643067)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/540%20-%20mv%20stove%20friend%20-%20scmc%20-%20cpdd%2013.01.2020%20-%20file%20no.%20540/certificates/info.zip"; http_uri; depth:200; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643067/; classtype:trojan-activity;sid:84506167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643065)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2013/276_silvia%20glory/info.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643065/; classtype:trojan-activity;sid:84506165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643061)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20js%20amazon-acct%20psons%20or%20nominee-cpd%2010%20jan%202016/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:177; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643061/; classtype:trojan-activity;sid:84506161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643062)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20sbi%20hermes-surya%20exim%20cpd%2022%20sep%202017/fixture%20note/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643062/; classtype:trojan-activity;sid:84506162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643063)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/vericom%20fixture%20list/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643063/; classtype:trojan-activity;sid:84506163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643064)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20aranda%20colossus_nob_061008_030/charter%20parties/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643064/; classtype:trojan-activity;sid:84506164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643058)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/214_cs%20calvina/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643058/; classtype:trojan-activity;sid:84506158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643059)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv%20shou%20chang%20hai_wamopl_130907_034/charter%20parties/riders/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643059/; classtype:trojan-activity;sid:84506159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643060)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20densa%20dolphin%20-%20propel%20cpd%2007%20december%202018/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643060/; classtype:trojan-activity;sid:84506160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643054)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/wct%20profile/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643054/; classtype:trojan-activity;sid:84506154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643055)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/shyam%20group/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643055/; classtype:trojan-activity;sid:84506155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643056)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20norvic%20tbn(mv%20ionic%20storm)%20-%20lss%20cpd%2025%20april%202016/charter%20party/info.zip"; http_uri; depth:159; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643056/; classtype:trojan-activity;sid:84506156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643057)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20blue%20cat-visa%20cpd%2004%20june%2015/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:154; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643057/; classtype:trojan-activity;sid:84506157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643051)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/acemark%20background/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643051/; classtype:trojan-activity;sid:84506151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643052)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.prabhu%20parvati_refined%20sucess_270407_015/recap-fixture%20notes/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643052/; classtype:trojan-activity;sid:84506152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643053)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/aryacorp/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643053/; classtype:trojan-activity;sid:84506153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643049)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv%20rishikesh_ncs_291107_051/charter%20parties/info.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643049/; classtype:trojan-activity;sid:84506149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643050)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20yk%20sentosa_noble_230109_004/charter%20parties/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643050/; classtype:trojan-activity;sid:84506150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643048)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20densa%20jaguar%20-%20saraogi%20cpd%206th%20feb%202019/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:169; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643048/; classtype:trojan-activity;sid:84506148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643044)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/548%20-%20mv%20amfitriti%20-%20visa%20bulk%20cp%20dtd%2021.02.2020%20-%20file%20no.%20548/charter%20party/info.zip"; http_uri; depth:205; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643044/; classtype:trojan-activity;sid:84506144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643045)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/vikas/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643045/; classtype:trojan-activity;sid:84506145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643046)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/charter%20parties%202011/ikan%20senyur/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643046/; classtype:trojan-activity;sid:84506146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643047)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20clipper%20vision%20-%20orissa%20metalikes%20cpd%2024%20june%202019/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643047/; classtype:trojan-activity;sid:84506147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643043)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20san%20nicolas%20-%20saii%20resources%20cpd%2012%20nov%202018/charter%20party/info.zip"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643043/; classtype:trojan-activity;sid:84506143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643040)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2013/248_evnia_emerald/info.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643040/; classtype:trojan-activity;sid:84506140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643041)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/mansi/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643041/; classtype:trojan-activity;sid:84506141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643042)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20oriental%20angel%20-%20gagan%20coal%20cpd%2004%20jan%202019/hire%20statements%20or%20freight%20invoices/info.zip"; http_uri; depth:178; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643042/; classtype:trojan-activity;sid:84506142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643038)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20anna%20elizabeth-ss%20intl-cpd%2017%20dec%202016/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:164; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643038/; classtype:trojan-activity;sid:84506138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643039)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/167_woodstar_synergy/amended%20cp/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643039/; classtype:trojan-activity;sid:84506139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643036)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20great%20fortune-acc%20propelship%20cpdated%2016%20april%202018/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643036/; classtype:trojan-activity;sid:84506136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643037)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20egil%20tbn%20-%20gagan%20coal%20cpd%2015%20arpil%202019%20(cancelled)/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643037/; classtype:trojan-activity;sid:84506137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643033)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/charter%20parties/china%20shipping/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643033/; classtype:trojan-activity;sid:84506133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643034)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20nidhi-acct%20propel-cpd%2021%20oct%202016/fixture%20note/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643034/; classtype:trojan-activity;sid:84506134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643035)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/alsaa%20petroleum%20background/delta%20corp/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643035/; classtype:trojan-activity;sid:84506135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643031)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.rishikesh_ncs_291107_051/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643031/; classtype:trojan-activity;sid:84506131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643032)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20jyoti-sdtr%20cpd%2025th%20may%202018/charter%20party/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643032/; classtype:trojan-activity;sid:84506132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643028)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20ap%20ston%20-%20scmc%20-%202nd%20optional%20shipment/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643028/; classtype:trojan-activity;sid:84506128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643029)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20uttarkashi_ncs_110908_029/recap-fixture%20note/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643029/; classtype:trojan-activity;sid:84506129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643030)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20jabal%20shams%20-%20oman%20ship%20-%20cpd%2023.11.2019/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643030/; classtype:trojan-activity;sid:84506130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643026)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2013/270_spar%20capella/working%20cp/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643026/; classtype:trojan-activity;sid:84506126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643027)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/platts%20sample/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643027/; classtype:trojan-activity;sid:84506127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643024)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/marimed%20group/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643024/; classtype:trojan-activity;sid:84506124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643025)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2013/300_jia%20tai/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643025/; classtype:trojan-activity;sid:84506125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643017)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/548%20-%20mv%20amfitriti%20-%20visa%20bulk%20cp%20dtd%2021.02.2020%20-%20file%20no.%20548/misc%20attachments/info.zip"; http_uri; depth:208; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643017/; classtype:trojan-activity;sid:84506117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643018)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/charter%20parties%202011/mv%20harmony%20-%20unity%20coa/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643018/; classtype:trojan-activity;sid:84506118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643019)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv%20rishikesh_ncs_291107_051/recap-fixture%20note/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643019/; classtype:trojan-activity;sid:84506119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643020)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/vessel%20details/emarat%20vssls/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643020/; classtype:trojan-activity;sid:84506120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643021)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20triton%20swan%20-%20visa%20bulk%20cpd%2013%20december%202018/charter%20party/info.zip"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643021/; classtype:trojan-activity;sid:84506121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643022)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv%20yangtze%20river_wamopl_161007_041/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643022/; classtype:trojan-activity;sid:84506122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643023)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20id%20integrity_bulk%20marine_100409_014/charter%20parties/riders/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643023/; classtype:trojan-activity;sid:84506123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643015)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20pola%20ladoga-essar%20cpd%2029th%20may%202018/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643015/; classtype:trojan-activity;sid:84506115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643016)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20uttarkashi_nob_250208_005/charter%20parties/main%20body/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643016/; classtype:trojan-activity;sid:84506116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643014)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/tudor%20bg/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643014/; classtype:trojan-activity;sid:84506114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643013)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20varanasi_noble_160310_013/charter%20parties/info.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643013/; classtype:trojan-activity;sid:84506113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643011)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20ken%20orchid-propel-cpd%2027%20august%202016/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643011/; classtype:trojan-activity;sid:84506111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643012)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.barcelona%20bright_metchart_3000408_014/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643012/; classtype:trojan-activity;sid:84506112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643010)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/shipping%20images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643010/; classtype:trojan-activity;sid:84506110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643006)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/91_marine_king_vba_24_05_11/working_copy/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643006/; classtype:trojan-activity;sid:84506106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643007)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20archagelos%20michael%20-%20scmc%2017.12.18/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:148; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643007/; classtype:trojan-activity;sid:84506107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643008)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20union%20explorer%20-%20isl%20cp%20dtd%2002%20may%202019/brokerage%20invoice/info.zip"; http_uri; depth:150; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643008/; classtype:trojan-activity;sid:84506108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643009)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/85_malathi_eta_09_05_2011/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643009/; classtype:trojan-activity;sid:84506109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643003)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20dn%20millet-surya%20exim-cpd%2010%20feb%202017/brokerage%20invoice/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643003/; classtype:trojan-activity;sid:84506103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643004)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20christina%20iv%20-%20ripley%20cpd%2007%20october%202019/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:161; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643004/; classtype:trojan-activity;sid:84506104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643005)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.uttarkashi_nob_310707_029/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643005/; classtype:trojan-activity;sid:84506105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643000)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20tamil%20nadu%20-acct%20simtra%20-%20cpd%2010%20feb%202017/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643000/; classtype:trojan-activity;sid:84506100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643001)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/crystal%20sea/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643001/; classtype:trojan-activity;sid:84506101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643002)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20shropshire%20-%20surya%20exim%20cpd%2008%20march%202018/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:161; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643002/; classtype:trojan-activity;sid:84506102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642998)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20fu%20ming%20%20-%20visa%20cp%20dated%2020%20november%202015/brokerage%20invoice/info.zip"; http_uri; depth:154; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642998/; classtype:trojan-activity;sid:84506098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642999)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/pda%20for%20wci/goa%20or%20panaji%20or%20panjim%20or%20marmagao/tbn%2082k/info.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642999/; classtype:trojan-activity;sid:84506099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642996)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20triton%20seahawk%20-%20acct%20propel%20cpd%2006%20dec%202018/brokerage%20invoice/info.zip"; http_uri; depth:155; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642996/; classtype:trojan-activity;sid:84506096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642997)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.fratzis%20star_eta_230108_002/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642997/; classtype:trojan-activity;sid:84506097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642995)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.uttarkashi_nob_250208_005/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642995/; classtype:trojan-activity;sid:84506095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642991)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.prabhu%20mihika_refined%20sucess_270407_015/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642991/; classtype:trojan-activity;sid:84506091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642992)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/102_nasco_pearl_asan/working%20copy/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642992/; classtype:trojan-activity;sid:84506092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642993)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/549%20-%20mv%20milos%20-%20power%20international%20cp%20dtd%2026.02.2020/charter%20party/info.zip"; http_uri; depth:188; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642993/; classtype:trojan-activity;sid:84506093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642994)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20bomar%20oyster%20-%20primarina%20cpd%2001%20march%202018/charter%20party/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642994/; classtype:trojan-activity;sid:84506094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642990)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/prajakta/info.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642990/; classtype:trojan-activity;sid:84506090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642985)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20sophia%20k-%20surya%20exim%20cpd%2017th%20may%202018/brokerage%20invoice/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642985/; classtype:trojan-activity;sid:84506085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642986)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20saubaagya%205%20-%20mcs%20cpd%2010%20nov%202015/charter%20party/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642986/; classtype:trojan-activity;sid:84506086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642987)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/75_id_tide_ameropa_14_04_2011/issued_cp/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642987/; classtype:trojan-activity;sid:84506087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642988)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20shropshire%20-%20surya%20exim%20cpd%2008%20march%202018/brokerage%20invoice/info.zip"; http_uri; depth:150; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642988/; classtype:trojan-activity;sid:84506088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642989)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/116_isabelita/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642989/; classtype:trojan-activity;sid:84506089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642983)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20dubai%20crown_bilgent_040209_006/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642983/; classtype:trojan-activity;sid:84506083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642984)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/71_nasco_pearl_blue_sky_24_03_2011/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642984/; classtype:trojan-activity;sid:84506084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642981)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2013/280_daebo%20yesu/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642981/; classtype:trojan-activity;sid:84506081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642982)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/74_gulf_riyad_kunlun_05_04_2011/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642982/; classtype:trojan-activity;sid:84506082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642979)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/uniwell%20shipping%20bg/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642979/; classtype:trojan-activity;sid:84506079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642980)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/126_yasa%20gulten_plutus/vsl%20certs/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642980/; classtype:trojan-activity;sid:84506080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642978)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/sandchart/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642978/; classtype:trojan-activity;sid:84506078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642975)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/80_marcarolina_coscol_29_04_2011/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642975/; classtype:trojan-activity;sid:84506075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642976)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/varsha/info.zip"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642976/; classtype:trojan-activity;sid:84506076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642977)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv%20spar%20lynx_bspl_021107_045/charter%20parties/main%20body/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642977/; classtype:trojan-activity;sid:84506077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642973)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.dubai%20galactic_jki_101007_039/certificates/info.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642973/; classtype:trojan-activity;sid:84506073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642974)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/561%20-%20mv%20minoan%20glory%20-%20propel%20-%20cp%20dtd%2009.06.2020%20-%20file%20no.%20561/misc%20attachments/info.zip"; http_uri; depth:212; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642974/; classtype:trojan-activity;sid:84506074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642969)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20pistis%20-%20visa%20cpd%2015%20march%202016/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642969/; classtype:trojan-activity;sid:84506069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642970)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/63_ocean_president_crossbridge_01_02_11/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642970/; classtype:trojan-activity;sid:84506070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642971)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.prabhu%20parvati_ispat_020607_019/charter%20parties/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642971/; classtype:trojan-activity;sid:84506071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642972)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20yue%20guan%20feng-visa%20bulk%20cpd%2021%20april%202016/courier%20receipt/info.zip"; http_uri; depth:148; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642972/; classtype:trojan-activity;sid:84506072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642967)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/kispl%20bgrd/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642967/; classtype:trojan-activity;sid:84506067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642968)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/pda%20for%20eci/krishnapatnam/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642968/; classtype:trojan-activity;sid:84506068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642965)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.alaknanda_ncs_070507_016/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642965/; classtype:trojan-activity;sid:84506065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642966)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20symphony-acct%20propel%20-%20cpd%2022%20november%202016/charter%20party/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642966/; classtype:trojan-activity;sid:84506066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642959)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20jabal%20shams%20-%20oman%20ship%20-%20cpd%2023.11.2019/brokerage%20invoice/info.zip"; http_uri; depth:149; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642959/; classtype:trojan-activity;sid:84506059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642960)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20tesoro-acct%20hms%20-%20cpd%2019%20april%202017/brokerage%20invoice/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642960/; classtype:trojan-activity;sid:84506060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642961)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.apj%20jad_ssoe_050607_020/charter%20parties/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642961/; classtype:trojan-activity;sid:84506061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642962)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/110_four_shinano_jsw/working%20copy/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642962/; classtype:trojan-activity;sid:84506062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642963)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/coa%20documents/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642963/; classtype:trojan-activity;sid:84506063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642964)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20hydrus-%20usl-%20cpd%2028%20july%202016/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642964/; classtype:trojan-activity;sid:84506064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642957)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.ocean%20predator_ispat_080907_033/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642957/; classtype:trojan-activity;sid:84506057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642958)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.alaknanda_ncs_070507_16/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642958/; classtype:trojan-activity;sid:84506058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642955)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/port%20da/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642955/; classtype:trojan-activity;sid:84506055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642956)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20zhehai%20520%20-%20scmc%20-%204th%20shipment/charter%20party/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642956/; classtype:trojan-activity;sid:84506056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642952)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/kisan%20international%20(korea)/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642952/; classtype:trojan-activity;sid:84506052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642953)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/eastmen/info.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642953/; classtype:trojan-activity;sid:84506053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642954)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/547%20-%20mv%20rowan%202%20-%20scmc%20-%20cpdtd%2019.02.2020%20-%20file%20no.%20547/info.zip"; http_uri; depth:183; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642954/; classtype:trojan-activity;sid:84506054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642950)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20pacific%20island-joy%20sky%20mineral%20cpd%2022-jan-2015/addendum/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642950/; classtype:trojan-activity;sid:84506050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642951)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2013/269_heilan%20rising/working%20cp/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642951/; classtype:trojan-activity;sid:84506051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642947)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20bda%20shipping%20tbn-acct%20hc%20trading-cpd%2018%20november%202016/charter%20party/info.zip"; http_uri; depth:158; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642947/; classtype:trojan-activity;sid:84506047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642948)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20areti.gr%20-%20essar%20cpd%2018%20april%202019/brokerage%20invoice/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642948/; classtype:trojan-activity;sid:84506048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642949)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20ap%20ston%20-%20scmc%20-%202nd%20optional%20shipment/misc%20attachments/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642949/; classtype:trojan-activity;sid:84506049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642944)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20rosita%20-vedanta%20-%20cpd%2030%20aug%202018/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642944/; classtype:trojan-activity;sid:84506044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642945)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/scan%20documents/scan%20doc/certificates%20of%20mv%20kanpur/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642945/; classtype:trojan-activity;sid:84506045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642946)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20great%20fortune-acc%20propelship%20cpdated%2016%20april%202018/charter%20party/info.zip"; http_uri; depth:153; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642946/; classtype:trojan-activity;sid:84506046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642943)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20uttarkashi_nob_250208_005/charter%20parties/riders/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642943/; classtype:trojan-activity;sid:84506043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642941)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20hai%20qing%20-%20lss%20cpd%2029%20june%202015/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642941/; classtype:trojan-activity;sid:84506041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642942)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/scan%20documents/21-may-2011/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642942/; classtype:trojan-activity;sid:84506042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642939)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20rhodos%20-%20torq%20cpd%2005%20july%202019/misc%20attachement/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642939/; classtype:trojan-activity;sid:84506039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642940)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/libra%20(lss%20ocean)/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642940/; classtype:trojan-activity;sid:84506040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642938)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/charter%20parties/mv%20bulkmarine%20tbn/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642938/; classtype:trojan-activity;sid:84506038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642935)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/127_torenia_core%20mineral/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642935/; classtype:trojan-activity;sid:84506035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642936)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20sandpiper%20-%20scmc%20-%20cpd%2028%20october%202019/brokerage%20invoice/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642936/; classtype:trojan-activity;sid:84506036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642937)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.apj%20jad_nob_300807_032/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642937/; classtype:trojan-activity;sid:84506037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642934)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20global%20harmony%20-%20acct%20sul%20-%20cpd%2011%20march%202017/charter%20party/working%20copy%20of%20cp/info.zip"; http_uri; depth:179; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642934/; classtype:trojan-activity;sid:84506034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642932)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/565%20-%20mv%20woohyun%20green%20-%20singh%20group%20cp%20dtd%2003.07.2020%20-%20file%20no.%20565/charter%20party/info.zip"; http_uri; depth:213; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642932/; classtype:trojan-activity;sid:84506032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642933)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20byron%20-%20visa%20cp%20dated%2023rd%20july%202015/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642933/; classtype:trojan-activity;sid:84506033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642929)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/541%20-%20mv%20great%20amity%20-%20isl%20-%20cpd%2030%20jan%202020%20-%20file%20no.%20541/certificates/info.zip"; http_uri; depth:202; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642929/; classtype:trojan-activity;sid:84506029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642930)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/macocean/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642930/; classtype:trojan-activity;sid:84506030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642931)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/563%20-%20mv%20nd%20aristeia%20-%20bagadiya%20cp%20dtd%2019.06.2020%20-%20file%20no.563/charter%20party/info.zip"; http_uri; depth:203; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642931/; classtype:trojan-activity;sid:84506031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642927)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20sbi%20hermes-surya%20exim%20cpd%2022%20sep%202017/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642927/; classtype:trojan-activity;sid:84506027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642928)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/eustada%20bg/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642928/; classtype:trojan-activity;sid:84506028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642924)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/new%20folder/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642924/; classtype:trojan-activity;sid:84506024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642925)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.dubai%20knight_noble_210607_022/charter%20parties/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642925/; classtype:trojan-activity;sid:84506025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642926)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/142_tarik%203/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642926/; classtype:trojan-activity;sid:84506026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642923)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/561%20-%20mv%20minoan%20glory%20-%20propel%20-%20cp%20dtd%2009.06.2020%20-%20file%20no.%20561/hire%20statements%20or%20freight%20invoices/chrts%20fhs/info.zip"; http_uri; depth:249; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642923/; classtype:trojan-activity;sid:84506023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642920)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20iran%20yazd_jaldhi_240809_038/charter%20parties/riders/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642920/; classtype:trojan-activity;sid:84506020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642921)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/operations%20timeline%20format/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642921/; classtype:trojan-activity;sid:84506021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642922)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/charter%20parties/mv%20sea%20flourish/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642922/; classtype:trojan-activity;sid:84506022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642917)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/87_genco_carrier_eagle_bulk_19_05_2011/misc_docs/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642917/; classtype:trojan-activity;sid:84506017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642918)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20union%20explorer%20-%20isl%20cp%20dtd%2002%20may%202019/charter%20party/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642918/; classtype:trojan-activity;sid:84506018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642919)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20id%20tide_ispat_080709_027/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642919/; classtype:trojan-activity;sid:84506019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642914)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixture_reports/2011/november/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642914/; classtype:trojan-activity;sid:84506014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642915)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20rhodos%20-%20scmc%20cpd%207%20sept%202018/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642915/; classtype:trojan-activity;sid:84506015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642916)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/vessels/info.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642916/; classtype:trojan-activity;sid:84506016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642913)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20pataliputra_nob_100309_010/charter%20parties/riders/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642913/; classtype:trojan-activity;sid:84506013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642911)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2012/169_tai%20ping%20shan/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642911/; classtype:trojan-activity;sid:84506011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642912)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/eta/voyage%20instruction/info.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642912/; classtype:trojan-activity;sid:84506012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642909)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20devprayag_nob_201008_032/charter%20parties/main%20body/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642909/; classtype:trojan-activity;sid:84506009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642910)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/coa%20documents/1_unity_crossbridge_09_02_10/61_stx_begonia_unity_coa_6/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642910/; classtype:trojan-activity;sid:84506010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642906)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2013/237_kinda/info.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642906/; classtype:trojan-activity;sid:84506006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642907)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20egil%20tbn%20-%20gagan%20coal%20cpd%2015%20arpil%202019%20(cancelled)/charter%20party/info.zip"; http_uri; depth:160; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642907/; classtype:trojan-activity;sid:84506007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642908)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20prabhu%20gopal%20-%20acct%20usl-%20cpd%2027%20july%202017/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642908/; classtype:trojan-activity;sid:84506008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642904)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20genco%20auvergne-acct%20rashmi%20-%20cpd%2018%20august%202017/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642904/; classtype:trojan-activity;sid:84506004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642905)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/scan%20documents/scan%20doc/frontier%20angel%20statement%20of%20accounts/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642905/; classtype:trojan-activity;sid:84506005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642901)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/bluefield%20background/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642901/; classtype:trojan-activity;sid:84506001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642902)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.blue%20coral_bcm_010607_018/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642902/; classtype:trojan-activity;sid:84506002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642903)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20pacific%20island-joy%20sky%20mineral%20cpd%2022-jan-2015/fixture%20note/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642903/; classtype:trojan-activity;sid:84506003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642891)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/scan%20documents/scan%20doc/manisha%2016a/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642891/; classtype:trojan-activity;sid:84505991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642892)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20nazia%20jahan%20-%20scmc%20-%201st%20optional%20shipment/misc%20attachments/info.zip"; http_uri; depth:150; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642892/; classtype:trojan-activity;sid:84505992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642893)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20union%20explorer-scmc%20-%20cpdtd%2002%20may%202019/brokerage%20invoice/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642893/; classtype:trojan-activity;sid:84505993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642894)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20christina%20iv%20-%20ripley%20cpd%2007%20october%202019/brokerage%20invoice/info.zip"; http_uri; depth:150; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642894/; classtype:trojan-activity;sid:84505994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642895)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/555%20-%20mv%20pacific%20advance%20-%20isl%20cp%20dtd%2028.04.2020%20-%20file%20no.%20555/charter%20party/info.zip"; http_uri; depth:205; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642895/; classtype:trojan-activity;sid:84505995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642896)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/fuelco%20introduction%20letter/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642896/; classtype:trojan-activity;sid:84505996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642897)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.uttarkashi_ncs_151007_040/charter%20parties/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642897/; classtype:trojan-activity;sid:84505997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642898)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/57-yoma_6_vba_11_01_11/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642898/; classtype:trojan-activity;sid:84505998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642899)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/vessel%20details/cosco%20vsl%20dtls/full_details/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642899/; classtype:trojan-activity;sid:84505999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642900)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20areti.gr%20-%20essar%20cpd%2018%20april%202019/hire%20statements%20or%20freight%20invoices/info.zip"; http_uri; depth:165; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642900/; classtype:trojan-activity;sid:84506000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642890)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.bonasia_ispat_090707_025/charter%20parties/main%20body/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642890/; classtype:trojan-activity;sid:84505990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642889)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/desert%20hawk/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642889/; classtype:trojan-activity;sid:84505989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642884)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/vessel%20details/great%20eastern%20vssls/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642884/; classtype:trojan-activity;sid:84505984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642885)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/560%20-%20mv%20peace%20angel%20-%20scmc%20-%20cp%20dtd%2005.06.2020%20-%20file%20no%20560/info.zip"; http_uri; depth:189; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642885/; classtype:trojan-activity;sid:84505985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642886)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20iran%20yazd_jaldhi_240809_038/charter%20parties/addendum/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642886/; classtype:trojan-activity;sid:84505986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642887)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20ulcas_jaldhi_151009_044/main%20body/info.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642887/; classtype:trojan-activity;sid:84505987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642888)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/100_maharashtra_crossbridge/working%20copy/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642888/; classtype:trojan-activity;sid:84505988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642883)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.joviality_wamopl_220208_004/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642883/; classtype:trojan-activity;sid:84505983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642881)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/553%20-%20mv%20pacific%20advance%20-%20power%20international%20cp%20dtd%2018.04.2020%20-%20file%20nor.%20553/hire%20statements%20or%20freight%20invoices/info.zip"; http_uri; depth:252; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642881/; classtype:trojan-activity;sid:84505981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642882)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.apj%20jad_ssoe_050607_020/charter%20parties/main%20body/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642882/; classtype:trojan-activity;sid:84505982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642879)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20fu%20ming%20%20-%20visa%20cp%20dated%2020%20november%202015/charter%20party/proforma%20cp/info.zip"; http_uri; depth:164; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642879/; classtype:trojan-activity;sid:84505979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642880)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/xianglong%20backgorund/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642880/; classtype:trojan-activity;sid:84505980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642877)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.uttarkashi_nob_310707_029/recap-fixture%20notes/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642877/; classtype:trojan-activity;sid:84505977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642878)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/nasco%20bg/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642878/; classtype:trojan-activity;sid:84505978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642875)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixture_reports/2011/august/info.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642875/; classtype:trojan-activity;sid:84505975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642876)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/sigma%20bg/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642876/; classtype:trojan-activity;sid:84505976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642872)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/seacoast%20shipping%20and%20marine/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642872/; classtype:trojan-activity;sid:84505972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642873)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20margrave_nedstar_190109_001/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642873/; classtype:trojan-activity;sid:84505973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642874)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20dubai%20guardian_ispat_131108_036/charter%20parties/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642874/; classtype:trojan-activity;sid:84505974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642869)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/mst%20singapore%20(crown%20cement)/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642869/; classtype:trojan-activity;sid:84505969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642870)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20moonvazs_hct_090908_028/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642870/; classtype:trojan-activity;sid:84505970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642871)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20crimson%20knight-caravel%20cpd%207%20may%202018/charter%20party/proforma%20cp/info.zip"; http_uri; depth:152; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642871/; classtype:trojan-activity;sid:84505971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642867)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20firm%20offer%20format/tispl%20terms/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642867/; classtype:trojan-activity;sid:84505967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642868)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.mandakini_ncs_030108_001/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642868/; classtype:trojan-activity;sid:84505968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642864)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.rishikesh_ncs_291107_051/charter%20parties/main%20body/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642864/; classtype:trojan-activity;sid:84505964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642865)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20dubai%20ambassador%20-%20%20jiancheng%20cpd%2023%20nov%202017/brokerage%20invoice/info.zip"; http_uri; depth:156; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642865/; classtype:trojan-activity;sid:84505965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642866)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20theoskepasti%20-%20primarina%20cpd%2025%20august%202015/brokerage%20invoice/info.zip"; http_uri; depth:150; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642866/; classtype:trojan-activity;sid:84505966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642861)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/557%20-%20mv%20nautical%20madison%20-%20bajrang%20-%20cp%20dtd%2008.05.2020%20-%20file%20no.%20557/hire%20statements%20or%20freight%20invoices/info.zip"; http_uri; depth:242; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642861/; classtype:trojan-activity;sid:84505961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642862)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20diksha%20-%20siva%20bulk%20-%20cpd%2001%20august%202012/charter%20party/info.zip"; http_uri; depth:155; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642862/; classtype:trojan-activity;sid:84505962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642863)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.prabhu%20parvati_refined%20sucess_270407_015/charter%20parties/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642863/; classtype:trojan-activity;sid:84505963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642855)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/bwsm%20background/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642855/; classtype:trojan-activity;sid:84505955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642856)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/all%20market%20report/market%20report%20jan%202009%20to%20jul%202009/feb%202009/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642856/; classtype:trojan-activity;sid:84505956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642857)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20yfsl%20(mv%20sarwar%20jahan)-acct%20scmc-%2018%20november%202016/charter%20party/info.zip"; http_uri; depth:155; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642857/; classtype:trojan-activity;sid:84505957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642858)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20teo_eta_050310_012/charter%20parties/main%20body/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642858/; classtype:trojan-activity;sid:84505958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642859)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/551%20-%20mv%20eships%20dugon%20-%20arcelormittal%20cp%20dtd%20%2026.02.2020%20-%20file%20no.%20551/misc%20attachments/info.zip"; http_uri; depth:218; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642859/; classtype:trojan-activity;sid:84505959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642860)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20symphony-acct%20propel%20-%20cpd%2008%20november%202016/charter%20party/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642860/; classtype:trojan-activity;sid:84505960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642853)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/text%20documents/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642853/; classtype:trojan-activity;sid:84505953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642854)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20jag%20ratan_bulkmarine_090709_039/recap/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642854/; classtype:trojan-activity;sid:84505954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642851)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/561%20-%20mv%20minoan%20glory%20-%20propel%20-%20cp%20dtd%2009.06.2020%20-%20file%20no.%20561/certificates/info.zip"; http_uri; depth:206; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642851/; classtype:trojan-activity;sid:84505951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642852)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/pda%20for%20eci/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642852/; classtype:trojan-activity;sid:84505952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642850)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/sefira%20pc/charter%20parties/china%20trader-eta%20cp%20sent%20to%20p%20and%20i%20club/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642850/; classtype:trojan-activity;sid:84505950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642847)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/app/05-jun-2013/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642847/; classtype:trojan-activity;sid:84505947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642848)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2013/272_silvia%20ambition/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642848/; classtype:trojan-activity;sid:84505948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642849)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/106_pacific_pioneer/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642849/; classtype:trojan-activity;sid:84505949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642845)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20gem%20of%20kilakarai_uniwell_300310_015/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642845/; classtype:trojan-activity;sid:84505945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642846)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.dubai%20knight_noble_210607_022/charter%20parties/main%20body/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642846/; classtype:trojan-activity;sid:84505946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642842)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2011/73_ikan_senyur_chettinad_cement_01_04_11/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642842/; classtype:trojan-activity;sid:84505942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642843)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/542%20-%20mv%20dessert%20spring%20-%20power%20international%20-%20cpd%2030.01.2020%20-%20file%20no.%20542/certificates/info.zip"; http_uri; depth:218; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642843/; classtype:trojan-activity;sid:84505943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642844)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/scan%20documents/scan%20doc/murshidabadnoble%20ps/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642844/; classtype:trojan-activity;sid:84505944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642839)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/549%20-%20mv%20milos%20-%20power%20international%20cp%20dtd%2026.02.2020/certificates/info.zip"; http_uri; depth:185; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642839/; classtype:trojan-activity;sid:84505939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642840)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/549%20-%20mv%20milos%20-%20power%20international%20cp%20dtd%2026.02.2020/hire%20statements%20or%20freight%20invoices/info.zip"; http_uri; depth:216; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642840/; classtype:trojan-activity;sid:84505940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642841)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20norvic%20tbn(mv%20jupiter)%20%20-%20lss%20-%20cpd%2028%20april%202016/brokerage%20invoice/info.zip"; http_uri; depth:164; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642841/; classtype:trojan-activity;sid:84505941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642835)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/fixture%20record/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642835/; classtype:trojan-activity;sid:84505935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642836)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20glovis%20maine%20-%20tata%20nyk%20cpd%2025%20june%2015/charter%20party/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642836/; classtype:trojan-activity;sid:84505936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642837)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20oriental%20angel%20-%20gagan%20coal%20cpd%2004%20jan%202019/fixture%20note%20(if%20voyage)/info.zip"; http_uri; depth:165; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642837/; classtype:trojan-activity;sid:84505937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642838)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/charter%20parties%202011/mv%20asia/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642838/; classtype:trojan-activity;sid:84505938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642832)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/customer%20background%20and%20fixture%20lists/cingler%20background/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642832/; classtype:trojan-activity;sid:84505932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642833)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/rewa%20cp/info.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642833/; classtype:trojan-activity;sid:84505933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642834)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2013/297_hanjin%20liverpool/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642834/; classtype:trojan-activity;sid:84505934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642829)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20nidhi-acct%20propel-cpd%2021%20oct%202016/charter%20party/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642829/; classtype:trojan-activity;sid:84505929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642830)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20densa%20panther-surya%20exim%20cpd%2022%20oct%202015/charter%20party/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642830/; classtype:trojan-activity;sid:84505930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642831)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.dubai%20crown_jki_160707_027/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642831/; classtype:trojan-activity;sid:84505931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642825)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/charterparties_misc_docs/2013/282_harmony_tbn/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642825/; classtype:trojan-activity;sid:84505925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642826)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20dubai%20knight_noble_220109_002/charter%20parties/main%20body/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642826/; classtype:trojan-activity;sid:84505926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642827)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20port%20estoril%20-%20scmc-%20cpd%2026%20oct%202018/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642827/; classtype:trojan-activity;sid:84505927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642828)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20intrepid-propel-cpd%2018%20august%202016/charter%20party/proforma%20cp/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642828/; classtype:trojan-activity;sid:84505928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642820)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/pending%20cp/asali/info.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642820/; classtype:trojan-activity;sid:84505920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642821)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/546%20-%20mv%20oktem%20aksoy%20-%20scmc%20-%20cpd%2018.02.2020%20-%20file%20no.%20546/hire%20statements%20or%20freight%20invoices/info.zip"; http_uri; depth:229; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642821/; classtype:trojan-activity;sid:84505921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642822)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20lok%20pratap_hct_230609_025/charter%20parties/riders/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642822/; classtype:trojan-activity;sid:84505922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642823)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20danceflora%20sw-%20transbulk%20cpd%2013%20july%202018/charter%20party/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642823/; classtype:trojan-activity;sid:84505923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642824)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20an%20fu%20star-%20imr%20cpd%2027%20nov%202015/charter%20party/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642824/; classtype:trojan-activity;sid:84505924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642816)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/vk%20jain/imma%20pic/info.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642816/; classtype:trojan-activity;sid:84505916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642817)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.uttarkashi_ncs_151007_040/recap-fixture%20notes/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642817/; classtype:trojan-activity;sid:84505917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642818)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20heilan%20song-fomento%20cp%20dtd%2005%20feb%202018/certificates/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642818/; classtype:trojan-activity;sid:84505918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642819)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20transpower%20tbn%20-%20jsw%20steel%20cpd%2017%20march%202016/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642819/; classtype:trojan-activity;sid:84505919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642813)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20yfsl%20(mv%20sarwar%20jahan)-acct%20scmc-%2018%20november%202016/fixture%20note/info.zip"; http_uri; depth:154; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642813/; classtype:trojan-activity;sid:84505913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642814)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/548%20-%20mv%20amfitriti%20-%20visa%20bulk%20cp%20dtd%2021.02.2020%20-%20file%20no.%20548/hire%20statements%20or%20freight%20invoices/info.zip"; http_uri; depth:233; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642814/; classtype:trojan-activity;sid:84505914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642815)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/mv%20vishva%20vikas%20-%20acct%20siva%20bulk%20cpd%2005%20sept%202012/courier%20receipt/info.zip"; http_uri; depth:157; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642815/; classtype:trojan-activity;sid:84505915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642811)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.fratzis%20star_eta_230108_002/charter%20parties/main%20body/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642811/; classtype:trojan-activity;sid:84505911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642812)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20zsq%20star_spartan_071309_029/charter%20parties/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642812/; classtype:trojan-activity;sid:84505912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642809)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/shraddha/info.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642809/; classtype:trojan-activity;sid:84505909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642810)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/fixture%20folders/fixture%20folder%20for%202020/557%20-%20mv%20nautical%20madison%20-%20bajrang%20-%20cp%20dtd%2008.05.2020%20-%20file%20no.%20557/certificates/info.zip"; http_uri; depth:211; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642810/; classtype:trojan-activity;sid:84505910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642808)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/info.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642808/; classtype:trojan-activity;sid:84505908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642807)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/v0.400/flowmeter-report-system/src/common/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642807/; classtype:trojan-activity;sid:84505907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642806)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/latest/flowmeter-report-system/scripts/info.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642806/; classtype:trojan-activity;sid:84505906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642804)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/info/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642804/; classtype:trojan-activity;sid:84505904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642805)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/v0.400/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642805/; classtype:trojan-activity;sid:84505905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642803)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/latest/flowmeter-report-system/src/wicon/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642803/; classtype:trojan-activity;sid:84505903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642799)"; flow:established,from_client; content:"GET"; http_method; content:"/data/forecast_%ec%a0%9c%ed%92%88%ec%98%88%ec%83%81%ec%83%9d%ec%82%b0%eb%9f%89/202308/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642799/; classtype:trojan-activity;sid:84505899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642800)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/objects/0f/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642800/; classtype:trojan-activity;sid:84505900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642801)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/07/21/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642801/; classtype:trojan-activity;sid:84505901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642802)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/v0.400/flowmeter-report-system/src/common/exceptions/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642802/; classtype:trojan-activity;sid:84505902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642796)"; flow:established,from_client; content:"GET"; http_method; content:"/data/202304/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642796/; classtype:trojan-activity;sid:84505896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642797)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/resource/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642797/; classtype:trojan-activity;sid:84505897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642798)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/02/05/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642798/; classtype:trojan-activity;sid:84505898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642794)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/14/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642794/; classtype:trojan-activity;sid:84505894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642795)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/11/14/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642795/; classtype:trojan-activity;sid:84505895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642791)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/04/08/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642791/; classtype:trojan-activity;sid:84505891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642792)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/07/14/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642792/; classtype:trojan-activity;sid:84505892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642793)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/16/12/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642793/; classtype:trojan-activity;sid:84505893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642789)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/12/31/12/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642789/; classtype:trojan-activity;sid:84505889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642790)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/03/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642790/; classtype:trojan-activity;sid:84505890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642786)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/03/23/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642786/; classtype:trojan-activity;sid:84505886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642787)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/03/00/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642787/; classtype:trojan-activity;sid:84505887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642788)"; flow:established,from_client; content:"GET"; http_method; content:"/big/microsoft.sql.server.2012.enterprise.edition.with.service.pack.1-kopie/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642788/; classtype:trojan-activity;sid:84505888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642785)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/06/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642785/; classtype:trojan-activity;sid:84505885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642783)"; flow:established,from_client; content:"GET"; http_method; content:"/02/24/01/31/20/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642783/; classtype:trojan-activity;sid:84505883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642784)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/10/12/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642784/; classtype:trojan-activity;sid:84505884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642781)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/06/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642781/; classtype:trojan-activity;sid:84505881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642782)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/08/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642782/; classtype:trojan-activity;sid:84505882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642777)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/07/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642777/; classtype:trojan-activity;sid:84505877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642778)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/09/09/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642778/; classtype:trojan-activity;sid:84505878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642779)"; flow:established,from_client; content:"GET"; http_method; content:"/inicis_dll/key/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642779/; classtype:trojan-activity;sid:84505879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642780)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/02/12/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642780/; classtype:trojan-activity;sid:84505880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642775)"; flow:established,from_client; content:"GET"; http_method; content:"/incis/info.zip"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642775/; classtype:trojan-activity;sid:84505875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642776)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/20/14/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642776/; classtype:trojan-activity;sid:84505876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642770)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/08/18/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642770/; classtype:trojan-activity;sid:84505870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642771)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/07/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642771/; classtype:trojan-activity;sid:84505871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642772)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/03/08/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642772/; classtype:trojan-activity;sid:84505872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642773)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/07/07/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642773/; classtype:trojan-activity;sid:84505873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642774)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/trans%20spring/info.zip"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642774/; classtype:trojan-activity;sid:84505874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642769)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/02/22/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642769/; classtype:trojan-activity;sid:84505869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642765)"; flow:established,from_client; content:"GET"; http_method; content:"/data/forecast_%ec%a0%9c%ed%92%88%ec%98%88%ec%83%81%ec%83%9d%ec%82%b0%eb%9f%89/202206/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642765/; classtype:trojan-activity;sid:84505865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642766)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/13/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642766/; classtype:trojan-activity;sid:84505866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642767)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/02/10/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642767/; classtype:trojan-activity;sid:84505867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642768)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/09/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642768/; classtype:trojan-activity;sid:84505868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642761)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/18/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642761/; classtype:trojan-activity;sid:84505861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642762)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/objects/8a/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642762/; classtype:trojan-activity;sid:84505862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642763)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/04/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642763/; classtype:trojan-activity;sid:84505863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642764)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/11/08/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642764/; classtype:trojan-activity;sid:84505864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642758)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/09/07/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642758/; classtype:trojan-activity;sid:84505858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642759)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/02/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642759/; classtype:trojan-activity;sid:84505859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642760)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/12/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642760/; classtype:trojan-activity;sid:84505860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642756)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/scripts/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642756/; classtype:trojan-activity;sid:84505856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642757)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/v0.400/flowmeter-report-system/src/wicon/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642757/; classtype:trojan-activity;sid:84505857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642754)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/16/09/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642754/; classtype:trojan-activity;sid:84505854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642755)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/06/14/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642755/; classtype:trojan-activity;sid:84505855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642752)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/circulation%20rules/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642752/; classtype:trojan-activity;sid:84505852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642753)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/13/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642753/; classtype:trojan-activity;sid:84505853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642750)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/14/14/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642750/; classtype:trojan-activity;sid:84505850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642751)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/09/20/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642751/; classtype:trojan-activity;sid:84505851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642748)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/09/06/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642748/; classtype:trojan-activity;sid:84505848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642749)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/03/10/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642749/; classtype:trojan-activity;sid:84505849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642746)"; flow:established,from_client; content:"GET"; http_method; content:"/02/24/01/31/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642746/; classtype:trojan-activity;sid:84505846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642747)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/08/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642747/; classtype:trojan-activity;sid:84505847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642744)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/03/10/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642744/; classtype:trojan-activity;sid:84505844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642745)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/02/08/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642745/; classtype:trojan-activity;sid:84505845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642743)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/13/21/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642743/; classtype:trojan-activity;sid:84505843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642740)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/09/23/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642740/; classtype:trojan-activity;sid:84505840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642741)"; flow:established,from_client; content:"GET"; http_method; content:"/data/202205/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642741/; classtype:trojan-activity;sid:84505841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642742)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/03/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642742/; classtype:trojan-activity;sid:84505842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642739)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/info.zip"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642739/; classtype:trojan-activity;sid:84505839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642735)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/04/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642735/; classtype:trojan-activity;sid:84505835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642736)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/06/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642736/; classtype:trojan-activity;sid:84505836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642737)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/06/07/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642737/; classtype:trojan-activity;sid:84505837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642738)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/10/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642738/; classtype:trojan-activity;sid:84505838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642733)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/14/12/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642733/; classtype:trojan-activity;sid:84505833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642734)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/16/06/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642734/; classtype:trojan-activity;sid:84505834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642731)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/09/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642731/; classtype:trojan-activity;sid:84505831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642732)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/19/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642732/; classtype:trojan-activity;sid:84505832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642727)"; flow:established,from_client; content:"GET"; http_method; content:"/data/forecast_%ec%a0%9c%ed%92%88%ec%98%88%ec%83%81%ec%83%9d%ec%82%b0%eb%9f%89/202207/sjk-ic/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642727/; classtype:trojan-activity;sid:84505827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642728)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/10/08/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642728/; classtype:trojan-activity;sid:84505828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642729)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/02/07/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642729/; classtype:trojan-activity;sid:84505829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642730)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/08/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642730/; classtype:trojan-activity;sid:84505830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642726)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/07/20/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642726/; classtype:trojan-activity;sid:84505826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642725)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/03/18/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642725/; classtype:trojan-activity;sid:84505825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642724)"; flow:established,from_client; content:"GET"; http_method; content:"/wimx/info.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642724/; classtype:trojan-activity;sid:84505824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642722)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/09/12/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642722/; classtype:trojan-activity;sid:84505822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642723)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/03/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642723/; classtype:trojan-activity;sid:84505823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642720)"; flow:established,from_client; content:"GET"; http_method; content:"/02/24/01/31/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642720/; classtype:trojan-activity;sid:84505820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642721)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/04/18/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642721/; classtype:trojan-activity;sid:84505821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642714)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/08/20/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642714/; classtype:trojan-activity;sid:84505814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642715)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/03/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642715/; classtype:trojan-activity;sid:84505815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642716)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/04/12/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642716/; classtype:trojan-activity;sid:84505816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642717)"; flow:established,from_client; content:"GET"; http_method; content:"/incis/key/inipaytest/info.zip"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642717/; classtype:trojan-activity;sid:84505817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642718)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/refs/heads/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642718/; classtype:trojan-activity;sid:84505818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642719)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/07/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642719/; classtype:trojan-activity;sid:84505819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642712)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/13/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642712/; classtype:trojan-activity;sid:84505812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642713)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/01/20/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642713/; classtype:trojan-activity;sid:84505813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642711)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642711/; classtype:trojan-activity;sid:84505811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642709)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/09/10/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642709/; classtype:trojan-activity;sid:84505809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642710)"; flow:established,from_client; content:"GET"; http_method; content:"/log/info.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"58.52.216.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642710/; classtype:trojan-activity;sid:84505810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642707)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/07/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642707/; classtype:trojan-activity;sid:84505807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642708)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/04/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642708/; classtype:trojan-activity;sid:84505808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642703)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/14/18/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642703/; classtype:trojan-activity;sid:84505803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642704)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/10/07/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642704/; classtype:trojan-activity;sid:84505804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642705)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/10/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642705/; classtype:trojan-activity;sid:84505805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642706)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/05/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642706/; classtype:trojan-activity;sid:84505806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642700)"; flow:established,from_client; content:"GET"; http_method; content:"/slnammicafe/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642700/; classtype:trojan-activity;sid:84505800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642701)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/04/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642701/; classtype:trojan-activity;sid:84505801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642702)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/10/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642702/; classtype:trojan-activity;sid:84505802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642698)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/08/14/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642698/; classtype:trojan-activity;sid:84505798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642699)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"58.52.216.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642699/; classtype:trojan-activity;sid:84505799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642695)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/v0.400/flowmeter-report-system/src/plc/info.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642695/; classtype:trojan-activity;sid:84505795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642696)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/src/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642696/; classtype:trojan-activity;sid:84505796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642697)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/11/06/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642697/; classtype:trojan-activity;sid:84505797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642694)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/07/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642694/; classtype:trojan-activity;sid:84505794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642692)"; flow:established,from_client; content:"GET"; http_method; content:"/microsoft/windows/info.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642692/; classtype:trojan-activity;sid:84505792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642693)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642693/; classtype:trojan-activity;sid:84505793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642689)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/07/05/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642689/; classtype:trojan-activity;sid:84505789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642690)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/12/31/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642690/; classtype:trojan-activity;sid:84505790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642691)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/19/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642691/; classtype:trojan-activity;sid:84505791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642685)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/04/06/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642685/; classtype:trojan-activity;sid:84505785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642686)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/19/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642686/; classtype:trojan-activity;sid:84505786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642687)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/info.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642687/; classtype:trojan-activity;sid:84505787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642688)"; flow:established,from_client; content:"GET"; http_method; content:"/areas/helppage/models/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.163.139.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642688/; classtype:trojan-activity;sid:84505788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642679)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/06/12/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642679/; classtype:trojan-activity;sid:84505779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642680)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/06/12/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642680/; classtype:trojan-activity;sid:84505780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642681)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/06/07/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642681/; classtype:trojan-activity;sid:84505781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642682)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/08/10/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642682/; classtype:trojan-activity;sid:84505782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642683)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/16/14/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642683/; classtype:trojan-activity;sid:84505783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642684)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/08/19/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642684/; classtype:trojan-activity;sid:84505784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642678)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/11/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642678/; classtype:trojan-activity;sid:84505778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642674)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/04/23/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642674/; classtype:trojan-activity;sid:84505774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642675)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/02/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642675/; classtype:trojan-activity;sid:84505775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642676)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/02/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642676/; classtype:trojan-activity;sid:84505776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642677)"; flow:established,from_client; content:"GET"; http_method; content:"/incis/key/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642677/; classtype:trojan-activity;sid:84505777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642673)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/07/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642673/; classtype:trojan-activity;sid:84505773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642667)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/12/31/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642667/; classtype:trojan-activity;sid:84505767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642668)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/08/05/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642668/; classtype:trojan-activity;sid:84505768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642669)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/05/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642669/; classtype:trojan-activity;sid:84505769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642670)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/01/22/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642670/; classtype:trojan-activity;sid:84505770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642671)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/02/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642671/; classtype:trojan-activity;sid:84505771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642672)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/04/20/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642672/; classtype:trojan-activity;sid:84505772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642664)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/04/00/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642664/; classtype:trojan-activity;sid:84505764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642665)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/11/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642665/; classtype:trojan-activity;sid:84505765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642666)"; flow:established,from_client; content:"GET"; http_method; content:"/data/ingprice_%ec%9b%90%eb%a3%8c%ea%b0%80%ea%b2%a9/info.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642666/; classtype:trojan-activity;sid:84505766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642663)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/13/07/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642663/; classtype:trojan-activity;sid:84505763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642662)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/05/06/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642662/; classtype:trojan-activity;sid:84505762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642660)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/bunker%20prices/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642660/; classtype:trojan-activity;sid:84505760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642661)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/02/20/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642661/; classtype:trojan-activity;sid:84505761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642655)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/20/08/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642655/; classtype:trojan-activity;sid:84505755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642656)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/backup/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642656/; classtype:trojan-activity;sid:84505756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642657)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/objects/a4/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642657/; classtype:trojan-activity;sid:84505757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642658)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/05/19/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642658/; classtype:trojan-activity;sid:84505758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642659)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/05/12/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642659/; classtype:trojan-activity;sid:84505759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642649)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/05/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642649/; classtype:trojan-activity;sid:84505749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642650)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/logs/refs/remotes/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642650/; classtype:trojan-activity;sid:84505750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642651)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/01/19/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642651/; classtype:trojan-activity;sid:84505751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642652)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/latest/flowmeter-report-system/resource/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642652/; classtype:trojan-activity;sid:84505752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642653)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/latest/flowmeter-report-system/src/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642653/; classtype:trojan-activity;sid:84505753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642654)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/06/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642654/; classtype:trojan-activity;sid:84505754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642646)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/03/20/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642646/; classtype:trojan-activity;sid:84505746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642647)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/v0.400/flowmeter-report-system/scripts/info.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642647/; classtype:trojan-activity;sid:84505747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642648)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/12/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642648/; classtype:trojan-activity;sid:84505748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642644)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/02/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642644/; classtype:trojan-activity;sid:84505744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642645)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/latest/flowmeter-report-system/src/wicon/__pycache__/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642645/; classtype:trojan-activity;sid:84505745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642640)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/11/14/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642640/; classtype:trojan-activity;sid:84505740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642641)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/06/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642641/; classtype:trojan-activity;sid:84505741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642642)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/14/08/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642642/; classtype:trojan-activity;sid:84505742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642643)"; flow:established,from_client; content:"GET"; http_method; content:"/inicis_dll/log/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642643/; classtype:trojan-activity;sid:84505743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642637)"; flow:established,from_client; content:"GET"; http_method; content:"/device/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642637/; classtype:trojan-activity;sid:84505737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642638)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/06/05/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642638/; classtype:trojan-activity;sid:84505738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642639)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/07/12/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642639/; classtype:trojan-activity;sid:84505739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642636)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/20/19/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642636/; classtype:trojan-activity;sid:84505736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642634)"; flow:established,from_client; content:"GET"; http_method; content:"/slnammicafe/ammicafefile/info.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642634/; classtype:trojan-activity;sid:84505734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642635)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/09/20/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642635/; classtype:trojan-activity;sid:84505735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642633)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/10/12/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642633/; classtype:trojan-activity;sid:84505733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642631)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/02/19/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642631/; classtype:trojan-activity;sid:84505731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642632)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/10/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642632/; classtype:trojan-activity;sid:84505732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642624)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/14/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642624/; classtype:trojan-activity;sid:84505724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642625)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/08/12/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642625/; classtype:trojan-activity;sid:84505725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642626)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/10/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642626/; classtype:trojan-activity;sid:84505726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642627)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/01/23/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642627/; classtype:trojan-activity;sid:84505727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642628)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/09/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642628/; classtype:trojan-activity;sid:84505728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642629)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/01/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642629/; classtype:trojan-activity;sid:84505729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642630)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/04/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642630/; classtype:trojan-activity;sid:84505730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642623)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/08/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642623/; classtype:trojan-activity;sid:84505723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642621)"; flow:established,from_client; content:"GET"; http_method; content:"/02/24/01/31/12/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642621/; classtype:trojan-activity;sid:84505721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642622)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/08/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642622/; classtype:trojan-activity;sid:84505722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642617)"; flow:established,from_client; content:"GET"; http_method; content:"/02/24/01/31/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642617/; classtype:trojan-activity;sid:84505717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642618)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/18/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642618/; classtype:trojan-activity;sid:84505718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642619)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/07/18/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642619/; classtype:trojan-activity;sid:84505719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642620)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/09/22/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642620/; classtype:trojan-activity;sid:84505720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642616)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/09/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642616/; classtype:trojan-activity;sid:84505716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642613)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/objects/eb/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642613/; classtype:trojan-activity;sid:84505713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642614)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/10/04/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642614/; classtype:trojan-activity;sid:84505714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642615)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"134.195.137.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642615/; classtype:trojan-activity;sid:84505715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642612)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/01/21/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642612/; classtype:trojan-activity;sid:84505712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642608)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/02/09/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642608/; classtype:trojan-activity;sid:84505708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642609)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/03/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642609/; classtype:trojan-activity;sid:84505709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642610)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/13/20/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642610/; classtype:trojan-activity;sid:84505710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642611)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/09/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642611/; classtype:trojan-activity;sid:84505711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642606)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/10/00/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642606/; classtype:trojan-activity;sid:84505706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642607)"; flow:established,from_client; content:"GET"; http_method; content:"/log/error/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"58.52.216.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642607/; classtype:trojan-activity;sid:84505707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642605)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/src/client/__pycache__/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642605/; classtype:trojan-activity;sid:84505705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642603)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/04/21/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642603/; classtype:trojan-activity;sid:84505703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642604)"; flow:established,from_client; content:"GET"; http_method; content:"/02/24/01/31/10/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642604/; classtype:trojan-activity;sid:84505704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642598)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/02/08/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642598/; classtype:trojan-activity;sid:84505698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642599)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/11/10/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642599/; classtype:trojan-activity;sid:84505699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642600)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/03/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642600/; classtype:trojan-activity;sid:84505700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642601)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/03/08/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642601/; classtype:trojan-activity;sid:84505701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642602)"; flow:established,from_client; content:"GET"; http_method; content:"/microsoft/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642602/; classtype:trojan-activity;sid:84505702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642596)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/02/18/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642596/; classtype:trojan-activity;sid:84505696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642597)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/info.zip"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642597/; classtype:trojan-activity;sid:84505697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642595)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/02/14/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642595/; classtype:trojan-activity;sid:84505695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642590)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/04/03/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642590/; classtype:trojan-activity;sid:84505690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642591)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/10/14/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642591/; classtype:trojan-activity;sid:84505691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642592)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/objects/pack/info.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642592/; classtype:trojan-activity;sid:84505692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642593)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/06/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642593/; classtype:trojan-activity;sid:84505693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642594)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/07/09/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642594/; classtype:trojan-activity;sid:84505694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642588)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/logs/info.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642588/; classtype:trojan-activity;sid:84505688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642589)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/latest/flowmeter-report-system/src/plc/info.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642589/; classtype:trojan-activity;sid:84505689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642584)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/objects/ba/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642584/; classtype:trojan-activity;sid:84505684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642585)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/logs/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642585/; classtype:trojan-activity;sid:84505685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642586)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/objects/f9/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642586/; classtype:trojan-activity;sid:84505686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642587)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/02/12/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642587/; classtype:trojan-activity;sid:84505687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642579)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/refs/remotes/info.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642579/; classtype:trojan-activity;sid:84505679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642580)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/08/18/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642580/; classtype:trojan-activity;sid:84505680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642581)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/14/09/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642581/; classtype:trojan-activity;sid:84505681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642582)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/04/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642582/; classtype:trojan-activity;sid:84505682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642583)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/09/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642583/; classtype:trojan-activity;sid:84505683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642575)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/06/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642575/; classtype:trojan-activity;sid:84505675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642576)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/latest/flowmeter-report-system/src/common/exceptions/__pycache__/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642576/; classtype:trojan-activity;sid:84505676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642577)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/objects/77/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642577/; classtype:trojan-activity;sid:84505677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642578)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/18/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642578/; classtype:trojan-activity;sid:84505678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642571)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/07/06/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642571/; classtype:trojan-activity;sid:84505671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642572)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/10/14/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642572/; classtype:trojan-activity;sid:84505672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642573)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/08/12/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642573/; classtype:trojan-activity;sid:84505673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642574)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/14/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642574/; classtype:trojan-activity;sid:84505674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642568)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/12/31/14/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642568/; classtype:trojan-activity;sid:84505668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642569)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/13/18/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642569/; classtype:trojan-activity;sid:84505669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642570)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/v0.400/flowmeter-report-system/src/common/exceptions/__pycache__/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642570/; classtype:trojan-activity;sid:84505670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642563)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/06/10/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642563/; classtype:trojan-activity;sid:84505663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642564)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642564/; classtype:trojan-activity;sid:84505664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642565)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/objects/15/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642565/; classtype:trojan-activity;sid:84505665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642566)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/10/20/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642566/; classtype:trojan-activity;sid:84505666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642567)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/05/14/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642567/; classtype:trojan-activity;sid:84505667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642561)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/03/21/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642561/; classtype:trojan-activity;sid:84505661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642562)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/20/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642562/; classtype:trojan-activity;sid:84505662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642560)"; flow:established,from_client; content:"GET"; http_method; content:"/areas/helppage/controllers/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"121.163.139.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642560/; classtype:trojan-activity;sid:84505660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642557)"; flow:established,from_client; content:"GET"; http_method; content:"/obj/debug/temppe/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"121.163.139.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642557/; classtype:trojan-activity;sid:84505657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642558)"; flow:established,from_client; content:"GET"; http_method; content:"/02/24/01/31/09/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642558/; classtype:trojan-activity;sid:84505658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642559)"; flow:established,from_client; content:"GET"; http_method; content:"/log/fatal/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"58.52.216.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642559/; classtype:trojan-activity;sid:84505659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642555)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/07/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642555/; classtype:trojan-activity;sid:84505655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642556)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/refs/remotes/origin/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642556/; classtype:trojan-activity;sid:84505656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642554)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/01/18/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642554/; classtype:trojan-activity;sid:84505654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642551)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/08/22/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642551/; classtype:trojan-activity;sid:84505651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642552)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/07/12/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642552/; classtype:trojan-activity;sid:84505652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642553)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/07/10/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642553/; classtype:trojan-activity;sid:84505653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642547)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/02/22/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642547/; classtype:trojan-activity;sid:84505647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642548)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/18/06/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642548/; classtype:trojan-activity;sid:84505648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642549)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/11/12/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642549/; classtype:trojan-activity;sid:84505649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642550)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/12/31/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642550/; classtype:trojan-activity;sid:84505650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642546)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/objects/c8/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642546/; classtype:trojan-activity;sid:84505646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642544)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20post%20fixture/info.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642544/; classtype:trojan-activity;sid:84505644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642545)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/05/12/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642545/; classtype:trojan-activity;sid:84505645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642543)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/09/05/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642543/; classtype:trojan-activity;sid:84505643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642542)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/src/plc/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642542/; classtype:trojan-activity;sid:84505642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642541)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/10/21/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642541/; classtype:trojan-activity;sid:84505641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642538)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/14/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642538/; classtype:trojan-activity;sid:84505638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642539)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/10/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642539/; classtype:trojan-activity;sid:84505639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642540)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/20/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642540/; classtype:trojan-activity;sid:84505640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642534)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/02/20/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642534/; classtype:trojan-activity;sid:84505634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642535)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/latest/flowmeter-report-system/src/common/__pycache__/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642535/; classtype:trojan-activity;sid:84505635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642536)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/latest/flowmeter-report-system/src/common/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642536/; classtype:trojan-activity;sid:84505636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642537)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/v0.400/flowmeter-report-system/src/wicon/__pycache__/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642537/; classtype:trojan-activity;sid:84505637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642529)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/13/08/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642529/; classtype:trojan-activity;sid:84505629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642530)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/12/31/21/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642530/; classtype:trojan-activity;sid:84505630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642531)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/06/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642531/; classtype:trojan-activity;sid:84505631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642532)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/12/31/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642532/; classtype:trojan-activity;sid:84505632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642533)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/08/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642533/; classtype:trojan-activity;sid:84505633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642526)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/01/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642526/; classtype:trojan-activity;sid:84505626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642527)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/10/21/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642527/; classtype:trojan-activity;sid:84505627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642528)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/12/20/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642528/; classtype:trojan-activity;sid:84505628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642525)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/20/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642525/; classtype:trojan-activity;sid:84505625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642522)"; flow:established,from_client; content:"GET"; http_method; content:"/slnammicafe/ammicafefile/ammicafesetup/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642522/; classtype:trojan-activity;sid:84505622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642523)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/07/08/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642523/; classtype:trojan-activity;sid:84505623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642524)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/07/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642524/; classtype:trojan-activity;sid:84505624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642515)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/09/10/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642515/; classtype:trojan-activity;sid:84505615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642516)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/01/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642516/; classtype:trojan-activity;sid:84505616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642517)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/src/common/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642517/; classtype:trojan-activity;sid:84505617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642518)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642518/; classtype:trojan-activity;sid:84505618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642519)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/src/plc/__pycache__/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642519/; classtype:trojan-activity;sid:84505619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642520)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/07/19/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642520/; classtype:trojan-activity;sid:84505620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642521)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/11/05/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642521/; classtype:trojan-activity;sid:84505621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642512)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/07/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642512/; classtype:trojan-activity;sid:84505612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642513)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/07/09/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642513/; classtype:trojan-activity;sid:84505613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642514)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/08/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642514/; classtype:trojan-activity;sid:84505614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642510)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/19/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642510/; classtype:trojan-activity;sid:84505610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642511)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/20/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642511/; classtype:trojan-activity;sid:84505611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642508)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/09/08/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642508/; classtype:trojan-activity;sid:84505608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642509)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/09/21/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642509/; classtype:trojan-activity;sid:84505609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642503)"; flow:established,from_client; content:"GET"; http_method; content:"/wimx/file/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642503/; classtype:trojan-activity;sid:84505603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642504)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/11/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642504/; classtype:trojan-activity;sid:84505604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642505)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/19/22/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642505/; classtype:trojan-activity;sid:84505605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642506)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/10/06/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642506/; classtype:trojan-activity;sid:84505606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642507)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/16/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642507/; classtype:trojan-activity;sid:84505607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642499)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/19/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642499/; classtype:trojan-activity;sid:84505599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642500)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/02/21/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642500/; classtype:trojan-activity;sid:84505600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642501)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/info.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642501/; classtype:trojan-activity;sid:84505601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642502)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/channel%20book/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642502/; classtype:trojan-activity;sid:84505602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642498)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/hooks/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642498/; classtype:trojan-activity;sid:84505598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642497)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/14/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642497/; classtype:trojan-activity;sid:84505597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642496)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/v0.400/flowmeter-report-system/src/plc/__pycache__/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642496/; classtype:trojan-activity;sid:84505596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642494)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/18/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642494/; classtype:trojan-activity;sid:84505594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642495)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/refs/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642495/; classtype:trojan-activity;sid:84505595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642492)"; flow:established,from_client; content:"GET"; http_method; content:"/log/info/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"58.52.216.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642492/; classtype:trojan-activity;sid:84505592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642493)"; flow:established,from_client; content:"GET"; http_method; content:"/upgradefiles/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"58.52.216.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642493/; classtype:trojan-activity;sid:84505593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642490)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/05/21/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642490/; classtype:trojan-activity;sid:84505590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642491)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/20/20/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642491/; classtype:trojan-activity;sid:84505591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642487)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/objects/b4/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642487/; classtype:trojan-activity;sid:84505587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642488)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/05/14/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642488/; classtype:trojan-activity;sid:84505588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642489)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/12/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642489/; classtype:trojan-activity;sid:84505589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642485)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/08/05/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642485/; classtype:trojan-activity;sid:84505585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642486)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/18/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642486/; classtype:trojan-activity;sid:84505586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642484)"; flow:established,from_client; content:"GET"; http_method; content:"/slnammicafe2/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642484/; classtype:trojan-activity;sid:84505584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642483)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"58.52.216.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642483/; classtype:trojan-activity;sid:84505583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642482)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/16/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642482/; classtype:trojan-activity;sid:84505582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642478)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/09/14/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642478/; classtype:trojan-activity;sid:84505578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642479)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/07/21/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642479/; classtype:trojan-activity;sid:84505579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642480)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/04/19/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642480/; classtype:trojan-activity;sid:84505580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642481)"; flow:established,from_client; content:"GET"; http_method; content:"/wimx/file/icon/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642481/; classtype:trojan-activity;sid:84505581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642475)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/01/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642475/; classtype:trojan-activity;sid:84505575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642476)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/info.zip"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642476/; classtype:trojan-activity;sid:84505576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642477)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/11/07/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642477/; classtype:trojan-activity;sid:84505577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642468)"; flow:established,from_client; content:"GET"; http_method; content:"/data/ingprice_%ec%9b%90%eb%a3%8c%ea%b0%80%ea%b2%a9/202207/sjk-ic/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642468/; classtype:trojan-activity;sid:84505568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642469)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/18/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642469/; classtype:trojan-activity;sid:84505569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642470)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/13/14/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642470/; classtype:trojan-activity;sid:84505570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642471)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/07/14/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642471/; classtype:trojan-activity;sid:84505571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642472)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/06/10/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642472/; classtype:trojan-activity;sid:84505572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642473)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/09/19/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642473/; classtype:trojan-activity;sid:84505573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642474)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/22/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642474/; classtype:trojan-activity;sid:84505574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642466)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/info.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"121.163.139.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642466/; classtype:trojan-activity;sid:84505566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642467)"; flow:established,from_client; content:"GET"; http_method; content:"/data/ingprice_%ec%9b%90%eb%a3%8c%ea%b0%80%ea%b2%a9/202207/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642467/; classtype:trojan-activity;sid:84505567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642465)"; flow:established,from_client; content:"GET"; http_method; content:"/lemoius.info.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"13.234.0.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642465/; classtype:trojan-activity;sid:84505565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642464)"; flow:established,from_client; content:"GET"; http_method; content:"/log/debug/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"58.52.216.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642464/; classtype:trojan-activity;sid:84505564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642459)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/20/09/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642459/; classtype:trojan-activity;sid:84505559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642460)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/08/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642460/; classtype:trojan-activity;sid:84505560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642461)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"121.163.139.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642461/; classtype:trojan-activity;sid:84505561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642462)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/11/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642462/; classtype:trojan-activity;sid:84505562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642463)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/07/07/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642463/; classtype:trojan-activity;sid:84505563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642457)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/06/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642457/; classtype:trojan-activity;sid:84505557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642458)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/07/05/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642458/; classtype:trojan-activity;sid:84505558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642455)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/2018%20fixture%20-cp%20status/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642455/; classtype:trojan-activity;sid:84505555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642456)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/13/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642456/; classtype:trojan-activity;sid:84505556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642451)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/02/06/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642451/; classtype:trojan-activity;sid:84505551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642452)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/13/06/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642452/; classtype:trojan-activity;sid:84505552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642453)"; flow:established,from_client; content:"GET"; http_method; content:"/02/24/01/31/19/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642453/; classtype:trojan-activity;sid:84505553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642454)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/03/12/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642454/; classtype:trojan-activity;sid:84505554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642449)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/05/23/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642449/; classtype:trojan-activity;sid:84505549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642450)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/09/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642450/; classtype:trojan-activity;sid:84505550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642447)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/04/07/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642447/; classtype:trojan-activity;sid:84505547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642448)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/07/20/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642448/; classtype:trojan-activity;sid:84505548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642446)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/04/14/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642446/; classtype:trojan-activity;sid:84505546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642436)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/07/10/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642436/; classtype:trojan-activity;sid:84505536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642437)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642437/; classtype:trojan-activity;sid:84505537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642438)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642438/; classtype:trojan-activity;sid:84505538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642439)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/11/09/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642439/; classtype:trojan-activity;sid:84505539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642440)"; flow:established,from_client; content:"GET"; http_method; content:"/log/fatal/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"58.52.216.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642440/; classtype:trojan-activity;sid:84505540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642441)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/latest/flowmeter-report-system/src/common/exceptions/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642441/; classtype:trojan-activity;sid:84505541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642442)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/13/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642442/; classtype:trojan-activity;sid:84505542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642443)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/01/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642443/; classtype:trojan-activity;sid:84505543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642444)"; flow:established,from_client; content:"GET"; http_method; content:"/aspnet_client/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"58.52.216.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642444/; classtype:trojan-activity;sid:84505544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642445)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/09/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642445/; classtype:trojan-activity;sid:84505545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642433)"; flow:established,from_client; content:"GET"; http_method; content:"/upgradefiles/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"58.52.216.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642433/; classtype:trojan-activity;sid:84505533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642434)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/11/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642434/; classtype:trojan-activity;sid:84505534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642435)"; flow:established,from_client; content:"GET"; http_method; content:"/data/202205/sjk-ic/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642435/; classtype:trojan-activity;sid:84505535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642432)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/04/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642432/; classtype:trojan-activity;sid:84505532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642429)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/08/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642429/; classtype:trojan-activity;sid:84505529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642430)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/05/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642430/; classtype:trojan-activity;sid:84505530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642431)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/12/21/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642431/; classtype:trojan-activity;sid:84505531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642428)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/10/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642428/; classtype:trojan-activity;sid:84505528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642426)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/08/01/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642426/; classtype:trojan-activity;sid:84505526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642427)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/02/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642427/; classtype:trojan-activity;sid:84505527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642424)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/04/09/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642424/; classtype:trojan-activity;sid:84505524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642425)"; flow:established,from_client; content:"GET"; http_method; content:"/log/info/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"58.52.216.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642425/; classtype:trojan-activity;sid:84505525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642421)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/13/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642421/; classtype:trojan-activity;sid:84505521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642422)"; flow:established,from_client; content:"GET"; http_method; content:"/02/info.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642422/; classtype:trojan-activity;sid:84505522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642423)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/01/14/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642423/; classtype:trojan-activity;sid:84505523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642418)"; flow:established,from_client; content:"GET"; http_method; content:"/data/202207/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642418/; classtype:trojan-activity;sid:84505518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642419)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/06/08/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642419/; classtype:trojan-activity;sid:84505519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642420)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/logs/refs/remotes/origin/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642420/; classtype:trojan-activity;sid:84505520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642417)"; flow:established,from_client; content:"GET"; http_method; content:"/slnammicafe2/ammicafe2file/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642417/; classtype:trojan-activity;sid:84505517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642415)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/10/09/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642415/; classtype:trojan-activity;sid:84505515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642416)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/02/07/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642416/; classtype:trojan-activity;sid:84505516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642410)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/11/09/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642410/; classtype:trojan-activity;sid:84505510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642411)"; flow:established,from_client; content:"GET"; http_method; content:"/data/forecast_%ec%a0%9c%ed%92%88%ec%98%88%ec%83%81%ec%83%9d%ec%82%b0%eb%9f%89/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642411/; classtype:trojan-activity;sid:84505511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642412)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/07/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642412/; classtype:trojan-activity;sid:84505512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642413)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/09/07/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642413/; classtype:trojan-activity;sid:84505513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642414)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/14/21/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642414/; classtype:trojan-activity;sid:84505514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642407)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/02/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642407/; classtype:trojan-activity;sid:84505507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642408)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/logs/refs/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642408/; classtype:trojan-activity;sid:84505508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642409)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/objects/2b/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642409/; classtype:trojan-activity;sid:84505509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642404)"; flow:established,from_client; content:"GET"; http_method; content:"/nowy%20katalog/ready%20or%20not%20build%2012192024/ready%20or%20not/readyornot/content/vo/streamermichael/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"83.29.21.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642404/; classtype:trojan-activity;sid:84505504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642405)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/02/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642405/; classtype:trojan-activity;sid:84505505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642406)"; flow:established,from_client; content:"GET"; http_method; content:"/slnammicafe2/ammicafe2file/ammicafe2setup/info.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642406/; classtype:trojan-activity;sid:84505506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642403)"; flow:established,from_client; content:"GET"; http_method; content:"/02/24/01/31/14/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642403/; classtype:trojan-activity;sid:84505503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642397)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/06/06/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642397/; classtype:trojan-activity;sid:84505497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642398)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/05/21/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642398/; classtype:trojan-activity;sid:84505498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642399)"; flow:established,from_client; content:"GET"; http_method; content:"/obj/debug/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"121.163.139.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642399/; classtype:trojan-activity;sid:84505499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642400)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/04/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642400/; classtype:trojan-activity;sid:84505500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642401)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/22/07/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642401/; classtype:trojan-activity;sid:84505501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642402)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/03/06/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642402/; classtype:trojan-activity;sid:84505502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642395)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/05/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642395/; classtype:trojan-activity;sid:84505495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642396)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/05/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642396/; classtype:trojan-activity;sid:84505496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642394)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/latest/flowmeter-report-system/info.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642394/; classtype:trojan-activity;sid:84505494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642393)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20it%20support/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642393/; classtype:trojan-activity;sid:84505493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642391)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/logs/refs/heads/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642391/; classtype:trojan-activity;sid:84505491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642392)"; flow:established,from_client; content:"GET"; http_method; content:"/data/forecast_%ec%a0%9c%ed%92%88%ec%98%88%ec%83%81%ec%83%9d%ec%82%b0%eb%9f%89/202308/sjp-bt/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642392/; classtype:trojan-activity;sid:84505492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642390)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/03/09/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642390/; classtype:trojan-activity;sid:84505490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642389)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/04/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642389/; classtype:trojan-activity;sid:84505489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642387)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/16/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642387/; classtype:trojan-activity;sid:84505487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642388)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/02/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642388/; classtype:trojan-activity;sid:84505488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642386)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/03/05/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642386/; classtype:trojan-activity;sid:84505486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642382)"; flow:established,from_client; content:"GET"; http_method; content:"/big/html/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642382/; classtype:trojan-activity;sid:84505482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642383)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/01/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642383/; classtype:trojan-activity;sid:84505483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642384)"; flow:established,from_client; content:"GET"; http_method; content:"/models/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"121.163.139.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642384/; classtype:trojan-activity;sid:84505484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642385)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/18/19/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642385/; classtype:trojan-activity;sid:84505485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642380)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/11/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642380/; classtype:trojan-activity;sid:84505480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642381)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/v0.400/flowmeter-report-system/resource/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642381/; classtype:trojan-activity;sid:84505481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642379)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/06/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642379/; classtype:trojan-activity;sid:84505479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642378)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/07/06/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642378/; classtype:trojan-activity;sid:84505478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642374)"; flow:established,from_client; content:"GET"; http_method; content:"/02/24/01/31/18/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642374/; classtype:trojan-activity;sid:84505474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642375)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/03/14/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642375/; classtype:trojan-activity;sid:84505475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642376)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/06/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642376/; classtype:trojan-activity;sid:84505476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642377)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/06/21/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642377/; classtype:trojan-activity;sid:84505477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642368)"; flow:established,from_client; content:"GET"; http_method; content:"/log/error/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"58.52.216.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642368/; classtype:trojan-activity;sid:84505468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642369)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/02/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642369/; classtype:trojan-activity;sid:84505469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642370)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/10/19/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642370/; classtype:trojan-activity;sid:84505470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642371)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/09/00/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642371/; classtype:trojan-activity;sid:84505471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642372)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/src/common/__pycache__/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642372/; classtype:trojan-activity;sid:84505472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642373)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/06/08/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642373/; classtype:trojan-activity;sid:84505473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642364)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/company%20guidelines%20and%20rules/info.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642364/; classtype:trojan-activity;sid:84505464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642365)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/02/10/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642365/; classtype:trojan-activity;sid:84505465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642366)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/11/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642366/; classtype:trojan-activity;sid:84505466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642367)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/10/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642367/; classtype:trojan-activity;sid:84505467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642362)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/16/18/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642362/; classtype:trojan-activity;sid:84505462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642363)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/06/23/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642363/; classtype:trojan-activity;sid:84505463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642360)"; flow:established,from_client; content:"GET"; http_method; content:"/02/24/01/31/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642360/; classtype:trojan-activity;sid:84505460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642361)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/12/31/18/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642361/; classtype:trojan-activity;sid:84505461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642359)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/12/14/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642359/; classtype:trojan-activity;sid:84505459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642357)"; flow:established,from_client; content:"GET"; http_method; content:"/02/24/01/31/22/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642357/; classtype:trojan-activity;sid:84505457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642358)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/14/19/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642358/; classtype:trojan-activity;sid:84505458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642355)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/10/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642355/; classtype:trojan-activity;sid:84505455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642356)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/09/18/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642356/; classtype:trojan-activity;sid:84505456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642354)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/13/10/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642354/; classtype:trojan-activity;sid:84505454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642353)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/other/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642353/; classtype:trojan-activity;sid:84505453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642352)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/08/06/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642352/; classtype:trojan-activity;sid:84505452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642350)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/09/01/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642350/; classtype:trojan-activity;sid:84505450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642351)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/16/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642351/; classtype:trojan-activity;sid:84505451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642344)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/02/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642344/; classtype:trojan-activity;sid:84505444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642345)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/08/14/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642345/; classtype:trojan-activity;sid:84505445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642346)"; flow:established,from_client; content:"GET"; http_method; content:"/big/sql%20server%202014/info.zip"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642346/; classtype:trojan-activity;sid:84505446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642347)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/04/03/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642347/; classtype:trojan-activity;sid:84505447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642348)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/v0.400/flowmeter-report-system/src/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642348/; classtype:trojan-activity;sid:84505448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642349)"; flow:established,from_client; content:"GET"; http_method; content:"/images/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642349/; classtype:trojan-activity;sid:84505449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642342)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/11/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642342/; classtype:trojan-activity;sid:84505442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642343)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/09/22/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642343/; classtype:trojan-activity;sid:84505443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642332)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/12/08/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642332/; classtype:trojan-activity;sid:84505432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642333)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642333/; classtype:trojan-activity;sid:84505433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642334)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/06/09/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642334/; classtype:trojan-activity;sid:84505434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642335)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/04/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642335/; classtype:trojan-activity;sid:84505435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642336)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/05/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642336/; classtype:trojan-activity;sid:84505436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642337)"; flow:established,from_client; content:"GET"; http_method; content:"/log/warn/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"58.52.216.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642337/; classtype:trojan-activity;sid:84505437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642338)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/08/10/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642338/; classtype:trojan-activity;sid:84505438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642339)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/06/18/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642339/; classtype:trojan-activity;sid:84505439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642340)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/07/08/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642340/; classtype:trojan-activity;sid:84505440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642341)"; flow:established,from_client; content:"GET"; http_method; content:"/data/forecast_%ec%a0%9c%ed%92%88%ec%98%88%ec%83%81%ec%83%9d%ec%82%b0%eb%9f%89/202207/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642341/; classtype:trojan-activity;sid:84505441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642330)"; flow:established,from_client; content:"GET"; http_method; content:"/data/202207/sjk-ic/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642330/; classtype:trojan-activity;sid:84505430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642331)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/19/12/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642331/; classtype:trojan-activity;sid:84505431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642326)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/10/10/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642326/; classtype:trojan-activity;sid:84505426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642327)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/04/20/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642327/; classtype:trojan-activity;sid:84505427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642328)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/05/09/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642328/; classtype:trojan-activity;sid:84505428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642329)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/08/09/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642329/; classtype:trojan-activity;sid:84505429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642325)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/latest/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642325/; classtype:trojan-activity;sid:84505425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642323)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/04/10/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642323/; classtype:trojan-activity;sid:84505423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642324)"; flow:established,from_client; content:"GET"; http_method; content:"/01/info.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642324/; classtype:trojan-activity;sid:84505424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642320)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/13/12/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642320/; classtype:trojan-activity;sid:84505420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642321)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642321/; classtype:trojan-activity;sid:84505421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642322)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/src/client/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642322/; classtype:trojan-activity;sid:84505422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642319)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/09/00/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642319/; classtype:trojan-activity;sid:84505419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642316)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/09/19/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642316/; classtype:trojan-activity;sid:84505416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642317)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/10/22/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642317/; classtype:trojan-activity;sid:84505417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642318)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/20/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642318/; classtype:trojan-activity;sid:84505418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642315)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/04/18/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642315/; classtype:trojan-activity;sid:84505415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642313)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/10/08/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642313/; classtype:trojan-activity;sid:84505413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642314)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/12/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642314/; classtype:trojan-activity;sid:84505414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642312)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/20/06/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642312/; classtype:trojan-activity;sid:84505412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642311)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/src/common/exceptions/__pycache__/info.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642311/; classtype:trojan-activity;sid:84505411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642310)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/06/19/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642310/; classtype:trojan-activity;sid:84505410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642304)"; flow:established,from_client; content:"GET"; http_method; content:"/02/24/01/31/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642304/; classtype:trojan-activity;sid:84505404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642305)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/06/05/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642305/; classtype:trojan-activity;sid:84505405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642306)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/11/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642306/; classtype:trojan-activity;sid:84505406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642307)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/11/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642307/; classtype:trojan-activity;sid:84505407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642308)"; flow:established,from_client; content:"GET"; http_method; content:"/02/24/01/31/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642308/; classtype:trojan-activity;sid:84505408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642309)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/13/09/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642309/; classtype:trojan-activity;sid:84505409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642301)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/05/22/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642301/; classtype:trojan-activity;sid:84505401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642302)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/objects/d1/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642302/; classtype:trojan-activity;sid:84505402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642303)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/objects/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642303/; classtype:trojan-activity;sid:84505403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642296)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/03/19/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642296/; classtype:trojan-activity;sid:84505396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642297)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/info.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642297/; classtype:trojan-activity;sid:84505397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642298)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/02/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642298/; classtype:trojan-activity;sid:84505398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642299)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/06/09/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642299/; classtype:trojan-activity;sid:84505399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642300)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/09/06/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642300/; classtype:trojan-activity;sid:84505400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642294)"; flow:established,from_client; content:"GET"; http_method; content:"/inicis_dll/key/inipaytest/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642294/; classtype:trojan-activity;sid:84505394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642295)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/axs%20marine%20outlook%20plugin/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642295/; classtype:trojan-activity;sid:84505395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642292)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/08/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642292/; classtype:trojan-activity;sid:84505392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642293)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/10/09/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642293/; classtype:trojan-activity;sid:84505393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642289)"; flow:established,from_client; content:"GET"; http_method; content:"/aspnet_client/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"58.52.216.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642289/; classtype:trojan-activity;sid:84505389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642290)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/src/common/exceptions/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642290/; classtype:trojan-activity;sid:84505390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642291)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/05/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642291/; classtype:trojan-activity;sid:84505391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642284)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/07/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642284/; classtype:trojan-activity;sid:84505384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642285)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/20/22/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642285/; classtype:trojan-activity;sid:84505385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642286)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/12/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642286/; classtype:trojan-activity;sid:84505386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642287)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/v0.400/flowmeter-report-system/info.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642287/; classtype:trojan-activity;sid:84505387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642288)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/03/18/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642288/; classtype:trojan-activity;sid:84505388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642282)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/05/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642282/; classtype:trojan-activity;sid:84505382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642283)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/objects/9a/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642283/; classtype:trojan-activity;sid:84505383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642280)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/20/10/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642280/; classtype:trojan-activity;sid:84505380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642281)"; flow:established,from_client; content:"GET"; http_method; content:"/02/24/01/31/21/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642281/; classtype:trojan-activity;sid:84505381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642278)"; flow:established,from_client; content:"GET"; http_method; content:"/log/warn/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"58.52.216.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642278/; classtype:trojan-activity;sid:84505378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642279)"; flow:established,from_client; content:"GET"; http_method; content:"/02/24/01/31/03/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642279/; classtype:trojan-activity;sid:84505379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642275)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/08/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642275/; classtype:trojan-activity;sid:84505375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642276)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/01/18/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642276/; classtype:trojan-activity;sid:84505376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642277)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/objects/5e/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642277/; classtype:trojan-activity;sid:84505377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642274)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/bhushan/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642274/; classtype:trojan-activity;sid:84505374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642273)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/v0.400/flowmeter-report-system/src/common/__pycache__/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642273/; classtype:trojan-activity;sid:84505373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642268)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/03/07/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642268/; classtype:trojan-activity;sid:84505368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642269)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/16/19/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642269/; classtype:trojan-activity;sid:84505369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642270)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/14/07/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642270/; classtype:trojan-activity;sid:84505370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642271)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/02/21/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642271/; classtype:trojan-activity;sid:84505371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642272)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/baltic%20exchange%20index%20data/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642272/; classtype:trojan-activity;sid:84505372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642267)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/02/09/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642267/; classtype:trojan-activity;sid:84505367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642265)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-moxa/info.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642265/; classtype:trojan-activity;sid:84505365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642266)"; flow:established,from_client; content:"GET"; http_method; content:"/data/forecast_%ec%a0%9c%ed%92%88%ec%98%88%ec%83%81%ec%83%9d%ec%82%b0%eb%9f%89/202206/sjk-ic/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642266/; classtype:trojan-activity;sid:84505366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642264)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/03/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642264/; classtype:trojan-activity;sid:84505364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642262)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/06/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642262/; classtype:trojan-activity;sid:84505362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642263)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/03/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642263/; classtype:trojan-activity;sid:84505363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642257)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/01/20/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642257/; classtype:trojan-activity;sid:84505357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642258)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/12/12/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642258/; classtype:trojan-activity;sid:84505358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642259)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/12/31/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642259/; classtype:trojan-activity;sid:84505359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642260)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/10/05/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642260/; classtype:trojan-activity;sid:84505360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642261)"; flow:established,from_client; content:"GET"; http_method; content:"/log/debug/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"58.52.216.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642261/; classtype:trojan-activity;sid:84505361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642256)"; flow:established,from_client; content:"GET"; http_method; content:"/aspnet_client/system_web/info.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"58.52.216.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642256/; classtype:trojan-activity;sid:84505356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642254)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/16/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642254/; classtype:trojan-activity;sid:84505354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642255)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/12/31/19/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642255/; classtype:trojan-activity;sid:84505355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642252)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/10/18/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642252/; classtype:trojan-activity;sid:84505352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642253)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/09/09/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642253/; classtype:trojan-activity;sid:84505353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642248)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/10/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642248/; classtype:trojan-activity;sid:84505348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642249)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/10/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642249/; classtype:trojan-activity;sid:84505349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642250)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/info.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642250/; classtype:trojan-activity;sid:84505350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642251)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/19/18/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642251/; classtype:trojan-activity;sid:84505351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642245)"; flow:established,from_client; content:"GET"; http_method; content:"/inicis_dll/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642245/; classtype:trojan-activity;sid:84505345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642246)"; flow:established,from_client; content:"GET"; http_method; content:"/big/info.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642246/; classtype:trojan-activity;sid:84505346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642247)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/09/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642247/; classtype:trojan-activity;sid:84505347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642244)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/01/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642244/; classtype:trojan-activity;sid:84505344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642243)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/11/12/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642243/; classtype:trojan-activity;sid:84505343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642241)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/04/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642241/; classtype:trojan-activity;sid:84505341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642242)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/14/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642242/; classtype:trojan-activity;sid:84505342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642240)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/03/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642240/; classtype:trojan-activity;sid:84505340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642239)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/10/07/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642239/; classtype:trojan-activity;sid:84505339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642238)"; flow:established,from_client; content:"GET"; http_method; content:"/log/info.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"58.52.216.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642238/; classtype:trojan-activity;sid:84505338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642236)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/05/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642236/; classtype:trojan-activity;sid:84505336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642237)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/08/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642237/; classtype:trojan-activity;sid:84505337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642234)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/04/05/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642234/; classtype:trojan-activity;sid:84505334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642235)"; flow:established,from_client; content:"GET"; http_method; content:"/aspnet_client/system_web/info.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"58.52.216.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642235/; classtype:trojan-activity;sid:84505335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642227)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/04/08/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642227/; classtype:trojan-activity;sid:84505327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642228)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20singapore%20operations/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642228/; classtype:trojan-activity;sid:84505328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642229)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/app/info.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642229/; classtype:trojan-activity;sid:84505329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642230)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/03/14/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642230/; classtype:trojan-activity;sid:84505330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642231)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/09/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642231/; classtype:trojan-activity;sid:84505331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642232)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/10/10/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642232/; classtype:trojan-activity;sid:84505332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642233)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/04/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642233/; classtype:trojan-activity;sid:84505333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642223)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/daily%20direct%20vessel%20list/info.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642223/; classtype:trojan-activity;sid:84505323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642224)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/05/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642224/; classtype:trojan-activity;sid:84505324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642225)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/07/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642225/; classtype:trojan-activity;sid:84505325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642226)"; flow:established,from_client; content:"GET"; http_method; content:"/inicis_dll/key/jungminsof/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642226/; classtype:trojan-activity;sid:84505326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642222)"; flow:established,from_client; content:"GET"; http_method; content:"/fnv9p7lwrh.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"a.qgf-5-e.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642222/; classtype:trojan-activity;sid:84505322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642221)"; flow:established,from_client; content:"GET"; http_method; content:"/4q.google|3f|t=k5bywdiv"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"m2.bowibo.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642221/; classtype:trojan-activity;sid:84505321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642220)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.153.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642220/; classtype:trojan-activity;sid:84505320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642219)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.11.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642219/; classtype:trojan-activity;sid:84505319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642218)"; flow:established,from_client; content:"GET"; http_method; content:"/7xtxu84qmi.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"tq1.i-76t.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642218/; classtype:trojan-activity;sid:84505318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642217)"; flow:established,from_client; content:"GET"; http_method; content:"/4q.google|3f|t=8w4scorr"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"m2.bowibo.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642217/; classtype:trojan-activity;sid:84505317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642216)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2019/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642216/; classtype:trojan-activity;sid:84505316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642215)"; flow:established,from_client; content:"GET"; http_method; content:"/workimage2/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642215/; classtype:trojan-activity;sid:84505315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642214)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2022/10/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642214/; classtype:trojan-activity;sid:84505314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642213)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2024/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642213/; classtype:trojan-activity;sid:84505313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642207)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2020/07/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642207/; classtype:trojan-activity;sid:84505307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642208)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2021/01/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642208/; classtype:trojan-activity;sid:84505308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642209)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2022/01/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642209/; classtype:trojan-activity;sid:84505309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642210)"; flow:established,from_client; content:"GET"; http_method; content:"/workimage/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642210/; classtype:trojan-activity;sid:84505310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642211)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2020/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642211/; classtype:trojan-activity;sid:84505311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642212)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_21425_mahal-node2/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642212/; classtype:trojan-activity;sid:84505312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642204)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2021/06/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642204/; classtype:trojan-activity;sid:84505304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642205)"; flow:established,from_client; content:"GET"; http_method; content:"/docuimage/201902/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642205/; classtype:trojan-activity;sid:84505305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642206)"; flow:established,from_client; content:"GET"; http_method; content:"/froala/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642206/; classtype:trojan-activity;sid:84505306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642202)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_12424_mahal-node2/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642202/; classtype:trojan-activity;sid:84505302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642203)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2024/06/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642203/; classtype:trojan-activity;sid:84505303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642199)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642199/; classtype:trojan-activity;sid:84505299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642200)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2023/10/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642200/; classtype:trojan-activity;sid:84505300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642201)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_102124_mahal-node2/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"203.192.219.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642201/; classtype:trojan-activity;sid:84505301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642196)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_11125_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642196/; classtype:trojan-activity;sid:84505296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642197)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2018/11/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642197/; classtype:trojan-activity;sid:84505297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642198)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.153.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642198/; classtype:trojan-activity;sid:84505298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642193)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2019/09/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642193/; classtype:trojan-activity;sid:84505293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642194)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642194/; classtype:trojan-activity;sid:84505294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642195)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2023/05/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642195/; classtype:trojan-activity;sid:84505295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642190)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2022/05/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642190/; classtype:trojan-activity;sid:84505290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642191)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_3925_mahal-node1/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"203.192.219.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642191/; classtype:trojan-activity;sid:84505291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642192)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2023/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642192/; classtype:trojan-activity;sid:84505292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642187)"; flow:established,from_client; content:"GET"; http_method; content:"/docuimage/201909/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642187/; classtype:trojan-activity;sid:84505287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642188)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642188/; classtype:trojan-activity;sid:84505288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642189)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_102624_mahal-node2/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"203.192.219.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642189/; classtype:trojan-activity;sid:84505289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642182)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_11424_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642182/; classtype:trojan-activity;sid:84505282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642183)"; flow:established,from_client; content:"GET"; http_method; content:"/docuimage2/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642183/; classtype:trojan-activity;sid:84505283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642184)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2019/06/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642184/; classtype:trojan-activity;sid:84505284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642185)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2020/01/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642185/; classtype:trojan-activity;sid:84505285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642186)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2025/04/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642186/; classtype:trojan-activity;sid:84505286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642180)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2020/06/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642180/; classtype:trojan-activity;sid:84505280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642181)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2021/07/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642181/; classtype:trojan-activity;sid:84505281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642177)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2020/10/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642177/; classtype:trojan-activity;sid:84505277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642178)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/image/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642178/; classtype:trojan-activity;sid:84505278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642179)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_21025_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642179/; classtype:trojan-activity;sid:84505279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642171)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_121024_mahal-node1/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"203.192.219.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642171/; classtype:trojan-activity;sid:84505271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642172)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2020/04/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642172/; classtype:trojan-activity;sid:84505272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642173)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2023/03/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642173/; classtype:trojan-activity;sid:84505273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642174)"; flow:established,from_client; content:"GET"; http_method; content:"/docuimage/201912/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642174/; classtype:trojan-activity;sid:84505274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642175)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2020/09/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642175/; classtype:trojan-activity;sid:84505275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642176)"; flow:established,from_client; content:"GET"; http_method; content:"/docuimage/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642176/; classtype:trojan-activity;sid:84505276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642168)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_12525_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642168/; classtype:trojan-activity;sid:84505268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642169)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_82624_mahal-node2/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642169/; classtype:trojan-activity;sid:84505269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642170)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_11425_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642170/; classtype:trojan-activity;sid:84505270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642166)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_10824_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642166/; classtype:trojan-activity;sid:84505266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642167)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2024/03/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642167/; classtype:trojan-activity;sid:84505267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642165)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2018/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642165/; classtype:trojan-activity;sid:84505265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642162)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2023/06/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642162/; classtype:trojan-activity;sid:84505262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642163)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2021/03/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642163/; classtype:trojan-activity;sid:84505263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642164)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2021/08/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642164/; classtype:trojan-activity;sid:84505264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642160)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2022/09/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642160/; classtype:trojan-activity;sid:84505260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642161)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2024/02/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642161/; classtype:trojan-activity;sid:84505261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642156)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2019/05/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642156/; classtype:trojan-activity;sid:84505256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642157)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_102124_mahal-node1/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"203.192.219.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642157/; classtype:trojan-activity;sid:84505257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642158)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2023/04/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642158/; classtype:trojan-activity;sid:84505258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642159)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_121424_mahal-node1/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"203.192.219.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642159/; classtype:trojan-activity;sid:84505259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642153)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_10824_mahal-node2/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642153/; classtype:trojan-activity;sid:84505253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642154)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_112924_mahal-node1/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"203.192.219.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642154/; classtype:trojan-activity;sid:84505254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642155)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2022/08/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642155/; classtype:trojan-activity;sid:84505255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642152)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_101124_mahal-server/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"203.192.219.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642152/; classtype:trojan-activity;sid:84505252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642151)"; flow:established,from_client; content:"GET"; http_method; content:"/docuimage/201911/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642151/; classtype:trojan-activity;sid:84505251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642148)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_112724_mahal-node1/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"203.192.219.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642148/; classtype:trojan-activity;sid:84505248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642149)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"203.192.219.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642149/; classtype:trojan-activity;sid:84505249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642150)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_11225_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642150/; classtype:trojan-activity;sid:84505250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642146)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_122124_mahal-node2/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"203.192.219.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642146/; classtype:trojan-activity;sid:84505246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642147)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/info.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"203.192.219.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642147/; classtype:trojan-activity;sid:84505247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642145)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2020/12/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642145/; classtype:trojan-activity;sid:84505245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642142)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2022/12/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642142/; classtype:trojan-activity;sid:84505242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642143)"; flow:established,from_client; content:"GET"; http_method; content:"/userscreenshot/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642143/; classtype:trojan-activity;sid:84505243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642144)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2022/04/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642144/; classtype:trojan-activity;sid:84505244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642140)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2023/08/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642140/; classtype:trojan-activity;sid:84505240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642141)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2022/11/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642141/; classtype:trojan-activity;sid:84505241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642130)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2022/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642130/; classtype:trojan-activity;sid:84505230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642131)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2019/02/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642131/; classtype:trojan-activity;sid:84505231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642132)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2020/03/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642132/; classtype:trojan-activity;sid:84505232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642133)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2019/12/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642133/; classtype:trojan-activity;sid:84505233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642134)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2024/05/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642134/; classtype:trojan-activity;sid:84505234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642135)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2020/05/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642135/; classtype:trojan-activity;sid:84505235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642136)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2020/02/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642136/; classtype:trojan-activity;sid:84505236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642137)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2021/12/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642137/; classtype:trojan-activity;sid:84505237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642138)"; flow:established,from_client; content:"GET"; http_method; content:"/equipimage/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642138/; classtype:trojan-activity;sid:84505238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642139)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2023/01/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642139/; classtype:trojan-activity;sid:84505239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642125)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2019/08/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642125/; classtype:trojan-activity;sid:84505225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642126)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2019/10/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642126/; classtype:trojan-activity;sid:84505226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642127)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2024/08/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642127/; classtype:trojan-activity;sid:84505227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642128)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2025/01/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642128/; classtype:trojan-activity;sid:84505228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642129)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2019/11/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642129/; classtype:trojan-activity;sid:84505229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642122)"; flow:established,from_client; content:"GET"; http_method; content:"/docimg/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"203.192.219.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642122/; classtype:trojan-activity;sid:84505222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642123)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2021/10/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642123/; classtype:trojan-activity;sid:84505223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642124)"; flow:established,from_client; content:"GET"; http_method; content:"/froala/froalaimage/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642124/; classtype:trojan-activity;sid:84505224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642121)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2020/11/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642121/; classtype:trojan-activity;sid:84505221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642118)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2019/01/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642118/; classtype:trojan-activity;sid:84505218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642119)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_10124_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642119/; classtype:trojan-activity;sid:84505219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642120)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2024/01/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642120/; classtype:trojan-activity;sid:84505220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642117)"; flow:established,from_client; content:"GET"; http_method; content:"/workimage1/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642117/; classtype:trojan-activity;sid:84505217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642116)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2018/12/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642116/; classtype:trojan-activity;sid:84505216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642112)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_11424_mahal-node2/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642112/; classtype:trojan-activity;sid:84505212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642113)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_21625_mahal-node2/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642113/; classtype:trojan-activity;sid:84505213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642114)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/image/userimage.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642114/; classtype:trojan-activity;sid:84505214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642115)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_101824_mahal-node1/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"203.192.219.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642115/; classtype:trojan-activity;sid:84505215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642109)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_11825_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642109/; classtype:trojan-activity;sid:84505209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642110)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_92424_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642110/; classtype:trojan-activity;sid:84505210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642111)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_61324_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642111/; classtype:trojan-activity;sid:84505211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642108)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_3225_mahal-node1/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"203.192.219.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642108/; classtype:trojan-activity;sid:84505208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642105)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2025/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642105/; classtype:trojan-activity;sid:84505205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642106)"; flow:established,from_client; content:"GET"; http_method; content:"/userimage/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642106/; classtype:trojan-activity;sid:84505206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642107)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_101424_mahal-node1/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"203.192.219.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642107/; classtype:trojan-activity;sid:84505207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642102)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2022/02/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642102/; classtype:trojan-activity;sid:84505202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642103)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2024/09/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642103/; classtype:trojan-activity;sid:84505203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642104)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_122624_mahal-node1/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"203.192.219.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642104/; classtype:trojan-activity;sid:84505204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642101)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2024/07/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642101/; classtype:trojan-activity;sid:84505201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642098)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2022/03/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642098/; classtype:trojan-activity;sid:84505198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642099)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2023/07/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642099/; classtype:trojan-activity;sid:84505199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642100)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2021/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642100/; classtype:trojan-activity;sid:84505200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642097)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_102524_mahal-node1/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"203.192.219.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642097/; classtype:trojan-activity;sid:84505197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642096)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_32824_mahal-server/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"203.192.219.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642096/; classtype:trojan-activity;sid:84505196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642095)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-03-23/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642095/; classtype:trojan-activity;sid:84505195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642094)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-04-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642094/; classtype:trojan-activity;sid:84505194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642093)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-12-27/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642093/; classtype:trojan-activity;sid:84505193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642092)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-09-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642092/; classtype:trojan-activity;sid:84505192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642091)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-02-11/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642091/; classtype:trojan-activity;sid:84505191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642090)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-10-23/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642090/; classtype:trojan-activity;sid:84505190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642089)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-10-17/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642089/; classtype:trojan-activity;sid:84505189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642088)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-01-13/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642088/; classtype:trojan-activity;sid:84505188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642087)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/01042020144633/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642087/; classtype:trojan-activity;sid:84505187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642086)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-08-05/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642086/; classtype:trojan-activity;sid:84505186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642085)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/13022020090013/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642085/; classtype:trojan-activity;sid:84505185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642084)"; flow:established,from_client; content:"GET"; http_method; content:"/ramon/teste/microsoft%20office%202010%20professional%20plus%20x86/outlook.pt-br/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642084/; classtype:trojan-activity;sid:84505184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642083)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-04-13/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642083/; classtype:trojan-activity;sid:84505183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642082)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-08-20/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642082/; classtype:trojan-activity;sid:84505182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642081)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-09-29/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642081/; classtype:trojan-activity;sid:84505181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642080)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-09-09/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642080/; classtype:trojan-activity;sid:84505180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642079)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-04-14/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642079/; classtype:trojan-activity;sid:84505179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642078)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/18082020081838/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642078/; classtype:trojan-activity;sid:84505178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642077)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/08092020083703/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642077/; classtype:trojan-activity;sid:84505177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642076)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-10-08/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642076/; classtype:trojan-activity;sid:84505176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642074)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/06102020120914/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642074/; classtype:trojan-activity;sid:84505174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642075)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/10022020102922/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642075/; classtype:trojan-activity;sid:84505175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642073)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-05-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642073/; classtype:trojan-activity;sid:84505173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642072)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/20022020082449/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642072/; classtype:trojan-activity;sid:84505172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642071)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-06-24/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642071/; classtype:trojan-activity;sid:84505171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642070)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/12032020083345/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642070/; classtype:trojan-activity;sid:84505170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642069)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-05-04/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642069/; classtype:trojan-activity;sid:84505169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642068)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-10-24/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642068/; classtype:trojan-activity;sid:84505168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642067)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-06-29/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642067/; classtype:trojan-activity;sid:84505167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642066)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-11-18/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642066/; classtype:trojan-activity;sid:84505166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642065)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-11-09/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642065/; classtype:trojan-activity;sid:84505165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642064)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642064/; classtype:trojan-activity;sid:84505164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642063)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-09-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642063/; classtype:trojan-activity;sid:84505163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642062)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/27082019111951/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642062/; classtype:trojan-activity;sid:84505162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642061)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-04-30/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642061/; classtype:trojan-activity;sid:84505161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642060)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/20112020075659/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642060/; classtype:trojan-activity;sid:84505160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642059)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/06032020085842/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642059/; classtype:trojan-activity;sid:84505159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642058)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/12-2019/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642058/; classtype:trojan-activity;sid:84505158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642057)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/30042020084106/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642057/; classtype:trojan-activity;sid:84505157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642056)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-01-08/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642056/; classtype:trojan-activity;sid:84505156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642054)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-08-17/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642054/; classtype:trojan-activity;sid:84505154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642055)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/22012020083435/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642055/; classtype:trojan-activity;sid:84505155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642051)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-01-28/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642051/; classtype:trojan-activity;sid:84505151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642052)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/22072020095449/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642052/; classtype:trojan-activity;sid:84505152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642053)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-09-03/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642053/; classtype:trojan-activity;sid:84505153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642050)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/16092020083639/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642050/; classtype:trojan-activity;sid:84505150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642049)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/07082019095156/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642049/; classtype:trojan-activity;sid:84505149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642048)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/02062020083409/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642048/; classtype:trojan-activity;sid:84505148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642046)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-04-16/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642046/; classtype:trojan-activity;sid:84505146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642047)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-09-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642047/; classtype:trojan-activity;sid:84505147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642045)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/04102019092515/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642045/; classtype:trojan-activity;sid:84505145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642044)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-01-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642044/; classtype:trojan-activity;sid:84505144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642043)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642043/; classtype:trojan-activity;sid:84505143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642042)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/05082020084128/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642042/; classtype:trojan-activity;sid:84505142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642041)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/04052020084825/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642041/; classtype:trojan-activity;sid:84505141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642040)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-05-25/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642040/; classtype:trojan-activity;sid:84505140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642039)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642039/; classtype:trojan-activity;sid:84505139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642038)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/10-2019/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642038/; classtype:trojan-activity;sid:84505138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642037)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-11-25/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642037/; classtype:trojan-activity;sid:84505137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642036)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.52.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642036/; classtype:trojan-activity;sid:84505136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642033)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/09012020082105/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642033/; classtype:trojan-activity;sid:84505133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642034)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/12062020065326/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642034/; classtype:trojan-activity;sid:84505134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642035)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.138.212.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642035/; classtype:trojan-activity;sid:84505135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642032)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.188.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642032/; classtype:trojan-activity;sid:84505132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642031)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.133.216.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642031/; classtype:trojan-activity;sid:84505131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642030)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.228.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642030/; classtype:trojan-activity;sid:84505130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642029)"; flow:established,from_client; content:"GET"; http_method; content:"/nxkkcuu0bi.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"x.i-76t.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642029/; classtype:trojan-activity;sid:84505129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642028)"; flow:established,from_client; content:"GET"; http_method; content:"/4m1.check|3f|t=9loe3uau"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"a7.nibulu.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642028/; classtype:trojan-activity;sid:84505128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642027)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-08-19/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642027/; classtype:trojan-activity;sid:84505127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642026)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-12-09/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642026/; classtype:trojan-activity;sid:84505126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642025)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-04-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642025/; classtype:trojan-activity;sid:84505125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642024)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-08-30/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642024/; classtype:trojan-activity;sid:84505124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642023)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/09092019082602/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642023/; classtype:trojan-activity;sid:84505123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642022)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/24032020073038/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642022/; classtype:trojan-activity;sid:84505122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642021)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-01-09/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642021/; classtype:trojan-activity;sid:84505121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642020)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-11-06/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642020/; classtype:trojan-activity;sid:84505120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642019)"; flow:established,from_client; content:"GET"; http_method; content:"/v30l1w69nw.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"b2.i-76t.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642019/; classtype:trojan-activity;sid:84505119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642018)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.234.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642018/; classtype:trojan-activity;sid:84505118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642016)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-11-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642016/; classtype:trojan-activity;sid:84505116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642017)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-08-12/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642017/; classtype:trojan-activity;sid:84505117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642015)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-09-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642015/; classtype:trojan-activity;sid:84505115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642014)"; flow:established,from_client; content:"GET"; http_method; content:"/tm2.check|3f|t=z0ybkvbw"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"x.bowibo.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642014/; classtype:trojan-activity;sid:84505114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642013)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-01-09/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642013/; classtype:trojan-activity;sid:84505113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642012)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-10-02/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642012/; classtype:trojan-activity;sid:84505112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642011)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/12/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642011/; classtype:trojan-activity;sid:84505111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642009)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-05-07/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642009/; classtype:trojan-activity;sid:84505109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642010)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642010/; classtype:trojan-activity;sid:84505110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642008)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-12-19/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642008/; classtype:trojan-activity;sid:84505108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642007)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642007/; classtype:trojan-activity;sid:84505107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642006)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-04-27/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642006/; classtype:trojan-activity;sid:84505106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642005)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/22112019085154/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642005/; classtype:trojan-activity;sid:84505105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642004)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/26112019085945/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642004/; classtype:trojan-activity;sid:84505104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642003)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-08-07/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642003/; classtype:trojan-activity;sid:84505103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642002)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-07-23/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642002/; classtype:trojan-activity;sid:84505102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642001)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-12-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642001/; classtype:trojan-activity;sid:84505101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642000)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/11082019114157/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642000/; classtype:trojan-activity;sid:84505100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641999)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/31082020082340/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641999/; classtype:trojan-activity;sid:84505099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641998)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/06102019070128/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641998/; classtype:trojan-activity;sid:84505098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641997)"; flow:established,from_client; content:"GET"; http_method; content:"/ramon/teste/microsoft%20office%202010%20professional%20plus%20x86/word.pt-br/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641997/; classtype:trojan-activity;sid:84505097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641996)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/25102019084914/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641996/; classtype:trojan-activity;sid:84505096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641994)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-01-28/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641994/; classtype:trojan-activity;sid:84505094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641995)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/07112019111454/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641995/; classtype:trojan-activity;sid:84505095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641993)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-11-24/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641993/; classtype:trojan-activity;sid:84505093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641992)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641992/; classtype:trojan-activity;sid:84505092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641991)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-10-15/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641991/; classtype:trojan-activity;sid:84505091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641989)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-11-22/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641989/; classtype:trojan-activity;sid:84505089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641990)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/10-2019/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641990/; classtype:trojan-activity;sid:84505090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641988)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-09-22/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641988/; classtype:trojan-activity;sid:84505088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641987)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/04-2020/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641987/; classtype:trojan-activity;sid:84505087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.201.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641986/; classtype:trojan-activity;sid:84505086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641985)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-09-12/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641985/; classtype:trojan-activity;sid:84505085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641984)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/12032020102935/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641984/; classtype:trojan-activity;sid:84505084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641983)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-03-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641983/; classtype:trojan-activity;sid:84505083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641982)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/15082019084619/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641982/; classtype:trojan-activity;sid:84505082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641981)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/12-2019/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641981/; classtype:trojan-activity;sid:84505081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641980)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-04-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641980/; classtype:trojan-activity;sid:84505080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641979)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/10-2019/01/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641979/; classtype:trojan-activity;sid:84505079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641978)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/19082020090554/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641978/; classtype:trojan-activity;sid:84505078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641977)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-10-28/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641977/; classtype:trojan-activity;sid:84505077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641975)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/12012020114658/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641975/; classtype:trojan-activity;sid:84505075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641976)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-06-15/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641976/; classtype:trojan-activity;sid:84505076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641974)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/04052020131203/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641974/; classtype:trojan-activity;sid:84505074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641973)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-09-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641973/; classtype:trojan-activity;sid:84505073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641971)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-01-24/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641971/; classtype:trojan-activity;sid:84505071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641972)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.228.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641972/; classtype:trojan-activity;sid:84505072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641970)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-11-27/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641970/; classtype:trojan-activity;sid:84505070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641969)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-06-22/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641969/; classtype:trojan-activity;sid:84505069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641968)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.169.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641968/; classtype:trojan-activity;sid:84505068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641967)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-03-11/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641967/; classtype:trojan-activity;sid:84505067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641966)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-07-24/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641966/; classtype:trojan-activity;sid:84505066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641964)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/02122019100253/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641964/; classtype:trojan-activity;sid:84505064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641965)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-12-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641965/; classtype:trojan-activity;sid:84505065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641963)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/22052020090704/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641963/; classtype:trojan-activity;sid:84505063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641962)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-03-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641962/; classtype:trojan-activity;sid:84505062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641961)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/09062020065325/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641961/; classtype:trojan-activity;sid:84505061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641959)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-10-23/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641959/; classtype:trojan-activity;sid:84505059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641960)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-09-30/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641960/; classtype:trojan-activity;sid:84505060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641958)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-11-07/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641958/; classtype:trojan-activity;sid:84505058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641956)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-05-29/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641956/; classtype:trojan-activity;sid:84505056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641957)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2020/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641957/; classtype:trojan-activity;sid:84505057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641955)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-09-14/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641955/; classtype:trojan-activity;sid:84505055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641954)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/23112020082722/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641954/; classtype:trojan-activity;sid:84505054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641952)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-08-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641952/; classtype:trojan-activity;sid:84505052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641953)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-11-17/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641953/; classtype:trojan-activity;sid:84505053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641950)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-02-10/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641950/; classtype:trojan-activity;sid:84505050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641951)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-08-22/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641951/; classtype:trojan-activity;sid:84505051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641949)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-01-20/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641949/; classtype:trojan-activity;sid:84505049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641948)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-03-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641948/; classtype:trojan-activity;sid:84505048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641947)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/20032020075744/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641947/; classtype:trojan-activity;sid:84505047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641946)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/21102019084639/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641946/; classtype:trojan-activity;sid:84505046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641945)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-11-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641945/; classtype:trojan-activity;sid:84505045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641944)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-10-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641944/; classtype:trojan-activity;sid:84505044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641943)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-08-27/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641943/; classtype:trojan-activity;sid:84505043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641942)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/22092020082856/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641942/; classtype:trojan-activity;sid:84505042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641941)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/14032020102525/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641941/; classtype:trojan-activity;sid:84505041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641940)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/20112019085047/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641940/; classtype:trojan-activity;sid:84505040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641939)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-10-06/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641939/; classtype:trojan-activity;sid:84505039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641938)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-08-15/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641938/; classtype:trojan-activity;sid:84505038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641937)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-06-04/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641937/; classtype:trojan-activity;sid:84505037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641936)"; flow:established,from_client; content:"GET"; http_method; content:"/m0q.google|3f|t=0rscff3w"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"x2.nibulu.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641936/; classtype:trojan-activity;sid:84505036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641935)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/06082020090723/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641935/; classtype:trojan-activity;sid:84505035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641933)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641933/; classtype:trojan-activity;sid:84505033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641934)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.85.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641934/; classtype:trojan-activity;sid:84505034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641932)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.52.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641932/; classtype:trojan-activity;sid:84505032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641931)"; flow:established,from_client; content:"GET"; http_method; content:"/0a7.google|3f|t=vllfmqym"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"pl.bowibo.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641931/; classtype:trojan-activity;sid:84505031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641930)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/rj/normal/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641930/; classtype:trojan-activity;sid:84505030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641929)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_29/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641929/; classtype:trojan-activity;sid:84505029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641928)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-01-03/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641928/; classtype:trojan-activity;sid:84505028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641927)"; flow:established,from_client; content:"GET"; http_method; content:"/ramon/teste/microsoft%20office%202010%20professional%20plus%20x86/office.pt-br/1046/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641927/; classtype:trojan-activity;sid:84505027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641926)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/07/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641926/; classtype:trojan-activity;sid:84505026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641925)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-08-12/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641925/; classtype:trojan-activity;sid:84505025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641924)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/13022020135624/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641924/; classtype:trojan-activity;sid:84505024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641922)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-05-07/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641922/; classtype:trojan-activity;sid:84505022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641923)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/10-2019/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641923/; classtype:trojan-activity;sid:84505023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641921)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-11-17/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641921/; classtype:trojan-activity;sid:84505021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641920)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/28/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641920/; classtype:trojan-activity;sid:84505020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641919)"; flow:established,from_client; content:"GET"; http_method; content:"/gipex_201806161031/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641919/; classtype:trojan-activity;sid:84505019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641918)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-06-30/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641918/; classtype:trojan-activity;sid:84505018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641917)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2019/25/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641917/; classtype:trojan-activity;sid:84505017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641916)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/04/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641916/; classtype:trojan-activity;sid:84505016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641915)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-03-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641915/; classtype:trojan-activity;sid:84505015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641914)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-09-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641914/; classtype:trojan-activity;sid:84505014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641913)"; flow:established,from_client; content:"GET"; http_method; content:"/remaeurxrxu.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"207.174.1.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641913/; classtype:trojan-activity;sid:84505013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641912)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-04-07/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641912/; classtype:trojan-activity;sid:84505012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641911)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/27112019090820/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641911/; classtype:trojan-activity;sid:84505011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641910)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"103.163.119.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641910/; classtype:trojan-activity;sid:84505010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641909)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/06022020084438/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641909/; classtype:trojan-activity;sid:84505009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641908)"; flow:established,from_client; content:"GET"; http_method; content:"/%20namewithout.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"207.174.1.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641908/; classtype:trojan-activity;sid:84505008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641907)"; flow:established,from_client; content:"GET"; http_method; content:"/ramon/teste/microsoft%20office%202010%20professional%20plus%20x86/updates/info.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641907/; classtype:trojan-activity;sid:84505007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641906)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-06-01/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641906/; classtype:trojan-activity;sid:84505006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641905)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/18112019131027/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641905/; classtype:trojan-activity;sid:84505005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641904)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-11-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641904/; classtype:trojan-activity;sid:84505004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641903)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641903/; classtype:trojan-activity;sid:84505003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641902)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-04-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641902/; classtype:trojan-activity;sid:84505002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641901)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-07-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641901/; classtype:trojan-activity;sid:84505001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641900)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-09-28/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641900/; classtype:trojan-activity;sid:84505000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641899)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/01-2020/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641899/; classtype:trojan-activity;sid:84504999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641898)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"103.163.119.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641898/; classtype:trojan-activity;sid:84504998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641897)"; flow:established,from_client; content:"GET"; http_method; content:"/r2.hta"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"23.227.187.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641897/; classtype:trojan-activity;sid:84504997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641896)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-01-07/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641896/; classtype:trojan-activity;sid:84504996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641895)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.150.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641895/; classtype:trojan-activity;sid:84504995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641894)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/31/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641894/; classtype:trojan-activity;sid:84504994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641893)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-09-18/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641893/; classtype:trojan-activity;sid:84504993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641892)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/carta%20de%20corre%c3%a7%c3%a3o/2020-07-16/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641892/; classtype:trojan-activity;sid:84504992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641891)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/09032020102512/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641891/; classtype:trojan-activity;sid:84504991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641890)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/28082020083513/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641890/; classtype:trojan-activity;sid:84504990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641889)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-08-28/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641889/; classtype:trojan-activity;sid:84504989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641887)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-10-18/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641887/; classtype:trojan-activity;sid:84504987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641888)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-08-31/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641888/; classtype:trojan-activity;sid:84504988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641886)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/12/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641886/; classtype:trojan-activity;sid:84504986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641885)"; flow:established,from_client; content:"GET"; http_method; content:"/ramon/teste/microsoft%20office%202010%20professional%20plus%20x86/proplus.ww/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641885/; classtype:trojan-activity;sid:84504985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641884)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/11032020083252/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641884/; classtype:trojan-activity;sid:84504984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641883)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-06-24/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641883/; classtype:trojan-activity;sid:84504983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641882)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-03-10/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641882/; classtype:trojan-activity;sid:84504982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641881)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-10-03/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641881/; classtype:trojan-activity;sid:84504981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641880)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/07052020090035/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641880/; classtype:trojan-activity;sid:84504980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641879)"; flow:established,from_client; content:"GET"; http_method; content:"/zcc4wdkfy6.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"i.qgf-5-e.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641879/; classtype:trojan-activity;sid:84504979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641877)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-11-08/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641877/; classtype:trojan-activity;sid:84504977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641878)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-06-02/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641878/; classtype:trojan-activity;sid:84504978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641876)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-02-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641876/; classtype:trojan-activity;sid:84504976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641875)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-02-20/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641875/; classtype:trojan-activity;sid:84504975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641873)"; flow:established,from_client; content:"GET"; http_method; content:"/ramon/teste/microsoft%20office%202010%20professional%20plus%20x86/onenote.pt-br/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641873/; classtype:trojan-activity;sid:84504973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641874)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-09-26/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641874/; classtype:trojan-activity;sid:84504974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641872)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-10-30/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641872/; classtype:trojan-activity;sid:84504972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641871)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-07-14/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641871/; classtype:trojan-activity;sid:84504971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641870)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-11-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641870/; classtype:trojan-activity;sid:84504970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.247.88.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641869/; classtype:trojan-activity;sid:84504969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641868)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/18012020091226/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641868/; classtype:trojan-activity;sid:84504968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641866)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-12-16/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641866/; classtype:trojan-activity;sid:84504966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641867)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-10-08/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641867/; classtype:trojan-activity;sid:84504967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641865)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-08-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641865/; classtype:trojan-activity;sid:84504965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641864)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-11-12/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641864/; classtype:trojan-activity;sid:84504964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641863)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/10032020085405/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641863/; classtype:trojan-activity;sid:84504963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641862)"; flow:established,from_client; content:"GET"; http_method; content:"/digital_builder64.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"207.174.1.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641862/; classtype:trojan-activity;sid:84504962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641860)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_36/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641860/; classtype:trojan-activity;sid:84504960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641861)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-09-19/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641861/; classtype:trojan-activity;sid:84504961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641859)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/02-2020/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641859/; classtype:trojan-activity;sid:84504959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641858)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-10-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641858/; classtype:trojan-activity;sid:84504958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641857)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-12-24/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641857/; classtype:trojan-activity;sid:84504957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641856)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-12-10/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641856/; classtype:trojan-activity;sid:84504956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641855)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-01-27/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641855/; classtype:trojan-activity;sid:84504955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641854)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.142.95.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641854/; classtype:trojan-activity;sid:84504954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641853)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-02-12/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641853/; classtype:trojan-activity;sid:84504953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641852)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-10-01/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641852/; classtype:trojan-activity;sid:84504952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641851)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-07-17/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641851/; classtype:trojan-activity;sid:84504951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641850)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/04-2020/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641850/; classtype:trojan-activity;sid:84504950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641849)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-03-19/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641849/; classtype:trojan-activity;sid:84504949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641848)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/14112019083146/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641848/; classtype:trojan-activity;sid:84504948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641847)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.234.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641847/; classtype:trojan-activity;sid:84504947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641846)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.221.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641846/; classtype:trojan-activity;sid:84504946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641845)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/24122019101059/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641845/; classtype:trojan-activity;sid:84504945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641844)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.60.176.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641844/; classtype:trojan-activity;sid:84504944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641843)"; flow:established,from_client; content:"GET"; http_method; content:"/uzn6vjl8oe.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"x.i-76t.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641843/; classtype:trojan-activity;sid:84504943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641842)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641842/; classtype:trojan-activity;sid:84504942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641840)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.52.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641840/; classtype:trojan-activity;sid:84504940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641841)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.169.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641841/; classtype:trojan-activity;sid:84504941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641838)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641838/; classtype:trojan-activity;sid:84504938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641839)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641839/; classtype:trojan-activity;sid:84504939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641836)"; flow:established,from_client; content:"GET"; http_method; content:"/tm2.check|3f|t=7qk51b7u"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"x.bowibo.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641836/; classtype:trojan-activity;sid:84504936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641837)"; flow:established,from_client; content:"GET"; http_method; content:"/pknuvkuzup.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"i.qgf-5-e.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641837/; classtype:trojan-activity;sid:84504937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641833)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"103.163.119.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641833/; classtype:trojan-activity;sid:84504933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641834)"; flow:established,from_client; content:"GET"; http_method; content:"/images/art/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"5.149.184.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641834/; classtype:trojan-activity;sid:84504934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641835)"; flow:established,from_client; content:"GET"; http_method; content:"/9rz.check|3f|t=sxexnmsu"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"h3.bowibo.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641835/; classtype:trojan-activity;sid:84504935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641832)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-11-06/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641832/; classtype:trojan-activity;sid:84504932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641831)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-07-20/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641831/; classtype:trojan-activity;sid:84504931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641830)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-02-26/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641830/; classtype:trojan-activity;sid:84504930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641828)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/25102019073347/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641828/; classtype:trojan-activity;sid:84504928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641829)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-08-13/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641829/; classtype:trojan-activity;sid:84504929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641827)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-11-13/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641827/; classtype:trojan-activity;sid:84504927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641826)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-03-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641826/; classtype:trojan-activity;sid:84504926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641825)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/25062020085902/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641825/; classtype:trojan-activity;sid:84504925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641824)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-09-09/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641824/; classtype:trojan-activity;sid:84504924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641822)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-06-23/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641822/; classtype:trojan-activity;sid:84504922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641823)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/11-2019/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641823/; classtype:trojan-activity;sid:84504923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641821)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-01-20/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641821/; classtype:trojan-activity;sid:84504921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641820)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-11-11/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641820/; classtype:trojan-activity;sid:84504920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641818)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-04-15/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641818/; classtype:trojan-activity;sid:84504918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641819)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-01-30/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641819/; classtype:trojan-activity;sid:84504919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641817)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-10-29/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641817/; classtype:trojan-activity;sid:84504917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641816)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15022020083708/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641816/; classtype:trojan-activity;sid:84504916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641815)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-11-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641815/; classtype:trojan-activity;sid:84504915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641814)"; flow:established,from_client; content:"GET"; http_method; content:"/gipex_201806161031/appdata/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641814/; classtype:trojan-activity;sid:84504914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641813)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/04-2020/11/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641813/; classtype:trojan-activity;sid:84504913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641812)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-10-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641812/; classtype:trojan-activity;sid:84504912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641811)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-11-14/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641811/; classtype:trojan-activity;sid:84504911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641810)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-04-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641810/; classtype:trojan-activity;sid:84504910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641809)"; flow:established,from_client; content:"GET"; http_method; content:"/ramon/teste/microsoft%20office%202010%20professional%20plus%20x86/office.pt-br/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641809/; classtype:trojan-activity;sid:84504909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641808)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/04112019085211/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641808/; classtype:trojan-activity;sid:84504908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641807)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_144/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641807/; classtype:trojan-activity;sid:84504907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641804)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-10-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641804/; classtype:trojan-activity;sid:84504904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641805)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/10-2019/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641805/; classtype:trojan-activity;sid:84504905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641806)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-08-14/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641806/; classtype:trojan-activity;sid:84504906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641803)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/25112019084824/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641803/; classtype:trojan-activity;sid:84504903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641802)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-07-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641802/; classtype:trojan-activity;sid:84504902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641800)"; flow:established,from_client; content:"GET"; http_method; content:"/ramon/teste/microsoft%20office%202010%20professional%20plus%20x86/publisher.pt-br/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641800/; classtype:trojan-activity;sid:84504900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641801)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-11-21/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641801/; classtype:trojan-activity;sid:84504901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641799)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/27022020083333/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641799/; classtype:trojan-activity;sid:84504899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641798)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/19032020073909/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641798/; classtype:trojan-activity;sid:84504898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641797)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-06-26/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641797/; classtype:trojan-activity;sid:84504897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641796)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-12-05/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641796/; classtype:trojan-activity;sid:84504896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641795)"; flow:established,from_client; content:"GET"; http_method; content:"/express.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"207.174.1.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641795/; classtype:trojan-activity;sid:84504895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641794)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-11-04/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641794/; classtype:trojan-activity;sid:84504894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641793)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/21012020082218/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641793/; classtype:trojan-activity;sid:84504893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641792)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-05-20/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641792/; classtype:trojan-activity;sid:84504892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641790)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-11-11/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641790/; classtype:trojan-activity;sid:84504890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641791)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/12012020095618/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641791/; classtype:trojan-activity;sid:84504891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641788)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-04-29/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641788/; classtype:trojan-activity;sid:84504888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641789)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-09-28/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641789/; classtype:trojan-activity;sid:84504889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641787)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-08-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641787/; classtype:trojan-activity;sid:84504887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641785)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/06022020093844/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641785/; classtype:trojan-activity;sid:84504885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641786)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/16/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641786/; classtype:trojan-activity;sid:84504886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641784)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-07-06/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641784/; classtype:trojan-activity;sid:84504884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641783)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-11-25/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641783/; classtype:trojan-activity;sid:84504883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641782)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-08-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641782/; classtype:trojan-activity;sid:84504882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641781)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641781/; classtype:trojan-activity;sid:84504881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641780)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-10-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641780/; classtype:trojan-activity;sid:84504880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641779)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-10-22/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641779/; classtype:trojan-activity;sid:84504879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641778)"; flow:established,from_client; content:"GET"; http_method; content:"/7vb.check|3f|t=8uvclyr7"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"h1n.nibulu.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641778/; classtype:trojan-activity;sid:84504878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641777)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/17082020083348/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641777/; classtype:trojan-activity;sid:84504877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641776)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2020/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641776/; classtype:trojan-activity;sid:84504876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641775)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-02-18/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641775/; classtype:trojan-activity;sid:84504875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641774)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-06-16/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641774/; classtype:trojan-activity;sid:84504874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641773)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-09-19/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641773/; classtype:trojan-activity;sid:84504873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641772)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-10-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641772/; classtype:trojan-activity;sid:84504872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641771)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-08-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641771/; classtype:trojan-activity;sid:84504871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641770)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2019/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641770/; classtype:trojan-activity;sid:84504870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641769)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-08-12/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641769/; classtype:trojan-activity;sid:84504869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641768)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/17012020091428/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641768/; classtype:trojan-activity;sid:84504868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641767)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/13082019090556/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641767/; classtype:trojan-activity;sid:84504867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641766)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/18112019112607/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641766/; classtype:trojan-activity;sid:84504866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641765)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/13012020082802/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641765/; classtype:trojan-activity;sid:84504865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641764)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/12-2019/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641764/; classtype:trojan-activity;sid:84504864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641763)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.85.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641763/; classtype:trojan-activity;sid:84504863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641762)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-01-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641762/; classtype:trojan-activity;sid:84504862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641761)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-06-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641761/; classtype:trojan-activity;sid:84504861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641760)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-10-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641760/; classtype:trojan-activity;sid:84504860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641759)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-01-30/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641759/; classtype:trojan-activity;sid:84504859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641758)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/05-2020/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641758/; classtype:trojan-activity;sid:84504858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641757)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-09-11/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641757/; classtype:trojan-activity;sid:84504857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641756)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/05062020082912/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641756/; classtype:trojan-activity;sid:84504856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641755)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-09-17/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641755/; classtype:trojan-activity;sid:84504855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641754)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-08-26/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641754/; classtype:trojan-activity;sid:84504854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641753)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0011/29072020113926/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641753/; classtype:trojan-activity;sid:84504853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641752)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/12-2019/07/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641752/; classtype:trojan-activity;sid:84504852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641751)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-03-05/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641751/; classtype:trojan-activity;sid:84504851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641750)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/10022020085604/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641750/; classtype:trojan-activity;sid:84504850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641748)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-03-17/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641748/; classtype:trojan-activity;sid:84504848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641749)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-09-12/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641749/; classtype:trojan-activity;sid:84504849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641746)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-09-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641746/; classtype:trojan-activity;sid:84504846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641747)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/10082020090725/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641747/; classtype:trojan-activity;sid:84504847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641745)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-09-05/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641745/; classtype:trojan-activity;sid:84504845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641744)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/05102020084802/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641744/; classtype:trojan-activity;sid:84504844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641741)"; flow:established,from_client; content:"GET"; http_method; content:"/usb-%d0%bd%d0%b0%d0%ba%d0%be%d0%bf%d0%b8%d1%82%d0%b5%d0%bb%d1%8c/av.scr"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"188.122.242.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641741/; classtype:trojan-activity;sid:84504841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641742)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/16122019112226/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641742/; classtype:trojan-activity;sid:84504842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641743)"; flow:established,from_client; content:"GET"; http_method; content:"/taskj.zip"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"207.174.1.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641743/; classtype:trojan-activity;sid:84504843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641739)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/03-2020/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641739/; classtype:trojan-activity;sid:84504839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641740)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-06-22/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641740/; classtype:trojan-activity;sid:84504840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641735)"; flow:established,from_client; content:"GET"; http_method; content:"/0a7.google|3f|t=ob3m3bo6"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"pl.bowibo.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641735/; classtype:trojan-activity;sid:84504835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641736)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/07/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641736/; classtype:trojan-activity;sid:84504836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641737)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-11-11/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641737/; classtype:trojan-activity;sid:84504837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641738)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641738/; classtype:trojan-activity;sid:84504838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641734)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-09-05/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641734/; classtype:trojan-activity;sid:84504834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641733)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/16092019083649/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641733/; classtype:trojan-activity;sid:84504833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641732)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2019/14/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641732/; classtype:trojan-activity;sid:84504832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641730)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-11-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641730/; classtype:trojan-activity;sid:84504830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641731)"; flow:established,from_client; content:"GET"; http_method; content:"/cbhfyvpl.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"207.174.1.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641731/; classtype:trojan-activity;sid:84504831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641729)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/13102020085236/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641729/; classtype:trojan-activity;sid:84504829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641728)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-08-11/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641728/; classtype:trojan-activity;sid:84504828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641727)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/02042020085850/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641727/; classtype:trojan-activity;sid:84504827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641726)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-07-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641726/; classtype:trojan-activity;sid:84504826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641711)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-03-30/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641711/; classtype:trojan-activity;sid:84504811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641712)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/14022020075534/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641712/; classtype:trojan-activity;sid:84504812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641713)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-10-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641713/; classtype:trojan-activity;sid:84504813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641714)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/20042020090107/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641714/; classtype:trojan-activity;sid:84504814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641715)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/01102020083605/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641715/; classtype:trojan-activity;sid:84504815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641716)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-01-23/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641716/; classtype:trojan-activity;sid:84504816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641717)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-11-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641717/; classtype:trojan-activity;sid:84504817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641718)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-02-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641718/; classtype:trojan-activity;sid:84504818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641719)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/12112019090951/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641719/; classtype:trojan-activity;sid:84504819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641720)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-12-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641720/; classtype:trojan-activity;sid:84504820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641721)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/18022020083823/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641721/; classtype:trojan-activity;sid:84504821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641722)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-10-10/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641722/; classtype:trojan-activity;sid:84504822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641723)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-08-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641723/; classtype:trojan-activity;sid:84504823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641724)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/14112019082716/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641724/; classtype:trojan-activity;sid:84504824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641725)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-12-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641725/; classtype:trojan-activity;sid:84504825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641709)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/23012020080014/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641709/; classtype:trojan-activity;sid:84504809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641710)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-02-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641710/; classtype:trojan-activity;sid:84504810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641708)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-02-13/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641708/; classtype:trojan-activity;sid:84504808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641707)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/16112020080645/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641707/; classtype:trojan-activity;sid:84504807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641706)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/themes/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641706/; classtype:trojan-activity;sid:84504806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641705)"; flow:established,from_client; content:"GET"; http_method; content:"/dgwyoirz.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"207.174.1.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641705/; classtype:trojan-activity;sid:84504805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641704)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15022020083528/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641704/; classtype:trojan-activity;sid:84504804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641702)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/06122019085029/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641702/; classtype:trojan-activity;sid:84504802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641703)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-08-21/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641703/; classtype:trojan-activity;sid:84504803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641700)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-10-21/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641700/; classtype:trojan-activity;sid:84504800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641701)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/06112019090428/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641701/; classtype:trojan-activity;sid:84504801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641699)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-04-30/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641699/; classtype:trojan-activity;sid:84504799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641698)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/31082020083336/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641698/; classtype:trojan-activity;sid:84504798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641697)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641697/; classtype:trojan-activity;sid:84504797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641696)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/04082020085104/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641696/; classtype:trojan-activity;sid:84504796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641695)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/11-2019/09/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641695/; classtype:trojan-activity;sid:84504795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641694)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/28112019084833/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641694/; classtype:trojan-activity;sid:84504794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641693)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/25/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641693/; classtype:trojan-activity;sid:84504793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641692)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/24062020085042/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641692/; classtype:trojan-activity;sid:84504792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641691)"; flow:established,from_client; content:"GET"; http_method; content:"/ep.google|3f|t=k9zoewcr"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"g.nibulu.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641691/; classtype:trojan-activity;sid:84504791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641690)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-05-21/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641690/; classtype:trojan-activity;sid:84504790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641689)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/09112020084312/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641689/; classtype:trojan-activity;sid:84504789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641687)"; flow:established,from_client; content:"GET"; http_method; content:"/0l4.google|3f|t=qkqclj8c"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"rv.nibulu.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641687/; classtype:trojan-activity;sid:84504787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641688)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/30082019094430/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641688/; classtype:trojan-activity;sid:84504788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641684)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/03-2020/09/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641684/; classtype:trojan-activity;sid:84504784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641685)"; flow:established,from_client; content:"GET"; http_method; content:"/wixzerqijbo.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"207.174.1.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641685/; classtype:trojan-activity;sid:84504785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641686)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/04-2020/07/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641686/; classtype:trojan-activity;sid:84504786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641683)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/06112019090008/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641683/; classtype:trojan-activity;sid:84504783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641680)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-10-21/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641680/; classtype:trojan-activity;sid:84504780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641681)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-01-16/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641681/; classtype:trojan-activity;sid:84504781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641682)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/03-2020/02/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641682/; classtype:trojan-activity;sid:84504782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641678)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/02-2020/22/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641678/; classtype:trojan-activity;sid:84504778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641679)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-11-04/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641679/; classtype:trojan-activity;sid:84504779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641677)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/07/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641677/; classtype:trojan-activity;sid:84504777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641676)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-10-05/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641676/; classtype:trojan-activity;sid:84504776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641675)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-12-17/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641675/; classtype:trojan-activity;sid:84504775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641673)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/05032020083018/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641673/; classtype:trojan-activity;sid:84504773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641674)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/carta%20de%20corre%c3%a7%c3%a3o/2020-11-19/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641674/; classtype:trojan-activity;sid:84504774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641671)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-09-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641671/; classtype:trojan-activity;sid:84504771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641672)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-07-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641672/; classtype:trojan-activity;sid:84504772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641670)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/11/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641670/; classtype:trojan-activity;sid:84504770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641669)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/28/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641669/; classtype:trojan-activity;sid:84504769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641668)"; flow:established,from_client; content:"GET"; http_method; content:"/k5.google|3f|t=simclhgo"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"s.bowibo.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641668/; classtype:trojan-activity;sid:84504768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641667)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-11-28/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641667/; classtype:trojan-activity;sid:84504767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641666)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641666/; classtype:trojan-activity;sid:84504766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641665)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/14022020101750/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641665/; classtype:trojan-activity;sid:84504765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641664)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/11-2019/28/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641664/; classtype:trojan-activity;sid:84504764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641662)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/06012020093800/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641662/; classtype:trojan-activity;sid:84504762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641663)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/14052020083553/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641663/; classtype:trojan-activity;sid:84504763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641661)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641661/; classtype:trojan-activity;sid:84504761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641660)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/02/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641660/; classtype:trojan-activity;sid:84504760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641659)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-08-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641659/; classtype:trojan-activity;sid:84504759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641658)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641658/; classtype:trojan-activity;sid:84504758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641657)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-09-27/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641657/; classtype:trojan-activity;sid:84504757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641656)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-06-05/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641656/; classtype:trojan-activity;sid:84504756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641655)"; flow:established,from_client; content:"GET"; http_method; content:"/ttaskmenu.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"207.174.1.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641655/; classtype:trojan-activity;sid:84504755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641654)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/18112019085624/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641654/; classtype:trojan-activity;sid:84504754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641653)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/27012020084558/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641653/; classtype:trojan-activity;sid:84504753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641652)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.83.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641652/; classtype:trojan-activity;sid:84504752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641651)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/30/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641651/; classtype:trojan-activity;sid:84504751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641650)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_69/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641650/; classtype:trojan-activity;sid:84504750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641649)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-09-30/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641649/; classtype:trojan-activity;sid:84504749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641648)"; flow:established,from_client; content:"GET"; http_method; content:"/uue.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"207.174.1.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641648/; classtype:trojan-activity;sid:84504748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641647)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.142.95.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641647/; classtype:trojan-activity;sid:84504747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641646)"; flow:established,from_client; content:"GET"; http_method; content:"/digiinject.zip"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"207.174.1.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641646/; classtype:trojan-activity;sid:84504746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641645)"; flow:established,from_client; content:"GET"; http_method; content:"/fwghrhle6a.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"m6.j1z2u.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641645/; classtype:trojan-activity;sid:84504745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641644)"; flow:established,from_client; content:"GET"; http_method; content:"/r.hta"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"23.227.187.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641644/; classtype:trojan-activity;sid:84504744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641643)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_347/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641643/; classtype:trojan-activity;sid:84504743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641642)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_3/info.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641642/; classtype:trojan-activity;sid:84504742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641641)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"103.163.119.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641641/; classtype:trojan-activity;sid:84504741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641640)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.149.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641640/; classtype:trojan-activity;sid:84504740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641639)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.137.199.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641639/; classtype:trojan-activity;sid:84504739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641637)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"103.163.119.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641637/; classtype:trojan-activity;sid:84504737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641638)"; flow:established,from_client; content:"GET"; http_method; content:"/usb-%d0%bd%d0%b0%d0%ba%d0%be%d0%bf%d0%b8%d1%82%d0%b5%d0%bb%d1%8c/photo.lnk"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"188.122.242.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641638/; classtype:trojan-activity;sid:84504738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641635)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/06112020090241/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641635/; classtype:trojan-activity;sid:84504735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641636)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-10-21/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641636/; classtype:trojan-activity;sid:84504736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641634)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/24042020083722/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641634/; classtype:trojan-activity;sid:84504734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641633)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2019/22/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641633/; classtype:trojan-activity;sid:84504733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641631)"; flow:established,from_client; content:"GET"; http_method; content:"/rqr2897i8c.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"e1.i-26h.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641631/; classtype:trojan-activity;sid:84504731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641632)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-06-15/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641632/; classtype:trojan-activity;sid:84504732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641629)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-11-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641629/; classtype:trojan-activity;sid:84504729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641630)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.247.88.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641630/; classtype:trojan-activity;sid:84504730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641628)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-09-01/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641628/; classtype:trojan-activity;sid:84504728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641625)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-09-18/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641625/; classtype:trojan-activity;sid:84504725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641626)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-12-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641626/; classtype:trojan-activity;sid:84504726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641627)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/04022020091931/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641627/; classtype:trojan-activity;sid:84504727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641624)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.150.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641624/; classtype:trojan-activity;sid:84504724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641623)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-04-06/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641623/; classtype:trojan-activity;sid:84504723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641621)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/01122019102545/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641621/; classtype:trojan-activity;sid:84504721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641622)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/06032020084117/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641622/; classtype:trojan-activity;sid:84504722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641620)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/23102020082938/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641620/; classtype:trojan-activity;sid:84504720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641619)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641619/; classtype:trojan-activity;sid:84504719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641617)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-05-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641617/; classtype:trojan-activity;sid:84504717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641618)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-03-27/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641618/; classtype:trojan-activity;sid:84504718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641616)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/22102020084232/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641616/; classtype:trojan-activity;sid:84504716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641615)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-01-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641615/; classtype:trojan-activity;sid:84504715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641614)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/25112019085719/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641614/; classtype:trojan-activity;sid:84504714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641613)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-10-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641613/; classtype:trojan-activity;sid:84504713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641612)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/20102020083408/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641612/; classtype:trojan-activity;sid:84504712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641611)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2019/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641611/; classtype:trojan-activity;sid:84504711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641610)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2019/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641610/; classtype:trojan-activity;sid:84504710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641609)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-12-23/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641609/; classtype:trojan-activity;sid:84504709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641608)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/30122019104034/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641608/; classtype:trojan-activity;sid:84504708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641607)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-06-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641607/; classtype:trojan-activity;sid:84504707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641606)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/10122019131606/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641606/; classtype:trojan-activity;sid:84504706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641605)"; flow:established,from_client; content:"GET"; http_method; content:"/489s4o4wy6.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r3.e-52p.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641605/; classtype:trojan-activity;sid:84504705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.238.120.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641604/; classtype:trojan-activity;sid:84504704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641603)"; flow:established,from_client; content:"GET"; http_method; content:"/rxthcbap.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"207.174.1.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641603/; classtype:trojan-activity;sid:84504703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641602)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-02-17/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641602/; classtype:trojan-activity;sid:84504702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641601)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i468"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"103.163.119.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641601/; classtype:trojan-activity;sid:84504701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641600)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/05012020072812/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641600/; classtype:trojan-activity;sid:84504700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641597)"; flow:established,from_client; content:"GET"; http_method; content:"/vmware.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"207.174.1.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641597/; classtype:trojan-activity;sid:84504697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641598)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/20092019072321/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641598/; classtype:trojan-activity;sid:84504698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641599)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/13012020090053/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641599/; classtype:trojan-activity;sid:84504699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641596)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-11-01/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641596/; classtype:trojan-activity;sid:84504696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641595)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641595/; classtype:trojan-activity;sid:84504695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641594)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/05112019084645/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641594/; classtype:trojan-activity;sid:84504694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641593)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-03-09/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641593/; classtype:trojan-activity;sid:84504693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641592)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-02-25/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641592/; classtype:trojan-activity;sid:84504692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641591)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/16092019113153/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641591/; classtype:trojan-activity;sid:84504691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641590)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-11-04/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641590/; classtype:trojan-activity;sid:84504690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641589)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-08-29/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641589/; classtype:trojan-activity;sid:84504689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641588)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-08-15/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641588/; classtype:trojan-activity;sid:84504688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641587)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/resources/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641587/; classtype:trojan-activity;sid:84504687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641582)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/08-2019/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641582/; classtype:trojan-activity;sid:84504682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641583)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/17082020084115/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641583/; classtype:trojan-activity;sid:84504683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641584)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641584/; classtype:trojan-activity;sid:84504684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641585)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/17082019083733/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641585/; classtype:trojan-activity;sid:84504685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641586)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-03-24/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641586/; classtype:trojan-activity;sid:84504686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641581)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-04-28/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641581/; classtype:trojan-activity;sid:84504681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641580)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/27112019091721/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641580/; classtype:trojan-activity;sid:84504680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641579)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/02/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641579/; classtype:trojan-activity;sid:84504679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641578)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-05-19/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641578/; classtype:trojan-activity;sid:84504678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641576)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-08-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641576/; classtype:trojan-activity;sid:84504676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641577)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/11022020085457/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641577/; classtype:trojan-activity;sid:84504677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641575)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-12-12/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641575/; classtype:trojan-activity;sid:84504675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641574)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-12-13/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641574/; classtype:trojan-activity;sid:84504674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641573)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-10-19/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641573/; classtype:trojan-activity;sid:84504673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641572)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-09-16/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641572/; classtype:trojan-activity;sid:84504672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641570)"; flow:established,from_client; content:"GET"; http_method; content:"/k5.google|3f|t=qcv96u7x"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"s.bowibo.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641570/; classtype:trojan-activity;sid:84504670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641571)"; flow:established,from_client; content:"GET"; http_method; content:"/usb-%d0%bd%d0%b0%d0%ba%d0%be%d0%bf%d0%b8%d1%82%d0%b5%d0%bb%d1%8c/video.lnk"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"188.122.242.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641571/; classtype:trojan-activity;sid:84504671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641569)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-11-25/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641569/; classtype:trojan-activity;sid:84504669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641568)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-12-03/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641568/; classtype:trojan-activity;sid:84504668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641567)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.201.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641567/; classtype:trojan-activity;sid:84504667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641566)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641566/; classtype:trojan-activity;sid:84504666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641565)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-10-16/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641565/; classtype:trojan-activity;sid:84504665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641563)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-06-18/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641563/; classtype:trojan-activity;sid:84504663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641564)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/13052020090138/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641564/; classtype:trojan-activity;sid:84504664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641562)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-11-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641562/; classtype:trojan-activity;sid:84504662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641561)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-11-16/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641561/; classtype:trojan-activity;sid:84504661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641560)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641560/; classtype:trojan-activity;sid:84504660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641559)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/10032020084152/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641559/; classtype:trojan-activity;sid:84504659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641558)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/13012020081632/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641558/; classtype:trojan-activity;sid:84504658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641557)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-08-15/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641557/; classtype:trojan-activity;sid:84504657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641556)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-02-28/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641556/; classtype:trojan-activity;sid:84504656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641555)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-08-08/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641555/; classtype:trojan-activity;sid:84504655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641554)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-07-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641554/; classtype:trojan-activity;sid:84504654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641553)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-01-24/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641553/; classtype:trojan-activity;sid:84504653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641551)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-10-26/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641551/; classtype:trojan-activity;sid:84504651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641552)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/17102019085236/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641552/; classtype:trojan-activity;sid:84504652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641550)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-07-28/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641550/; classtype:trojan-activity;sid:84504650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641549)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-09-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641549/; classtype:trojan-activity;sid:84504649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641548)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/23042020084528/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641548/; classtype:trojan-activity;sid:84504648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641547)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/12-2019/12/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641547/; classtype:trojan-activity;sid:84504647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641546)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-03-06/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641546/; classtype:trojan-activity;sid:84504646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641545)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/01092020082447/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641545/; classtype:trojan-activity;sid:84504645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641544)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/08062020064956/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641544/; classtype:trojan-activity;sid:84504644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641543)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.163.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641543/; classtype:trojan-activity;sid:84504643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641542)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-06-17/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641542/; classtype:trojan-activity;sid:84504642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641541)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/10-2019/28/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641541/; classtype:trojan-activity;sid:84504641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641540)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15012020074518/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641540/; classtype:trojan-activity;sid:84504640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641536)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/20122019085806/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641536/; classtype:trojan-activity;sid:84504636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641537)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-08-20/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641537/; classtype:trojan-activity;sid:84504637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641538)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/17062020070325/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641538/; classtype:trojan-activity;sid:84504638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641539)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-01-31/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641539/; classtype:trojan-activity;sid:84504639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641535)"; flow:established,from_client; content:"GET"; http_method; content:"/ln.enc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.43.149.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641535/; classtype:trojan-activity;sid:84504635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641533)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-03-18/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641533/; classtype:trojan-activity;sid:84504633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641534)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_92/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641534/; classtype:trojan-activity;sid:84504634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641532)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/25112019094548/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641532/; classtype:trojan-activity;sid:84504632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641530)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/rj/conting%c3%aancia/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641530/; classtype:trojan-activity;sid:84504630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641531)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-03-26/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641531/; classtype:trojan-activity;sid:84504631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641529)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-10-01/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641529/; classtype:trojan-activity;sid:84504629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641528)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-08-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641528/; classtype:trojan-activity;sid:84504628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641527)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_19/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641527/; classtype:trojan-activity;sid:84504627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641526)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-07-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641526/; classtype:trojan-activity;sid:84504626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641525)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_0/info.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641525/; classtype:trojan-activity;sid:84504625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641523)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/04112019140630/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641523/; classtype:trojan-activity;sid:84504623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641524)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/10-2019/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641524/; classtype:trojan-activity;sid:84504624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641522)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/22112019085600/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641522/; classtype:trojan-activity;sid:84504622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641520)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-10-14/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641520/; classtype:trojan-activity;sid:84504620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641521)"; flow:established,from_client; content:"GET"; http_method; content:"/o56h31jh3p.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"n0.i-26h.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641521/; classtype:trojan-activity;sid:84504621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641519)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-06-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641519/; classtype:trojan-activity;sid:84504619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641518)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641518/; classtype:trojan-activity;sid:84504618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641517)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-07-02/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641517/; classtype:trojan-activity;sid:84504617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641516)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-01-27/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641516/; classtype:trojan-activity;sid:84504616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641515)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-11-13/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641515/; classtype:trojan-activity;sid:84504615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641514)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.58.221.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641514/; classtype:trojan-activity;sid:84504614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641513)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/24122019083450/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641513/; classtype:trojan-activity;sid:84504613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641512)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/02-2020/22/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641512/; classtype:trojan-activity;sid:84504612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641511)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_17/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641511/; classtype:trojan-activity;sid:84504611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641510)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/29122019152504/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641510/; classtype:trojan-activity;sid:84504610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641509)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-07-21/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641509/; classtype:trojan-activity;sid:84504609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641508)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641508/; classtype:trojan-activity;sid:84504608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641507)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-09-08/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641507/; classtype:trojan-activity;sid:84504607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641506)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-11-23/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641506/; classtype:trojan-activity;sid:84504606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641505)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/06052020085414/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641505/; classtype:trojan-activity;sid:84504605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641504)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/17122019110411/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641504/; classtype:trojan-activity;sid:84504604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641503)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.130.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641503/; classtype:trojan-activity;sid:84504603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641502)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.103.203.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641502/; classtype:trojan-activity;sid:84504602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641501)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_191/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641501/; classtype:trojan-activity;sid:84504601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641500)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86_64"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"103.163.119.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641500/; classtype:trojan-activity;sid:84504600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641499)"; flow:established,from_client; content:"GET"; http_method; content:"/ramon/teste/microsoft%20office%202010%20professional%20plus%20x86/proofing.pt-br/proof.pt-br/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641499/; classtype:trojan-activity;sid:84504599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641498)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-02-21/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641498/; classtype:trojan-activity;sid:84504598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641497)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.7.221.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641497/; classtype:trojan-activity;sid:84504597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641496)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/mg/normal/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641496/; classtype:trojan-activity;sid:84504596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641495)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/02122019094240/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641495/; classtype:trojan-activity;sid:84504595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641494)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-04-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641494/; classtype:trojan-activity;sid:84504594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641493)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-05-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641493/; classtype:trojan-activity;sid:84504593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641491)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-08-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641491/; classtype:trojan-activity;sid:84504591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641492)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-10-24/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641492/; classtype:trojan-activity;sid:84504592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641490)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-10-03/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641490/; classtype:trojan-activity;sid:84504590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641489)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/07-2020/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641489/; classtype:trojan-activity;sid:84504589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641488)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-03-13/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641488/; classtype:trojan-activity;sid:84504588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641487)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.209.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641487/; classtype:trojan-activity;sid:84504587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641486)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641486/; classtype:trojan-activity;sid:84504586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641484)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/05112020085432/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641484/; classtype:trojan-activity;sid:84504584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641485)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/19102020082918/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641485/; classtype:trojan-activity;sid:84504585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641483)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.194.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641483/; classtype:trojan-activity;sid:84504583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641482)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/11/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641482/; classtype:trojan-activity;sid:84504582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641480)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/13082020083033/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641480/; classtype:trojan-activity;sid:84504580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641481)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-10-02/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641481/; classtype:trojan-activity;sid:84504581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641479)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-06-30/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641479/; classtype:trojan-activity;sid:84504579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641478)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-10-24/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641478/; classtype:trojan-activity;sid:84504578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641477)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"103.163.119.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641477/; classtype:trojan-activity;sid:84504577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641475)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp/idi/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641475/; classtype:trojan-activity;sid:84504575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641476)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-08-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641476/; classtype:trojan-activity;sid:84504576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641474)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-10-20/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641474/; classtype:trojan-activity;sid:84504574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641473)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-08-20/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641473/; classtype:trojan-activity;sid:84504573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641472)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/10102019112808/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641472/; classtype:trojan-activity;sid:84504572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641471)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-10-07/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641471/; classtype:trojan-activity;sid:84504571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641470)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/10112020091952/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641470/; classtype:trojan-activity;sid:84504570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641469)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-09-30/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641469/; classtype:trojan-activity;sid:84504569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641467)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/03-2020/16/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641467/; classtype:trojan-activity;sid:84504567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641468)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/14012020073013/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641468/; classtype:trojan-activity;sid:84504568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641465)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-02-04/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641465/; classtype:trojan-activity;sid:84504565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641466)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-03-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641466/; classtype:trojan-activity;sid:84504566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641464)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-02-10/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641464/; classtype:trojan-activity;sid:84504564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641463)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-03-12/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641463/; classtype:trojan-activity;sid:84504563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641462)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/12012020114247/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641462/; classtype:trojan-activity;sid:84504562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641461)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/15052020095253/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641461/; classtype:trojan-activity;sid:84504561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641460)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/28012020091001/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641460/; classtype:trojan-activity;sid:84504560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641459)"; flow:established,from_client; content:"GET"; http_method; content:"/ramon/teste/microsoft%20office%202010%20professional%20plus%20x86/proofing.pt-br/proof.es/info.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641459/; classtype:trojan-activity;sid:84504559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641458)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-11-28/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641458/; classtype:trojan-activity;sid:84504558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641457)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-11-18/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641457/; classtype:trojan-activity;sid:84504557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641456)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-04-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641456/; classtype:trojan-activity;sid:84504556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641455)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-11-01/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641455/; classtype:trojan-activity;sid:84504555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641454)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-01-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641454/; classtype:trojan-activity;sid:84504554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641453)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-08-06/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641453/; classtype:trojan-activity;sid:84504553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641452)"; flow:established,from_client; content:"GET"; http_method; content:"/a3jieaunce.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"u5.i-26h.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641452/; classtype:trojan-activity;sid:84504552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641450)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/21012020112701/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641450/; classtype:trojan-activity;sid:84504550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641451)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/06012020095258/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641451/; classtype:trojan-activity;sid:84504551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641449)"; flow:established,from_client; content:"GET"; http_method; content:"/ramon/teste/microsoft%20office%202010%20professional%20plus%20x86/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641449/; classtype:trojan-activity;sid:84504549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641448)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-02-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641448/; classtype:trojan-activity;sid:84504548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641447)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/10022020071241/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641447/; classtype:trojan-activity;sid:84504547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641445)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/25022020080706/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641445/; classtype:trojan-activity;sid:84504545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641446)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-11-28/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641446/; classtype:trojan-activity;sid:84504546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641444)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641444/; classtype:trojan-activity;sid:84504544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641443)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-11-16/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641443/; classtype:trojan-activity;sid:84504543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641442)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-01-14/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641442/; classtype:trojan-activity;sid:84504542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641441)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-11-12/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641441/; classtype:trojan-activity;sid:84504541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641439)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"103.163.119.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641439/; classtype:trojan-activity;sid:84504539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641440)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-04-20/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641440/; classtype:trojan-activity;sid:84504540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641438)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-02-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641438/; classtype:trojan-activity;sid:84504538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641437)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-01-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641437/; classtype:trojan-activity;sid:84504537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641436)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-10-05/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641436/; classtype:trojan-activity;sid:84504536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641433)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-08-31/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641433/; classtype:trojan-activity;sid:84504533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641434)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/11102019090058/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641434/; classtype:trojan-activity;sid:84504534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641435)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-09-23/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641435/; classtype:trojan-activity;sid:84504535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641432)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/24062020085549/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641432/; classtype:trojan-activity;sid:84504532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641431)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i686"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"103.163.119.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641431/; classtype:trojan-activity;sid:84504531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641430)"; flow:established,from_client; content:"GET"; http_method; content:"/i.enc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"179.43.149.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641430/; classtype:trojan-activity;sid:84504530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641428)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641428/; classtype:trojan-activity;sid:84504528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641429)"; flow:established,from_client; content:"GET"; http_method; content:"/m0q.google|3f|t=vlvlm2dv"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"x2.nibulu.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641429/; classtype:trojan-activity;sid:84504529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641426)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/18052020084343/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641426/; classtype:trojan-activity;sid:84504526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641427)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/13102020085232/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641427/; classtype:trojan-activity;sid:84504527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641425)"; flow:established,from_client; content:"GET"; http_method; content:"/d1wmr02isu.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"aa9.e-52p.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641425/; classtype:trojan-activity;sid:84504525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641424)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-10-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641424/; classtype:trojan-activity;sid:84504524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641423)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-10-14/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641423/; classtype:trojan-activity;sid:84504523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641421)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641421/; classtype:trojan-activity;sid:84504521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641422)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-03-03/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641422/; classtype:trojan-activity;sid:84504522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641419)"; flow:established,from_client; content:"GET"; http_method; content:"/ramon/teste/microsoft%20office%202010%20professional%20plus%20x86/rosebud.pt-br/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641419/; classtype:trojan-activity;sid:84504519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641420)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/09102019082543/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641420/; classtype:trojan-activity;sid:84504520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641418)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-04-22/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641418/; classtype:trojan-activity;sid:84504518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641417)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/22092019102818/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641417/; classtype:trojan-activity;sid:84504517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641416)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-11-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641416/; classtype:trojan-activity;sid:84504516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641413)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-09-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641413/; classtype:trojan-activity;sid:84504513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641414)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/11-2020/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641414/; classtype:trojan-activity;sid:84504514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641415)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641415/; classtype:trojan-activity;sid:84504515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641412)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"103.163.119.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641412/; classtype:trojan-activity;sid:84504512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641411)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-04-09/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641411/; classtype:trojan-activity;sid:84504511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641410)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-07-01/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641410/; classtype:trojan-activity;sid:84504510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641409)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-01-13/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641409/; classtype:trojan-activity;sid:84504509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641408)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/02122019130901/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641408/; classtype:trojan-activity;sid:84504508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641407)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.72.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641407/; classtype:trojan-activity;sid:84504507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641406)"; flow:established,from_client; content:"GET"; http_method; content:"/cl.enc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.43.149.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641406/; classtype:trojan-activity;sid:84504506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641405)"; flow:established,from_client; content:"GET"; http_method; content:"/yty.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"207.174.1.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641405/; classtype:trojan-activity;sid:84504505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641404)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/03082020090209/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641404/; classtype:trojan-activity;sid:84504504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641403)"; flow:established,from_client; content:"GET"; http_method; content:"/0l4.google|3f|t=3r1m7aei"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"rv.nibulu.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641403/; classtype:trojan-activity;sid:84504503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641401)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-10-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641401/; classtype:trojan-activity;sid:84504501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641402)"; flow:established,from_client; content:"GET"; http_method; content:"/ep.google|3f|t=a1clzxzm"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"g.nibulu.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641402/; classtype:trojan-activity;sid:84504502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641400)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.217.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641400/; classtype:trojan-activity;sid:84504500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641399)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.188.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641399/; classtype:trojan-activity;sid:84504499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641398)"; flow:established,from_client; content:"GET"; http_method; content:"/l4b0br481m.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"k.j1z2u.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641398/; classtype:trojan-activity;sid:84504498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641397)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.sh4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"103.163.119.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641397/; classtype:trojan-activity;sid:84504497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641396)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-08-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641396/; classtype:trojan-activity;sid:84504496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641395)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/02102019104453/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641395/; classtype:trojan-activity;sid:84504495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641394)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-07-29/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641394/; classtype:trojan-activity;sid:84504494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641393)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/14022020103240/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641393/; classtype:trojan-activity;sid:84504493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641392)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/04122019080359/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641392/; classtype:trojan-activity;sid:84504492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641390)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15122019082258/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641390/; classtype:trojan-activity;sid:84504490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641391)"; flow:established,from_client; content:"GET"; http_method; content:"/isbyrnkhgr.zip"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"207.174.1.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641391/; classtype:trojan-activity;sid:84504491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641389)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/17092020090857/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641389/; classtype:trojan-activity;sid:84504489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641388)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-01-16/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641388/; classtype:trojan-activity;sid:84504488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641387)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/17032020103439/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641387/; classtype:trojan-activity;sid:84504487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641386)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/03-2020/14/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641386/; classtype:trojan-activity;sid:84504486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641385)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/03032020095833/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641385/; classtype:trojan-activity;sid:84504485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641384)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"27.102.138.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641384/; classtype:trojan-activity;sid:84504484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641383)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-07-08/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641383/; classtype:trojan-activity;sid:84504483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641382)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/10012020083037/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641382/; classtype:trojan-activity;sid:84504482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641381)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/16012020082754/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641381/; classtype:trojan-activity;sid:84504481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641380)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-05-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641380/; classtype:trojan-activity;sid:84504480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641379)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-09-25/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641379/; classtype:trojan-activity;sid:84504479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641378)"; flow:established,from_client; content:"GET"; http_method; content:"/w7fk1zhcwa.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r.i-26h.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641378/; classtype:trojan-activity;sid:84504478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641377)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"103.163.119.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641377/; classtype:trojan-activity;sid:84504477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641376)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-08-24/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641376/; classtype:trojan-activity;sid:84504476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641375)"; flow:established,from_client; content:"GET"; http_method; content:"/d.d"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"179.43.149.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641375/; classtype:trojan-activity;sid:84504475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641374)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-11-03/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641374/; classtype:trojan-activity;sid:84504474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641372)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-11-21/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641372/; classtype:trojan-activity;sid:84504472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641373)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-07-22/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641373/; classtype:trojan-activity;sid:84504473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641371)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-01-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641371/; classtype:trojan-activity;sid:84504471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641370)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-04-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641370/; classtype:trojan-activity;sid:84504470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641368)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-11-19/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641368/; classtype:trojan-activity;sid:84504468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641369)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/23102019085610/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641369/; classtype:trojan-activity;sid:84504469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641367)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.125.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641367/; classtype:trojan-activity;sid:84504467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641366)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-01-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641366/; classtype:trojan-activity;sid:84504466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641365)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-11-26/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641365/; classtype:trojan-activity;sid:84504465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641362)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-03-30/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641362/; classtype:trojan-activity;sid:84504462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641363)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_16/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641363/; classtype:trojan-activity;sid:84504463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641364)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/06022020082635/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641364/; classtype:trojan-activity;sid:84504464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641360)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/02122019095431/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641360/; classtype:trojan-activity;sid:84504460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641361)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-09-12/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641361/; classtype:trojan-activity;sid:84504461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641358)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-11-05/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641358/; classtype:trojan-activity;sid:84504458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641359)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-02-14/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641359/; classtype:trojan-activity;sid:84504459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641357)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/04-2020/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641357/; classtype:trojan-activity;sid:84504457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641356)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-11-21/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641356/; classtype:trojan-activity;sid:84504456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641353)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/16012020075146/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641353/; classtype:trojan-activity;sid:84504453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641354)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-08-22/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641354/; classtype:trojan-activity;sid:84504454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641355)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-12-30/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641355/; classtype:trojan-activity;sid:84504455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641352)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-01-23/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641352/; classtype:trojan-activity;sid:84504452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641351)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/30092020101213/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641351/; classtype:trojan-activity;sid:84504451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641350)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-12-16/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641350/; classtype:trojan-activity;sid:84504450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641349)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/03012020082328/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641349/; classtype:trojan-activity;sid:84504449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641348)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-09-04/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641348/; classtype:trojan-activity;sid:84504448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641347)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/12122019124813/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641347/; classtype:trojan-activity;sid:84504447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641346)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2019/30/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641346/; classtype:trojan-activity;sid:84504446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641345)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-04-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641345/; classtype:trojan-activity;sid:84504445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641344)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-09-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641344/; classtype:trojan-activity;sid:84504444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641343)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/18082019071306/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641343/; classtype:trojan-activity;sid:84504443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641342)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-09-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641342/; classtype:trojan-activity;sid:84504442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641341)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/07022020083601/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641341/; classtype:trojan-activity;sid:84504441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641339)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"103.163.119.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641339/; classtype:trojan-activity;sid:84504439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641340)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/09082019095803/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641340/; classtype:trojan-activity;sid:84504440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641338)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-09-02/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641338/; classtype:trojan-activity;sid:84504438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641337)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-09-17/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641337/; classtype:trojan-activity;sid:84504437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641336)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_57/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641336/; classtype:trojan-activity;sid:84504436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641335)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/13102020082733/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641335/; classtype:trojan-activity;sid:84504435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641334)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.194.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641334/; classtype:trojan-activity;sid:84504434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641333)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"103.163.119.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641333/; classtype:trojan-activity;sid:84504433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641331)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.192.235.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641331/; classtype:trojan-activity;sid:84504431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641332)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.192.235.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641332/; classtype:trojan-activity;sid:84504432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641330)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"web.103.163.119.46.nip.io"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641330/; classtype:trojan-activity;sid:84504430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641328)"; flow:established,from_client; content:"GET"; http_method; content:"/fgjy.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"207.174.1.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641328/; classtype:trojan-activity;sid:84504428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641329)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_26/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641329/; classtype:trojan-activity;sid:84504429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641323)"; flow:established,from_client; content:"GET"; http_method; content:"/fxkzuwldb2.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"qz9.j1z2u.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641323/; classtype:trojan-activity;sid:84504423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641324)"; flow:established,from_client; content:"GET"; http_method; content:"/usb-%d0%bd%d0%b0%d0%ba%d0%be%d0%bf%d0%b8%d1%82%d0%b5%d0%bb%d1%8c/photo.scr"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"188.122.242.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641324/; classtype:trojan-activity;sid:84504424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641325)"; flow:established,from_client; content:"GET"; http_method; content:"/pmhww7199y.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k7.e-52p.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641325/; classtype:trojan-activity;sid:84504425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641326)"; flow:established,from_client; content:"GET"; http_method; content:"/pq14.google|3f|t=v38mhjiw"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"k0n.haxyli.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641326/; classtype:trojan-activity;sid:84504426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641327)"; flow:established,from_client; content:"GET"; http_method; content:"/pythonw.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"207.174.1.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641327/; classtype:trojan-activity;sid:84504427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641322)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.163.119.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641322/; classtype:trojan-activity;sid:84504422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641321)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_65/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641321/; classtype:trojan-activity;sid:84504421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641320)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/10092020084119/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641320/; classtype:trojan-activity;sid:84504420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641319)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-08-05/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641319/; classtype:trojan-activity;sid:84504419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641318)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-07-21/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641318/; classtype:trojan-activity;sid:84504418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641317)"; flow:established,from_client; content:"GET"; http_method; content:"/gipex_201806161031/platform/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641317/; classtype:trojan-activity;sid:84504417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641316)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-04-02/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641316/; classtype:trojan-activity;sid:84504416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641315)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/29012020102806/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641315/; classtype:trojan-activity;sid:84504415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641314)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-09-02/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641314/; classtype:trojan-activity;sid:84504414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641313)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-05-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641313/; classtype:trojan-activity;sid:84504413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641312)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-06-09/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641312/; classtype:trojan-activity;sid:84504412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641311)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-06-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641311/; classtype:trojan-activity;sid:84504411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641310)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-02-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641310/; classtype:trojan-activity;sid:84504410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641309)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641309/; classtype:trojan-activity;sid:84504409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641308)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-06-01/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641308/; classtype:trojan-activity;sid:84504408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641307)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-09-10/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641307/; classtype:trojan-activity;sid:84504407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641306)"; flow:established,from_client; content:"GET"; http_method; content:"/xmeqscdr.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"207.174.1.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641306/; classtype:trojan-activity;sid:84504406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641305)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-09-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641305/; classtype:trojan-activity;sid:84504405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641303)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/info.zip"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641303/; classtype:trojan-activity;sid:84504403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641304)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-10-27/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641304/; classtype:trojan-activity;sid:84504404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641302)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-12-04/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641302/; classtype:trojan-activity;sid:84504402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641301)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-08-26/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641301/; classtype:trojan-activity;sid:84504401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641300)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-10-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641300/; classtype:trojan-activity;sid:84504400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641299)"; flow:established,from_client; content:"GET"; http_method; content:"/ramon/teste/microsoft%20office%202010%20professional%20plus%20x86/excel.pt-br/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641299/; classtype:trojan-activity;sid:84504399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641298)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-07-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641298/; classtype:trojan-activity;sid:84504398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641297)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-12-12/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641297/; classtype:trojan-activity;sid:84504397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641296)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-11-18/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641296/; classtype:trojan-activity;sid:84504396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641295)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-07-28/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641295/; classtype:trojan-activity;sid:84504395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641294)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-03-25/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641294/; classtype:trojan-activity;sid:84504394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641293)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-12-20/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641293/; classtype:trojan-activity;sid:84504393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641292)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-04-24/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641292/; classtype:trojan-activity;sid:84504392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641291)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/11092020084859/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641291/; classtype:trojan-activity;sid:84504391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641290)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-08-09/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641290/; classtype:trojan-activity;sid:84504390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641289)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-08-31/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641289/; classtype:trojan-activity;sid:84504389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641288)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-01-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641288/; classtype:trojan-activity;sid:84504388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641287)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-04-09/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641287/; classtype:trojan-activity;sid:84504387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641286)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/16102019085056/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641286/; classtype:trojan-activity;sid:84504386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641285)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-10-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641285/; classtype:trojan-activity;sid:84504385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641284)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/18092020084624/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641284/; classtype:trojan-activity;sid:84504384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641283)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-07-10/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641283/; classtype:trojan-activity;sid:84504383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641282)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/27122019091404/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641282/; classtype:trojan-activity;sid:84504382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641281)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-02-06/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641281/; classtype:trojan-activity;sid:84504381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641280)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/21052020140329/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641280/; classtype:trojan-activity;sid:84504380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641279)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-11-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641279/; classtype:trojan-activity;sid:84504379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641277)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_51/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641277/; classtype:trojan-activity;sid:84504377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641278)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/18032020103100/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641278/; classtype:trojan-activity;sid:84504378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641276)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/21102019085251/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641276/; classtype:trojan-activity;sid:84504376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641275)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-10-22/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641275/; classtype:trojan-activity;sid:84504375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641274)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-11-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641274/; classtype:trojan-activity;sid:84504374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641273)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/27012020083530/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641273/; classtype:trojan-activity;sid:84504373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641272)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/12012020104426/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641272/; classtype:trojan-activity;sid:84504372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641271)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-08-03/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641271/; classtype:trojan-activity;sid:84504371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641270)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-11-28/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641270/; classtype:trojan-activity;sid:84504370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641269)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/16122019125537/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641269/; classtype:trojan-activity;sid:84504369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641268)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/02092019094948/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641268/; classtype:trojan-activity;sid:84504368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641267)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-02-03/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641267/; classtype:trojan-activity;sid:84504367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641266)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/28012020083516/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641266/; classtype:trojan-activity;sid:84504366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641265)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.210.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641265/; classtype:trojan-activity;sid:84504365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641264)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_70/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641264/; classtype:trojan-activity;sid:84504364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641263)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_202/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641263/; classtype:trojan-activity;sid:84504363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641262)"; flow:established,from_client; content:"GET"; http_method; content:"/i2pkbu19uh.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"t1.j1z2u.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641262/; classtype:trojan-activity;sid:84504362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641261)"; flow:established,from_client; content:"GET"; http_method; content:"/ks.check|3f|t=z8a9oqgr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"t9.nibulu.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641261/; classtype:trojan-activity;sid:84504361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641260)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/05052020085418/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641260/; classtype:trojan-activity;sid:84504360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641259)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-10-09/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641259/; classtype:trojan-activity;sid:84504359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641258)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-04-16/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641258/; classtype:trojan-activity;sid:84504358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641257)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/resources/xd/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641257/; classtype:trojan-activity;sid:84504357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641255)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-01-20/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641255/; classtype:trojan-activity;sid:84504355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641256)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/15102020085336/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641256/; classtype:trojan-activity;sid:84504356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641254)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/05032020100126/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641254/; classtype:trojan-activity;sid:84504354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641253)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2019/12/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641253/; classtype:trojan-activity;sid:84504353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641252)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/16/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641252/; classtype:trojan-activity;sid:84504352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641251)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/02/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641251/; classtype:trojan-activity;sid:84504351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641250)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/info.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641250/; classtype:trojan-activity;sid:84504350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641249)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-09-11/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641249/; classtype:trojan-activity;sid:84504349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641248)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/inutiliza%c3%a7%c3%a3o/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641248/; classtype:trojan-activity;sid:84504348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641247)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-05-14/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641247/; classtype:trojan-activity;sid:84504347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641246)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.164.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641246/; classtype:trojan-activity;sid:84504346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641245)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-08-08/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641245/; classtype:trojan-activity;sid:84504345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641244)"; flow:established,from_client; content:"GET"; http_method; content:"/9lswxbh2s3.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qk2.i-26h.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641244/; classtype:trojan-activity;sid:84504344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641243)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/17082020135018/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641243/; classtype:trojan-activity;sid:84504343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641242)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-09-13/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641242/; classtype:trojan-activity;sid:84504342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641241)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641241/; classtype:trojan-activity;sid:84504341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641240)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-11-29/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641240/; classtype:trojan-activity;sid:84504340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641239)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-09-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641239/; classtype:trojan-activity;sid:84504339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641238)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_6/info.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641238/; classtype:trojan-activity;sid:84504338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641237)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-09-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641237/; classtype:trojan-activity;sid:84504337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641236)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-03-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641236/; classtype:trojan-activity;sid:84504336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641235)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.120.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641235/; classtype:trojan-activity;sid:84504335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641234)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_158/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641234/; classtype:trojan-activity;sid:84504334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641233)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-08-31/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641233/; classtype:trojan-activity;sid:84504333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641232)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-07-09/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641232/; classtype:trojan-activity;sid:84504332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641231)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-03-19/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641231/; classtype:trojan-activity;sid:84504331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641230)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/16102019085534/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641230/; classtype:trojan-activity;sid:84504330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641228)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/10102019084942/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641228/; classtype:trojan-activity;sid:84504328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641229)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641229/; classtype:trojan-activity;sid:84504329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641227)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-10-17/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641227/; classtype:trojan-activity;sid:84504327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641226)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-11-12/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641226/; classtype:trojan-activity;sid:84504326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641225)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/30102020083443/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641225/; classtype:trojan-activity;sid:84504325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641224)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/17122019085328/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641224/; classtype:trojan-activity;sid:84504324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641223)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-06-22/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641223/; classtype:trojan-activity;sid:84504323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641222)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-09-20/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641222/; classtype:trojan-activity;sid:84504322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641221)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/08-2019/30/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641221/; classtype:trojan-activity;sid:84504321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641220)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/13032020094005/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641220/; classtype:trojan-activity;sid:84504320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641219)"; flow:established,from_client; content:"GET"; http_method; content:"/gvdtz51d0d.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"t1.j1z2u.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641219/; classtype:trojan-activity;sid:84504319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641217)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-08-17/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641217/; classtype:trojan-activity;sid:84504317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641218)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-09-20/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641218/; classtype:trojan-activity;sid:84504318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641216)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/06-2020/09/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641216/; classtype:trojan-activity;sid:84504316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641215)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2020/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641215/; classtype:trojan-activity;sid:84504315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641214)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-09-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641214/; classtype:trojan-activity;sid:84504314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641212)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-12-05/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641212/; classtype:trojan-activity;sid:84504312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641213)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-07-27/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641213/; classtype:trojan-activity;sid:84504313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641211)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/17092019100749/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641211/; classtype:trojan-activity;sid:84504311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641210)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-12-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641210/; classtype:trojan-activity;sid:84504310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641209)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/20012020090347/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641209/; classtype:trojan-activity;sid:84504309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641208)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/01062020143051/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641208/; classtype:trojan-activity;sid:84504308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641207)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641207/; classtype:trojan-activity;sid:84504307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641206)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-09-28/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641206/; classtype:trojan-activity;sid:84504306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641205)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-02-27/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641205/; classtype:trojan-activity;sid:84504305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641204)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2019/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641204/; classtype:trojan-activity;sid:84504304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641203)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/10122019082613/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641203/; classtype:trojan-activity;sid:84504303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641202)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.217.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641202/; classtype:trojan-activity;sid:84504302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641201)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/10022020074750/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641201/; classtype:trojan-activity;sid:84504301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641200)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/22062020065913/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641200/; classtype:trojan-activity;sid:84504300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641198)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/17122019074553/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641198/; classtype:trojan-activity;sid:84504298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641197)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641197/; classtype:trojan-activity;sid:84504297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641196)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/17122019103312/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641196/; classtype:trojan-activity;sid:84504296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641195)"; flow:established,from_client; content:"GET"; http_method; content:"/ks.check|3f|t=34mzznjv"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"t9.nibulu.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641195/; classtype:trojan-activity;sid:84504295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641194)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2019/05/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641194/; classtype:trojan-activity;sid:84504294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641189)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/11012020064251/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641189/; classtype:trojan-activity;sid:84504289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641185)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.178.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641185/; classtype:trojan-activity;sid:84504285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641184)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/07-2020/04/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641184/; classtype:trojan-activity;sid:84504284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641181)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_22/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641181/; classtype:trojan-activity;sid:84504281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641176)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_9/info.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641176/; classtype:trojan-activity;sid:84504276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641171)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_2/info.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641171/; classtype:trojan-activity;sid:84504271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641162)"; flow:established,from_client; content:"GET"; http_method; content:"/paypk1le8y.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k7.e-52p.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641162/; classtype:trojan-activity;sid:84504262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641151)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.141.98.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641151/; classtype:trojan-activity;sid:84504251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641152)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.206.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641152/; classtype:trojan-activity;sid:84504252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641148)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.69.61.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641148/; classtype:trojan-activity;sid:84504248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641134)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.0.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641134/; classtype:trojan-activity;sid:84504234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641135)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.43.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641135/; classtype:trojan-activity;sid:84504235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641105)"; flow:established,from_client; content:"GET"; http_method; content:"/exekr0w943.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"v2.j1z2u.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641105/; classtype:trojan-activity;sid:84504205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641104)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_277/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641104/; classtype:trojan-activity;sid:84504204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641103)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/23012020075108/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641103/; classtype:trojan-activity;sid:84504203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641102)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/30122019110621/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641102/; classtype:trojan-activity;sid:84504202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641101)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/17102019084754/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641101/; classtype:trojan-activity;sid:84504201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641100)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/28012020083943/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641100/; classtype:trojan-activity;sid:84504200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641099)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/06032020084029/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641099/; classtype:trojan-activity;sid:84504199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641098)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/28082020083739/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641098/; classtype:trojan-activity;sid:84504198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641097)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/04102019085348/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641097/; classtype:trojan-activity;sid:84504197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641096)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-04-28/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641096/; classtype:trojan-activity;sid:84504196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641095)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_122/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641095/; classtype:trojan-activity;sid:84504195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641094)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/19032020072054/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641094/; classtype:trojan-activity;sid:84504194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641093)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-11-10/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641093/; classtype:trojan-activity;sid:84504193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641092)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/28/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641092/; classtype:trojan-activity;sid:84504192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641091)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/30092019112857/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641091/; classtype:trojan-activity;sid:84504191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641090)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/28082019084303/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641090/; classtype:trojan-activity;sid:84504190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641089)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/28042020090051/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641089/; classtype:trojan-activity;sid:84504189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641088)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-03-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641088/; classtype:trojan-activity;sid:84504188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641087)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/23032020073531/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641087/; classtype:trojan-activity;sid:84504187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641086)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/18032020074832/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641086/; classtype:trojan-activity;sid:84504186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641085)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/19052020093708/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641085/; classtype:trojan-activity;sid:84504185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641084)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-11-18/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641084/; classtype:trojan-activity;sid:84504184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641083)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-04-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641083/; classtype:trojan-activity;sid:84504183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641082)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-02-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641082/; classtype:trojan-activity;sid:84504182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641080)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/09102020084808/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641080/; classtype:trojan-activity;sid:84504180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641081)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-07-03/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641081/; classtype:trojan-activity;sid:84504181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641079)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-05-18/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641079/; classtype:trojan-activity;sid:84504179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641078)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/07112019081511/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641078/; classtype:trojan-activity;sid:84504178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641076)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-12-12/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641076/; classtype:trojan-activity;sid:84504176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641077)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/04-2020/05/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641077/; classtype:trojan-activity;sid:84504177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641075)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/14/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641075/; classtype:trojan-activity;sid:84504175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641074)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_232/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641074/; classtype:trojan-activity;sid:84504174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641073)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2019-10-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641073/; classtype:trojan-activity;sid:84504173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641072)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/26122019084135/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641072/; classtype:trojan-activity;sid:84504172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641071)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641071/; classtype:trojan-activity;sid:84504171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641070)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-09-23/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641070/; classtype:trojan-activity;sid:84504170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641069)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15012020074750/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641069/; classtype:trojan-activity;sid:84504169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641068)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/12112019085204/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641068/; classtype:trojan-activity;sid:84504168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641067)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/04052020135409/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641067/; classtype:trojan-activity;sid:84504167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641065)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-07-01/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641065/; classtype:trojan-activity;sid:84504165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641066)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-10-14/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641066/; classtype:trojan-activity;sid:84504166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641064)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-10-21/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641064/; classtype:trojan-activity;sid:84504164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641063)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-09-16/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641063/; classtype:trojan-activity;sid:84504163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641061)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/13012020084740/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641061/; classtype:trojan-activity;sid:84504161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641060)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-02-19/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641060/; classtype:trojan-activity;sid:84504160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641059)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-08-04/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641059/; classtype:trojan-activity;sid:84504159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641057)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_90/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641057/; classtype:trojan-activity;sid:84504157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641051)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.107.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641051/; classtype:trojan-activity;sid:84504151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641050)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_352/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641050/; classtype:trojan-activity;sid:84504150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641048)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"27.102.138.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641048/; classtype:trojan-activity;sid:84504148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641049)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"27.102.138.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641049/; classtype:trojan-activity;sid:84504149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641047)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/17022020084605/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641047/; classtype:trojan-activity;sid:84504147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641046)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/03072020090848/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641046/; classtype:trojan-activity;sid:84504146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641045)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/05022020083618/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641045/; classtype:trojan-activity;sid:84504145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641044)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-09-21/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641044/; classtype:trojan-activity;sid:84504144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641043)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/23062020070239/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641043/; classtype:trojan-activity;sid:84504143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641042)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/09122019095448/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641042/; classtype:trojan-activity;sid:84504142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641041)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-07-27/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641041/; classtype:trojan-activity;sid:84504141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641040)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-09-12/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641040/; classtype:trojan-activity;sid:84504140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641039)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-11-09/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641039/; classtype:trojan-activity;sid:84504139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641038)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/06-2020/14/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641038/; classtype:trojan-activity;sid:84504138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641037)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-08-05/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641037/; classtype:trojan-activity;sid:84504137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641036)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-04-20/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641036/; classtype:trojan-activity;sid:84504136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641035)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/01-2020/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641035/; classtype:trojan-activity;sid:84504135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641034)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/29072020113918/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641034/; classtype:trojan-activity;sid:84504134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641033)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-09-17/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641033/; classtype:trojan-activity;sid:84504133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641032)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-01-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641032/; classtype:trojan-activity;sid:84504132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641031)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/02122019084356/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641031/; classtype:trojan-activity;sid:84504131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641030)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-05-26/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641030/; classtype:trojan-activity;sid:84504130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641029)"; flow:established,from_client; content:"GET"; http_method; content:"/ramon/teste/microsoft%20office%202010%20professional%20plus%20x86/access.pt-br/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641029/; classtype:trojan-activity;sid:84504129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641028)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-01-06/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641028/; classtype:trojan-activity;sid:84504128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641027)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-05-15/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641027/; classtype:trojan-activity;sid:84504127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641026)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/08-2019/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641026/; classtype:trojan-activity;sid:84504126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641025)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-09-23/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641025/; classtype:trojan-activity;sid:84504125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641024)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-09-01/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641024/; classtype:trojan-activity;sid:84504124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641022)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-11-19/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641022/; classtype:trojan-activity;sid:84504122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641023)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-09-25/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641023/; classtype:trojan-activity;sid:84504123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641021)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-06-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641021/; classtype:trojan-activity;sid:84504121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641020)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641020/; classtype:trojan-activity;sid:84504120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641019)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2019/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641019/; classtype:trojan-activity;sid:84504119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641018)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/05/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641018/; classtype:trojan-activity;sid:84504118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641017)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-08-02/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641017/; classtype:trojan-activity;sid:84504117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641016)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/13022020140950/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641016/; classtype:trojan-activity;sid:84504116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641015)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-10-17/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641015/; classtype:trojan-activity;sid:84504115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641014)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/10-2019/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641014/; classtype:trojan-activity;sid:84504114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641013)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/18022020084223/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641013/; classtype:trojan-activity;sid:84504113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641012)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/13112019082710/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641012/; classtype:trojan-activity;sid:84504112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641011)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-06-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641011/; classtype:trojan-activity;sid:84504111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641010)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/12122019081809/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641010/; classtype:trojan-activity;sid:84504110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641009)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-08-19/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641009/; classtype:trojan-activity;sid:84504109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641008)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-10-30/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641008/; classtype:trojan-activity;sid:84504108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641007)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-11-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641007/; classtype:trojan-activity;sid:84504107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641006)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/14032020082323/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641006/; classtype:trojan-activity;sid:84504106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641005)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-04-01/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641005/; classtype:trojan-activity;sid:84504105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641004)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/10102019084447/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641004/; classtype:trojan-activity;sid:84504104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641003)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-02-06/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641003/; classtype:trojan-activity;sid:84504103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641002)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/15092019103329/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641002/; classtype:trojan-activity;sid:84504102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641001)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15022020080803/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641001/; classtype:trojan-activity;sid:84504101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641000)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-02-24/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641000/; classtype:trojan-activity;sid:84504100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640999)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-07-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640999/; classtype:trojan-activity;sid:84504099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640998)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/25112019095135/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640998/; classtype:trojan-activity;sid:84504098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640997)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_291/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640997/; classtype:trojan-activity;sid:84504097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640996)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/06022020083147/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640996/; classtype:trojan-activity;sid:84504096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640995)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/15062020064910/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640995/; classtype:trojan-activity;sid:84504095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640994)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-11-24/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640994/; classtype:trojan-activity;sid:84504094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640993)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-08-15/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640993/; classtype:trojan-activity;sid:84504093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640992)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/09-2020/05/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640992/; classtype:trojan-activity;sid:84504092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640991)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/24042020083338/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640991/; classtype:trojan-activity;sid:84504091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640990)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/25052020083123/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640990/; classtype:trojan-activity;sid:84504090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640989)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-05-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640989/; classtype:trojan-activity;sid:84504089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640987)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-12-20/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640987/; classtype:trojan-activity;sid:84504087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640988)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2019/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640988/; classtype:trojan-activity;sid:84504088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640986)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/11022020084204/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640986/; classtype:trojan-activity;sid:84504086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640985)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-11-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640985/; classtype:trojan-activity;sid:84504085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640984)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-10-07/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640984/; classtype:trojan-activity;sid:84504084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640983)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/17072020085917/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640983/; classtype:trojan-activity;sid:84504083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640982)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-05-28/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640982/; classtype:trojan-activity;sid:84504082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640981)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/04112020083133/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640981/; classtype:trojan-activity;sid:84504081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640980)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640980/; classtype:trojan-activity;sid:84504080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640979)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/20122019084834/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640979/; classtype:trojan-activity;sid:84504079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640978)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2019/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640978/; classtype:trojan-activity;sid:84504078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640977)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/19012020070904/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640977/; classtype:trojan-activity;sid:84504077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640976)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640976/; classtype:trojan-activity;sid:84504076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640975)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/11122019084756/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640975/; classtype:trojan-activity;sid:84504075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640974)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/12-2019/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640974/; classtype:trojan-activity;sid:84504074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640972)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640972/; classtype:trojan-activity;sid:84504072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640973)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-05-22/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640973/; classtype:trojan-activity;sid:84504073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640971)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-09-09/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640971/; classtype:trojan-activity;sid:84504071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640970)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-11-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640970/; classtype:trojan-activity;sid:84504070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640969)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-11-18/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640969/; classtype:trojan-activity;sid:84504069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640968)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-09-06/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640968/; classtype:trojan-activity;sid:84504068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640967)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-12-09/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640967/; classtype:trojan-activity;sid:84504067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640966)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/07-2020/01/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640966/; classtype:trojan-activity;sid:84504066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640963)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-08-03/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640963/; classtype:trojan-activity;sid:84504063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640964)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/02092019101733/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640964/; classtype:trojan-activity;sid:84504064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640965)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/14/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640965/; classtype:trojan-activity;sid:84504065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640962)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-03-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640962/; classtype:trojan-activity;sid:84504062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640961)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/18122019073940/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640961/; classtype:trojan-activity;sid:84504061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640960)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/07022020094430/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640960/; classtype:trojan-activity;sid:84504060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640959)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/18062020070541/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640959/; classtype:trojan-activity;sid:84504059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640958)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/02-2020/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640958/; classtype:trojan-activity;sid:84504058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640957)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/11-2019/04/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640957/; classtype:trojan-activity;sid:84504057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640956)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/15062020133306/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640956/; classtype:trojan-activity;sid:84504056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640955)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/21082020084357/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640955/; classtype:trojan-activity;sid:84504055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640953)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-11-05/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640953/; classtype:trojan-activity;sid:84504053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640954)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-02-07/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640954/; classtype:trojan-activity;sid:84504054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640952)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-03-02/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640952/; classtype:trojan-activity;sid:84504052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640951)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/26092019112650/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640951/; classtype:trojan-activity;sid:84504051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640950)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/12112019085613/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640950/; classtype:trojan-activity;sid:84504050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640949)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-05-14/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640949/; classtype:trojan-activity;sid:84504049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640948)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-12-11/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640948/; classtype:trojan-activity;sid:84504048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640947)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/12-2019/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640947/; classtype:trojan-activity;sid:84504047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640946)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-05-18/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640946/; classtype:trojan-activity;sid:84504046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640945)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-08-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640945/; classtype:trojan-activity;sid:84504045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640944)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-10-15/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640944/; classtype:trojan-activity;sid:84504044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640943)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-08-18/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640943/; classtype:trojan-activity;sid:84504043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640942)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-05-22/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640942/; classtype:trojan-activity;sid:84504042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640941)"; flow:established,from_client; content:"GET"; http_method; content:"/ramon/teste/microsoft%20office%202010%20professional%20plus%20x86/proofing.pt-br/proof.en/info.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640941/; classtype:trojan-activity;sid:84504041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640940)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/25032020083745/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640940/; classtype:trojan-activity;sid:84504040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640939)"; flow:established,from_client; content:"GET"; http_method; content:"/3r.check|3f|t=5p29yriu"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"wz.haxyli.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640939/; classtype:trojan-activity;sid:84504039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640938)"; flow:established,from_client; content:"GET"; http_method; content:"/gipexrelease/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640938/; classtype:trojan-activity;sid:84504038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640937)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/17022020100642/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640937/; classtype:trojan-activity;sid:84504037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640935)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/27072020084403/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640935/; classtype:trojan-activity;sid:84504035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640936)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2020-08-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640936/; classtype:trojan-activity;sid:84504036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640934)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-11-27/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640934/; classtype:trojan-activity;sid:84504034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640933)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-12-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640933/; classtype:trojan-activity;sid:84504033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640932)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-09-24/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640932/; classtype:trojan-activity;sid:84504032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640931)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/12-2019/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640931/; classtype:trojan-activity;sid:84504031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640930)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-01-06/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640930/; classtype:trojan-activity;sid:84504030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640929)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/24012020134137/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640929/; classtype:trojan-activity;sid:84504029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640928)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-04-01/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640928/; classtype:trojan-activity;sid:84504028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640927)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-11-26/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640927/; classtype:trojan-activity;sid:84504027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640926)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_21/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640926/; classtype:trojan-activity;sid:84504026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640925)"; flow:established,from_client; content:"GET"; http_method; content:"/ramon/teste/microsoft%20office%202010%20professional%20plus%20x86/groove.pt-br/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640925/; classtype:trojan-activity;sid:84504025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640924)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_5/info.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640924/; classtype:trojan-activity;sid:84504024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640923)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-05-27/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640923/; classtype:trojan-activity;sid:84504023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640922)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-09-30/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640922/; classtype:trojan-activity;sid:84504022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640921)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/24012020073045/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640921/; classtype:trojan-activity;sid:84504021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640920)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/01112019085456/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640920/; classtype:trojan-activity;sid:84504020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640918)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/12-2019/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640918/; classtype:trojan-activity;sid:84504018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640919)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/04305539000100/info.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640919/; classtype:trojan-activity;sid:84504019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640917)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/27012020075445/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640917/; classtype:trojan-activity;sid:84504017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640916)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-11-22/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640916/; classtype:trojan-activity;sid:84504016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640915)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-10-28/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640915/; classtype:trojan-activity;sid:84504015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640914)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-08-22/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640914/; classtype:trojan-activity;sid:84504014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640913)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-04-30/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640913/; classtype:trojan-activity;sid:84504013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640912)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-10-19/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640912/; classtype:trojan-activity;sid:84504012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640911)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/03-2020/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640911/; classtype:trojan-activity;sid:84504011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640910)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/16102020084306/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640910/; classtype:trojan-activity;sid:84504010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640909)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/11/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640909/; classtype:trojan-activity;sid:84504009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640908)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/11-2020/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640908/; classtype:trojan-activity;sid:84504008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640907)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/23032020113135/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640907/; classtype:trojan-activity;sid:84504007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640906)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-01-02/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640906/; classtype:trojan-activity;sid:84504006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640905)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/10102019130442/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640905/; classtype:trojan-activity;sid:84504005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640904)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/07082020084256/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640904/; classtype:trojan-activity;sid:84504004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640903)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-09-26/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640903/; classtype:trojan-activity;sid:84504003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640902)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/13122019135841/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640902/; classtype:trojan-activity;sid:84504002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640901)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/24082020084635/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640901/; classtype:trojan-activity;sid:84504001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640900)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-01-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640900/; classtype:trojan-activity;sid:84504000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640899)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-03-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640899/; classtype:trojan-activity;sid:84503999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640898)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/07072020085014/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640898/; classtype:trojan-activity;sid:84503998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640897)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/03082020084058/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640897/; classtype:trojan-activity;sid:84503997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640896)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-04-23/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640896/; classtype:trojan-activity;sid:84503996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640895)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/12082019113527/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640895/; classtype:trojan-activity;sid:84503995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640894)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/18022020081034/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640894/; classtype:trojan-activity;sid:84503994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640893)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-09-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640893/; classtype:trojan-activity;sid:84503993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640892)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-02-27/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640892/; classtype:trojan-activity;sid:84503992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640891)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/04012020075546/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640891/; classtype:trojan-activity;sid:84503991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640887)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/06102020130008/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640887/; classtype:trojan-activity;sid:84503987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640888)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/13122019084859/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640888/; classtype:trojan-activity;sid:84503988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640889)"; flow:established,from_client; content:"GET"; http_method; content:"/gipex_201806161031/appdata/settings/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640889/; classtype:trojan-activity;sid:84503989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640890)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/26112020085922/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640890/; classtype:trojan-activity;sid:84503990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640885)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-02-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640885/; classtype:trojan-activity;sid:84503985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640886)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-03-31/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640886/; classtype:trojan-activity;sid:84503986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640884)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-02-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640884/; classtype:trojan-activity;sid:84503984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640883)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-01-21/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640883/; classtype:trojan-activity;sid:84503983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640882)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/09012020081123/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640882/; classtype:trojan-activity;sid:84503982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640881)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640881/; classtype:trojan-activity;sid:84503981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640880)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/31102019085119/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640880/; classtype:trojan-activity;sid:84503980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640879)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-05-06/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640879/; classtype:trojan-activity;sid:84503979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640878)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/11-2019/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640878/; classtype:trojan-activity;sid:84503978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640877)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-09-03/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640877/; classtype:trojan-activity;sid:84503977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640876)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/12-2019/25/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640876/; classtype:trojan-activity;sid:84503976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640875)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-10-28/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640875/; classtype:trojan-activity;sid:84503975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640874)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/28022020132906/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640874/; classtype:trojan-activity;sid:84503974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640873)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/04-2020/04/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640873/; classtype:trojan-activity;sid:84503973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640872)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/23092020092747/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640872/; classtype:trojan-activity;sid:84503972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640871)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-01-17/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640871/; classtype:trojan-activity;sid:84503971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640870)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/10-2019/11/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640870/; classtype:trojan-activity;sid:84503970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640869)"; flow:established,from_client; content:"GET"; http_method; content:"/gipex_201806161031/appdata/settings/usr/usr_1/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640869/; classtype:trojan-activity;sid:84503969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640868)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/23102020082933/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640868/; classtype:trojan-activity;sid:84503968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640867)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-07-30/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640867/; classtype:trojan-activity;sid:84503967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640866)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/mg/normal/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640866/; classtype:trojan-activity;sid:84503966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640865)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15022020085635/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640865/; classtype:trojan-activity;sid:84503965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640864)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-11-21/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640864/; classtype:trojan-activity;sid:84503964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640863)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-02-17/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640863/; classtype:trojan-activity;sid:84503963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640862)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-05-04/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640862/; classtype:trojan-activity;sid:84503962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640861)"; flow:established,from_client; content:"GET"; http_method; content:"/ramon/teste/microsoft%20office%202010%20professional%20plus%20x86/proofing.pt-br/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640861/; classtype:trojan-activity;sid:84503961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640860)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640860/; classtype:trojan-activity;sid:84503960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640859)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/10-2019/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640859/; classtype:trojan-activity;sid:84503959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640858)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/consulta/2020-03-24/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640858/; classtype:trojan-activity;sid:84503958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640857)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/04082019110735/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640857/; classtype:trojan-activity;sid:84503957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640856)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/17022020085751/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640856/; classtype:trojan-activity;sid:84503956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640855)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/13022020101421/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640855/; classtype:trojan-activity;sid:84503955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640854)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-11-07/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640854/; classtype:trojan-activity;sid:84503954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640853)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_349/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640853/; classtype:trojan-activity;sid:84503953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640852)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-09-02/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640852/; classtype:trojan-activity;sid:84503952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640851)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-03-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640851/; classtype:trojan-activity;sid:84503951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640850)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-11-20/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640850/; classtype:trojan-activity;sid:84503950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640849)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/03112020080207/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640849/; classtype:trojan-activity;sid:84503949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640848)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-02-28/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640848/; classtype:trojan-activity;sid:84503948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640847)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/20082020102716/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640847/; classtype:trojan-activity;sid:84503947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640846)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-04-20/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640846/; classtype:trojan-activity;sid:84503946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640845)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-01-15/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640845/; classtype:trojan-activity;sid:84503945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640844)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-09-17/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640844/; classtype:trojan-activity;sid:84503944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640843)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/05122019085417/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640843/; classtype:trojan-activity;sid:84503943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640842)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2019/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640842/; classtype:trojan-activity;sid:84503942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640841)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-02-18/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640841/; classtype:trojan-activity;sid:84503941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640840)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/20072020090228/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640840/; classtype:trojan-activity;sid:84503940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640839)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-10-25/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640839/; classtype:trojan-activity;sid:84503939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640838)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-12-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640838/; classtype:trojan-activity;sid:84503938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640837)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/19092019085117/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640837/; classtype:trojan-activity;sid:84503937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640836)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2019/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640836/; classtype:trojan-activity;sid:84503936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640834)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-04-15/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640834/; classtype:trojan-activity;sid:84503934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640835)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/06012020102056/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640835/; classtype:trojan-activity;sid:84503935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640833)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-03-16/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640833/; classtype:trojan-activity;sid:84503933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640832)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_15/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640832/; classtype:trojan-activity;sid:84503932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640831)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-06-30/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640831/; classtype:trojan-activity;sid:84503931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640830)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/25092019111750/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640830/; classtype:trojan-activity;sid:84503930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640829)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_71/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640829/; classtype:trojan-activity;sid:84503929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640828)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/13112019081923/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640828/; classtype:trojan-activity;sid:84503928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640827)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-09-04/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640827/; classtype:trojan-activity;sid:84503927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640826)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-11-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640826/; classtype:trojan-activity;sid:84503926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640825)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/17032020084717/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640825/; classtype:trojan-activity;sid:84503925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640824)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-09-24/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640824/; classtype:trojan-activity;sid:84503924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640823)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-08-14/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640823/; classtype:trojan-activity;sid:84503923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640822)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640822/; classtype:trojan-activity;sid:84503922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640821)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-05-08/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640821/; classtype:trojan-activity;sid:84503921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640820)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/30122019103413/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640820/; classtype:trojan-activity;sid:84503920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640818)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-12-12/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640818/; classtype:trojan-activity;sid:84503918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640819)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/18032020084148/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640819/; classtype:trojan-activity;sid:84503919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640817)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-06-08/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640817/; classtype:trojan-activity;sid:84503917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640816)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/20012020082126/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640816/; classtype:trojan-activity;sid:84503916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640815)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-09-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640815/; classtype:trojan-activity;sid:84503915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640814)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_341/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640814/; classtype:trojan-activity;sid:84503914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640813)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-01-22/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640813/; classtype:trojan-activity;sid:84503913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640812)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-07-13/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640812/; classtype:trojan-activity;sid:84503912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640810)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-05-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640810/; classtype:trojan-activity;sid:84503910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640811)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_1/info.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640811/; classtype:trojan-activity;sid:84503911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640809)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/07102020094539/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640809/; classtype:trojan-activity;sid:84503909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640808)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-08-25/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640808/; classtype:trojan-activity;sid:84503908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640807)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-03-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640807/; classtype:trojan-activity;sid:84503907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640806)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/09-2019/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640806/; classtype:trojan-activity;sid:84503906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640805)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/16032020084334/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640805/; classtype:trojan-activity;sid:84503905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640804)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/09102019082036/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640804/; classtype:trojan-activity;sid:84503904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640803)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/01112019085008/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640803/; classtype:trojan-activity;sid:84503903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640802)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-02-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640802/; classtype:trojan-activity;sid:84503902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640801)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_68/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640801/; classtype:trojan-activity;sid:84503901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640800)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-01-31/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640800/; classtype:trojan-activity;sid:84503900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640799)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_38/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640799/; classtype:trojan-activity;sid:84503899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640798)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-09-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640798/; classtype:trojan-activity;sid:84503898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640797)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-11-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640797/; classtype:trojan-activity;sid:84503897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640796)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-06-08/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640796/; classtype:trojan-activity;sid:84503896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640794)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/18022020102806/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640794/; classtype:trojan-activity;sid:84503894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640795)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/09/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640795/; classtype:trojan-activity;sid:84503895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640793)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-02-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640793/; classtype:trojan-activity;sid:84503893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640792)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/07042020090207/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640792/; classtype:trojan-activity;sid:84503892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640791)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/06102020082321/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640791/; classtype:trojan-activity;sid:84503891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640790)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-07-24/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640790/; classtype:trojan-activity;sid:84503890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640789)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-12-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640789/; classtype:trojan-activity;sid:84503889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640788)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/12032020085353/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640788/; classtype:trojan-activity;sid:84503888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640787)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2020/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640787/; classtype:trojan-activity;sid:84503887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640786)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-10-28/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640786/; classtype:trojan-activity;sid:84503886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640785)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-04-02/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640785/; classtype:trojan-activity;sid:84503885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640783)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/01/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640783/; classtype:trojan-activity;sid:84503883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640784)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-09-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640784/; classtype:trojan-activity;sid:84503884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640782)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-08-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640782/; classtype:trojan-activity;sid:84503882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640781)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-10-13/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640781/; classtype:trojan-activity;sid:84503881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640780)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-10-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640780/; classtype:trojan-activity;sid:84503880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640779)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/02102020083443/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640779/; classtype:trojan-activity;sid:84503879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640777)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/13022020083044/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640777/; classtype:trojan-activity;sid:84503877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640778)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640778/; classtype:trojan-activity;sid:84503878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640774)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-05-21/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640774/; classtype:trojan-activity;sid:84503874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640775)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/25/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640775/; classtype:trojan-activity;sid:84503875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640776)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_112/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640776/; classtype:trojan-activity;sid:84503876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640773)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/13122019115656/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640773/; classtype:trojan-activity;sid:84503873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640772)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-09-10/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640772/; classtype:trojan-activity;sid:84503872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640771)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15082019085855/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640771/; classtype:trojan-activity;sid:84503871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640770)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/16102019112159/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640770/; classtype:trojan-activity;sid:84503870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640769)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-11-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640769/; classtype:trojan-activity;sid:84503869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640768)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-08-21/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640768/; classtype:trojan-activity;sid:84503868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640767)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-11-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640767/; classtype:trojan-activity;sid:84503867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640766)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/03-2020/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640766/; classtype:trojan-activity;sid:84503866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640765)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-06-25/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640765/; classtype:trojan-activity;sid:84503865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640764)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640764/; classtype:trojan-activity;sid:84503864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640763)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-06-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640763/; classtype:trojan-activity;sid:84503863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640761)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-08-06/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640761/; classtype:trojan-activity;sid:84503861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640762)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/13102020085631/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640762/; classtype:trojan-activity;sid:84503862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640760)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/07012020084041/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640760/; classtype:trojan-activity;sid:84503860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640759)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/20012020080646/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640759/; classtype:trojan-activity;sid:84503859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640758)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-10-26/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640758/; classtype:trojan-activity;sid:84503858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640757)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-12-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640757/; classtype:trojan-activity;sid:84503857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640756)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-03-30/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640756/; classtype:trojan-activity;sid:84503856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640755)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/24012020092005/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640755/; classtype:trojan-activity;sid:84503855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640754)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_41/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640754/; classtype:trojan-activity;sid:84503854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640751)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-02-17/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640751/; classtype:trojan-activity;sid:84503851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640752)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-11-14/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640752/; classtype:trojan-activity;sid:84503852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640753)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/29092019093353/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640753/; classtype:trojan-activity;sid:84503853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640750)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-10-21/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640750/; classtype:trojan-activity;sid:84503850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640749)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/11112020084104/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640749/; classtype:trojan-activity;sid:84503849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640748)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-11-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640748/; classtype:trojan-activity;sid:84503848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640747)"; flow:established,from_client; content:"GET"; http_method; content:"/ramon/teste/microsoft%20office%202010%20professional%20plus%20x86/catalog/info.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640747/; classtype:trojan-activity;sid:84503847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640746)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-04-13/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640746/; classtype:trojan-activity;sid:84503846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640745)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-02-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640745/; classtype:trojan-activity;sid:84503845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640743)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-11-23/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640743/; classtype:trojan-activity;sid:84503843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640744)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-09-18/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640744/; classtype:trojan-activity;sid:84503844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640742)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/08052020090605/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640742/; classtype:trojan-activity;sid:84503842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640739)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_348/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640739/; classtype:trojan-activity;sid:84503839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640740)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/11-2019/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640740/; classtype:trojan-activity;sid:84503840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640741)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/09-2019/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640741/; classtype:trojan-activity;sid:84503841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640738)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/17092019111156/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640738/; classtype:trojan-activity;sid:84503838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640737)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/16092019113647/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640737/; classtype:trojan-activity;sid:84503837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640736)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/21092020083905/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640736/; classtype:trojan-activity;sid:84503836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640734)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/04032020084326/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640734/; classtype:trojan-activity;sid:84503834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640735)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-08-19/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640735/; classtype:trojan-activity;sid:84503835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640732)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-02-05/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640732/; classtype:trojan-activity;sid:84503832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640733)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-06-01/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640733/; classtype:trojan-activity;sid:84503833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640731)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.14.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640731/; classtype:trojan-activity;sid:84503831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640730)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/18112020084730/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640730/; classtype:trojan-activity;sid:84503830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640729)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-09-14/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640729/; classtype:trojan-activity;sid:84503829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640728)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-10-28/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640728/; classtype:trojan-activity;sid:84503828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640727)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-10-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640727/; classtype:trojan-activity;sid:84503827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640726)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-06-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640726/; classtype:trojan-activity;sid:84503826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640725)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-04-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640725/; classtype:trojan-activity;sid:84503825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640724)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/12012020104033/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640724/; classtype:trojan-activity;sid:84503824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640723)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-08-28/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640723/; classtype:trojan-activity;sid:84503823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640722)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2019/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640722/; classtype:trojan-activity;sid:84503822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640720)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/info.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640720/; classtype:trojan-activity;sid:84503820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640721)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-11-12/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640721/; classtype:trojan-activity;sid:84503821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640719)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-01-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640719/; classtype:trojan-activity;sid:84503819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640718)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/13022020134937/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640718/; classtype:trojan-activity;sid:84503818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640717)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/31102019073038/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640717/; classtype:trojan-activity;sid:84503817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640716)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-09-30/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640716/; classtype:trojan-activity;sid:84503816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640715)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-08-10/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640715/; classtype:trojan-activity;sid:84503815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640714)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-08-27/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640714/; classtype:trojan-activity;sid:84503814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640713)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-10-24/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640713/; classtype:trojan-activity;sid:84503813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640712)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_31/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640712/; classtype:trojan-activity;sid:84503812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640710)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-11-20/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640710/; classtype:trojan-activity;sid:84503810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640711)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/21082019110853/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640711/; classtype:trojan-activity;sid:84503811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640689)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/02-2020/11/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640689/; classtype:trojan-activity;sid:84503789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640690)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-08-10/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640690/; classtype:trojan-activity;sid:84503790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640691)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/02/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640691/; classtype:trojan-activity;sid:84503791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640692)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/24102019085345/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640692/; classtype:trojan-activity;sid:84503792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640693)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/04022020094504/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640693/; classtype:trojan-activity;sid:84503793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640694)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-01-22/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640694/; classtype:trojan-activity;sid:84503794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640695)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-03-12/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640695/; classtype:trojan-activity;sid:84503795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640696)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/rj/conting%c3%aancia/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640696/; classtype:trojan-activity;sid:84503796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640697)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/16012020081311/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640697/; classtype:trojan-activity;sid:84503797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640698)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/12-2019/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640698/; classtype:trojan-activity;sid:84503798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640699)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-07-20/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640699/; classtype:trojan-activity;sid:84503799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640700)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-12-30/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640700/; classtype:trojan-activity;sid:84503800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640701)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-10-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640701/; classtype:trojan-activity;sid:84503801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640702)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-10-16/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640702/; classtype:trojan-activity;sid:84503802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640703)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/21052020085354/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640703/; classtype:trojan-activity;sid:84503803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640704)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/20122019085325/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640704/; classtype:trojan-activity;sid:84503804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640705)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-03-09/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640705/; classtype:trojan-activity;sid:84503805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640706)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/04122019075856/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640706/; classtype:trojan-activity;sid:84503806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640707)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640707/; classtype:trojan-activity;sid:84503807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640708)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-12-02/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640708/; classtype:trojan-activity;sid:84503808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640709)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/21102019090225/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640709/; classtype:trojan-activity;sid:84503809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640688)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-05-11/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640688/; classtype:trojan-activity;sid:84503788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640687)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/12-2019/31/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640687/; classtype:trojan-activity;sid:84503787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640686)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-08-24/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640686/; classtype:trojan-activity;sid:84503786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640685)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/05-2020/09/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640685/; classtype:trojan-activity;sid:84503785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640684)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-09-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640684/; classtype:trojan-activity;sid:84503784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640683)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-03-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640683/; classtype:trojan-activity;sid:84503783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640682)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-08-24/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640682/; classtype:trojan-activity;sid:84503782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640681)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-07-07/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640681/; classtype:trojan-activity;sid:84503781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640680)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-11-20/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640680/; classtype:trojan-activity;sid:84503780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640677)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_100/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640677/; classtype:trojan-activity;sid:84503777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640678)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/17012020083211/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640678/; classtype:trojan-activity;sid:84503778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640679)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/14/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640679/; classtype:trojan-activity;sid:84503779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640676)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/09122019084625/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640676/; classtype:trojan-activity;sid:84503776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640675)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-08-16/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640675/; classtype:trojan-activity;sid:84503775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640674)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-05-12/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640674/; classtype:trojan-activity;sid:84503774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640673)"; flow:established,from_client; content:"GET"; http_method; content:"/gipex_201806161031/appdata/settings/usr/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640673/; classtype:trojan-activity;sid:84503773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640672)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-10-31/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640672/; classtype:trojan-activity;sid:84503772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640671)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-09-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640671/; classtype:trojan-activity;sid:84503771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640670)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-03-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640670/; classtype:trojan-activity;sid:84503770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640668)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/04-2020/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640668/; classtype:trojan-activity;sid:84503768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640669)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-10-31/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640669/; classtype:trojan-activity;sid:84503769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640667)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-04-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640667/; classtype:trojan-activity;sid:84503767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640666)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-08-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640666/; classtype:trojan-activity;sid:84503766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640665)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/10-2019/01/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640665/; classtype:trojan-activity;sid:84503765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640664)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-09-21/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640664/; classtype:trojan-activity;sid:84503764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640663)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/31122019083252/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640663/; classtype:trojan-activity;sid:84503763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640662)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/22012020141348/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640662/; classtype:trojan-activity;sid:84503762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640661)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-03-23/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640661/; classtype:trojan-activity;sid:84503761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640660)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-01-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640660/; classtype:trojan-activity;sid:84503760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640659)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2020/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640659/; classtype:trojan-activity;sid:84503759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640658)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/18032020075106/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640658/; classtype:trojan-activity;sid:84503758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640657)"; flow:established,from_client; content:"GET"; http_method; content:"/gipex_201806161031/download/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640657/; classtype:trojan-activity;sid:84503757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640656)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-12-31/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640656/; classtype:trojan-activity;sid:84503756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640655)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_139/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640655/; classtype:trojan-activity;sid:84503755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640654)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-05-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640654/; classtype:trojan-activity;sid:84503754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640651)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/25/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640651/; classtype:trojan-activity;sid:84503751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640652)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/03122019084638/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640652/; classtype:trojan-activity;sid:84503752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640653)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-08-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640653/; classtype:trojan-activity;sid:84503753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640650)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-06-10/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640650/; classtype:trojan-activity;sid:84503750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640649)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-08-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640649/; classtype:trojan-activity;sid:84503749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640648)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/08-2019/30/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640648/; classtype:trojan-activity;sid:84503748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640647)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-10-01/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640647/; classtype:trojan-activity;sid:84503747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640645)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-01-30/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640645/; classtype:trojan-activity;sid:84503745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640646)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640646/; classtype:trojan-activity;sid:84503746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640644)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-06-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640644/; classtype:trojan-activity;sid:84503744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640642)"; flow:established,from_client; content:"GET"; http_method; content:"/gipex_201806161031/resources/info.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640642/; classtype:trojan-activity;sid:84503742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640643)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-10-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640643/; classtype:trojan-activity;sid:84503743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640641)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-11-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640641/; classtype:trojan-activity;sid:84503741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640638)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/21012020110856/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640638/; classtype:trojan-activity;sid:84503738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640639)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/11/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640639/; classtype:trojan-activity;sid:84503739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640640)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-07-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640640/; classtype:trojan-activity;sid:84503740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640637)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-06-03/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640637/; classtype:trojan-activity;sid:84503737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640636)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-08-12/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640636/; classtype:trojan-activity;sid:84503736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640635)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-05-18/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640635/; classtype:trojan-activity;sid:84503735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640634)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-06-19/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640634/; classtype:trojan-activity;sid:84503734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640632)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-10-04/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640632/; classtype:trojan-activity;sid:84503732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640633)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/17112019112055/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640633/; classtype:trojan-activity;sid:84503733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640631)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-08-17/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640631/; classtype:trojan-activity;sid:84503731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640630)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-11-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640630/; classtype:trojan-activity;sid:84503730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640629)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-08-29/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640629/; classtype:trojan-activity;sid:84503729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640627)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/10022020071733/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640627/; classtype:trojan-activity;sid:84503727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640628)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640628/; classtype:trojan-activity;sid:84503728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640625)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-05-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640625/; classtype:trojan-activity;sid:84503725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640626)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-08-23/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640626/; classtype:trojan-activity;sid:84503726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640624)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/30012020103259/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640624/; classtype:trojan-activity;sid:84503724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640623)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/30122019111133/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640623/; classtype:trojan-activity;sid:84503723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640622)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/29112019085537/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640622/; classtype:trojan-activity;sid:84503722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640621)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-02-13/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640621/; classtype:trojan-activity;sid:84503721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640620)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-08-29/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640620/; classtype:trojan-activity;sid:84503720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640619)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/14102019142359/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640619/; classtype:trojan-activity;sid:84503719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640618)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/31012020084850/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640618/; classtype:trojan-activity;sid:84503718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640616)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-10-07/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640616/; classtype:trojan-activity;sid:84503716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640617)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-08-29/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640617/; classtype:trojan-activity;sid:84503717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640615)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-06-15/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640615/; classtype:trojan-activity;sid:84503715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640614)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_384/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640614/; classtype:trojan-activity;sid:84503714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640613)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-08-22/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640613/; classtype:trojan-activity;sid:84503713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640612)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-03-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640612/; classtype:trojan-activity;sid:84503712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640611)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/30092020100618/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640611/; classtype:trojan-activity;sid:84503711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640609)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/04/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640609/; classtype:trojan-activity;sid:84503709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640610)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-01-10/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640610/; classtype:trojan-activity;sid:84503710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640608)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/28/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640608/; classtype:trojan-activity;sid:84503708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640606)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/19102020081728/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640606/; classtype:trojan-activity;sid:84503706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640607)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/06112019074030/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640607/; classtype:trojan-activity;sid:84503707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640604)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/11-2019/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640604/; classtype:trojan-activity;sid:84503704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640605)"; flow:established,from_client; content:"GET"; http_method; content:"/usb-%d0%bd%d0%b0%d0%ba%d0%be%d0%bf%d0%b8%d1%82%d0%b5%d0%bb%d1%8c/av.lnk"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"188.122.242.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640605/; classtype:trojan-activity;sid:84503705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640603)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640603/; classtype:trojan-activity;sid:84503703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640602)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-10-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640602/; classtype:trojan-activity;sid:84503702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640601)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-09-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640601/; classtype:trojan-activity;sid:84503701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640600)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/08112019073519/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640600/; classtype:trojan-activity;sid:84503700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640599)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/29112019084741/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640599/; classtype:trojan-activity;sid:84503699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640597)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/19022020083644/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640597/; classtype:trojan-activity;sid:84503697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640598)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-01-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640598/; classtype:trojan-activity;sid:84503698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640595)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-09-21/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640595/; classtype:trojan-activity;sid:84503695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640596)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/19122019080549/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640596/; classtype:trojan-activity;sid:84503696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640594)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/13022020135427/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640594/; classtype:trojan-activity;sid:84503694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640593)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640593/; classtype:trojan-activity;sid:84503693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640592)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/21102020082752/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640592/; classtype:trojan-activity;sid:84503692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640591)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/05-2020/05/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640591/; classtype:trojan-activity;sid:84503691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640589)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640589/; classtype:trojan-activity;sid:84503689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640590)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-12-17/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640590/; classtype:trojan-activity;sid:84503690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640588)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/18112019113321/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640588/; classtype:trojan-activity;sid:84503688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640587)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-01-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640587/; classtype:trojan-activity;sid:84503687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640585)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/30102019081202/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640585/; classtype:trojan-activity;sid:84503685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640586)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/20112019085835/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640586/; classtype:trojan-activity;sid:84503686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640584)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640584/; classtype:trojan-activity;sid:84503684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640583)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/carta%20de%20corre%c3%a7%c3%a3o/2020-11-18/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640583/; classtype:trojan-activity;sid:84503683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640582)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-12-18/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640582/; classtype:trojan-activity;sid:84503682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640579)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/14102019094817/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640579/; classtype:trojan-activity;sid:84503679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640580)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-10-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640580/; classtype:trojan-activity;sid:84503680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640581)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-02-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640581/; classtype:trojan-activity;sid:84503681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640578)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/27012020083914/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640578/; classtype:trojan-activity;sid:84503678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640577)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640577/; classtype:trojan-activity;sid:84503677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640576)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-08-12/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640576/; classtype:trojan-activity;sid:84503676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640575)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/02-2020/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640575/; classtype:trojan-activity;sid:84503675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640573)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/30012020074905/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640573/; classtype:trojan-activity;sid:84503673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640574)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-08-13/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640574/; classtype:trojan-activity;sid:84503674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640571)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/28022020081928/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640571/; classtype:trojan-activity;sid:84503671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640572)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/rj/normal/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640572/; classtype:trojan-activity;sid:84503672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640570)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_366/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640570/; classtype:trojan-activity;sid:84503670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640568)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-07-20/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640568/; classtype:trojan-activity;sid:84503668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640569)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-09-18/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640569/; classtype:trojan-activity;sid:84503669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640567)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/mg/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640567/; classtype:trojan-activity;sid:84503667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640566)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/10022020073719/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640566/; classtype:trojan-activity;sid:84503666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640565)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-08-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640565/; classtype:trojan-activity;sid:84503665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640564)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-05-13/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640564/; classtype:trojan-activity;sid:84503664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640563)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-10-17/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640563/; classtype:trojan-activity;sid:84503663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640562)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/07102020083600/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640562/; classtype:trojan-activity;sid:84503662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640561)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/11032020083845/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640561/; classtype:trojan-activity;sid:84503661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640560)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-01-29/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640560/; classtype:trojan-activity;sid:84503660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640558)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/13022020111203/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640558/; classtype:trojan-activity;sid:84503658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640559)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/07-2020/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640559/; classtype:trojan-activity;sid:84503659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640557)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/04112020082542/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640557/; classtype:trojan-activity;sid:84503657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640556)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/11082020091100/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640556/; classtype:trojan-activity;sid:84503656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640555)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_13/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640555/; classtype:trojan-activity;sid:84503655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640554)"; flow:established,from_client; content:"GET"; http_method; content:"/ramon/teste/microsoft%20office%202010%20professional%20plus%20x86/infopath.pt-br/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640554/; classtype:trojan-activity;sid:84503654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640553)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-04-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640553/; classtype:trojan-activity;sid:84503653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640552)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/28022020133711/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640552/; classtype:trojan-activity;sid:84503652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640551)"; flow:established,from_client; content:"GET"; http_method; content:"/usb-%d0%bd%d0%b0%d0%ba%d0%be%d0%bf%d0%b8%d1%82%d0%b5%d0%bb%d1%8c/video.scr"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"188.122.242.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640551/; classtype:trojan-activity;sid:84503651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640549)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-03-26/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640549/; classtype:trojan-activity;sid:84503649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640550)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-03-02/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640550/; classtype:trojan-activity;sid:84503650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640548)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/20012020084812/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640548/; classtype:trojan-activity;sid:84503648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640547)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-10-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640547/; classtype:trojan-activity;sid:84503647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640543)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/30012020083334/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640543/; classtype:trojan-activity;sid:84503643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640544)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/26032020073728/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640544/; classtype:trojan-activity;sid:84503644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640545)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-06-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640545/; classtype:trojan-activity;sid:84503645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640546)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/10-2019/05/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640546/; classtype:trojan-activity;sid:84503646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640539)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-12-26/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640539/; classtype:trojan-activity;sid:84503639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640540)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/07012020084802/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640540/; classtype:trojan-activity;sid:84503640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640541)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/14112019082811/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640541/; classtype:trojan-activity;sid:84503641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640542)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-04-06/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640542/; classtype:trojan-activity;sid:84503642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640538)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-09-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640538/; classtype:trojan-activity;sid:84503638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640537)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/01/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640537/; classtype:trojan-activity;sid:84503637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640536)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/06122019085350/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640536/; classtype:trojan-activity;sid:84503636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640535)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/06112019111957/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640535/; classtype:trojan-activity;sid:84503635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640534)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-09-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640534/; classtype:trojan-activity;sid:84503634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640533)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-03-17/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640533/; classtype:trojan-activity;sid:84503633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640532)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/03122019085229/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640532/; classtype:trojan-activity;sid:84503632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640531)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/27012020084316/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640531/; classtype:trojan-activity;sid:84503631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640530)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/19102020080708/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640530/; classtype:trojan-activity;sid:84503630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640529)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/21012020103250/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640529/; classtype:trojan-activity;sid:84503629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640528)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/carta%20de%20corre%c3%a7%c3%a3o/2019-11-19/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640528/; classtype:trojan-activity;sid:84503628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640527)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-03-04/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640527/; classtype:trojan-activity;sid:84503627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640526)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/13022020074145/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640526/; classtype:trojan-activity;sid:84503626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640523)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/05/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640523/; classtype:trojan-activity;sid:84503623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640524)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-01-17/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640524/; classtype:trojan-activity;sid:84503624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640525)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-03-16/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640525/; classtype:trojan-activity;sid:84503625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640522)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/16022020092624/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640522/; classtype:trojan-activity;sid:84503622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640521)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-11-03/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640521/; classtype:trojan-activity;sid:84503621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640520)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/09112020083759/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640520/; classtype:trojan-activity;sid:84503620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640519)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-07-16/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640519/; classtype:trojan-activity;sid:84503619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640518)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-02-17/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640518/; classtype:trojan-activity;sid:84503618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640517)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-09-24/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640517/; classtype:trojan-activity;sid:84503617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640516)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-01-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640516/; classtype:trojan-activity;sid:84503616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640515)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-09-15/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640515/; classtype:trojan-activity;sid:84503615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640514)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/10-2020/07/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640514/; classtype:trojan-activity;sid:84503614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640513)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-04-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640513/; classtype:trojan-activity;sid:84503613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640512)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/13012020102318/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640512/; classtype:trojan-activity;sid:84503612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640511)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-10-10/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640511/; classtype:trojan-activity;sid:84503611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640510)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/07012020081209/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640510/; classtype:trojan-activity;sid:84503610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640509)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/26012020082038/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640509/; classtype:trojan-activity;sid:84503609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640508)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-03-30/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640508/; classtype:trojan-activity;sid:84503608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640507)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/04-2020/12/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640507/; classtype:trojan-activity;sid:84503607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640506)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/05-2020/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640506/; classtype:trojan-activity;sid:84503606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640505)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/06082019124552/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640505/; classtype:trojan-activity;sid:84503605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640504)"; flow:established,from_client; content:"GET"; http_method; content:"/zz7.google|3f|t=q2nikej2"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"h2.haxyli.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640504/; classtype:trojan-activity;sid:84503604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640503)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/10062020065859/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640503/; classtype:trojan-activity;sid:84503603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640502)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640502/; classtype:trojan-activity;sid:84503602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640501)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/30012020112213/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640501/; classtype:trojan-activity;sid:84503601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640500)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/29102019085350/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640500/; classtype:trojan-activity;sid:84503600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640499)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-06-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640499/; classtype:trojan-activity;sid:84503599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640498)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-06-12/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640498/; classtype:trojan-activity;sid:84503598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640497)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/06012020085209/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640497/; classtype:trojan-activity;sid:84503597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640496)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-03-24/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640496/; classtype:trojan-activity;sid:84503596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640495)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-03-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640495/; classtype:trojan-activity;sid:84503595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640494)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/08102020083853/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640494/; classtype:trojan-activity;sid:84503594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640493)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/mg/conting%c3%aancia/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640493/; classtype:trojan-activity;sid:84503593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640492)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/01-2020/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640492/; classtype:trojan-activity;sid:84503592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640491)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/02-2020/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640491/; classtype:trojan-activity;sid:84503591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640490)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/01112019135307/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640490/; classtype:trojan-activity;sid:84503590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640489)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/06092019084346/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640489/; classtype:trojan-activity;sid:84503589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640488)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_320/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640488/; classtype:trojan-activity;sid:84503588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640486)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-09-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640486/; classtype:trojan-activity;sid:84503586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640487)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/10092020082957/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640487/; classtype:trojan-activity;sid:84503587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640485)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-08-12/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640485/; classtype:trojan-activity;sid:84503585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640484)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/12-2019/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640484/; classtype:trojan-activity;sid:84503584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640483)"; flow:established,from_client; content:"GET"; http_method; content:"/gipex_201806161031/themes/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640483/; classtype:trojan-activity;sid:84503583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640482)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/04/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640482/; classtype:trojan-activity;sid:84503582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640481)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/06-2020/25/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640481/; classtype:trojan-activity;sid:84503581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640480)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/12-2019/07/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640480/; classtype:trojan-activity;sid:84503580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640479)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640479/; classtype:trojan-activity;sid:84503579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640478)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/carta%20de%20corre%c3%a7%c3%a3o/2019-08-15/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640478/; classtype:trojan-activity;sid:84503578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640477)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/08102019084644/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640477/; classtype:trojan-activity;sid:84503577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640476)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/08102019112741/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640476/; classtype:trojan-activity;sid:84503576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640474)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/07-2020/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640474/; classtype:trojan-activity;sid:84503574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640475)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/04/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640475/; classtype:trojan-activity;sid:84503575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640472)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640472/; classtype:trojan-activity;sid:84503572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640473)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/19112020085201/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640473/; classtype:trojan-activity;sid:84503573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640471)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/01112019111107/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640471/; classtype:trojan-activity;sid:84503571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640470)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/06-2020/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640470/; classtype:trojan-activity;sid:84503570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640466)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-02-20/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640466/; classtype:trojan-activity;sid:84503566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640467)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/22022020090140/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640467/; classtype:trojan-activity;sid:84503567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640468)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/22022020073838/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640468/; classtype:trojan-activity;sid:84503568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640469)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/11-2019/14/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640469/; classtype:trojan-activity;sid:84503569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640464)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640464/; classtype:trojan-activity;sid:84503564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640465)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640465/; classtype:trojan-activity;sid:84503565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640460)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/22102019090506/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640460/; classtype:trojan-activity;sid:84503560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640461)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/11-2019/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640461/; classtype:trojan-activity;sid:84503561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640462)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/06012020071435/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640462/; classtype:trojan-activity;sid:84503562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640463)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/02-2020/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640463/; classtype:trojan-activity;sid:84503563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640457)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/08102019090524/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640457/; classtype:trojan-activity;sid:84503557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640458)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/09-2020/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640458/; classtype:trojan-activity;sid:84503558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640459)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/05-2020/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640459/; classtype:trojan-activity;sid:84503559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640456)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/02102020083438/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640456/; classtype:trojan-activity;sid:84503556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640454)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/16092020083653/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640454/; classtype:trojan-activity;sid:84503554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640455)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640455/; classtype:trojan-activity;sid:84503555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640453)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/08092020084719/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640453/; classtype:trojan-activity;sid:84503553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640452)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/27072020085706/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640452/; classtype:trojan-activity;sid:84503552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640451)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/14072020091038/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640451/; classtype:trojan-activity;sid:84503551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640450)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640450/; classtype:trojan-activity;sid:84503550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640449)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/08122019111842/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640449/; classtype:trojan-activity;sid:84503549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640447)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/13022020091656/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640447/; classtype:trojan-activity;sid:84503547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640448)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/13012020075758/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640448/; classtype:trojan-activity;sid:84503548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640446)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/02-2020/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640446/; classtype:trojan-activity;sid:84503546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640443)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/11-2019/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640443/; classtype:trojan-activity;sid:84503543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640444)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/11-2019/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640444/; classtype:trojan-activity;sid:84503544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640445)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/11032020120109/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640445/; classtype:trojan-activity;sid:84503545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640442)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/25092020085038/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640442/; classtype:trojan-activity;sid:84503542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640441)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/15072020092311/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640441/; classtype:trojan-activity;sid:84503541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640437)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15012020103108/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640437/; classtype:trojan-activity;sid:84503537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640438)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/13102019111251/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640438/; classtype:trojan-activity;sid:84503538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640439)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/16032020100530/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640439/; classtype:trojan-activity;sid:84503539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640440)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/21022020070041/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640440/; classtype:trojan-activity;sid:84503540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640436)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/03-2020/01/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640436/; classtype:trojan-activity;sid:84503536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640435)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2020/01/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640435/; classtype:trojan-activity;sid:84503535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640429)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/08062020124342/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640429/; classtype:trojan-activity;sid:84503529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640430)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15012020103733/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640430/; classtype:trojan-activity;sid:84503530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640431)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/05032020111347/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640431/; classtype:trojan-activity;sid:84503531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640432)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2020-11-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640432/; classtype:trojan-activity;sid:84503532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640433)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/16/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640433/; classtype:trojan-activity;sid:84503533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640434)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/01-2020/28/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640434/; classtype:trojan-activity;sid:84503534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640428)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/02072020084743/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640428/; classtype:trojan-activity;sid:84503528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640427)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/05-2020/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640427/; classtype:trojan-activity;sid:84503527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640426)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2019-11-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640426/; classtype:trojan-activity;sid:84503526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640425)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640425/; classtype:trojan-activity;sid:84503525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640423)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640423/; classtype:trojan-activity;sid:84503523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640424)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640424/; classtype:trojan-activity;sid:84503524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640420)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/11-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640420/; classtype:trojan-activity;sid:84503520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640421)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/08-2019/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640421/; classtype:trojan-activity;sid:84503521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640422)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/15062020125811/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640422/; classtype:trojan-activity;sid:84503522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640418)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/12082020092146/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640418/; classtype:trojan-activity;sid:84503518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640419)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/18092020083038/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640419/; classtype:trojan-activity;sid:84503519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640417)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/16092020083634/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640417/; classtype:trojan-activity;sid:84503517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640415)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-04-20/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640415/; classtype:trojan-activity;sid:84503515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640416)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/carta%20de%20corre%c3%a7%c3%a3o/2019-08-28/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640416/; classtype:trojan-activity;sid:84503516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640414)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/08062020130444/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640414/; classtype:trojan-activity;sid:84503514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640413)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/23022020101449/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640413/; classtype:trojan-activity;sid:84503513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640412)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/18022020084251/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640412/; classtype:trojan-activity;sid:84503512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640410)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/09-2019/11/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640410/; classtype:trojan-activity;sid:84503510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640411)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/13082020083027/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640411/; classtype:trojan-activity;sid:84503511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640409)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/02-2020/28/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640409/; classtype:trojan-activity;sid:84503509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640405)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/06-2020/28/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640405/; classtype:trojan-activity;sid:84503505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640406)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-09-28/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640406/; classtype:trojan-activity;sid:84503506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640407)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/03082020091411/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640407/; classtype:trojan-activity;sid:84503507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640408)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/26062020084710/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640408/; classtype:trojan-activity;sid:84503508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640403)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/11-2019/05/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640403/; classtype:trojan-activity;sid:84503503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640404)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/01-2020/28/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640404/; classtype:trojan-activity;sid:84503504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640402)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/06082019093725/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640402/; classtype:trojan-activity;sid:84503502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640399)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/08102020100004/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640399/; classtype:trojan-activity;sid:84503499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640400)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/29112019110822/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640400/; classtype:trojan-activity;sid:84503500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640401)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/10-2019/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640401/; classtype:trojan-activity;sid:84503501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640398)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/15072020085743/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640398/; classtype:trojan-activity;sid:84503498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640397)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2020/22/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640397/; classtype:trojan-activity;sid:84503497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640394)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2020/22/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640394/; classtype:trojan-activity;sid:84503494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640395)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/01092019100303/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640395/; classtype:trojan-activity;sid:84503495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640396)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/03012020110844/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640396/; classtype:trojan-activity;sid:84503496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640392)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/12-2019/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640392/; classtype:trojan-activity;sid:84503492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640393)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/09-2019/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640393/; classtype:trojan-activity;sid:84503493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640391)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/20082019110313/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640391/; classtype:trojan-activity;sid:84503491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640389)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/09-2019/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640389/; classtype:trojan-activity;sid:84503489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640390)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/27082020084130/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640390/; classtype:trojan-activity;sid:84503490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640388)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/28/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640388/; classtype:trojan-activity;sid:84503488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640380)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/carta%20de%20corre%c3%a7%c3%a3o/2020-07-15/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640380/; classtype:trojan-activity;sid:84503480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640381)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/04-2020/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640381/; classtype:trojan-activity;sid:84503481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640382)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/05/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640382/; classtype:trojan-activity;sid:84503482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640383)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/15092019114118/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640383/; classtype:trojan-activity;sid:84503483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640384)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/15092019103658/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640384/; classtype:trojan-activity;sid:84503484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640385)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/03-2020/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640385/; classtype:trojan-activity;sid:84503485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640386)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/03-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640386/; classtype:trojan-activity;sid:84503486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640387)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/22/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640387/; classtype:trojan-activity;sid:84503487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640379)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/24112020081606/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640379/; classtype:trojan-activity;sid:84503479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640378)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/05-2020/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640378/; classtype:trojan-activity;sid:84503478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640377)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/16102020084300/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640377/; classtype:trojan-activity;sid:84503477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640375)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/12092019110151/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640375/; classtype:trojan-activity;sid:84503475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640376)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/09-2020/07/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640376/; classtype:trojan-activity;sid:84503476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640372)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/26062020092258/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640372/; classtype:trojan-activity;sid:84503472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640373)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/01-2020/04/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640373/; classtype:trojan-activity;sid:84503473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640374)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640374/; classtype:trojan-activity;sid:84503474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640371)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/26082020084159/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640371/; classtype:trojan-activity;sid:84503471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640370)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/13102020085628/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640370/; classtype:trojan-activity;sid:84503470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640369)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/07-2020/16/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640369/; classtype:trojan-activity;sid:84503469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640367)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640367/; classtype:trojan-activity;sid:84503467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640368)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640368/; classtype:trojan-activity;sid:84503468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640366)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/10-2019/04/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640366/; classtype:trojan-activity;sid:84503466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640364)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/08032020111641/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640364/; classtype:trojan-activity;sid:84503464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640365)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640365/; classtype:trojan-activity;sid:84503465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640363)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/carta%20de%20corre%c3%a7%c3%a3o/2020-07-23/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640363/; classtype:trojan-activity;sid:84503463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640362)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/11-2019/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640362/; classtype:trojan-activity;sid:84503462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640361)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/02-2020/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640361/; classtype:trojan-activity;sid:84503461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640360)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/carta%20de%20corre%c3%a7%c3%a3o/2020-06-09/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640360/; classtype:trojan-activity;sid:84503460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640359)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/04092020084333/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640359/; classtype:trojan-activity;sid:84503459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640358)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640358/; classtype:trojan-activity;sid:84503458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640357)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/09092019111855/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640357/; classtype:trojan-activity;sid:84503457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640356)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/18092019111304/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640356/; classtype:trojan-activity;sid:84503456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640355)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/16/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640355/; classtype:trojan-activity;sid:84503455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640353)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/14012020070225/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640353/; classtype:trojan-activity;sid:84503453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640354)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640354/; classtype:trojan-activity;sid:84503454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640351)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/31122019074448/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640351/; classtype:trojan-activity;sid:84503451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640352)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/02102019084911/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640352/; classtype:trojan-activity;sid:84503452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640348)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/13022020120325/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640348/; classtype:trojan-activity;sid:84503448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640349)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/20082020082044/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640349/; classtype:trojan-activity;sid:84503449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640350)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/04/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640350/; classtype:trojan-activity;sid:84503450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640347)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-07-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640347/; classtype:trojan-activity;sid:84503447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640343)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/05-2020/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640343/; classtype:trojan-activity;sid:84503443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640344)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/21012020103458/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640344/; classtype:trojan-activity;sid:84503444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640345)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/14012020072211/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640345/; classtype:trojan-activity;sid:84503445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640346)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/03-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640346/; classtype:trojan-activity;sid:84503446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640342)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640342/; classtype:trojan-activity;sid:84503442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640340)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2020-07-06/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640340/; classtype:trojan-activity;sid:84503440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640341)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/30062020142635/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640341/; classtype:trojan-activity;sid:84503441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640339)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0011/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640339/; classtype:trojan-activity;sid:84503439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640338)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/02-2020/25/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640338/; classtype:trojan-activity;sid:84503438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640335)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-09-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640335/; classtype:trojan-activity;sid:84503435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640336)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/10-2019/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640336/; classtype:trojan-activity;sid:84503436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640337)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/09/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640337/; classtype:trojan-activity;sid:84503437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640334)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/04122019111019/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640334/; classtype:trojan-activity;sid:84503434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640333)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/13022020084358/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640333/; classtype:trojan-activity;sid:84503433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640327)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/06022020102745/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640327/; classtype:trojan-activity;sid:84503427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640328)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640328/; classtype:trojan-activity;sid:84503428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640329)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/03082020091151/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640329/; classtype:trojan-activity;sid:84503429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640330)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/12012020111432/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640330/; classtype:trojan-activity;sid:84503430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640331)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-04-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640331/; classtype:trojan-activity;sid:84503431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640332)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/15062020132655/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640332/; classtype:trojan-activity;sid:84503432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640326)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/07012020091755/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640326/; classtype:trojan-activity;sid:84503426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640325)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/07022020083958/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640325/; classtype:trojan-activity;sid:84503425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640322)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-09-21/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640322/; classtype:trojan-activity;sid:84503422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640323)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/17092020084342/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640323/; classtype:trojan-activity;sid:84503423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640324)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/22012020111310/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640324/; classtype:trojan-activity;sid:84503424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640320)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/24112020081150/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640320/; classtype:trojan-activity;sid:84503420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640321)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/30092020102724/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640321/; classtype:trojan-activity;sid:84503421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640316)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2020-04-23/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640316/; classtype:trojan-activity;sid:84503416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640317)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640317/; classtype:trojan-activity;sid:84503417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640318)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/22082019111715/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640318/; classtype:trojan-activity;sid:84503418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640319)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640319/; classtype:trojan-activity;sid:84503419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640315)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/17112019111453/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640315/; classtype:trojan-activity;sid:84503415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640309)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/02-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640309/; classtype:trojan-activity;sid:84503409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640310)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/03-2020/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640310/; classtype:trojan-activity;sid:84503410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640311)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/12022020111505/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640311/; classtype:trojan-activity;sid:84503411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640312)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/29062020085243/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640312/; classtype:trojan-activity;sid:84503412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640313)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/12112019112424/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640313/; classtype:trojan-activity;sid:84503413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640314)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/09-2019/02/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640314/; classtype:trojan-activity;sid:84503414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640305)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/20032020080920/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640305/; classtype:trojan-activity;sid:84503405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640306)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/06102019101754/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640306/; classtype:trojan-activity;sid:84503406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640307)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/02-2020/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640307/; classtype:trojan-activity;sid:84503407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640308)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640308/; classtype:trojan-activity;sid:84503408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640303)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/11-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640303/; classtype:trojan-activity;sid:84503403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640304)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/28102020084220/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640304/; classtype:trojan-activity;sid:84503404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640301)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/23102019104915/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640301/; classtype:trojan-activity;sid:84503401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640302)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/27102020083249/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640302/; classtype:trojan-activity;sid:84503402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640299)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/26122019090653/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640299/; classtype:trojan-activity;sid:84503399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640300)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/06092019073333/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640300/; classtype:trojan-activity;sid:84503400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640298)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2019/02/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640298/; classtype:trojan-activity;sid:84503398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640293)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2020/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640293/; classtype:trojan-activity;sid:84503393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640294)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/23082019103826/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640294/; classtype:trojan-activity;sid:84503394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640295)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/06112020090234/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640295/; classtype:trojan-activity;sid:84503395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640296)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2020/25/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640296/; classtype:trojan-activity;sid:84503396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640297)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/10-2019/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640297/; classtype:trojan-activity;sid:84503397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640291)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/11-2019/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640291/; classtype:trojan-activity;sid:84503391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640292)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/carta%20de%20corre%c3%a7%c3%a3o/2019-10-02/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640292/; classtype:trojan-activity;sid:84503392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640289)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-05-18/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640289/; classtype:trojan-activity;sid:84503389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640290)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/11032020111138/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640290/; classtype:trojan-activity;sid:84503390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640288)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/25012020103550/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640288/; classtype:trojan-activity;sid:84503388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640286)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/20012020073720/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640286/; classtype:trojan-activity;sid:84503386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640287)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640287/; classtype:trojan-activity;sid:84503387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640285)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-04-30/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640285/; classtype:trojan-activity;sid:84503385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640282)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2020/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640282/; classtype:trojan-activity;sid:84503382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640283)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/06-2020/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640283/; classtype:trojan-activity;sid:84503383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640284)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/05102019081014/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640284/; classtype:trojan-activity;sid:84503384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640279)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/06022020083434/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640279/; classtype:trojan-activity;sid:84503379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640280)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2020/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640280/; classtype:trojan-activity;sid:84503380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640281)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/05082020084122/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640281/; classtype:trojan-activity;sid:84503381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640278)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/01072020083316/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640278/; classtype:trojan-activity;sid:84503378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640274)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640274/; classtype:trojan-activity;sid:84503374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640275)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-08-17/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640275/; classtype:trojan-activity;sid:84503375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640276)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/16062020082017/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640276/; classtype:trojan-activity;sid:84503376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640277)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/cancelamento/info.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640277/; classtype:trojan-activity;sid:84503377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640271)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/05-2020/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640271/; classtype:trojan-activity;sid:84503371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640272)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2020/04/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640272/; classtype:trojan-activity;sid:84503372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640273)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/info.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640273/; classtype:trojan-activity;sid:84503373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640268)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/26022020144542/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640268/; classtype:trojan-activity;sid:84503368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640269)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/31012020141401/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640269/; classtype:trojan-activity;sid:84503369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640270)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/09022020103704/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640270/; classtype:trojan-activity;sid:84503370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640267)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/17082020084110/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640267/; classtype:trojan-activity;sid:84503367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640264)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/09-2019/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640264/; classtype:trojan-activity;sid:84503364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640265)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640265/; classtype:trojan-activity;sid:84503365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640266)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/02032020110905/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640266/; classtype:trojan-activity;sid:84503366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640263)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2019-12-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640263/; classtype:trojan-activity;sid:84503363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640262)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640262/; classtype:trojan-activity;sid:84503362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640260)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/06-2020/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640260/; classtype:trojan-activity;sid:84503360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640261)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/17092020090851/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640261/; classtype:trojan-activity;sid:84503361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640259)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/07-2020/31/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640259/; classtype:trojan-activity;sid:84503359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640256)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/10-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640256/; classtype:trojan-activity;sid:84503356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640257)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/18082020081833/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640257/; classtype:trojan-activity;sid:84503357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640258)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/08-2019/14/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640258/; classtype:trojan-activity;sid:84503358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640253)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/26102020075119/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640253/; classtype:trojan-activity;sid:84503353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640254)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/05112019110750/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640254/; classtype:trojan-activity;sid:84503354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640255)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/02022020073308/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640255/; classtype:trojan-activity;sid:84503355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640252)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/06-2020/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640252/; classtype:trojan-activity;sid:84503352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640251)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/carta%20de%20corre%c3%a7%c3%a3o/2020-11-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640251/; classtype:trojan-activity;sid:84503351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640250)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/16022020093353/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640250/; classtype:trojan-activity;sid:84503350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640246)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640246/; classtype:trojan-activity;sid:84503346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640247)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2019/16/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640247/; classtype:trojan-activity;sid:84503347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640248)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/26012020082229/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640248/; classtype:trojan-activity;sid:84503348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640249)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/03-2020/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640249/; classtype:trojan-activity;sid:84503349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640244)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/05082019111601/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640244/; classtype:trojan-activity;sid:84503344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640245)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/01092019095658/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640245/; classtype:trojan-activity;sid:84503345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640238)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640238/; classtype:trojan-activity;sid:84503338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640239)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/06-2020/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640239/; classtype:trojan-activity;sid:84503339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640240)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/07102020082820/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640240/; classtype:trojan-activity;sid:84503340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640241)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640241/; classtype:trojan-activity;sid:84503341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640242)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2020/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640242/; classtype:trojan-activity;sid:84503342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640243)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640243/; classtype:trojan-activity;sid:84503343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640237)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/12-2019/22/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640237/; classtype:trojan-activity;sid:84503337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640236)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/07082020085003/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640236/; classtype:trojan-activity;sid:84503336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640235)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/15102019111749/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640235/; classtype:trojan-activity;sid:84503335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640230)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640230/; classtype:trojan-activity;sid:84503330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640231)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/10-2019/07/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640231/; classtype:trojan-activity;sid:84503331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640232)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-08-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640232/; classtype:trojan-activity;sid:84503332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640233)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/20122019111426/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640233/; classtype:trojan-activity;sid:84503333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640234)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/20092019112129/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640234/; classtype:trojan-activity;sid:84503334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640229)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/29092020084347/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640229/; classtype:trojan-activity;sid:84503329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640225)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/03-2020/11/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640225/; classtype:trojan-activity;sid:84503325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640226)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/22122019102757/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640226/; classtype:trojan-activity;sid:84503326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640227)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/10-2019/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640227/; classtype:trojan-activity;sid:84503327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640228)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/06122019110806/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640228/; classtype:trojan-activity;sid:84503328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640224)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/11-2019/14/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640224/; classtype:trojan-activity;sid:84503324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640218)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/25082020144831/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640218/; classtype:trojan-activity;sid:84503318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640219)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/09072020085136/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640219/; classtype:trojan-activity;sid:84503319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640220)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/29072020093546/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640220/; classtype:trojan-activity;sid:84503320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640221)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/12-2019/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640221/; classtype:trojan-activity;sid:84503321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640222)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/31102019111212/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640222/; classtype:trojan-activity;sid:84503322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640223)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/28042020092036/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640223/; classtype:trojan-activity;sid:84503323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640212)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/12-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640212/; classtype:trojan-activity;sid:84503312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640213)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640213/; classtype:trojan-activity;sid:84503313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640214)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/21082020084614/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640214/; classtype:trojan-activity;sid:84503314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640215)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/07-2020/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640215/; classtype:trojan-activity;sid:84503315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640216)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/25082019113128/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640216/; classtype:trojan-activity;sid:84503316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640217)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/15122019105601/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640217/; classtype:trojan-activity;sid:84503317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640210)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/01102020083314/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640210/; classtype:trojan-activity;sid:84503310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640211)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/21082020084351/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640211/; classtype:trojan-activity;sid:84503311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640209)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640209/; classtype:trojan-activity;sid:84503309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640208)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/01-2020/02/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640208/; classtype:trojan-activity;sid:84503308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640206)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/13022020111257/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640206/; classtype:trojan-activity;sid:84503306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640207)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2020-07-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640207/; classtype:trojan-activity;sid:84503307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640204)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/02102019111838/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640204/; classtype:trojan-activity;sid:84503304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640205)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/28092020081646/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640205/; classtype:trojan-activity;sid:84503305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640202)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/13012020110907/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640202/; classtype:trojan-activity;sid:84503302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640203)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/17082020083343/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640203/; classtype:trojan-activity;sid:84503303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640201)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/04062020095615/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640201/; classtype:trojan-activity;sid:84503301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640200)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/carta%20de%20corre%c3%a7%c3%a3o/2019-08-08/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640200/; classtype:trojan-activity;sid:84503300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640197)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/consulta/2020-03-23/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640197/; classtype:trojan-activity;sid:84503297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640198)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2019-08-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640198/; classtype:trojan-activity;sid:84503298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640199)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/11-2019/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640199/; classtype:trojan-activity;sid:84503299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640193)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/17082020135014/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640193/; classtype:trojan-activity;sid:84503293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640194)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/07112019082001/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640194/; classtype:trojan-activity;sid:84503294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640195)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/19082019110724/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640195/; classtype:trojan-activity;sid:84503295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640196)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/03112019070238/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640196/; classtype:trojan-activity;sid:84503296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640192)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/06012020073817/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640192/; classtype:trojan-activity;sid:84503292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640191)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/03-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640191/; classtype:trojan-activity;sid:84503291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640190)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/01-2020/25/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640190/; classtype:trojan-activity;sid:84503290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640189)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/06-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640189/; classtype:trojan-activity;sid:84503289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640186)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/30072020083454/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640186/; classtype:trojan-activity;sid:84503286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640187)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/02-2020/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640187/; classtype:trojan-activity;sid:84503287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640188)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/15062020122636/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640188/; classtype:trojan-activity;sid:84503288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640184)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/11122019111648/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640184/; classtype:trojan-activity;sid:84503284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640185)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-05-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640185/; classtype:trojan-activity;sid:84503285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640181)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/17112020082856/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640181/; classtype:trojan-activity;sid:84503281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640182)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/06-2020/16/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640182/; classtype:trojan-activity;sid:84503282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640183)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/03092020083607/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640183/; classtype:trojan-activity;sid:84503283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640180)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640180/; classtype:trojan-activity;sid:84503280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640179)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/31072020090603/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640179/; classtype:trojan-activity;sid:84503279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640175)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/17112020082850/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640175/; classtype:trojan-activity;sid:84503275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640176)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/07012020110938/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640176/; classtype:trojan-activity;sid:84503276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640177)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/06022020111317/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640177/; classtype:trojan-activity;sid:84503277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640178)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/05122019102622/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640178/; classtype:trojan-activity;sid:84503278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640170)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/11092019101353/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640170/; classtype:trojan-activity;sid:84503270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640171)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/15062020134415/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640171/; classtype:trojan-activity;sid:84503271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640172)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/24112019092705/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640172/; classtype:trojan-activity;sid:84503272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640173)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/02022020100109/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640173/; classtype:trojan-activity;sid:84503273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640174)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/08012020085654/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640174/; classtype:trojan-activity;sid:84503274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640168)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/12092019105311/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640168/; classtype:trojan-activity;sid:84503268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640169)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/19022020101950/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640169/; classtype:trojan-activity;sid:84503269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640167)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/01-2020/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640167/; classtype:trojan-activity;sid:84503267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640166)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2020/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640166/; classtype:trojan-activity;sid:84503266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640165)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/24092019114025/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640165/; classtype:trojan-activity;sid:84503265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640164)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/16112019074835/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640164/; classtype:trojan-activity;sid:84503264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640163)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/02-2020/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640163/; classtype:trojan-activity;sid:84503263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640162)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/02072020090433/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640162/; classtype:trojan-activity;sid:84503262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640161)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/27082020090623/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640161/; classtype:trojan-activity;sid:84503261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640160)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/10-2019/31/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640160/; classtype:trojan-activity;sid:84503260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640159)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/11-2019/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640159/; classtype:trojan-activity;sid:84503259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640157)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/01/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640157/; classtype:trojan-activity;sid:84503257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640158)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640158/; classtype:trojan-activity;sid:84503258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640154)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/13022020135302/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640154/; classtype:trojan-activity;sid:84503254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640155)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15112019075337/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640155/; classtype:trojan-activity;sid:84503255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640156)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/19112019083249/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640156/; classtype:trojan-activity;sid:84503256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640152)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/20082020102611/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640152/; classtype:trojan-activity;sid:84503252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640153)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/03022020111935/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640153/; classtype:trojan-activity;sid:84503253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640150)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/13032020083802/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640150/; classtype:trojan-activity;sid:84503250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640151)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/25102019112149/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640151/; classtype:trojan-activity;sid:84503251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640149)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/04032020111247/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640149/; classtype:trojan-activity;sid:84503249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640146)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/11-2020/14/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640146/; classtype:trojan-activity;sid:84503246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640147)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/30092020101521/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640147/; classtype:trojan-activity;sid:84503247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640148)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/03-2020/12/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640148/; classtype:trojan-activity;sid:84503248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640142)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2020/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640142/; classtype:trojan-activity;sid:84503242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640143)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/16122019075948/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640143/; classtype:trojan-activity;sid:84503243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640144)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/10112020091947/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640144/; classtype:trojan-activity;sid:84503244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640145)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/27102020083245/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640145/; classtype:trojan-activity;sid:84503245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640140)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/06102019101439/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640140/; classtype:trojan-activity;sid:84503240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640141)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/05022020111116/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640141/; classtype:trojan-activity;sid:84503241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640139)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15012020104021/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640139/; classtype:trojan-activity;sid:84503239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640138)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/31102019092133/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640138/; classtype:trojan-activity;sid:84503238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640134)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/02-2020/12/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640134/; classtype:trojan-activity;sid:84503234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640135)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2019-08-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640135/; classtype:trojan-activity;sid:84503235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640136)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640136/; classtype:trojan-activity;sid:84503236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640137)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/02062020092842/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640137/; classtype:trojan-activity;sid:84503237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640131)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/24122019105333/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640131/; classtype:trojan-activity;sid:84503231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640132)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/18112020084723/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640132/; classtype:trojan-activity;sid:84503232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640133)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/28/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640133/; classtype:trojan-activity;sid:84503233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640130)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/30/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640130/; classtype:trojan-activity;sid:84503230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640128)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/10-2019/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640128/; classtype:trojan-activity;sid:84503228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640129)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2019/07/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640129/; classtype:trojan-activity;sid:84503229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640127)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/15102019084028/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640127/; classtype:trojan-activity;sid:84503227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640126)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2020/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640126/; classtype:trojan-activity;sid:84503226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640125)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/02-2020/14/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640125/; classtype:trojan-activity;sid:84503225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640122)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/08112019111614/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640122/; classtype:trojan-activity;sid:84503222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640123)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/15062020133526/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640123/; classtype:trojan-activity;sid:84503223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640124)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/05082020084619/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640124/; classtype:trojan-activity;sid:84503224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640121)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/07-2020/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640121/; classtype:trojan-activity;sid:84503221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640119)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/22/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640119/; classtype:trojan-activity;sid:84503219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640120)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/12-2019/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640120/; classtype:trojan-activity;sid:84503220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640118)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/02-2020/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640118/; classtype:trojan-activity;sid:84503218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640117)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/21012020102734/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640117/; classtype:trojan-activity;sid:84503217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640116)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/16112020083847/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640116/; classtype:trojan-activity;sid:84503216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640115)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/18122019104132/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640115/; classtype:trojan-activity;sid:84503215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640114)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/13112019072053/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640114/; classtype:trojan-activity;sid:84503214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640112)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/23092020084739/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640112/; classtype:trojan-activity;sid:84503212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640113)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/26022020083229/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640113/; classtype:trojan-activity;sid:84503213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640111)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/27072020085711/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640111/; classtype:trojan-activity;sid:84503211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640110)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/03-2020/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640110/; classtype:trojan-activity;sid:84503210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640109)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2020-10-08/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640109/; classtype:trojan-activity;sid:84503209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640107)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/13072020090141/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640107/; classtype:trojan-activity;sid:84503207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640108)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/17022020110254/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640108/; classtype:trojan-activity;sid:84503208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640106)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/06012020110537/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640106/; classtype:trojan-activity;sid:84503206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640105)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/27022020081136/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640105/; classtype:trojan-activity;sid:84503205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640103)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/26102020083316/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640103/; classtype:trojan-activity;sid:84503203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640104)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/31082020082957/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640104/; classtype:trojan-activity;sid:84503204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640101)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/10012020110859/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640101/; classtype:trojan-activity;sid:84503201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640102)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/01012020081740/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640102/; classtype:trojan-activity;sid:84503202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640100)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/14022020071442/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640100/; classtype:trojan-activity;sid:84503200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640098)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/02-2020/04/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640098/; classtype:trojan-activity;sid:84503198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640099)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640099/; classtype:trojan-activity;sid:84503199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640097)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/12022020073613/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640097/; classtype:trojan-activity;sid:84503197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640096)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/02-2020/14/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640096/; classtype:trojan-activity;sid:84503196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640095)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/08062020095020/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640095/; classtype:trojan-activity;sid:84503195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640093)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/09-2019/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640093/; classtype:trojan-activity;sid:84503193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640094)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/03072020085353/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640094/; classtype:trojan-activity;sid:84503194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640092)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/05092019112011/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640092/; classtype:trojan-activity;sid:84503192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640085)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/26092019111629/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640085/; classtype:trojan-activity;sid:84503185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640086)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/06-2020/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640086/; classtype:trojan-activity;sid:84503186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640087)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/03112019104921/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640087/; classtype:trojan-activity;sid:84503187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640088)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/01032020080703/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640088/; classtype:trojan-activity;sid:84503188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640089)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/28102020082833/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640089/; classtype:trojan-activity;sid:84503189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640090)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2020-04-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640090/; classtype:trojan-activity;sid:84503190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640091)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/07-2020/30/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640091/; classtype:trojan-activity;sid:84503191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640084)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/09-2019/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640084/; classtype:trojan-activity;sid:84503184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640080)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/16/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640080/; classtype:trojan-activity;sid:84503180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640081)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/11-2019/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640081/; classtype:trojan-activity;sid:84503181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640082)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/11082019085643/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640082/; classtype:trojan-activity;sid:84503182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640083)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/02122019084813/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640083/; classtype:trojan-activity;sid:84503183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640078)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-05-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640078/; classtype:trojan-activity;sid:84503178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640079)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/28/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640079/; classtype:trojan-activity;sid:84503179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640077)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/22092020082850/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640077/; classtype:trojan-activity;sid:84503177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640076)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/11-2019/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640076/; classtype:trojan-activity;sid:84503176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640075)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/07/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640075/; classtype:trojan-activity;sid:84503175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640073)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/30092020084745/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640073/; classtype:trojan-activity;sid:84503173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640074)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/19022020075912/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640074/; classtype:trojan-activity;sid:84503174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640070)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/03032020110952/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640070/; classtype:trojan-activity;sid:84503170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640071)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/27122019111157/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640071/; classtype:trojan-activity;sid:84503171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640072)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/03102019083900/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640072/; classtype:trojan-activity;sid:84503172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640068)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/09082019111333/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640068/; classtype:trojan-activity;sid:84503168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640069)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/01112019083809/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640069/; classtype:trojan-activity;sid:84503169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640065)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/26012020083237/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640065/; classtype:trojan-activity;sid:84503165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640066)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640066/; classtype:trojan-activity;sid:84503166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640067)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/14012020110758/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640067/; classtype:trojan-activity;sid:84503167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640063)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/04102019112220/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640063/; classtype:trojan-activity;sid:84503163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640064)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/03022020111124/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640064/; classtype:trojan-activity;sid:84503164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640062)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15082019130601/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640062/; classtype:trojan-activity;sid:84503162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640061)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/22122019073226/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640061/; classtype:trojan-activity;sid:84503161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640060)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/21102020082747/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640060/; classtype:trojan-activity;sid:84503160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640058)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-05-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640058/; classtype:trojan-activity;sid:84503158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640059)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/02092019094723/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640059/; classtype:trojan-activity;sid:84503159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640056)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/08012020111051/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640056/; classtype:trojan-activity;sid:84503156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640057)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/30062020101303/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640057/; classtype:trojan-activity;sid:84503157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640055)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/25092020083633/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640055/; classtype:trojan-activity;sid:84503155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640054)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/08-2019/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640054/; classtype:trojan-activity;sid:84503154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640053)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/10082020111342/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640053/; classtype:trojan-activity;sid:84503153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640050)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/05/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640050/; classtype:trojan-activity;sid:84503150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640051)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/09-2020/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640051/; classtype:trojan-activity;sid:84503151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640052)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/01-2020/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640052/; classtype:trojan-activity;sid:84503152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640048)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/27012020102358/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640048/; classtype:trojan-activity;sid:84503148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640049)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/10-2019/02/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640049/; classtype:trojan-activity;sid:84503149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640046)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/08032020111951/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640046/; classtype:trojan-activity;sid:84503146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640047)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/18092020084619/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640047/; classtype:trojan-activity;sid:84503147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640042)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640042/; classtype:trojan-activity;sid:84503142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640043)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/24012020073245/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640043/; classtype:trojan-activity;sid:84503143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640044)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/26102020075621/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640044/; classtype:trojan-activity;sid:84503144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640045)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/11092020083630/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640045/; classtype:trojan-activity;sid:84503145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640041)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/05012020072056/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640041/; classtype:trojan-activity;sid:84503141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640040)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/09012020074543/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640040/; classtype:trojan-activity;sid:84503140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640038)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/06-2020/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640038/; classtype:trojan-activity;sid:84503138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640039)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/09012020084258/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640039/; classtype:trojan-activity;sid:84503139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640034)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/26022020101729/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640034/; classtype:trojan-activity;sid:84503134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640035)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/27012020081814/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640035/; classtype:trojan-activity;sid:84503135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640036)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/06-2020/28/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640036/; classtype:trojan-activity;sid:84503136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640037)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/10092019111201/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640037/; classtype:trojan-activity;sid:84503137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640030)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/13022020083552/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640030/; classtype:trojan-activity;sid:84503130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640031)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/07-2020/05/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640031/; classtype:trojan-activity;sid:84503131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640032)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/22/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640032/; classtype:trojan-activity;sid:84503132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640033)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2020-10-08/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640033/; classtype:trojan-activity;sid:84503133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640029)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/29122019114423/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640029/; classtype:trojan-activity;sid:84503129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640026)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/04-2020/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640026/; classtype:trojan-activity;sid:84503126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640027)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/02-2020/05/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640027/; classtype:trojan-activity;sid:84503127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640028)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/09082019072718/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640028/; classtype:trojan-activity;sid:84503128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640025)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/09/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640025/; classtype:trojan-activity;sid:84503125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640024)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/17022020102857/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640024/; classtype:trojan-activity;sid:84503124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640022)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/04-2020/01/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640022/; classtype:trojan-activity;sid:84503122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640023)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/12-2019/25/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640023/; classtype:trojan-activity;sid:84503123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640021)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/31/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640021/; classtype:trojan-activity;sid:84503121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640019)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/01/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640019/; classtype:trojan-activity;sid:84503119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640020)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/15082019144543/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640020/; classtype:trojan-activity;sid:84503120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640018)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/12-2019/09/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640018/; classtype:trojan-activity;sid:84503118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640014)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/03-2020/11/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640014/; classtype:trojan-activity;sid:84503114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640015)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/13112020084009/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640015/; classtype:trojan-activity;sid:84503115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640016)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/20022020075703/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640016/; classtype:trojan-activity;sid:84503116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640017)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/08-2019/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640017/; classtype:trojan-activity;sid:84503117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640008)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/27102020082932/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640008/; classtype:trojan-activity;sid:84503108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640009)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640009/; classtype:trojan-activity;sid:84503109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640010)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/03062020090829/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640010/; classtype:trojan-activity;sid:84503110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640011)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/30062020094507/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640011/; classtype:trojan-activity;sid:84503111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640012)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/21102020082929/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640012/; classtype:trojan-activity;sid:84503112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640013)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/cancelamento/2020-07-20/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640013/; classtype:trojan-activity;sid:84503113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640007)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2020/07/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640007/; classtype:trojan-activity;sid:84503107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640005)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/15062020100427/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640005/; classtype:trojan-activity;sid:84503105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640006)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/23012020091928/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640006/; classtype:trojan-activity;sid:84503106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640002)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/inutiliza%c3%a7%c3%a3o/2020-04-03/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640002/; classtype:trojan-activity;sid:84503102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640003)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/08092020083536/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640003/; classtype:trojan-activity;sid:84503103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640004)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/03-2020/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640004/; classtype:trojan-activity;sid:84503104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640000)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/10-2019/07/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640000/; classtype:trojan-activity;sid:84503100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640001)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/10-2019/02/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640001/; classtype:trojan-activity;sid:84503101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639997)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-10-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639997/; classtype:trojan-activity;sid:84503097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639998)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/20032020081552/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639998/; classtype:trojan-activity;sid:84503098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639999)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/10-2019/31/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639999/; classtype:trojan-activity;sid:84503099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639994)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/03092019105225/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639994/; classtype:trojan-activity;sid:84503094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639995)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/15062020133808/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639995/; classtype:trojan-activity;sid:84503095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639996)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/17012020084051/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639996/; classtype:trojan-activity;sid:84503096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639989)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639989/; classtype:trojan-activity;sid:84503089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639990)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/01102020083600/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639990/; classtype:trojan-activity;sid:84503090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639991)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/13032020104927/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639991/; classtype:trojan-activity;sid:84503091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639992)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/09112020083752/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639992/; classtype:trojan-activity;sid:84503092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639993)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/09062020093848/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639993/; classtype:trojan-activity;sid:84503093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639978)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/24082020090248/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639978/; classtype:trojan-activity;sid:84503078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639979)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/16112020080638/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639979/; classtype:trojan-activity;sid:84503079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639980)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/08022020072445/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639980/; classtype:trojan-activity;sid:84503080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639981)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/07102020083555/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639981/; classtype:trojan-activity;sid:84503081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639982)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/05032020083908/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639982/; classtype:trojan-activity;sid:84503082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639983)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/06-2020/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639983/; classtype:trojan-activity;sid:84503083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639984)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/19062020090232/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639984/; classtype:trojan-activity;sid:84503084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639985)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/26012020111351/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639985/; classtype:trojan-activity;sid:84503085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639986)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639986/; classtype:trojan-activity;sid:84503086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639987)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639987/; classtype:trojan-activity;sid:84503087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639988)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-01-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639988/; classtype:trojan-activity;sid:84503088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639977)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639977/; classtype:trojan-activity;sid:84503077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639972)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/carta%20de%20corre%c3%a7%c3%a3o/2020-08-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639972/; classtype:trojan-activity;sid:84503072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639973)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/19092019074714/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639973/; classtype:trojan-activity;sid:84503073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639974)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/21072020093617/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639974/; classtype:trojan-activity;sid:84503074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639975)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/14082020081409/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639975/; classtype:trojan-activity;sid:84503075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639976)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/10062020091936/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639976/; classtype:trojan-activity;sid:84503076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639970)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/02082019112443/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639970/; classtype:trojan-activity;sid:84503070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639971)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/08082019111219/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639971/; classtype:trojan-activity;sid:84503071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639967)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639967/; classtype:trojan-activity;sid:84503067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639968)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15022020081931/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639968/; classtype:trojan-activity;sid:84503068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639969)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/23122019110916/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639969/; classtype:trojan-activity;sid:84503069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639966)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-11-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639966/; classtype:trojan-activity;sid:84503066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639963)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/17112019083053/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639963/; classtype:trojan-activity;sid:84503063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639964)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/27082020090628/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639964/; classtype:trojan-activity;sid:84503064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639965)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/03-2020/22/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639965/; classtype:trojan-activity;sid:84503065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639958)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/13032020103807/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639958/; classtype:trojan-activity;sid:84503058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639959)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/25112020082318/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639959/; classtype:trojan-activity;sid:84503059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639960)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/21012020074114/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639960/; classtype:trojan-activity;sid:84503060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639961)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-09-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639961/; classtype:trojan-activity;sid:84503061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639962)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/15062020123215/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639962/; classtype:trojan-activity;sid:84503062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639956)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/02-2020/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639956/; classtype:trojan-activity;sid:84503056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639957)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/carta%20de%20corre%c3%a7%c3%a3o/2020-02-28/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639957/; classtype:trojan-activity;sid:84503057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639955)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/13022020104048/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639955/; classtype:trojan-activity;sid:84503055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639950)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/10-2019/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639950/; classtype:trojan-activity;sid:84503050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639951)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/11-2019/30/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639951/; classtype:trojan-activity;sid:84503051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639952)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/01-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639952/; classtype:trojan-activity;sid:84503052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639953)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/22102019090025/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639953/; classtype:trojan-activity;sid:84503053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639954)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/22/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639954/; classtype:trojan-activity;sid:84503054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639949)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/13072020085649/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639949/; classtype:trojan-activity;sid:84503049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639948)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/20112019075837/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639948/; classtype:trojan-activity;sid:84503048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639944)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/03112020074647/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639944/; classtype:trojan-activity;sid:84503044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639945)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/07-2020/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639945/; classtype:trojan-activity;sid:84503045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639946)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639946/; classtype:trojan-activity;sid:84503046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639947)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-11-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639947/; classtype:trojan-activity;sid:84503047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639934)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/04082019131545/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639934/; classtype:trojan-activity;sid:84503034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639935)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2020/05/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639935/; classtype:trojan-activity;sid:84503035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639936)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/24122019093903/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639936/; classtype:trojan-activity;sid:84503036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639937)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/20112020075653/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639937/; classtype:trojan-activity;sid:84503037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639938)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/02-2020/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639938/; classtype:trojan-activity;sid:84503038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639939)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/12-2019/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639939/; classtype:trojan-activity;sid:84503039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639940)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/11-2019/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639940/; classtype:trojan-activity;sid:84503040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639941)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/15062020132949/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639941/; classtype:trojan-activity;sid:84503041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639942)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/09032020100758/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639942/; classtype:trojan-activity;sid:84503042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639943)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/10082020090216/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639943/; classtype:trojan-activity;sid:84503043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639933)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/08092020083658/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639933/; classtype:trojan-activity;sid:84503033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639932)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/03-2020/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639932/; classtype:trojan-activity;sid:84503032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639930)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639930/; classtype:trojan-activity;sid:84503030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639931)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/30012020110551/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639931/; classtype:trojan-activity;sid:84503031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639929)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/01072020094419/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639929/; classtype:trojan-activity;sid:84503029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639927)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/17082020090142/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639927/; classtype:trojan-activity;sid:84503027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639928)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/19032020083840/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639928/; classtype:trojan-activity;sid:84503028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639925)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/04-2020/14/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639925/; classtype:trojan-activity;sid:84503025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639926)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/08-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639926/; classtype:trojan-activity;sid:84503026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639924)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/06-2020/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639924/; classtype:trojan-activity;sid:84503024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639923)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/07022020111253/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639923/; classtype:trojan-activity;sid:84503023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639922)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-07-20/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639922/; classtype:trojan-activity;sid:84503022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639918)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/09/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639918/; classtype:trojan-activity;sid:84503018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639919)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/22112019100951/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639919/; classtype:trojan-activity;sid:84503019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639920)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/13122019111206/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639920/; classtype:trojan-activity;sid:84503020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639921)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/06012020074513/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639921/; classtype:trojan-activity;sid:84503021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639917)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/07/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639917/; classtype:trojan-activity;sid:84503017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639915)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/23012020092636/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639915/; classtype:trojan-activity;sid:84503015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639916)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/09-2019/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639916/; classtype:trojan-activity;sid:84503016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639914)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/29102020082309/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639914/; classtype:trojan-activity;sid:84503014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639911)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/06082020090718/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639911/; classtype:trojan-activity;sid:84503011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639912)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/06-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639912/; classtype:trojan-activity;sid:84503012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639913)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/10-2019/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639913/; classtype:trojan-activity;sid:84503013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639910)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/02-2020/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639910/; classtype:trojan-activity;sid:84503010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639909)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/02-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639909/; classtype:trojan-activity;sid:84503009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639908)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/07012020081723/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639908/; classtype:trojan-activity;sid:84503008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639905)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/02-2020/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639905/; classtype:trojan-activity;sid:84503005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639906)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/16102020083226/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639906/; classtype:trojan-activity;sid:84503006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639907)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/30/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639907/; classtype:trojan-activity;sid:84503007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639904)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/01-2020/28/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639904/; classtype:trojan-activity;sid:84503004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639903)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/18082019122449/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639903/; classtype:trojan-activity;sid:84503003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639902)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/15062020103538/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639902/; classtype:trojan-activity;sid:84503002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639901)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/02-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639901/; classtype:trojan-activity;sid:84503001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639895)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/12-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639895/; classtype:trojan-activity;sid:84502995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639896)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-10-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639896/; classtype:trojan-activity;sid:84502996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639897)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/13122019135646/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639897/; classtype:trojan-activity;sid:84502997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639898)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/05012020143813/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639898/; classtype:trojan-activity;sid:84502998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639899)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/15102020085329/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639899/; classtype:trojan-activity;sid:84502999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639900)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/27112019111246/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639900/; classtype:trojan-activity;sid:84503000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639887)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15022020083422/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639887/; classtype:trojan-activity;sid:84502987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639888)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/09012020110944/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639888/; classtype:trojan-activity;sid:84502988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639889)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/18092019085852/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639889/; classtype:trojan-activity;sid:84502989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639890)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2020/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639890/; classtype:trojan-activity;sid:84502990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639891)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/08-2019/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639891/; classtype:trojan-activity;sid:84502991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639892)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/13022020084523/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639892/; classtype:trojan-activity;sid:84502992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639893)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/02012020110551/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639893/; classtype:trojan-activity;sid:84502993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639894)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/09072020081548/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639894/; classtype:trojan-activity;sid:84502994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639883)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/08112019085005/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639883/; classtype:trojan-activity;sid:84502983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639884)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/04112019081526/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639884/; classtype:trojan-activity;sid:84502984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639885)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639885/; classtype:trojan-activity;sid:84502985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639886)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/25082020144130/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639886/; classtype:trojan-activity;sid:84502986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639882)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/cancelamento/2020-10-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639882/; classtype:trojan-activity;sid:84502982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639879)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/04092019110951/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639879/; classtype:trojan-activity;sid:84502979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639880)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/30092019083849/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639880/; classtype:trojan-activity;sid:84502980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639881)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/08-2019/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639881/; classtype:trojan-activity;sid:84502981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639877)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/erro%20processo/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639877/; classtype:trojan-activity;sid:84502977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639878)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639878/; classtype:trojan-activity;sid:84502978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639874)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/11112020082600/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639874/; classtype:trojan-activity;sid:84502974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639875)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/24012020111241/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639875/; classtype:trojan-activity;sid:84502975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639876)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/cancelamento/2020-08-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639876/; classtype:trojan-activity;sid:84502976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639872)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/02-2020/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639872/; classtype:trojan-activity;sid:84502972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639873)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-10-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639873/; classtype:trojan-activity;sid:84502973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639869)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/14092020083253/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639869/; classtype:trojan-activity;sid:84502969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639870)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639870/; classtype:trojan-activity;sid:84502970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639871)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/05012020110642/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639871/; classtype:trojan-activity;sid:84502971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639868)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639868/; classtype:trojan-activity;sid:84502968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639866)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2020/05/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639866/; classtype:trojan-activity;sid:84502966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639867)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/03032020102418/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639867/; classtype:trojan-activity;sid:84502967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639863)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/02-2020/09/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639863/; classtype:trojan-activity;sid:84502963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639864)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-06-22/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639864/; classtype:trojan-activity;sid:84502964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639865)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/20072020091121/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639865/; classtype:trojan-activity;sid:84502965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639861)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/28012020073720/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639861/; classtype:trojan-activity;sid:84502961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639862)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/26082019084827/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639862/; classtype:trojan-activity;sid:84502962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639857)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/16022020114143/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639857/; classtype:trojan-activity;sid:84502957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639858)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/carta%20de%20corre%c3%a7%c3%a3o/2020-08-05/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639858/; classtype:trojan-activity;sid:84502958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639859)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2020/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639859/; classtype:trojan-activity;sid:84502959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639860)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/02-2020/25/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639860/; classtype:trojan-activity;sid:84502960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639855)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/23112020082717/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639855/; classtype:trojan-activity;sid:84502955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639856)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/31072020085242/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639856/; classtype:trojan-activity;sid:84502956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639854)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/04022020110839/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639854/; classtype:trojan-activity;sid:84502954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639853)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15122019082345/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639853/; classtype:trojan-activity;sid:84502953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639852)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/08-2019/25/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639852/; classtype:trojan-activity;sid:84502952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639851)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639851/; classtype:trojan-activity;sid:84502951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639850)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/12-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639850/; classtype:trojan-activity;sid:84502950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639847)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/10-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639847/; classtype:trojan-activity;sid:84502947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639848)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/06022020085536/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639848/; classtype:trojan-activity;sid:84502948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639849)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/23112020080128/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639849/; classtype:trojan-activity;sid:84502949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639845)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/09-2019/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639845/; classtype:trojan-activity;sid:84502945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639846)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/30082019111821/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639846/; classtype:trojan-activity;sid:84502946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639843)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2019-10-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639843/; classtype:trojan-activity;sid:84502943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639844)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/23102020113619/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639844/; classtype:trojan-activity;sid:84502944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639842)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/19012020071358/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639842/; classtype:trojan-activity;sid:84502942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639840)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/23012020092152/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639840/; classtype:trojan-activity;sid:84502940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639841)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/09112020084306/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639841/; classtype:trojan-activity;sid:84502941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639833)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/05102020083904/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639833/; classtype:trojan-activity;sid:84502933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639834)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/07/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639834/; classtype:trojan-activity;sid:84502934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639835)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639835/; classtype:trojan-activity;sid:84502935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639836)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/02-2020/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639836/; classtype:trojan-activity;sid:84502936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639837)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/05102020081614/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639837/; classtype:trojan-activity;sid:84502937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639838)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/01-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639838/; classtype:trojan-activity;sid:84502938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639839)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/21112019085916/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639839/; classtype:trojan-activity;sid:84502939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639829)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/10-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639829/; classtype:trojan-activity;sid:84502929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639830)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/18012020075446/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639830/; classtype:trojan-activity;sid:84502930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639831)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/16/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639831/; classtype:trojan-activity;sid:84502931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639832)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/07102020082825/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639832/; classtype:trojan-activity;sid:84502932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639827)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/17062020084859/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639827/; classtype:trojan-activity;sid:84502927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639828)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/02-2020/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639828/; classtype:trojan-activity;sid:84502928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639819)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/07082020084250/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639819/; classtype:trojan-activity;sid:84502919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639820)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639820/; classtype:trojan-activity;sid:84502920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639821)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/18082019110944/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639821/; classtype:trojan-activity;sid:84502921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639822)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/06-2020/12/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639822/; classtype:trojan-activity;sid:84502922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639823)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/06-2020/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639823/; classtype:trojan-activity;sid:84502923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639824)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-06-01/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639824/; classtype:trojan-activity;sid:84502924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639825)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/12-2019/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639825/; classtype:trojan-activity;sid:84502925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639826)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/08-2019/31/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639826/; classtype:trojan-activity;sid:84502926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639814)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2020/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639814/; classtype:trojan-activity;sid:84502914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639815)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/23102019105245/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639815/; classtype:trojan-activity;sid:84502915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639816)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/03-2020/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639816/; classtype:trojan-activity;sid:84502916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639817)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/20102019110029/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639817/; classtype:trojan-activity;sid:84502917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639818)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/08012020073801/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639818/; classtype:trojan-activity;sid:84502918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639813)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/consulta/2020-09-25/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639813/; classtype:trojan-activity;sid:84502913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639812)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/01-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639812/; classtype:trojan-activity;sid:84502912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639811)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-07-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639811/; classtype:trojan-activity;sid:84502911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639809)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/01-2020/09/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639809/; classtype:trojan-activity;sid:84502909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639810)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639810/; classtype:trojan-activity;sid:84502910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639806)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/01022020102637/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639806/; classtype:trojan-activity;sid:84502906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639807)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/19082020084933/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639807/; classtype:trojan-activity;sid:84502907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639808)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/04-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639808/; classtype:trojan-activity;sid:84502908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639804)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/10-2019/28/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639804/; classtype:trojan-activity;sid:84502904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639805)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/11032020103137/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639805/; classtype:trojan-activity;sid:84502905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639801)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/consulta/2019-11-05/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639801/; classtype:trojan-activity;sid:84502901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639802)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/29022020081541/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639802/; classtype:trojan-activity;sid:84502902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639803)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/29082019114231/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639803/; classtype:trojan-activity;sid:84502903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639798)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/11-2019/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639798/; classtype:trojan-activity;sid:84502898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639799)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-08-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639799/; classtype:trojan-activity;sid:84502899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639800)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/31012020085848/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639800/; classtype:trojan-activity;sid:84502900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639796)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/08062020130026/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639796/; classtype:trojan-activity;sid:84502896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639797)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/06082019113125/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639797/; classtype:trojan-activity;sid:84502897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639795)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/03082020090205/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639795/; classtype:trojan-activity;sid:84502895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639794)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639794/; classtype:trojan-activity;sid:84502894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639788)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/10-2019/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639788/; classtype:trojan-activity;sid:84502888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639789)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/09062020095056/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639789/; classtype:trojan-activity;sid:84502889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639790)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/10-2020/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639790/; classtype:trojan-activity;sid:84502890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639791)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/consulta/2020-05-28/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639791/; classtype:trojan-activity;sid:84502891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639792)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/23102020082312/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639792/; classtype:trojan-activity;sid:84502892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639793)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639793/; classtype:trojan-activity;sid:84502893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639787)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639787/; classtype:trojan-activity;sid:84502887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639785)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/21092020083859/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639785/; classtype:trojan-activity;sid:84502885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639786)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/03-2020/16/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639786/; classtype:trojan-activity;sid:84502886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639781)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15022020084709/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639781/; classtype:trojan-activity;sid:84502881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639782)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/16082019111904/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639782/; classtype:trojan-activity;sid:84502882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639783)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/30092020115230/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639783/; classtype:trojan-activity;sid:84502883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639784)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/10122019102551/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639784/; classtype:trojan-activity;sid:84502884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639779)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/06022020083631/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639779/; classtype:trojan-activity;sid:84502879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639780)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/10032020110052/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639780/; classtype:trojan-activity;sid:84502880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639771)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/05102020084757/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639771/; classtype:trojan-activity;sid:84502871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639772)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639772/; classtype:trojan-activity;sid:84502872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639773)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/03-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639773/; classtype:trojan-activity;sid:84502873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639774)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/24082020085902/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639774/; classtype:trojan-activity;sid:84502874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639775)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/08-2019/04/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639775/; classtype:trojan-activity;sid:84502875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639776)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2020/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639776/; classtype:trojan-activity;sid:84502876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639777)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/29102020082350/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639777/; classtype:trojan-activity;sid:84502877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639778)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/03022020090831/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639778/; classtype:trojan-activity;sid:84502878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639770)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/consulta/2020-08-05/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639770/; classtype:trojan-activity;sid:84502870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639767)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/20082019082941/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639767/; classtype:trojan-activity;sid:84502867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639768)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/consulta/2019-10-04/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639768/; classtype:trojan-activity;sid:84502868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639769)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/15032020103319/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639769/; classtype:trojan-activity;sid:84502869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639765)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/10022020131117/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639765/; classtype:trojan-activity;sid:84502865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639766)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/06012020082718/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639766/; classtype:trojan-activity;sid:84502866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639760)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639760/; classtype:trojan-activity;sid:84502860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639761)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/03082020122030/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639761/; classtype:trojan-activity;sid:84502861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639762)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/04-2020/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639762/; classtype:trojan-activity;sid:84502862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639763)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/06-2020/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639763/; classtype:trojan-activity;sid:84502863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639764)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/14102019084705/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639764/; classtype:trojan-activity;sid:84502864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639756)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/1/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639756/; classtype:trojan-activity;sid:84502856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639757)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/02-2020/22/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639757/; classtype:trojan-activity;sid:84502857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639758)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/09/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639758/; classtype:trojan-activity;sid:84502858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639759)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/04-2020/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639759/; classtype:trojan-activity;sid:84502859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639754)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/05-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639754/; classtype:trojan-activity;sid:84502854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639755)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/30062020090329/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639755/; classtype:trojan-activity;sid:84502855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639750)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639750/; classtype:trojan-activity;sid:84502850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639751)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/carta%20de%20corre%c3%a7%c3%a3o/2020-03-25/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639751/; classtype:trojan-activity;sid:84502851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639752)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/15092019102909/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639752/; classtype:trojan-activity;sid:84502852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639753)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/20022020082342/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639753/; classtype:trojan-activity;sid:84502853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639746)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/11092019111609/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639746/; classtype:trojan-activity;sid:84502846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639747)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/04032020110636/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639747/; classtype:trojan-activity;sid:84502847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639748)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/09-2019/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639748/; classtype:trojan-activity;sid:84502848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639749)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/09092020083221/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639749/; classtype:trojan-activity;sid:84502849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639744)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/10-2019/25/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639744/; classtype:trojan-activity;sid:84502844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639745)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/15032020114400/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639745/; classtype:trojan-activity;sid:84502845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639742)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/03-2020/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639742/; classtype:trojan-activity;sid:84502842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639743)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/03082020084053/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639743/; classtype:trojan-activity;sid:84502843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639740)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2020/30/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639740/; classtype:trojan-activity;sid:84502840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639741)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/09-2019/09/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639741/; classtype:trojan-activity;sid:84502841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639737)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/08082019090911/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639737/; classtype:trojan-activity;sid:84502837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639738)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/11082020084800/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639738/; classtype:trojan-activity;sid:84502838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639739)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639739/; classtype:trojan-activity;sid:84502839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639735)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/28092020085509/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639735/; classtype:trojan-activity;sid:84502835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639736)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/06072020085729/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639736/; classtype:trojan-activity;sid:84502836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639731)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639731/; classtype:trojan-activity;sid:84502831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639732)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/04022020072536/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639732/; classtype:trojan-activity;sid:84502832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639733)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/12032020083503/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639733/; classtype:trojan-activity;sid:84502833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639734)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/18082019125623/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639734/; classtype:trojan-activity;sid:84502834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639729)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/10-2019/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639729/; classtype:trojan-activity;sid:84502829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639730)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/18082020084703/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639730/; classtype:trojan-activity;sid:84502830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639728)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/11022020082315/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639728/; classtype:trojan-activity;sid:84502828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639725)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-08-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639725/; classtype:trojan-activity;sid:84502825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639726)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/10092019085048/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639726/; classtype:trojan-activity;sid:84502826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639727)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639727/; classtype:trojan-activity;sid:84502827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639719)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/03122019110948/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639719/; classtype:trojan-activity;sid:84502819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639720)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/15062020120854/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639720/; classtype:trojan-activity;sid:84502820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639721)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/10-2019/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639721/; classtype:trojan-activity;sid:84502821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639722)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639722/; classtype:trojan-activity;sid:84502822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639723)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/05-2020/01/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639723/; classtype:trojan-activity;sid:84502823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639724)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/18012020075736/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639724/; classtype:trojan-activity;sid:84502824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639718)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/06112019135902/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639718/; classtype:trojan-activity;sid:84502818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639716)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/10082020090221/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639716/; classtype:trojan-activity;sid:84502816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639717)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/13022020083700/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639717/; classtype:trojan-activity;sid:84502817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639712)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/13022020083928/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639712/; classtype:trojan-activity;sid:84502812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639713)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/06-2020/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639713/; classtype:trojan-activity;sid:84502813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639714)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639714/; classtype:trojan-activity;sid:84502814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639715)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/10-2019/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639715/; classtype:trojan-activity;sid:84502815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639709)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639709/; classtype:trojan-activity;sid:84502809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639710)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/02092019111329/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639710/; classtype:trojan-activity;sid:84502810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639711)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/01062020092311/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639711/; classtype:trojan-activity;sid:84502811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639708)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2020/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639708/; classtype:trojan-activity;sid:84502808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639699)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/24092020090102/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639699/; classtype:trojan-activity;sid:84502799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639700)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/05-2020/04/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639700/; classtype:trojan-activity;sid:84502800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639701)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/16022020101952/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639701/; classtype:trojan-activity;sid:84502801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639702)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15092019133613/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639702/; classtype:trojan-activity;sid:84502802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639703)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/02-2020/28/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639703/; classtype:trojan-activity;sid:84502803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639704)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/11092020084854/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639704/; classtype:trojan-activity;sid:84502804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639705)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/12012020111716/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639705/; classtype:trojan-activity;sid:84502805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639706)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-06-30/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639706/; classtype:trojan-activity;sid:84502806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639707)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/10-2019/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639707/; classtype:trojan-activity;sid:84502807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639695)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/18062020084013/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639695/; classtype:trojan-activity;sid:84502795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639696)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/15062020120603/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639696/; classtype:trojan-activity;sid:84502796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639697)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/01/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639697/; classtype:trojan-activity;sid:84502797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639698)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/28072020084122/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639698/; classtype:trojan-activity;sid:84502798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639694)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/08062020120024/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639694/; classtype:trojan-activity;sid:84502794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639692)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/11-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639692/; classtype:trojan-activity;sid:84502792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639693)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15092019081708/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639693/; classtype:trojan-activity;sid:84502793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639689)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/12-2019/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639689/; classtype:trojan-activity;sid:84502789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639690)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639690/; classtype:trojan-activity;sid:84502790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639691)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/02-2020/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639691/; classtype:trojan-activity;sid:84502791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639688)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/22062020084643/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639688/; classtype:trojan-activity;sid:84502788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639687)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/08102020083849/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639687/; classtype:trojan-activity;sid:84502787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639682)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/10-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639682/; classtype:trojan-activity;sid:84502782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639683)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/16082019085315/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639683/; classtype:trojan-activity;sid:84502783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639684)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/21022020080853/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639684/; classtype:trojan-activity;sid:84502784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639685)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/03-2020/05/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639685/; classtype:trojan-activity;sid:84502785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639686)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/16/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639686/; classtype:trojan-activity;sid:84502786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639679)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/13022020102228/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639679/; classtype:trojan-activity;sid:84502779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639680)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/14102019112118/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639680/; classtype:trojan-activity;sid:84502780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639681)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/03102019112720/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639681/; classtype:trojan-activity;sid:84502781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639678)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/10-2019/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639678/; classtype:trojan-activity;sid:84502778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639676)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/02-2020/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639676/; classtype:trojan-activity;sid:84502776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639677)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/08-2019/01/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639677/; classtype:trojan-activity;sid:84502777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639674)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/05/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639674/; classtype:trojan-activity;sid:84502774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639675)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/info.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639675/; classtype:trojan-activity;sid:84502775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639669)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/01-2020/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639669/; classtype:trojan-activity;sid:84502769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639670)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/03112019070036/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639670/; classtype:trojan-activity;sid:84502770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639671)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/03022020080535/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639671/; classtype:trojan-activity;sid:84502771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639672)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/01072020095640/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639672/; classtype:trojan-activity;sid:84502772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639673)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/02-2020/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639673/; classtype:trojan-activity;sid:84502773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639667)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/08062020092254/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639667/; classtype:trojan-activity;sid:84502767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639668)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/03112020083749/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639668/; classtype:trojan-activity;sid:84502768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639663)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/12082020092141/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639663/; classtype:trojan-activity;sid:84502763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639664)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/25082020083852/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639664/; classtype:trojan-activity;sid:84502764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639665)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/13022020084119/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639665/; classtype:trojan-activity;sid:84502765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639666)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/11102019111952/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639666/; classtype:trojan-activity;sid:84502766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639662)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/02-2020/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639662/; classtype:trojan-activity;sid:84502762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639661)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2019/01/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639661/; classtype:trojan-activity;sid:84502761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639660)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/14092020084203/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639660/; classtype:trojan-activity;sid:84502760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639654)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639654/; classtype:trojan-activity;sid:84502754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639655)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/10112020084012/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639655/; classtype:trojan-activity;sid:84502755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639656)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/28122019084412/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639656/; classtype:trojan-activity;sid:84502756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639657)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/18082019110715/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639657/; classtype:trojan-activity;sid:84502757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639658)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/consulta/2019-08-19/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639658/; classtype:trojan-activity;sid:84502758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639659)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/04112020082536/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639659/; classtype:trojan-activity;sid:84502759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639649)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2020-02-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639649/; classtype:trojan-activity;sid:84502749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639650)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/05/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639650/; classtype:trojan-activity;sid:84502750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639651)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/14092019094403/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639651/; classtype:trojan-activity;sid:84502751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639652)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/09092020085507/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639652/; classtype:trojan-activity;sid:84502752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639653)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/28/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639653/; classtype:trojan-activity;sid:84502753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639646)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2020-05-25/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639646/; classtype:trojan-activity;sid:84502746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639647)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-06-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639647/; classtype:trojan-activity;sid:84502747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639648)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/26022020102752/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639648/; classtype:trojan-activity;sid:84502748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639641)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/26082020084204/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639641/; classtype:trojan-activity;sid:84502741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639642)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/04052020134759/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639642/; classtype:trojan-activity;sid:84502742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639643)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/10022020115748/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639643/; classtype:trojan-activity;sid:84502743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639644)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/24102019081656/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639644/; classtype:trojan-activity;sid:84502744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639645)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2020/02/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639645/; classtype:trojan-activity;sid:84502745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639638)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2019-08-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639638/; classtype:trojan-activity;sid:84502738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639639)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2020/04/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639639/; classtype:trojan-activity;sid:84502739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639640)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2019-08-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639640/; classtype:trojan-activity;sid:84502740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639632)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/08-2019/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639632/; classtype:trojan-activity;sid:84502732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639633)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/04/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639633/; classtype:trojan-activity;sid:84502733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639634)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/11/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639634/; classtype:trojan-activity;sid:84502734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639635)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15012020113111/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639635/; classtype:trojan-activity;sid:84502735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639636)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/04082020085059/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639636/; classtype:trojan-activity;sid:84502736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639637)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639637/; classtype:trojan-activity;sid:84502737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639631)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/16112020081236/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639631/; classtype:trojan-activity;sid:84502731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639629)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/11022020082009/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639629/; classtype:trojan-activity;sid:84502729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639630)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/27012020075923/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639630/; classtype:trojan-activity;sid:84502730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639616)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/cancelamento/2020-10-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639616/; classtype:trojan-activity;sid:84502716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639617)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/01072020094018/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639617/; classtype:trojan-activity;sid:84502717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639618)"; flow:established,from_client; content:"GET"; http_method; content:"/aspnet_client/system_web/2_0_50727/info.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639618/; classtype:trojan-activity;sid:84502718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639619)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/08092020084724/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639619/; classtype:trojan-activity;sid:84502719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639620)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-06-15/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639620/; classtype:trojan-activity;sid:84502720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639621)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/09-2019/07/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639621/; classtype:trojan-activity;sid:84502721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639622)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/08012020074226/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639622/; classtype:trojan-activity;sid:84502722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639623)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2019-12-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639623/; classtype:trojan-activity;sid:84502723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639624)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/12112019075105/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639624/; classtype:trojan-activity;sid:84502724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639625)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639625/; classtype:trojan-activity;sid:84502725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639626)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/30092020105757/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639626/; classtype:trojan-activity;sid:84502726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639627)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-10-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639627/; classtype:trojan-activity;sid:84502727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639628)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/09/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639628/; classtype:trojan-activity;sid:84502728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639613)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639613/; classtype:trojan-activity;sid:84502713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639614)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/consulta/2019-08-15/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639614/; classtype:trojan-activity;sid:84502714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639615)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/10-2019/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639615/; classtype:trojan-activity;sid:84502715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639611)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639611/; classtype:trojan-activity;sid:84502711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639612)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/20102019112719/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639612/; classtype:trojan-activity;sid:84502712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639609)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/09-2019/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639609/; classtype:trojan-activity;sid:84502709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639610)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/30072020090333/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639610/; classtype:trojan-activity;sid:84502710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639608)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/17122019110717/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639608/; classtype:trojan-activity;sid:84502708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639606)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/09092019111637/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639606/; classtype:trojan-activity;sid:84502706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639607)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/08-2019/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639607/; classtype:trojan-activity;sid:84502707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639605)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/11-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639605/; classtype:trojan-activity;sid:84502705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639603)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2019-08-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639603/; classtype:trojan-activity;sid:84502703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639604)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/29092019110355/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639604/; classtype:trojan-activity;sid:84502704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639602)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15022020102448/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639602/; classtype:trojan-activity;sid:84502702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639601)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/20012020114823/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639601/; classtype:trojan-activity;sid:84502701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639598)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/02122019110838/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639598/; classtype:trojan-activity;sid:84502698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639599)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/04-2020/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639599/; classtype:trojan-activity;sid:84502699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639600)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/17112020082540/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639600/; classtype:trojan-activity;sid:84502700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639597)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/carta%20de%20corre%c3%a7%c3%a3o/2020-07-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639597/; classtype:trojan-activity;sid:84502697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639589)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/12-2019/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639589/; classtype:trojan-activity;sid:84502689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639590)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/03032020074449/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639590/; classtype:trojan-activity;sid:84502690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639591)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/consulta/2020-02-21/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639591/; classtype:trojan-activity;sid:84502691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639592)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/05112020085426/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639592/; classtype:trojan-activity;sid:84502692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639593)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/09-2019/04/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639593/; classtype:trojan-activity;sid:84502693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639594)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/21082019085347/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639594/; classtype:trojan-activity;sid:84502694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639595)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/04-2020/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639595/; classtype:trojan-activity;sid:84502695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639596)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2020-05-11/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639596/; classtype:trojan-activity;sid:84502696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639587)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/consulta/2019-10-24/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639587/; classtype:trojan-activity;sid:84502687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639588)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2020/16/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639588/; classtype:trojan-activity;sid:84502688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639583)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/20032020081408/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639583/; classtype:trojan-activity;sid:84502683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639584)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2019-09-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639584/; classtype:trojan-activity;sid:84502684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639585)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/04082019084655/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639585/; classtype:trojan-activity;sid:84502685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639586)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/06-2020/11/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639586/; classtype:trojan-activity;sid:84502686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639581)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/31102019072830/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639581/; classtype:trojan-activity;sid:84502681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639582)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/10-2019/16/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639582/; classtype:trojan-activity;sid:84502682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639577)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/09/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639577/; classtype:trojan-activity;sid:84502677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639578)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/11-2020/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639578/; classtype:trojan-activity;sid:84502678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639579)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/03-2020/02/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639579/; classtype:trojan-activity;sid:84502679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639580)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/31082020083341/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639580/; classtype:trojan-activity;sid:84502680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639575)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639575/; classtype:trojan-activity;sid:84502675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639576)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/22082019075937/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639576/; classtype:trojan-activity;sid:84502676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639571)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/09022020111331/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639571/; classtype:trojan-activity;sid:84502671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639572)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/22092019110841/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639572/; classtype:trojan-activity;sid:84502672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639573)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639573/; classtype:trojan-activity;sid:84502673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639574)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/09-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639574/; classtype:trojan-activity;sid:84502674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639568)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/06-2020/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639568/; classtype:trojan-activity;sid:84502668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639569)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639569/; classtype:trojan-activity;sid:84502669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639570)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639570/; classtype:trojan-activity;sid:84502670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639566)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639566/; classtype:trojan-activity;sid:84502666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639567)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/26092019080641/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639567/; classtype:trojan-activity;sid:84502667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639565)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/05-2020/28/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639565/; classtype:trojan-activity;sid:84502665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639563)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/03-2020/14/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639563/; classtype:trojan-activity;sid:84502663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639564)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/04022020073214/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639564/; classtype:trojan-activity;sid:84502664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639562)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/04-2020/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639562/; classtype:trojan-activity;sid:84502662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639556)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/10082020111337/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639556/; classtype:trojan-activity;sid:84502656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639557)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/05-2020/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639557/; classtype:trojan-activity;sid:84502657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639558)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639558/; classtype:trojan-activity;sid:84502658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639559)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/19012020102742/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639559/; classtype:trojan-activity;sid:84502659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639560)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/12-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639560/; classtype:trojan-activity;sid:84502660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639561)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/28082020083744/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639561/; classtype:trojan-activity;sid:84502661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639555)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/08062020113717/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639555/; classtype:trojan-activity;sid:84502655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639554)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2020/02/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639554/; classtype:trojan-activity;sid:84502654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639546)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/09102020082318/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639546/; classtype:trojan-activity;sid:84502646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639547)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/13012020072707/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639547/; classtype:trojan-activity;sid:84502647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639548)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/01092020082442/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639548/; classtype:trojan-activity;sid:84502648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639549)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/consulta/2020-08-06/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639549/; classtype:trojan-activity;sid:84502649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639550)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/03-2020/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639550/; classtype:trojan-activity;sid:84502650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639551)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/02-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639551/; classtype:trojan-activity;sid:84502651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639552)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/06102020130002/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639552/; classtype:trojan-activity;sid:84502652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639553)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/16112020081243/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639553/; classtype:trojan-activity;sid:84502653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639543)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2020/28/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639543/; classtype:trojan-activity;sid:84502643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639544)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/carta%20de%20corre%c3%a7%c3%a3o/2020-02-27/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639544/; classtype:trojan-activity;sid:84502644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639545)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/01092019071953/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639545/; classtype:trojan-activity;sid:84502645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639542)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/06-2020/07/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639542/; classtype:trojan-activity;sid:84502642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639541)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/04/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639541/; classtype:trojan-activity;sid:84502641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639539)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-05-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639539/; classtype:trojan-activity;sid:84502639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639540)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/05102020083859/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639540/; classtype:trojan-activity;sid:84502640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639534)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/02022020111707/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639534/; classtype:trojan-activity;sid:84502634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639535)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/02-2020/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639535/; classtype:trojan-activity;sid:84502635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639536)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/20112019100256/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639536/; classtype:trojan-activity;sid:84502636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639537)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/22092019074945/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639537/; classtype:trojan-activity;sid:84502637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639538)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/12112020084702/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639538/; classtype:trojan-activity;sid:84502638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639528)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/15062020092440/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639528/; classtype:trojan-activity;sid:84502628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639529)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/19102020080704/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639529/; classtype:trojan-activity;sid:84502629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639530)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2020-06-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639530/; classtype:trojan-activity;sid:84502630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639531)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/09-2019/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639531/; classtype:trojan-activity;sid:84502631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639532)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-10-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639532/; classtype:trojan-activity;sid:84502632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639533)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/04082020083144/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639533/; classtype:trojan-activity;sid:84502633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639527)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/12-2019/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639527/; classtype:trojan-activity;sid:84502627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639526)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639526/; classtype:trojan-activity;sid:84502626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639525)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/11082020091056/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639525/; classtype:trojan-activity;sid:84502625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639524)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/28072020084117/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639524/; classtype:trojan-activity;sid:84502624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639519)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/21092020082654/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639519/; classtype:trojan-activity;sid:84502619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639520)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639520/; classtype:trojan-activity;sid:84502620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639521)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/14102020092025/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639521/; classtype:trojan-activity;sid:84502621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639522)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/17112019081221/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639522/; classtype:trojan-activity;sid:84502622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639523)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/02-2020/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639523/; classtype:trojan-activity;sid:84502623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639517)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/25/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639517/; classtype:trojan-activity;sid:84502617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639518)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/06-2020/14/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639518/; classtype:trojan-activity;sid:84502618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639512)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/26112020083005/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639512/; classtype:trojan-activity;sid:84502612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639513)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/02092020090350/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639513/; classtype:trojan-activity;sid:84502613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639514)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/02-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639514/; classtype:trojan-activity;sid:84502614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639515)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/23112020082726/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639515/; classtype:trojan-activity;sid:84502615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639516)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/08062020125802/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639516/; classtype:trojan-activity;sid:84502616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639511)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/23102019132849/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639511/; classtype:trojan-activity;sid:84502611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639508)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/06092019110358/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639508/; classtype:trojan-activity;sid:84502608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639509)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/16032020100222/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639509/; classtype:trojan-activity;sid:84502609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639510)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/10-2019/12/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639510/; classtype:trojan-activity;sid:84502610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639506)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/10-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639506/; classtype:trojan-activity;sid:84502606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639507)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/27012020075725/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639507/; classtype:trojan-activity;sid:84502607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639503)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/12032020111238/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639503/; classtype:trojan-activity;sid:84502603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639504)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/05-2020/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639504/; classtype:trojan-activity;sid:84502604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639505)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/24092019102653/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639505/; classtype:trojan-activity;sid:84502605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639501)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/09022020144937/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639501/; classtype:trojan-activity;sid:84502601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639502)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/09062020113808/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639502/; classtype:trojan-activity;sid:84502602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639500)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/17022020073339/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639500/; classtype:trojan-activity;sid:84502600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639498)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2020/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639498/; classtype:trojan-activity;sid:84502598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639499)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/18012020073616/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639499/; classtype:trojan-activity;sid:84502599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639497)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/26112019110601/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639497/; classtype:trojan-activity;sid:84502597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639495)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/02-2020/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639495/; classtype:trojan-activity;sid:84502595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639496)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/05/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639496/; classtype:trojan-activity;sid:84502596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639492)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/28092020084805/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639492/; classtype:trojan-activity;sid:84502592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639493)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/06112020083335/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639493/; classtype:trojan-activity;sid:84502593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639494)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2020/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639494/; classtype:trojan-activity;sid:84502594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639483)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/1/0011/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639483/; classtype:trojan-activity;sid:84502583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639484)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/09012020103652/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639484/; classtype:trojan-activity;sid:84502584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639485)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/03022020112951/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639485/; classtype:trojan-activity;sid:84502585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639486)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639486/; classtype:trojan-activity;sid:84502586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639487)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/07102019113952/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639487/; classtype:trojan-activity;sid:84502587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639488)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/19112020084628/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639488/; classtype:trojan-activity;sid:84502588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639489)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/11-2019/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639489/; classtype:trojan-activity;sid:84502589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639490)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/06102020120909/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639490/; classtype:trojan-activity;sid:84502590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639491)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/11-2019/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639491/; classtype:trojan-activity;sid:84502591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639482)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639482/; classtype:trojan-activity;sid:84502582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639481)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/02032020083839/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639481/; classtype:trojan-activity;sid:84502581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639479)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/08032020103000/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639479/; classtype:trojan-activity;sid:84502579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639480)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639480/; classtype:trojan-activity;sid:84502580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639474)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/15092020083724/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639474/; classtype:trojan-activity;sid:84502574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639475)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/02022020110300/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639475/; classtype:trojan-activity;sid:84502575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639476)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/10092020082952/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639476/; classtype:trojan-activity;sid:84502576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639477)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/09022020080642/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639477/; classtype:trojan-activity;sid:84502577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639478)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-11-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639478/; classtype:trojan-activity;sid:84502578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639471)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/11-2019/09/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639471/; classtype:trojan-activity;sid:84502571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639472)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2020/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639472/; classtype:trojan-activity;sid:84502572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639473)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/04012020083204/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639473/; classtype:trojan-activity;sid:84502573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639467)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/info.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639467/; classtype:trojan-activity;sid:84502567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639468)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/22012020081724/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639468/; classtype:trojan-activity;sid:84502568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639469)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/03112020074640/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639469/; classtype:trojan-activity;sid:84502569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639470)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/07-2020/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639470/; classtype:trojan-activity;sid:84502570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639466)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/20072020090223/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639466/; classtype:trojan-activity;sid:84502566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639464)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/04-2020/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639464/; classtype:trojan-activity;sid:84502564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639465)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/10-2019/11/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639465/; classtype:trojan-activity;sid:84502565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639463)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/15062020122058/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639463/; classtype:trojan-activity;sid:84502563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639460)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/carta%20de%20corre%c3%a7%c3%a3o/2020-06-10/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639460/; classtype:trojan-activity;sid:84502560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639461)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2020-05-22/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639461/; classtype:trojan-activity;sid:84502561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639462)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/01-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639462/; classtype:trojan-activity;sid:84502562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639458)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/12-2019/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639458/; classtype:trojan-activity;sid:84502558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639459)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/06102020083538/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639459/; classtype:trojan-activity;sid:84502559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639457)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/25112020083803/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639457/; classtype:trojan-activity;sid:84502557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639449)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/15062020105330/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639449/; classtype:trojan-activity;sid:84502549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639450)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/04062020092328/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639450/; classtype:trojan-activity;sid:84502550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639451)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/12/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639451/; classtype:trojan-activity;sid:84502551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639452)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/11-2019/22/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639452/; classtype:trojan-activity;sid:84502552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639453)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/17032020085116/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639453/; classtype:trojan-activity;sid:84502553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639454)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/22122019073549/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639454/; classtype:trojan-activity;sid:84502554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639455)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/06112019135438/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639455/; classtype:trojan-activity;sid:84502555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639456)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/06-2020/22/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639456/; classtype:trojan-activity;sid:84502556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639445)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/02-2020/25/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639445/; classtype:trojan-activity;sid:84502545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639446)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639446/; classtype:trojan-activity;sid:84502546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639447)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/25/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639447/; classtype:trojan-activity;sid:84502547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639448)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/11032020091921/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639448/; classtype:trojan-activity;sid:84502548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639444)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/03092019103102/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639444/; classtype:trojan-activity;sid:84502544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639442)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/11112020084111/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639442/; classtype:trojan-activity;sid:84502542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639443)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2020-07-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639443/; classtype:trojan-activity;sid:84502543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639439)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/23122019073604/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639439/; classtype:trojan-activity;sid:84502539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639440)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639440/; classtype:trojan-activity;sid:84502540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639441)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/14102020092022/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639441/; classtype:trojan-activity;sid:84502541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639436)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/carta%20de%20corre%c3%a7%c3%a3o/2019-08-22/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639436/; classtype:trojan-activity;sid:84502536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639437)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/31/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639437/; classtype:trojan-activity;sid:84502537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639438)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/14102020102401/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639438/; classtype:trojan-activity;sid:84502538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639433)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/14082019090706/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639433/; classtype:trojan-activity;sid:84502533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639434)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/20102020075126/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639434/; classtype:trojan-activity;sid:84502534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639435)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/04-2020/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639435/; classtype:trojan-activity;sid:84502535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639431)"; flow:established,from_client; content:"GET"; http_method; content:"/aspnet_client/system_web/4_0_30319/info.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639431/; classtype:trojan-activity;sid:84502531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639432)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/05/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639432/; classtype:trojan-activity;sid:84502532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639428)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-08-24/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639428/; classtype:trojan-activity;sid:84502528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639429)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/13012020080237/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639429/; classtype:trojan-activity;sid:84502529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639430)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/06092019111336/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639430/; classtype:trojan-activity;sid:84502530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639423)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/carta%20de%20corre%c3%a7%c3%a3o/2020-07-22/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639423/; classtype:trojan-activity;sid:84502523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639424)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/10072020093358/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639424/; classtype:trojan-activity;sid:84502524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639425)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/17072020085911/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639425/; classtype:trojan-activity;sid:84502525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639426)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/30062020102002/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639426/; classtype:trojan-activity;sid:84502526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639427)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/05-2020/16/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639427/; classtype:trojan-activity;sid:84502527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639421)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/09102019112058/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639421/; classtype:trojan-activity;sid:84502521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639422)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/09-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639422/; classtype:trojan-activity;sid:84502522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639418)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/23022020072403/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639418/; classtype:trojan-activity;sid:84502518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639419)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/14022020072009/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639419/; classtype:trojan-activity;sid:84502519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639420)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/10022020130325/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639420/; classtype:trojan-activity;sid:84502520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639416)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/carta%20de%20corre%c3%a7%c3%a3o/2020-11-25/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639416/; classtype:trojan-activity;sid:84502516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639417)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/16022020064123/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639417/; classtype:trojan-activity;sid:84502517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639415)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/04-2020/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639415/; classtype:trojan-activity;sid:84502515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639412)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/13072020085518/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639412/; classtype:trojan-activity;sid:84502512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639413)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/20112020083816/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639413/; classtype:trojan-activity;sid:84502513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639414)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/11022020111009/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639414/; classtype:trojan-activity;sid:84502514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639411)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2020-02-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639411/; classtype:trojan-activity;sid:84502511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639409)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/20122019073158/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639409/; classtype:trojan-activity;sid:84502509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639410)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/02-2020/11/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639410/; classtype:trojan-activity;sid:84502510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639402)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/19082020090548/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639402/; classtype:trojan-activity;sid:84502502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639403)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/06-2020/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639403/; classtype:trojan-activity;sid:84502503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639404)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/15062020134851/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639404/; classtype:trojan-activity;sid:84502504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639405)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/10082020090720/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639405/; classtype:trojan-activity;sid:84502505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639406)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/02-2020/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639406/; classtype:trojan-activity;sid:84502506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639407)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2020-07-20/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639407/; classtype:trojan-activity;sid:84502507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639408)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/04082019113653/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639408/; classtype:trojan-activity;sid:84502508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639398)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/07-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639398/; classtype:trojan-activity;sid:84502498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639399)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639399/; classtype:trojan-activity;sid:84502499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639400)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/11112019111724/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639400/; classtype:trojan-activity;sid:84502500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639401)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/06102020082316/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639401/; classtype:trojan-activity;sid:84502501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639394)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/carta%20de%20corre%c3%a7%c3%a3o/info.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639394/; classtype:trojan-activity;sid:84502494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639395)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/11-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639395/; classtype:trojan-activity;sid:84502495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639396)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/19102020081725/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639396/; classtype:trojan-activity;sid:84502496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639397)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/25082020083625/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639397/; classtype:trojan-activity;sid:84502497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639391)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/05112020082645/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639391/; classtype:trojan-activity;sid:84502491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639392)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/08072020083929/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639392/; classtype:trojan-activity;sid:84502492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639393)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/08102020081012/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639393/; classtype:trojan-activity;sid:84502493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639389)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/03-2020/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639389/; classtype:trojan-activity;sid:84502489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639390)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/09102020084804/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639390/; classtype:trojan-activity;sid:84502490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639388)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/30102020083436/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639388/; classtype:trojan-activity;sid:84502488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639386)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/02-2020/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639386/; classtype:trojan-activity;sid:84502486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639387)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/16012020080702/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639387/; classtype:trojan-activity;sid:84502487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639385)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/02-2020/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639385/; classtype:trojan-activity;sid:84502485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639382)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/28012020074027/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639382/; classtype:trojan-activity;sid:84502482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639383)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/07102020094534/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639383/; classtype:trojan-activity;sid:84502483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639384)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/24082020084629/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639384/; classtype:trojan-activity;sid:84502484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639378)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/15092020083729/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639378/; classtype:trojan-activity;sid:84502478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639379)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/10012020103245/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639379/; classtype:trojan-activity;sid:84502479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639380)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/21102019084027/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639380/; classtype:trojan-activity;sid:84502480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639381)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/04112019084708/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639381/; classtype:trojan-activity;sid:84502481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639376)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/01-2020/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639376/; classtype:trojan-activity;sid:84502476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639377)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2020-05-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639377/; classtype:trojan-activity;sid:84502477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639375)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2020/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639375/; classtype:trojan-activity;sid:84502475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639373)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/17022020102208/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639373/; classtype:trojan-activity;sid:84502473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639374)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/26082019085422/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639374/; classtype:trojan-activity;sid:84502474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639370)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/28112019111235/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639370/; classtype:trojan-activity;sid:84502470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639371)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/07072020090050/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639371/; classtype:trojan-activity;sid:84502471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639372)"; flow:established,from_client; content:"GET"; http_method; content:"/ramon/teste/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639372/; classtype:trojan-activity;sid:84502472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639364)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/12112020084708/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639364/; classtype:trojan-activity;sid:84502464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639365)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639365/; classtype:trojan-activity;sid:84502465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639366)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/08062020123608/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639366/; classtype:trojan-activity;sid:84502466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639367)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/30092020104616/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639367/; classtype:trojan-activity;sid:84502467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639368)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/10032020110725/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639368/; classtype:trojan-activity;sid:84502468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639369)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/consulta/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639369/; classtype:trojan-activity;sid:84502469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639363)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15012020080122/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639363/; classtype:trojan-activity;sid:84502463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639361)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/10022020110654/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639361/; classtype:trojan-activity;sid:84502461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639362)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/13112019094121/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639362/; classtype:trojan-activity;sid:84502462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639355)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/10-2019/30/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639355/; classtype:trojan-activity;sid:84502455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639356)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/31082020082335/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639356/; classtype:trojan-activity;sid:84502456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639357)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/01092019100736/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639357/; classtype:trojan-activity;sid:84502457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639358)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/24092020090107/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639358/; classtype:trojan-activity;sid:84502458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639359)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2020-01-29/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639359/; classtype:trojan-activity;sid:84502459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639360)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/09-2019/07/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639360/; classtype:trojan-activity;sid:84502460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639354)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/06022020085336/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639354/; classtype:trojan-activity;sid:84502454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639353)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-04-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639353/; classtype:trojan-activity;sid:84502453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639352)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639352/; classtype:trojan-activity;sid:84502452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639348)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/11-2019/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639348/; classtype:trojan-activity;sid:84502448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639349)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/08-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639349/; classtype:trojan-activity;sid:84502449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639350)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/01092020083825/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639350/; classtype:trojan-activity;sid:84502450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639351)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/25022020103040/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639351/; classtype:trojan-activity;sid:84502451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639346)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/12112019111758/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639346/; classtype:trojan-activity;sid:84502446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639347)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/09-2019/22/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639347/; classtype:trojan-activity;sid:84502447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639345)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/10-2019/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639345/; classtype:trojan-activity;sid:84502445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639344)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/06022020085018/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639344/; classtype:trojan-activity;sid:84502444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639343)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-05-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639343/; classtype:trojan-activity;sid:84502443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639341)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/04032020080357/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639341/; classtype:trojan-activity;sid:84502441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639342)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/09-2019/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639342/; classtype:trojan-activity;sid:84502442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639340)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.149.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639340/; classtype:trojan-activity;sid:84502440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639339)"; flow:established,from_client; content:"GET"; http_method; content:"/hqr1thfjcy.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2.e-52p.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639339/; classtype:trojan-activity;sid:84502439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639338)"; flow:established,from_client; content:"GET"; http_method; content:"/zz7.google|3f|t=vammbfrg"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"h2.haxyli.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639338/; classtype:trojan-activity;sid:84502438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639337)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.147.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639337/; classtype:trojan-activity;sid:84502437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639336)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.199.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639336/; classtype:trojan-activity;sid:84502436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639334)"; flow:established,from_client; content:"GET"; http_method; content:"/1za.check|3f|t=y2bq0apz"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"q.haxyli.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639334/; classtype:trojan-activity;sid:84502434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639335)"; flow:established,from_client; content:"GET"; http_method; content:"/d5fkt99ac1.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"b1.k0m7y.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639335/; classtype:trojan-activity;sid:84502435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639333)"; flow:established,from_client; content:"GET"; http_method; content:"/oiog5s6th4.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2.e-52p.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639333/; classtype:trojan-activity;sid:84502433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639332)"; flow:established,from_client; content:"GET"; http_method; content:"/1za.check|3f|t=o9n6bans"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"q.haxyli.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639332/; classtype:trojan-activity;sid:84502432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639331)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.162.245.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639331/; classtype:trojan-activity;sid:84502431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639330)"; flow:established,from_client; content:"GET"; http_method; content:"/txaust8v65.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"g.e-52p.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639330/; classtype:trojan-activity;sid:84502430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639329)"; flow:established,from_client; content:"GET"; http_method; content:"/v8.google|3f|t=gprh1gv3"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"xt.haxyli.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639329/; classtype:trojan-activity;sid:84502429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639328)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.159.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639328/; classtype:trojan-activity;sid:84502428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639327)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.74.91.0"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639327/; classtype:trojan-activity;sid:84502427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639326)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.80.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639326/; classtype:trojan-activity;sid:84502426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639325)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.9.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639325/; classtype:trojan-activity;sid:84502425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639324)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.64.86.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639324/; classtype:trojan-activity;sid:84502424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639323)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.133.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639323/; classtype:trojan-activity;sid:84502423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639321)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.147.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639321/; classtype:trojan-activity;sid:84502421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639322)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.147.218.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639322/; classtype:trojan-activity;sid:84502422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639320)"; flow:established,from_client; content:"GET"; http_method; content:"/0am.check|3f|t=9ujtqs2s"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"n5.haxyli.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639320/; classtype:trojan-activity;sid:84502420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639319)"; flow:established,from_client; content:"GET"; http_method; content:"/hawx7vzd70.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"g4.k0m7y.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639319/; classtype:trojan-activity;sid:84502419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639318)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.38.3.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639318/; classtype:trojan-activity;sid:84502418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639317)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.149.67.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639317/; classtype:trojan-activity;sid:84502417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639316)"; flow:established,from_client; content:"GET"; http_method; content:"/pkdkv3eidg.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m2.y-45s.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639316/; classtype:trojan-activity;sid:84502416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639315)"; flow:established,from_client; content:"GET"; http_method; content:"/0am.check|3f|t=kmxr55rw"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"n5.haxyli.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639315/; classtype:trojan-activity;sid:84502415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639314)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.147.218.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639314/; classtype:trojan-activity;sid:84502414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639313)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251001150016.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"peartec.co"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639313/; classtype:trojan-activity;sid:84502413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639311)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=15_5vja6ls72gnqbjqkrme1i7bmit0fe4"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639311/; classtype:trojan-activity;sid:84502411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639312)"; flow:established,from_client; content:"GET"; http_method; content:"/lrl1sg.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639312/; classtype:trojan-activity;sid:84502412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639310)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251001150026.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"peartec.co"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639310/; classtype:trojan-activity;sid:84502410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639308)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.133.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639308/; classtype:trojan-activity;sid:84502408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639309)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.64.86.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639309/; classtype:trojan-activity;sid:84502409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639307)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.91.0"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639307/; classtype:trojan-activity;sid:84502407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639306)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ksvzmuun3a8q_zecnoa1teinejzmwuev"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639306/; classtype:trojan-activity;sid:84502406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639305)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1cc-ibt467o1oeobjiii3vmzu5q8-ehll"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639305/; classtype:trojan-activity;sid:84502405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639304)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ohmavmdd3m5n-evc5gabjl4gd0baerfo"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639304/; classtype:trojan-activity;sid:84502404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639303)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7541447895/vaapyvi.bat"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639303/; classtype:trojan-activity;sid:84502403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639302)"; flow:established,from_client; content:"GET"; http_method; content:"/2sjjr5jg5u.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"aa9.y-45s.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639302/; classtype:trojan-activity;sid:84502402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639301)"; flow:established,from_client; content:"GET"; http_method; content:"/q2.google|3f|t=wr51qmda"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"b.haxyli.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639301/; classtype:trojan-activity;sid:84502401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639300)"; flow:established,from_client; content:"GET"; http_method; content:"/e30dy58fug.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"pm7.k0m7y.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639300/; classtype:trojan-activity;sid:84502400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639299)"; flow:established,from_client; content:"GET"; http_method; content:"/q2.google|3f|t=m9wfmr2j"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"b.haxyli.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639299/; classtype:trojan-activity;sid:84502399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639298)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.159.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639298/; classtype:trojan-activity;sid:84502398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639297)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.9.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639297/; classtype:trojan-activity;sid:84502397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639296)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.184.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639296/; classtype:trojan-activity;sid:84502396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639295)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.177.107.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639295/; classtype:trojan-activity;sid:84502395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639294)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.205.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639294/; classtype:trojan-activity;sid:84502394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639293)"; flow:established,from_client; content:"GET"; http_method; content:"/r9bm9j0jgc.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"aa9.y-45s.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639293/; classtype:trojan-activity;sid:84502393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639292)"; flow:established,from_client; content:"GET"; http_method; content:"/wa08.google|3f|t=7mi1w08y"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"c1m.hasefa.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639292/; classtype:trojan-activity;sid:84502392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639290)"; flow:established,from_client; content:"GET"; http_method; content:"/wa08.google|3f|t=m91d2mz8"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"c1m.hasefa.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639290/; classtype:trojan-activity;sid:84502390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639291)"; flow:established,from_client; content:"GET"; http_method; content:"/2e87pe4903.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"k4.k0m7y.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639291/; classtype:trojan-activity;sid:84502391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639288)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.186.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639288/; classtype:trojan-activity;sid:84502388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639289)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.185.241.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639289/; classtype:trojan-activity;sid:84502389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639286)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639286/; classtype:trojan-activity;sid:84502386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639287)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.246.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639287/; classtype:trojan-activity;sid:84502387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639285)"; flow:established,from_client; content:"GET"; http_method; content:"/87rh1c6/qiovqxatfuu/violetclient3335_protected.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"api.chimera-hosting.zip"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639285/; classtype:trojan-activity;sid:84502385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639283)"; flow:established,from_client; content:"GET"; http_method; content:"/2/airfor.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"196.251.85.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639283/; classtype:trojan-activity;sid:84502383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639284)"; flow:established,from_client; content:"GET"; http_method; content:"/2/foreeee.ps1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"196.251.85.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639284/; classtype:trojan-activity;sid:84502384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639281)"; flow:established,from_client; content:"GET"; http_method; content:"/2/slyyyyy.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"196.251.85.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639281/; classtype:trojan-activity;sid:84502381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639282)"; flow:established,from_client; content:"GET"; http_method; content:"/2/steinnnn.zip"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"196.251.85.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639282/; classtype:trojan-activity;sid:84502382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639280)"; flow:established,from_client; content:"GET"; http_method; content:"/6tmq2fxwx.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"dpaste.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639280/; classtype:trojan-activity;sid:84502380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639279)"; flow:established,from_client; content:"GET"; http_method; content:"/okphhyvoj6.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"xq0.y-45s.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639279/; classtype:trojan-activity;sid:84502379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639278)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.205.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639278/; classtype:trojan-activity;sid:84502378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639277)"; flow:established,from_client; content:"GET"; http_method; content:"/djcw1xjsgj.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"y.k0m7y.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639277/; classtype:trojan-activity;sid:84502377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639275)"; flow:established,from_client; content:"GET"; http_method; content:"/mq.check|3f|t=sf66q83i"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"t7.hasefa.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639275/; classtype:trojan-activity;sid:84502375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639276)"; flow:established,from_client; content:"GET"; http_method; content:"/mq.check|3f|t=yszhm0q5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"t7.hasefa.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639276/; classtype:trojan-activity;sid:84502376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639274)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639274/; classtype:trojan-activity;sid:84502374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639273)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.0.109"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639273/; classtype:trojan-activity;sid:84502373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639272)"; flow:established,from_client; content:"GET"; http_method; content:"/r70.google|3f|t=3sqqvvdd"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"pv.hasefa.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639272/; classtype:trojan-activity;sid:84502372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639258)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"139.162.143.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639258/; classtype:trojan-activity;sid:84502358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639259)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"139.162.143.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639259/; classtype:trojan-activity;sid:84502359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639260)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"139.162.143.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639260/; classtype:trojan-activity;sid:84502360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639261)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"139.162.143.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639261/; classtype:trojan-activity;sid:84502361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639262)"; flow:established,from_client; content:"GET"; http_method; content:"/myfuckingbins/labello.i468"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"45.94.31.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639262/; classtype:trojan-activity;sid:84502362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639263)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"139.162.143.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639263/; classtype:trojan-activity;sid:84502363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639264)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"139.162.143.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639264/; classtype:trojan-activity;sid:84502364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639265)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i468"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639265/; classtype:trojan-activity;sid:84502365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639266)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"139.162.143.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639266/; classtype:trojan-activity;sid:84502366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639267)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"139.162.143.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639267/; classtype:trojan-activity;sid:84502367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639268)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"139.162.143.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639268/; classtype:trojan-activity;sid:84502368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639269)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"139.162.143.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639269/; classtype:trojan-activity;sid:84502369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639270)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"139.162.143.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639270/; classtype:trojan-activity;sid:84502370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639271)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"139.162.143.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639271/; classtype:trojan-activity;sid:84502371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639257)"; flow:established,from_client; content:"GET"; http_method; content:"/ptmdmj2k1y.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c5.y-45s.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639257/; classtype:trojan-activity;sid:84502357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639256)"; flow:established,from_client; content:"GET"; http_method; content:"/dyq1xwgyq5.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"k4.l6r7e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639256/; classtype:trojan-activity;sid:84502356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639255)"; flow:established,from_client; content:"GET"; http_method; content:"/r70.google|3f|t=rmt3nyxr"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"pv.hasefa.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639255/; classtype:trojan-activity;sid:84502355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639254)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639254/; classtype:trojan-activity;sid:84502354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639253)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.103.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639253/; classtype:trojan-activity;sid:84502353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639252)"; flow:established,from_client; content:"GET"; http_method; content:"/mmm.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"alpinreisan1.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639252/; classtype:trojan-activity;sid:84502352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639251)"; flow:established,from_client; content:"GET"; http_method; content:"/metallikaxxxcercshim.vbs"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"104.168.5.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639251/; classtype:trojan-activity;sid:84502351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639250)"; flow:established,from_client; content:"GET"; http_method; content:"/zrrf0ise1epm2m0.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.92.240.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639250/; classtype:trojan-activity;sid:84502350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639249)"; flow:established,from_client; content:"GET"; http_method; content:"/hhp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"alpinreisan1.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639249/; classtype:trojan-activity;sid:84502349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639248)"; flow:established,from_client; content:"GET"; http_method; content:"/pcfxfbjllyual81.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.92.240.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639248/; classtype:trojan-activity;sid:84502348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639246)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"139-162-143-187.ip.linodeusercontent.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639246/; classtype:trojan-activity;sid:84502346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639247)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"139-162-143-187.ip.linodeusercontent.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639247/; classtype:trojan-activity;sid:84502347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639245)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"139-162-143-187.ip.linodeusercontent.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639245/; classtype:trojan-activity;sid:84502345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639241)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"139-162-143-187.ip.linodeusercontent.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639241/; classtype:trojan-activity;sid:84502341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639242)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"139-162-143-187.ip.linodeusercontent.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639242/; classtype:trojan-activity;sid:84502342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639243)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"139-162-143-187.ip.linodeusercontent.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639243/; classtype:trojan-activity;sid:84502343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639244)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"139-162-143-187.ip.linodeusercontent.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639244/; classtype:trojan-activity;sid:84502344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639239)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"139-162-143-187.ip.linodeusercontent.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639239/; classtype:trojan-activity;sid:84502339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639240)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"139-162-143-187.ip.linodeusercontent.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639240/; classtype:trojan-activity;sid:84502340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639238)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"139-162-143-187.ip.linodeusercontent.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639238/; classtype:trojan-activity;sid:84502338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639237)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"139-162-143-187.ip.linodeusercontent.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639237/; classtype:trojan-activity;sid:84502337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639236)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/unhanaaw.mpsl"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639236/; classtype:trojan-activity;sid:84502336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639225)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/tplink.sh"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639225/; classtype:trojan-activity;sid:84502325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639226)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639226/; classtype:trojan-activity;sid:84502326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639227)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/boatnet.mips"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639227/; classtype:trojan-activity;sid:84502327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639228)"; flow:established,from_client; content:"GET"; http_method; content:"/boatnet.sh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639228/; classtype:trojan-activity;sid:84502328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639229)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/unhanaaw.x86"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639229/; classtype:trojan-activity;sid:84502329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639230)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/unhanaaw.m68k"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639230/; classtype:trojan-activity;sid:84502330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639231)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.mpsl"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639231/; classtype:trojan-activity;sid:84502331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639232)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/boatnet.arm5"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639232/; classtype:trojan-activity;sid:84502332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639233)"; flow:established,from_client; content:"GET"; http_method; content:"/boatnet.arm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639233/; classtype:trojan-activity;sid:84502333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639234)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/unhanaaw.spc"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639234/; classtype:trojan-activity;sid:84502334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639235)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.spc"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639235/; classtype:trojan-activity;sid:84502335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639224)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/giga.sh"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639224/; classtype:trojan-activity;sid:84502324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639221)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/c.sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639221/; classtype:trojan-activity;sid:84502321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639222)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.m68k"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639222/; classtype:trojan-activity;sid:84502322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639223)"; flow:established,from_client; content:"GET"; http_method; content:"/boatnet.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639223/; classtype:trojan-activity;sid:84502323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639219)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"139-162-143-187.ip.linodeusercontent.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639219/; classtype:trojan-activity;sid:84502319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639220)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"139-162-143-187.ip.linodeusercontent.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639220/; classtype:trojan-activity;sid:84502320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639218)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.x86"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639218/; classtype:trojan-activity;sid:84502318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639215)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/boatnet.m68k"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639215/; classtype:trojan-activity;sid:84502315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639216)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/unhanaaw.ppc"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639216/; classtype:trojan-activity;sid:84502316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639217)"; flow:established,from_client; content:"GET"; http_method; content:"/giga.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639217/; classtype:trojan-activity;sid:84502317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639213)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/zyxel.sh"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639213/; classtype:trojan-activity;sid:84502313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639214)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/boatnet.arm6"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639214/; classtype:trojan-activity;sid:84502314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639207)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639207/; classtype:trojan-activity;sid:84502307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639208)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.mips"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639208/; classtype:trojan-activity;sid:84502308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639209)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/unhanaaw.arm"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639209/; classtype:trojan-activity;sid:84502309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639210)"; flow:established,from_client; content:"GET"; http_method; content:"/cr.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639210/; classtype:trojan-activity;sid:84502310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639211)"; flow:established,from_client; content:"GET"; http_method; content:"/boatnet.x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639211/; classtype:trojan-activity;sid:84502311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639212)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/w2.sh"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639212/; classtype:trojan-activity;sid:84502312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639183)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639183/; classtype:trojan-activity;sid:84502283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639184)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/boatnet.ppc"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639184/; classtype:trojan-activity;sid:84502284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639185)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.ppc"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639185/; classtype:trojan-activity;sid:84502285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639186)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639186/; classtype:trojan-activity;sid:84502286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639187)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/w.sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639187/; classtype:trojan-activity;sid:84502287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639188)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/unhanaaw.sh4"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639188/; classtype:trojan-activity;sid:84502288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639189)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/o.xml"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639189/; classtype:trojan-activity;sid:84502289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639190)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/boatnet.mpsl"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639190/; classtype:trojan-activity;sid:84502290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639191)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/unhanaaw.x86_64"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639191/; classtype:trojan-activity;sid:84502291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639192)"; flow:established,from_client; content:"GET"; http_method; content:"/boatnet.ppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639192/; classtype:trojan-activity;sid:84502292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639193)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/boatnet.spc"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639193/; classtype:trojan-activity;sid:84502293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639194)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639194/; classtype:trojan-activity;sid:84502294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639195)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/unhanaaw.m68k"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639195/; classtype:trojan-activity;sid:84502295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639196)"; flow:established,from_client; content:"GET"; http_method; content:"/boatnet.mpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639196/; classtype:trojan-activity;sid:84502296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639197)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.sh4"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639197/; classtype:trojan-activity;sid:84502297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639198)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/unhanaaw.arm6"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639198/; classtype:trojan-activity;sid:84502298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639199)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/unhanaaw.arm7"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639199/; classtype:trojan-activity;sid:84502299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639200)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/boatnet.sh4"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639200/; classtype:trojan-activity;sid:84502300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639201)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/w2.sh"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639201/; classtype:trojan-activity;sid:84502301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639202)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/unhanaaw.spc"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639202/; classtype:trojan-activity;sid:84502302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639203)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/tplink.sh"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639203/; classtype:trojan-activity;sid:84502303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639204)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639204/; classtype:trojan-activity;sid:84502304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639205)"; flow:established,from_client; content:"GET"; http_method; content:"/toto.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639205/; classtype:trojan-activity;sid:84502305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639206)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/boatnet.x86_64"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639206/; classtype:trojan-activity;sid:84502306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639180)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/wget.sh"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639180/; classtype:trojan-activity;sid:84502280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639181)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/hik.sh"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639181/; classtype:trojan-activity;sid:84502281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639182)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/unhanaaw.arm5"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639182/; classtype:trojan-activity;sid:84502282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639179)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm5"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639179/; classtype:trojan-activity;sid:84502279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639178)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/wget2.sh"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639178/; classtype:trojan-activity;sid:84502278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639176)"; flow:established,from_client; content:"GET"; http_method; content:"/tplink.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639176/; classtype:trojan-activity;sid:84502276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639177)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/unhanaaw.x86"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639177/; classtype:trojan-activity;sid:84502277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639173)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/unhanaaw.mpsl"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639173/; classtype:trojan-activity;sid:84502273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639174)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/cr.sh"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639174/; classtype:trojan-activity;sid:84502274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639175)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/unhanaaw.arm"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639175/; classtype:trojan-activity;sid:84502275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639172)"; flow:established,from_client; content:"GET"; http_method; content:"/kn11bo593p.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"l.y-45s.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639172/; classtype:trojan-activity;sid:84502272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639171)"; flow:established,from_client; content:"GET"; http_method; content:"/zn2.check|3f|t=osciwtm8"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"a1.hasefa.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639171/; classtype:trojan-activity;sid:84502271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639170)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.103.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639170/; classtype:trojan-activity;sid:84502270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639169)"; flow:established,from_client; content:"GET"; http_method; content:"/vw8cstnhg2.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"z3.l6r7e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639169/; classtype:trojan-activity;sid:84502269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639168)"; flow:established,from_client; content:"GET"; http_method; content:"/zn2.check|3f|t=odnhf3xw"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"a1.hasefa.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639168/; classtype:trojan-activity;sid:84502268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639167)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.130.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639167/; classtype:trojan-activity;sid:84502267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639166)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639166/; classtype:trojan-activity;sid:84502266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639164)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/giga.sh"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639164/; classtype:trojan-activity;sid:84502264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639165)"; flow:established,from_client; content:"GET"; http_method; content:"/myfuckingbins/labello.x86"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"45.94.31.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639165/; classtype:trojan-activity;sid:84502265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639162)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/o.xml"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639162/; classtype:trojan-activity;sid:84502262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639163)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639163/; classtype:trojan-activity;sid:84502263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639157)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/toto.sh"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639157/; classtype:trojan-activity;sid:84502257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639158)"; flow:established,from_client; content:"GET"; http_method; content:"/myfuckingbins/labello.m68k"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"45.94.31.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639158/; classtype:trojan-activity;sid:84502258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639159)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/cr.sh"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639159/; classtype:trojan-activity;sid:84502259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639160)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/toto.sh"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639160/; classtype:trojan-activity;sid:84502260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639161)"; flow:established,from_client; content:"GET"; http_method; content:"/myfuckingbins/labello.sh4"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"45.94.31.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639161/; classtype:trojan-activity;sid:84502261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639126)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/unhanaaw.sh4"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639126/; classtype:trojan-activity;sid:84502226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639127)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639127/; classtype:trojan-activity;sid:84502227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639128)"; flow:established,from_client; content:"GET"; http_method; content:"/boatnet.m68k"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639128/; classtype:trojan-activity;sid:84502228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639129)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm6"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639129/; classtype:trojan-activity;sid:84502229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639130)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/unhanaaw.x86_64"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639130/; classtype:trojan-activity;sid:84502230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639131)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639131/; classtype:trojan-activity;sid:84502231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639132)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm7"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639132/; classtype:trojan-activity;sid:84502232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639133)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/unhanaaw.mips"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639133/; classtype:trojan-activity;sid:84502233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639134)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/wget2.sh"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639134/; classtype:trojan-activity;sid:84502234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639135)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639135/; classtype:trojan-activity;sid:84502235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639136)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/unhanaaw.ppc"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639136/; classtype:trojan-activity;sid:84502236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639137)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/unhanaaw.arm7"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639137/; classtype:trojan-activity;sid:84502237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639138)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639138/; classtype:trojan-activity;sid:84502238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639139)"; flow:established,from_client; content:"GET"; http_method; content:"/boatnet.spc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639139/; classtype:trojan-activity;sid:84502239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639140)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/unhanaaw.arm5"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639140/; classtype:trojan-activity;sid:84502240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639141)"; flow:established,from_client; content:"GET"; http_method; content:"/boatnet.arm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639141/; classtype:trojan-activity;sid:84502241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639142)"; flow:established,from_client; content:"GET"; http_method; content:"/hik.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639142/; classtype:trojan-activity;sid:84502242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639143)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/unhanaaw.arm6"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639143/; classtype:trojan-activity;sid:84502243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639144)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/unhanaaw.mips"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639144/; classtype:trojan-activity;sid:84502244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639145)"; flow:established,from_client; content:"GET"; http_method; content:"/boatnet.arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639145/; classtype:trojan-activity;sid:84502245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639146)"; flow:established,from_client; content:"GET"; http_method; content:"/w2.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639146/; classtype:trojan-activity;sid:84502246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639147)"; flow:established,from_client; content:"GET"; http_method; content:"/boatnet.x86_64"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639147/; classtype:trojan-activity;sid:84502247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639148)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/zyxel.sh"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639148/; classtype:trojan-activity;sid:84502248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639149)"; flow:established,from_client; content:"GET"; http_method; content:"/myfuckingbins/labello.spc"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"45.94.31.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639149/; classtype:trojan-activity;sid:84502249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639150)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/wget.sh"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639150/; classtype:trojan-activity;sid:84502250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639151)"; flow:established,from_client; content:"GET"; http_method; content:"/myfuckingbins/labello.ppc"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"45.94.31.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639151/; classtype:trojan-activity;sid:84502251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639152)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639152/; classtype:trojan-activity;sid:84502252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639153)"; flow:established,from_client; content:"GET"; http_method; content:"/myfuckingbins/labello.mpsl"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"45.94.31.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639153/; classtype:trojan-activity;sid:84502253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639154)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/w.sh"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639154/; classtype:trojan-activity;sid:84502254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639155)"; flow:established,from_client; content:"GET"; http_method; content:"/zyxel.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639155/; classtype:trojan-activity;sid:84502255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639156)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/hik.sh"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639156/; classtype:trojan-activity;sid:84502256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639122)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/boatnet.x86"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639122/; classtype:trojan-activity;sid:84502222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639123)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/boatnet.arm7"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639123/; classtype:trojan-activity;sid:84502223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639124)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/boatnet.arm"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639124/; classtype:trojan-activity;sid:84502224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639125)"; flow:established,from_client; content:"GET"; http_method; content:"/boatnet.arm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639125/; classtype:trojan-activity;sid:84502225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639121)"; flow:established,from_client; content:"GET"; http_method; content:"/r1maodjvylccq3kd8e7cipxu4277"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"assets-v2.circle.so"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639121/; classtype:trojan-activity;sid:84502221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639111)"; flow:established,from_client; content:"GET"; http_method; content:"/myfuckingbins/debug"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.94.31.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639111/; classtype:trojan-activity;sid:84502211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639112)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.94.31.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639112/; classtype:trojan-activity;sid:84502212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639113)"; flow:established,from_client; content:"GET"; http_method; content:"/myfuckingbins/labello.arm7"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"45.94.31.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639113/; classtype:trojan-activity;sid:84502213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639114)"; flow:established,from_client; content:"GET"; http_method; content:"/myfuckingbins/labello.arm5"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"45.94.31.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639114/; classtype:trojan-activity;sid:84502214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639115)"; flow:established,from_client; content:"GET"; http_method; content:"/myfuckingbins/labello.i686"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"45.94.31.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639115/; classtype:trojan-activity;sid:84502215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639116)"; flow:established,from_client; content:"GET"; http_method; content:"/myfuckingbins/labello.arc"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"45.94.31.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639116/; classtype:trojan-activity;sid:84502216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639117)"; flow:established,from_client; content:"GET"; http_method; content:"/myfuckingbins/labello.arm"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"45.94.31.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639117/; classtype:trojan-activity;sid:84502217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639118)"; flow:established,from_client; content:"GET"; http_method; content:"/myfuckingbins/labello.arm6"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"45.94.31.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639118/; classtype:trojan-activity;sid:84502218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639119)"; flow:established,from_client; content:"GET"; http_method; content:"/myfuckingbins/labello.x86_64"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"45.94.31.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639119/; classtype:trojan-activity;sid:84502219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639120)"; flow:established,from_client; content:"GET"; http_method; content:"/myfuckingbins/labello.mips"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"45.94.31.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639120/; classtype:trojan-activity;sid:84502220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639110)"; flow:established,from_client; content:"GET"; http_method; content:"/87rh1c6/mggstfefmxt/output.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"api.chimera-hosting.zip"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639110/; classtype:trojan-activity;sid:84502210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639109)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7369393261/yfjbkwl.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639109/; classtype:trojan-activity;sid:84502209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639107)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.118.28.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639107/; classtype:trojan-activity;sid:84502207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639108)"; flow:established,from_client; content:"GET"; http_method; content:"/87rh1c6/qgwafgdivpcospsap/violetclient3335_protected.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"api.chimera-hosting.zip"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639108/; classtype:trojan-activity;sid:84502208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639106)"; flow:established,from_client; content:"GET"; http_method; content:"/0d.google|3f|t=s51o1er8"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"mk.hasefa.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639106/; classtype:trojan-activity;sid:84502206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639105)"; flow:established,from_client; content:"GET"; http_method; content:"/36mmrh35k6.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"qm9.l6r7e.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639105/; classtype:trojan-activity;sid:84502205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639104)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.199.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639104/; classtype:trojan-activity;sid:84502204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639103)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.188.135.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639103/; classtype:trojan-activity;sid:84502203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639101)"; flow:established,from_client; content:"GET"; http_method; content:"/87rh1c6/shnwrhuxrvua/gadget.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"api.chimera-hosting.zip"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639101/; classtype:trojan-activity;sid:84502201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639102)"; flow:established,from_client; content:"GET"; http_method; content:"/87rh1c6/ehuytzsddnpg/winrar64unlocked.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"api.chimera-hosting.zip"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639102/; classtype:trojan-activity;sid:84502202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639100)"; flow:established,from_client; content:"GET"; http_method; content:"/bbw"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"109.205.213.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639100/; classtype:trojan-activity;sid:84502200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639098)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7541447895/uxymbx4.bat"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639098/; classtype:trojan-activity;sid:84502198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639099)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7541447895/2c5fak7.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639099/; classtype:trojan-activity;sid:84502199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639096)"; flow:established,from_client; content:"GET"; http_method; content:"/87rh1c6/ccmitjosechdyjhb/ofmle1k.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"api.chimera-hosting.zip"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639096/; classtype:trojan-activity;sid:84502196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639097)"; flow:established,from_client; content:"GET"; http_method; content:"/qudette/2wcwjxtg2340akf/releases/download/notmainrepo/setup.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639097/; classtype:trojan-activity;sid:84502197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639095)"; flow:established,from_client; content:"GET"; http_method; content:"/87rh1c6/xgapxncnvtxyt/ebolajr.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"api.chimera-hosting.zip"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639095/; classtype:trojan-activity;sid:84502195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639091)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1934975057/xad9yfd.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639091/; classtype:trojan-activity;sid:84502191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639092)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6849343518/icqo22n.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639092/; classtype:trojan-activity;sid:84502192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639093)"; flow:established,from_client; content:"GET"; http_method; content:"/overdrive01/bebrapack/releases/download/stealersuper/cheat.exe"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639093/; classtype:trojan-activity;sid:84502193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639094)"; flow:established,from_client; content:"GET"; http_method; content:"/87rh1c6/runnceitrkebc/tafwy.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"api.chimera-hosting.zip"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639094/; classtype:trojan-activity;sid:84502194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639089)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6849343518/ira9wpm.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639089/; classtype:trojan-activity;sid:84502189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639090)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5506561027/w6fdlib.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639090/; classtype:trojan-activity;sid:84502190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639088)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.127.186.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639088/; classtype:trojan-activity;sid:84502188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639087)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.248.83.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639087/; classtype:trojan-activity;sid:84502187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639086)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.188.135.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639086/; classtype:trojan-activity;sid:84502186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639085)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.127.186.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639085/; classtype:trojan-activity;sid:84502185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.162.60.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639084/; classtype:trojan-activity;sid:84502184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639083)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.91.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639083/; classtype:trojan-activity;sid:84502183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639082)"; flow:established,from_client; content:"GET"; http_method; content:"/1vq.check|3f|t=ryo0ovgw"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"z4.hasefa.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639082/; classtype:trojan-activity;sid:84502182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639081)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.238.29.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639081/; classtype:trojan-activity;sid:84502181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639079)"; flow:established,from_client; content:"GET"; http_method; content:"/jfrxxdebri.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.l6r7e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639079/; classtype:trojan-activity;sid:84502179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639080)"; flow:established,from_client; content:"GET"; http_method; content:"/1vq.check|3f|t=nyd0ncok"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"z4.hasefa.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639080/; classtype:trojan-activity;sid:84502180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639078)"; flow:established,from_client; content:"GET"; http_method; content:"/lx9vpx2qnc.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"h1.o-92h.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639078/; classtype:trojan-activity;sid:84502178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639077)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.248.83.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639077/; classtype:trojan-activity;sid:84502177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639076)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.199.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639076/; classtype:trojan-activity;sid:84502176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639075)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.162.60.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639075/; classtype:trojan-activity;sid:84502175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639074)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.34.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639074/; classtype:trojan-activity;sid:84502174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639073)"; flow:established,from_client; content:"GET"; http_method; content:"/qg43kpk0dg.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"h.l6r7e.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639073/; classtype:trojan-activity;sid:84502173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639072)"; flow:established,from_client; content:"GET"; http_method; content:"/k3.google|3f|t=382eweom"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"e.hasefa.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639072/; classtype:trojan-activity;sid:84502172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639071)"; flow:established,from_client; content:"GET"; http_method; content:"/sdfqbil6el.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pz8.o-92h.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639071/; classtype:trojan-activity;sid:84502171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639070)"; flow:established,from_client; content:"GET"; http_method; content:"/k3.google|3f|t=rugn0xgm"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"e.hasefa.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639070/; classtype:trojan-activity;sid:84502170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639069)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.175.16.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639069/; classtype:trojan-activity;sid:84502169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639068)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.91.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639068/; classtype:trojan-activity;sid:84502168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639067)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.7.163"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639067/; classtype:trojan-activity;sid:84502167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639066)"; flow:established,from_client; content:"GET"; http_method; content:"/w41.google|3f|t=ck6tzpqq"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"m2n.qylyxi.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639066/; classtype:trojan-activity;sid:84502166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639065)"; flow:established,from_client; content:"GET"; http_method; content:"/c734tpbyvp.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"w4.o-92h.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639065/; classtype:trojan-activity;sid:84502165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639064)"; flow:established,from_client; content:"GET"; http_method; content:"/xxgvnzczwb.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"zd.m3j8e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639064/; classtype:trojan-activity;sid:84502164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639063)"; flow:established,from_client; content:"GET"; http_method; content:"/w41.google|3f|t=civ5hcqo"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"m2n.qylyxi.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639063/; classtype:trojan-activity;sid:84502163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639062)"; flow:established,from_client; content:"GET"; http_method; content:"/mberq5gfw0.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"w4.o-92h.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639062/; classtype:trojan-activity;sid:84502162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639061)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.29.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639061/; classtype:trojan-activity;sid:84502161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639060)"; flow:established,from_client; content:"GET"; http_method; content:"/7t.check|3f|t=y0aasteg"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"hv.qylyxi.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639060/; classtype:trojan-activity;sid:84502160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639059)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639059/; classtype:trojan-activity;sid:84502159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639058)"; flow:established,from_client; content:"GET"; http_method; content:"/87rh1c6/fnabrtcbpnlnm/muuko%e2%80%aesbv..exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"api.chimera-hosting.zip"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639058/; classtype:trojan-activity;sid:84502158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639056)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8244811668/kdlebyo.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639056/; classtype:trojan-activity;sid:84502156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639057)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6875802221/fkr5f0o.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639057/; classtype:trojan-activity;sid:84502157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639055)"; flow:established,from_client; content:"GET"; http_method; content:"/87rh1c6/mrxjyhidfghoxy/winrar64.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"api.chimera-hosting.zip"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639055/; classtype:trojan-activity;sid:84502155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639054)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6560547276/ewi0yzb.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639054/; classtype:trojan-activity;sid:84502154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639052)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7044575709/rgol2g3.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639052/; classtype:trojan-activity;sid:84502152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639053)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8350398681/rwvxzej.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639053/; classtype:trojan-activity;sid:84502153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639051)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.112.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639051/; classtype:trojan-activity;sid:84502151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639050)"; flow:established,from_client; content:"GET"; http_method; content:"/ab0.google|3f|t=eaeg9vs8"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"x9.qylyxi.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639050/; classtype:trojan-activity;sid:84502150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639049)"; flow:established,from_client; content:"GET"; http_method; content:"/8qr8gsklia.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"d.o-92h.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639049/; classtype:trojan-activity;sid:84502149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639048)"; flow:established,from_client; content:"GET"; http_method; content:"/ab0.google|3f|t=0hfqzr0y"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"x9.qylyxi.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639048/; classtype:trojan-activity;sid:84502148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639047)"; flow:established,from_client; content:"GET"; http_method; content:"/92w8vgxh44.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"r2.m3j8e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639047/; classtype:trojan-activity;sid:84502147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639046)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.203.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639046/; classtype:trojan-activity;sid:84502146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639045)"; flow:established,from_client; content:"GET"; http_method; content:"/vq2.check|3f|t=i8f44g82"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"t.qylyxi.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639045/; classtype:trojan-activity;sid:84502145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639044)"; flow:established,from_client; content:"GET"; http_method; content:"/aaw9e5qlzy.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"d.o-92h.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639044/; classtype:trojan-activity;sid:84502144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639043)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.129.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639043/; classtype:trojan-activity;sid:84502143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639042)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.7.163"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639042/; classtype:trojan-activity;sid:84502142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639041)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.94.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639041/; classtype:trojan-activity;sid:84502141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639040)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.137.130.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639040/; classtype:trojan-activity;sid:84502140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639039)"; flow:established,from_client; content:"GET"; http_method; content:"/9b2b7b4m82.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"r2.m3j8e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639039/; classtype:trojan-activity;sid:84502139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639038)"; flow:established,from_client; content:"GET"; http_method; content:"/1m.google|3f|t=60h422xp"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"zp.qylyxi.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639038/; classtype:trojan-activity;sid:84502138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639037)"; flow:established,from_client; content:"GET"; http_method; content:"/v1uh2rzw0o.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"hm.a-84l.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639037/; classtype:trojan-activity;sid:84502137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639036)"; flow:established,from_client; content:"GET"; http_method; content:"/1m.google|3f|t=4h8sd7iq"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"zp.qylyxi.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639036/; classtype:trojan-activity;sid:84502136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639035)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639035/; classtype:trojan-activity;sid:84502135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639032)"; flow:established,from_client; content:"GET"; http_method; content:"/0kz.check|3f|t=3jf9llhf"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"n3.qylyxi.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639032/; classtype:trojan-activity;sid:84502132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639033)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.22.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639033/; classtype:trojan-activity;sid:84502133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639034)"; flow:established,from_client; content:"GET"; http_method; content:"/hisykqvxm8.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"hm.a-84l.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639034/; classtype:trojan-activity;sid:84502134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639031)"; flow:established,from_client; content:"GET"; http_method; content:"/0kz.check|3f|t=wvlgzqvw"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"n3.qylyxi.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639031/; classtype:trojan-activity;sid:84502131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639030)"; flow:established,from_client; content:"GET"; http_method; content:"/l6x9v11vfv.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"n.m3j8e.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639030/; classtype:trojan-activity;sid:84502130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639029)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.98.249.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639029/; classtype:trojan-activity;sid:84502129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639028)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.129.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639028/; classtype:trojan-activity;sid:84502128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639027)"; flow:established,from_client; content:"GET"; http_method; content:"/r8.google|3f|t=395wkh7h"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"a.qylyxi.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639027/; classtype:trojan-activity;sid:84502127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639026)"; flow:established,from_client; content:"GET"; http_method; content:"/p8fjfsugn0.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t1.a-84l.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639026/; classtype:trojan-activity;sid:84502126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639025)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.142.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639025/; classtype:trojan-activity;sid:84502125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639024)"; flow:established,from_client; content:"GET"; http_method; content:"/0tralmrxa7.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"n.m3j8e.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639024/; classtype:trojan-activity;sid:84502124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639023)"; flow:established,from_client; content:"GET"; http_method; content:"/r8.google|3f|t=u200332a"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"a.qylyxi.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639023/; classtype:trojan-activity;sid:84502123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639022)"; flow:established,from_client; content:"GET"; http_method; content:"/4pujykbc5r.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"wq9.m3j8e.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639022/; classtype:trojan-activity;sid:84502122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639021)"; flow:established,from_client; content:"GET"; http_method; content:"/ca.google|3f|t=tos6yn7i"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"xo.prli-1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639021/; classtype:trojan-activity;sid:84502121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639020)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.6.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639020/; classtype:trojan-activity;sid:84502120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639018)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.61.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639018/; classtype:trojan-activity;sid:84502118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639019)"; flow:established,from_client; content:"GET"; http_method; content:"/3m5tk7v5x7.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t1.a-84l.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639019/; classtype:trojan-activity;sid:84502119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639017)"; flow:established,from_client; content:"GET"; http_method; content:"/ca.google|3f|t=07wxohv2"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"xo.prli-1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639017/; classtype:trojan-activity;sid:84502117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639016)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.130.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639016/; classtype:trojan-activity;sid:84502116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639015)"; flow:established,from_client; content:"GET"; http_method; content:"/pyny8t9rrw.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"wq9.m3j8e.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639015/; classtype:trojan-activity;sid:84502115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639014)"; flow:established,from_client; content:"GET"; http_method; content:"/78.google|3f|t=11lpphl8"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ch.kmbo6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639014/; classtype:trojan-activity;sid:84502114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639013)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.184.46.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639013/; classtype:trojan-activity;sid:84502113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639012)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.22.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639012/; classtype:trojan-activity;sid:84502112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639011)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.97.113.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639011/; classtype:trojan-activity;sid:84502111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639010)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.4.24.226"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639010/; classtype:trojan-activity;sid:84502110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639009)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.249.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639009/; classtype:trojan-activity;sid:84502109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639006)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.189.141.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639006/; classtype:trojan-activity;sid:84502106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639007)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.148.6.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639007/; classtype:trojan-activity;sid:84502107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639008)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639008/; classtype:trojan-activity;sid:84502108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639005)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639005/; classtype:trojan-activity;sid:84502105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639004)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.184.46.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639004/; classtype:trojan-activity;sid:84502104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639003)"; flow:established,from_client; content:"GET"; http_method; content:"/8q06g19h4a.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qz9.a-84l.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639003/; classtype:trojan-activity;sid:84502103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639002)"; flow:established,from_client; content:"GET"; http_method; content:"/ion.check|3f|t=7jvexf4q"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"by.kmbo6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639002/; classtype:trojan-activity;sid:84502102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639001)"; flow:established,from_client; content:"GET"; http_method; content:"/wzhgatdphu.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"c7.m3j8e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639001/; classtype:trojan-activity;sid:84502101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639000)"; flow:established,from_client; content:"GET"; http_method; content:"/ion.check|3f|t=ltptcsqg"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"by.kmbo6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639000/; classtype:trojan-activity;sid:84502100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638999)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.246.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638999/; classtype:trojan-activity;sid:84502099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638998)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.140.172.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638998/; classtype:trojan-activity;sid:84502098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638997)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.232.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638997/; classtype:trojan-activity;sid:84502097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638996)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.99.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638996/; classtype:trojan-activity;sid:84502096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638995)"; flow:established,from_client; content:"GET"; http_method; content:"/4hgrxuc8h6.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2.a-84l.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638995/; classtype:trojan-activity;sid:84502095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638994)"; flow:established,from_client; content:"GET"; http_method; content:"/uw.check|3f|t=sr3glemu"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"bo.kmbo6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638994/; classtype:trojan-activity;sid:84502094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638992)"; flow:established,from_client; content:"GET"; http_method; content:"/uw.check|3f|t=s0e4qrrg"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"bo.kmbo6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638992/; classtype:trojan-activity;sid:84502092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638993)"; flow:established,from_client; content:"GET"; http_method; content:"/s9koiwhll8.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"k9.j8k2a.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638993/; classtype:trojan-activity;sid:84502093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638991)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.140.172.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638991/; classtype:trojan-activity;sid:84502091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638990)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.99.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638990/; classtype:trojan-activity;sid:84502090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638989)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.246.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638989/; classtype:trojan-activity;sid:84502089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638988)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.232.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638988/; classtype:trojan-activity;sid:84502088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.247.88.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638986/; classtype:trojan-activity;sid:84502086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638987)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.32.41.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638987/; classtype:trojan-activity;sid:84502087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638976)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.32.41.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638976/; classtype:trojan-activity;sid:84502076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638977)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.32.41.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638977/; classtype:trojan-activity;sid:84502077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638978)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"89.32.41.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638978/; classtype:trojan-activity;sid:84502078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638979)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"89.32.41.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638979/; classtype:trojan-activity;sid:84502079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638980)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"89.32.41.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638980/; classtype:trojan-activity;sid:84502080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638981)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.32.41.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638981/; classtype:trojan-activity;sid:84502081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638982)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"89.32.41.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638982/; classtype:trojan-activity;sid:84502082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638983)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.32.41.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638983/; classtype:trojan-activity;sid:84502083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638984)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.32.41.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638984/; classtype:trojan-activity;sid:84502084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638985)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"89.32.41.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638985/; classtype:trojan-activity;sid:84502085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638975)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.154.35.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638975/; classtype:trojan-activity;sid:84502075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638974)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.54.253.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638974/; classtype:trojan-activity;sid:84502074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638973)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.175.16.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638973/; classtype:trojan-activity;sid:84502073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638972)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.5.95.170"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638972/; classtype:trojan-activity;sid:84502072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638971)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.156.178.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638971/; classtype:trojan-activity;sid:84502071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638970)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.183.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638970/; classtype:trojan-activity;sid:84502070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638969)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.247.88.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638969/; classtype:trojan-activity;sid:84502069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638968)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.35.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638968/; classtype:trojan-activity;sid:84502068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638967)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.107.18.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638967/; classtype:trojan-activity;sid:84502067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638966)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.85.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638966/; classtype:trojan-activity;sid:84502066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638965)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.109.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638965/; classtype:trojan-activity;sid:84502065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638964)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.13.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638964/; classtype:trojan-activity;sid:84502064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638963)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638963/; classtype:trojan-activity;sid:84502063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638961)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.109.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638961/; classtype:trojan-activity;sid:84502061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638962)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.152.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638962/; classtype:trojan-activity;sid:84502062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638960)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.7.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638960/; classtype:trojan-activity;sid:84502060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638959)"; flow:established,from_client; content:"GET"; http_method; content:"/0oc2vlivnb.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k.a-84l.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638959/; classtype:trojan-activity;sid:84502059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638958)"; flow:established,from_client; content:"GET"; http_method; content:"/wv3.check|3f|t=2950iyob"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"bi.kmbo6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638958/; classtype:trojan-activity;sid:84502058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638956)"; flow:established,from_client; content:"GET"; http_method; content:"/wv3.check|3f|t=my2p8knp"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"bi.kmbo6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638956/; classtype:trojan-activity;sid:84502056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638957)"; flow:established,from_client; content:"GET"; http_method; content:"/icqjcjy0nc.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"m7.j8k2a.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638957/; classtype:trojan-activity;sid:84502057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638955)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.101.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638955/; classtype:trojan-activity;sid:84502055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638954)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.183.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638954/; classtype:trojan-activity;sid:84502054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638953)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.74.33.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638953/; classtype:trojan-activity;sid:84502053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638952)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.107.18.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638952/; classtype:trojan-activity;sid:84502052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638951)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.85.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638951/; classtype:trojan-activity;sid:84502051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638950)"; flow:established,from_client; content:"GET"; http_method; content:"/w7iaimeyzd.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m6.f-57e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638950/; classtype:trojan-activity;sid:84502050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638949)"; flow:established,from_client; content:"GET"; http_method; content:"/g61.google|3f|t=hdos2job"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"be.kmbo6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638949/; classtype:trojan-activity;sid:84502049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638948)"; flow:established,from_client; content:"GET"; http_method; content:"/rz1yzb0tg3.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"m7.j8k2a.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638948/; classtype:trojan-activity;sid:84502048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638947)"; flow:established,from_client; content:"GET"; http_method; content:"/g61.google|3f|t=qibnp2c9"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"be.kmbo6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638947/; classtype:trojan-activity;sid:84502047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638946)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.222.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638946/; classtype:trojan-activity;sid:84502046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638945)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638945/; classtype:trojan-activity;sid:84502045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638944)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.152.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638944/; classtype:trojan-activity;sid:84502044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638943)"; flow:established,from_client; content:"GET"; http_method; content:"/dkeepffylw.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"tq1.j8k2a.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638943/; classtype:trojan-activity;sid:84502043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638942)"; flow:established,from_client; content:"GET"; http_method; content:"/ea.google|3f|t=8r2769cc"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"aj.pgka-9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638942/; classtype:trojan-activity;sid:84502042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638941)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.177.107.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638941/; classtype:trojan-activity;sid:84502041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638940)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.201.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638940/; classtype:trojan-activity;sid:84502040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638939)"; flow:established,from_client; content:"GET"; http_method; content:"/yucadad8df.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t1.f-57e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638939/; classtype:trojan-activity;sid:84502039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638938)"; flow:established,from_client; content:"GET"; http_method; content:"/ea.google|3f|t=g5z8x5o0"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"aj.pgka-9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638938/; classtype:trojan-activity;sid:84502038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638937)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.242.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638937/; classtype:trojan-activity;sid:84502037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638936)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.19.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638936/; classtype:trojan-activity;sid:84502036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638935)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.50.148.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638935/; classtype:trojan-activity;sid:84502035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638934)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.160.35.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638934/; classtype:trojan-activity;sid:84502034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638933)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.206.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638933/; classtype:trojan-activity;sid:84502033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638931)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.33.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638931/; classtype:trojan-activity;sid:84502031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638932)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.239.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638932/; classtype:trojan-activity;sid:84502032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638929)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.138.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638929/; classtype:trojan-activity;sid:84502029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638930)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.19.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638930/; classtype:trojan-activity;sid:84502030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638928)"; flow:established,from_client; content:"GET"; http_method; content:"/44n51oqm1r.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qz9.f-57e.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638928/; classtype:trojan-activity;sid:84502028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638927)"; flow:established,from_client; content:"GET"; http_method; content:"/5o.google|3f|t=9a1qp3td"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"af.pgka-9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638927/; classtype:trojan-activity;sid:84502027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638926)"; flow:established,from_client; content:"GET"; http_method; content:"/5o.google|3f|t=fr6o1wsy"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"af.pgka-9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638926/; classtype:trojan-activity;sid:84502026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638925)"; flow:established,from_client; content:"GET"; http_method; content:"/yzf4xdqvqz.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"b2.j8k2a.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638925/; classtype:trojan-activity;sid:84502025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638924)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.50.148.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638924/; classtype:trojan-activity;sid:84502024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638923)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.180.76.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638923/; classtype:trojan-activity;sid:84502023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638922)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.237.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638922/; classtype:trojan-activity;sid:84502022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638921)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.101.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638921/; classtype:trojan-activity;sid:84502021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638920)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.127.227.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638920/; classtype:trojan-activity;sid:84502020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638919)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.116.235.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638919/; classtype:trojan-activity;sid:84502019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638918)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.138.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638918/; classtype:trojan-activity;sid:84502018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638917)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.13.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638917/; classtype:trojan-activity;sid:84502017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638916)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.237.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638916/; classtype:trojan-activity;sid:84502016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638915)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.252.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638915/; classtype:trojan-activity;sid:84502015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638914)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.192.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638914/; classtype:trojan-activity;sid:84502014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638913)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.127.227.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638913/; classtype:trojan-activity;sid:84502013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638912)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.206.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638912/; classtype:trojan-activity;sid:84502012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638911)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.208.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638911/; classtype:trojan-activity;sid:84502011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638910)"; flow:established,from_client; content:"GET"; http_method; content:"/wfpjglpbeb.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2.f-57e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638910/; classtype:trojan-activity;sid:84502010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638909)"; flow:established,from_client; content:"GET"; http_method; content:"/z52jqg79u7.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"x.j8k2a.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638909/; classtype:trojan-activity;sid:84502009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638907)"; flow:established,from_client; content:"GET"; http_method; content:"/xmc.google|3f|t=212q7wdl"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ac.pgka-9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638907/; classtype:trojan-activity;sid:84502007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638908)"; flow:established,from_client; content:"GET"; http_method; content:"/xmc.google|3f|t=awoz88hp"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ac.pgka-9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638908/; classtype:trojan-activity;sid:84502008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638906)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/github/rpcv-goss-automation/src/main/resources/scripts/reportparsing/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638906/; classtype:trojan-activity;sid:84502006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638904)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/heather/heather/heather-pc/data/c/users/heather/music/itunes/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638904/; classtype:trojan-activity;sid:84502004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638905)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638905/; classtype:trojan-activity;sid:84502005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638903)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/github/rpc-vmware/doc/rpc-vmware-customer-handbook/mbu/getting-started/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638903/; classtype:trojan-activity;sid:84502003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638901)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/clx-3170/scan/32/64bit/data/vecp/win64/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638901/; classtype:trojan-activity;sid:84502001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638902)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/heather/heather/heather-pc/data/c/users/heather/pictures/kodak_pics/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638902/; classtype:trojan-activity;sid:84502002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638899)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/desktop-m5lpjci/data/%24of/6324/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638899/; classtype:trojan-activity;sid:84501999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638900)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.192.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638900/; classtype:trojan-activity;sid:84502000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638897)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/heather/heather/heather-pc/data/c/users/heather/favorites/acer/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638897/; classtype:trojan-activity;sid:84501997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638898)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/techn/laptop-bmnihgil/data/c/users/techn/onedrive/documents/saved_files/info.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638898/; classtype:trojan-activity;sid:84501998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638896)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/techn/laptop-bmnihgil/data/c/users/techn/onedrive/pictures/2018-02/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638896/; classtype:trojan-activity;sid:84501996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638895)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/github/rpcv-goss-automation/src/test/groovy/com/rackspace/vdo/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638895/; classtype:trojan-activity;sid:84501995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638893)"; flow:established,from_client; content:"GET"; http_method; content:"/xpzoiw6eeh.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"x.j8k2a.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638893/; classtype:trojan-activity;sid:84501993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638894)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/heather/heather/heather-pc/data/c/users/heather/logitech/prefs/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638894/; classtype:trojan-activity;sid:84501994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638888)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/desktop-m5lpjci/data/%24of/1385/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638888/; classtype:trojan-activity;sid:84501988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638889)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/heather/heather/heather-pc/data/c/users/heather/documents/excel/photo.scr"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638889/; classtype:trojan-activity;sid:84501989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638890)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/desktop-m5lpjci/data/%24of/6394/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638890/; classtype:trojan-activity;sid:84501990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638891)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/clx-3170/sp/application/spanel/spanel/psu/data/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638891/; classtype:trojan-activity;sid:84501991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638892)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/desktop-m5lpjci/data/%24of/6407/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638892/; classtype:trojan-activity;sid:84501992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638882)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/heather/heather/heather-pc/data/c/users/heather/logitech/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638882/; classtype:trojan-activity;sid:84501982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638883)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/techn/laptop-bmnihgil/data/c/users/techn/onedrive/documents/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638883/; classtype:trojan-activity;sid:84501983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638884)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/techn/laptop-bmnihgil/data/c/users/techn/onedrive/pictures/2017-12/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638884/; classtype:trojan-activity;sid:84501984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638885)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/github/rpcv-goss-automation/src/main/groovy/com/rackspace/vdo/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638885/; classtype:trojan-activity;sid:84501985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638886)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/heather/heather/heather-pc/data/c/users/heather/contacts/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638886/; classtype:trojan-activity;sid:84501986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638887)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/heather/heather/heather-pc/data/c/users/heather/iclouddrive/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638887/; classtype:trojan-activity;sid:84501987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638880)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/heather/heather/heather-pc/data/c/users/heather/pictures/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638880/; classtype:trojan-activity;sid:84501980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638881)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/techn/laptop-bmnihgil/data/c/users/techn/onedrive/pictures/2018-01/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638881/; classtype:trojan-activity;sid:84501981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638876)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/heather/heather/heather-pc/data/c/users/heather/logitech/monitor/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638876/; classtype:trojan-activity;sid:84501976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638877)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/heather/heather/heather-pc/data/c/users/heather/onedrive/documents/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638877/; classtype:trojan-activity;sid:84501977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638878)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/github/rpc-vmware/doc/rpc-vmware-customer-handbook/vsan/getting-started/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638878/; classtype:trojan-activity;sid:84501978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638879)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/heather/heather/heather-pc/data/c/users/heather/dropbox/info.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638879/; classtype:trojan-activity;sid:84501979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638874)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/desktop-m5lpjci/data/%24of/2841/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638874/; classtype:trojan-activity;sid:84501974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638875)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/heather/heather/heather-pc/data/c/users/public/music/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638875/; classtype:trojan-activity;sid:84501975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638871)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.221.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638871/; classtype:trojan-activity;sid:84501971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638872)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/github/rpcv-goss-automation/src/main/resources/scripts/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638872/; classtype:trojan-activity;sid:84501972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638873)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/heather/heather/heather-pc/data/c/users/heather/favorites/links/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638873/; classtype:trojan-activity;sid:84501973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638869)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/desktop-m5lpjci/data/%24of/6391/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638869/; classtype:trojan-activity;sid:84501969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638870)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/techn/laptop-bmnihgil/data/c/users/techn/documents/flvs/ditcollab/photo.scr"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638870/; classtype:trojan-activity;sid:84501970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638867)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/desktop-m5lpjci/data/c/users/ken_l/onedrive/documents/financial/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638867/; classtype:trojan-activity;sid:84501967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638868)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/desktop-m5lpjci/data/c/users/ken_l/onedrive/documents/onenote/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638868/; classtype:trojan-activity;sid:84501968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638865)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/desktop-m5lpjci/data/%24of/6312/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638865/; classtype:trojan-activity;sid:84501965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638866)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/heather/heather/heather-pc/data/c/users/heather/onedrive/pictures/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638866/; classtype:trojan-activity;sid:84501966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638858)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/clx-3170/scan/32/64bit/application/scanmanager/scanmgr/info.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638858/; classtype:trojan-activity;sid:84501958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638859)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/desktop-m5lpjci/data/%24of/318/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638859/; classtype:trojan-activity;sid:84501959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638860)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/clx-3170/scan/32/64bit/data/vecp/vista_64/info.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638860/; classtype:trojan-activity;sid:84501960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638861)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/heather/heather/heather-pc/data/c/users/heather/documents/type2learn/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638861/; classtype:trojan-activity;sid:84501961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638862)"; flow:established,from_client; content:"GET"; http_method; content:"/8n.google|3f|t=jgk3qamo"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"zy.pgka-9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638862/; classtype:trojan-activity;sid:84501962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638863)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/heather/heather/heather-pc/data/c/users/heather/desktop/info.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638863/; classtype:trojan-activity;sid:84501963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638864)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/heather/heather/heather-pc/data/c/users/heather/documents/samsunguniversalprintdriver/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638864/; classtype:trojan-activity;sid:84501964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638854)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/clx-3170/sp/application/spanel/spanel/psu/shared/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638854/; classtype:trojan-activity;sid:84501954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638855)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/heather/heather/heather-pc/data/c/users/heather/music/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638855/; classtype:trojan-activity;sid:84501955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638856)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/ken_l/laptop-ldebsi5h/data/c/users/ken_l/favorites/links/news/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638856/; classtype:trojan-activity;sid:84501956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638857)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/heather/heather/heather-pc/data/c/users/heather/searches/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638857/; classtype:trojan-activity;sid:84501957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638849)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/desktop-m5lpjci/data/%24of/6377/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638849/; classtype:trojan-activity;sid:84501949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638850)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/heather/heather/heather-pc/data/c/users/heather/documents/samsunguniversalprintdriver/printer/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638850/; classtype:trojan-activity;sid:84501950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638851)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/heather/heather/heather-pc/data/c/users/heather/logitech/photo.scr"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638851/; classtype:trojan-activity;sid:84501951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638852)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/desktop-m5lpjci/data/%24of/6401/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638852/; classtype:trojan-activity;sid:84501952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638853)"; flow:established,from_client; content:"GET"; http_method; content:"/0m6cb48tt9.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k.f-57e.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638853/; classtype:trojan-activity;sid:84501953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638847)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/github/rpc-vmware/doc/rpc-vmware-customer-handbook/vro/getting-started/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638847/; classtype:trojan-activity;sid:84501947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638848)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/heather/heather/heather-pc/data/c/users/heather/dropbox/test/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638848/; classtype:trojan-activity;sid:84501948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638846)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/clx-3170/scan/32/64bit/application/scanmanager/sscan2io/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638846/; classtype:trojan-activity;sid:84501946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638844)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/techn/laptop-bmnihgil/data/c/users/techn/onedrive/pictures/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638844/; classtype:trojan-activity;sid:84501944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638845)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/desktop-m5lpjci/data/%24of/2839/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638845/; classtype:trojan-activity;sid:84501945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638840)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/techn/laptop-bmnihgil/data/c/users/techn/onedrive/pictures/2018-03/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638840/; classtype:trojan-activity;sid:84501940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638841)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/techn/laptop-bmnihgil/data/c/users/techn/documents/minecraft/berk/photo.scr"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638841/; classtype:trojan-activity;sid:84501941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638842)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/techn/laptop-bmnihgil/data/c/users/techn/onedrive/documents/mcedit/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638842/; classtype:trojan-activity;sid:84501942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638843)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/ken_l/laptop-ldebsi5h/data/c/users/ken_l/favorites/links/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638843/; classtype:trojan-activity;sid:84501943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638834)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/desktop-m5lpjci/data/%24of/450/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638834/; classtype:trojan-activity;sid:84501934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638835)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/heather/heather/heather-pc/data/c/users/heather/iclouddrive/f3lwyj7gm7~com~apple~mobilegarageband/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638835/; classtype:trojan-activity;sid:84501935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638836)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/desktop-m5lpjci/data/%24of/6399/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638836/; classtype:trojan-activity;sid:84501936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638837)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/heather/heather/heather-pc/data/c/users/heather/downloads/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638837/; classtype:trojan-activity;sid:84501937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638838)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/github/rpcv-goss-automation/src/main/resources/camunda/nonprodreadydiagrams/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638838/; classtype:trojan-activity;sid:84501938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638839)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/heather/heather/heather-pc/data/c/users/heather/documents/lukas/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638839/; classtype:trojan-activity;sid:84501939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638830)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/github/rpcv-goss-automation/src/test/groovy/com/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638830/; classtype:trojan-activity;sid:84501930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638831)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/desktop-m5lpjci/data/%24of/6349/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638831/; classtype:trojan-activity;sid:84501931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638832)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/clx-3170/scan/32/64bit/data/vecp/vista/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638832/; classtype:trojan-activity;sid:84501932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638833)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/desktop-m5lpjci/data/%24of/6585/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638833/; classtype:trojan-activity;sid:84501933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638829)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/github/rpcv-goss-automation/src/main/resources/camunda/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638829/; classtype:trojan-activity;sid:84501929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638826)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/desktop-m5lpjci/data/%24of/3852/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638826/; classtype:trojan-activity;sid:84501926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638827)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/heather/heather/heather-pc/data/c/users/heather/videos/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638827/; classtype:trojan-activity;sid:84501927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638828)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/desktop-m5lpjci/data/%24of/6358/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638828/; classtype:trojan-activity;sid:84501928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638825)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/desktop-m5lpjci/data/c/users/ken_l/onedrive/documents/personal/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638825/; classtype:trojan-activity;sid:84501925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638821)"; flow:established,from_client; content:"GET"; http_method; content:"/8n.google|3f|t=bikaflxm"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"zy.pgka-9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638821/; classtype:trojan-activity;sid:84501921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638822)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/heather/heather/heather-pc/data/c/users/heather/documents/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638822/; classtype:trojan-activity;sid:84501922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638823)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/github/rpcv-goss-automation/src/test/groovy/com/rackspace/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638823/; classtype:trojan-activity;sid:84501923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638824)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/github/rpcv-goss-automation/src/main/groovy/com/rackspace/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638824/; classtype:trojan-activity;sid:84501924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638815)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/heather/heather/heather-pc/data/c/users/public/pictures/info.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638815/; classtype:trojan-activity;sid:84501915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638816)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/heather/heather/heather-pc/data/c/users/heather/documents/samsunguniversalprintdriver/data/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638816/; classtype:trojan-activity;sid:84501916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638817)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/clx-3170/sp/application/spanel/spanel/psu/shared64/info.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638817/; classtype:trojan-activity;sid:84501917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638818)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/heather/heather/heather-pc/data/c/users/heather/favorites/links%20for%20united%20states/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638818/; classtype:trojan-activity;sid:84501918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638819)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/github/rpc-vmware/doc/rpc-vmware-customer-handbook/nsx/getting-started/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638819/; classtype:trojan-activity;sid:84501919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638820)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/techn/laptop-bmnihgil/data/c/users/techn/onedrive/pictures/2017-10/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638820/; classtype:trojan-activity;sid:84501920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638814)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/heather/heather/heather-pc/data/c/users/public/documents/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638814/; classtype:trojan-activity;sid:84501914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638807)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/heather/heather/heather-pc/data/c/users/heather/onedrive/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638807/; classtype:trojan-activity;sid:84501907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638808)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/ken_l/laptop-ldebsi5h/data/c/users/ken_l/favorites/links/popular/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638808/; classtype:trojan-activity;sid:84501908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638809)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/ken_l/laptop-ldebsi5h/data/c/users/ken_l/favorites/acer/info.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638809/; classtype:trojan-activity;sid:84501909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638810)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/heather/heather/heather-pc/data/c/users/public/videos/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638810/; classtype:trojan-activity;sid:84501910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638811)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/github/rpc-vmware/doc/rpc-vmware-customer-handbook/mbu/using-mbu/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638811/; classtype:trojan-activity;sid:84501911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638812)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/github/rpcv-goss-automation/src/main/groovy/com/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638812/; classtype:trojan-activity;sid:84501912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638813)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/desktop-m5lpjci/data/%24of/2850/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638813/; classtype:trojan-activity;sid:84501913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638801)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/heather/heather/heather-pc/data/c/users/heather/favorites/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638801/; classtype:trojan-activity;sid:84501901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638802)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/heather/heather/heather-pc/data/c/users/heather/logitech/prefs/photo.scr"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638802/; classtype:trojan-activity;sid:84501902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638803)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/desktop-m5lpjci/data/%24of/6335/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638803/; classtype:trojan-activity;sid:84501903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638804)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/github/rpcv-goss-automation/src/main/resources/scripts/windows/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638804/; classtype:trojan-activity;sid:84501904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638805)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/github/rpcv-goss-automation/src/main/resources/scripts/linux/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638805/; classtype:trojan-activity;sid:84501905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638806)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/heather/heather/heather-pc/data/c/users/heather/documents/excel/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638806/; classtype:trojan-activity;sid:84501906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638798)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/github/rpc-vmware/doc/vcloud-handbook/vmware-vrealize/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638798/; classtype:trojan-activity;sid:84501898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638799)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/desktop-m5lpjci/data/%24of/6290/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638799/; classtype:trojan-activity;sid:84501899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638800)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/techn/laptop-bmnihgil/data/c/users/techn/onedrive/pictures/2017-09/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638800/; classtype:trojan-activity;sid:84501900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638797)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/desktop-m5lpjci/data/c/users/ken_l/onedrive/documents/srm/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638797/; classtype:trojan-activity;sid:84501897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638795)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/heather/heather/heather-pc/data/c/users/heather/links/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638795/; classtype:trojan-activity;sid:84501895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638796)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/techn/laptop-bmnihgil/data/c/users/techn/documents/minecraft/mcedit_testing/mcver/photo.scr"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638796/; classtype:trojan-activity;sid:84501896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638794)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/heather/heather/heather-pc/data/c/users/heather/logitech/monitor/photo.scr"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638794/; classtype:trojan-activity;sid:84501894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638793)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/heather/heather/heather-pc/data/c/users/heather/documents/sunburst/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638793/; classtype:trojan-activity;sid:84501893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638792)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kaly4222%2cou=sat%2cou=accounts/20121119/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638792/; classtype:trojan-activity;sid:84501892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638791)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/ken_l/laptop-ldebsi5h/data/c/users/ken_l/searches/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638791/; classtype:trojan-activity;sid:84501891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638790)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jennifer.cueto%2cou=sat4%2cou=s/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638790/; classtype:trojan-activity;sid:84501890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638778)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/desktop-m5lpjci/data/c/users/ken_l/links/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638778/; classtype:trojan-activity;sid:84501878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638779)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/github/rpcv-goss-automation/gradle/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638779/; classtype:trojan-activity;sid:84501879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638780)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=denn4607%2cou=sat%2cou=accounts/20130304/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638780/; classtype:trojan-activity;sid:84501880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638781)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/intel10.2/apps/setup/setupbd/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638781/; classtype:trojan-activity;sid:84501881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638782)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/pictures/sorted/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638782/; classtype:trojan-activity;sid:84501882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638783)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=christina.liserio%2cou=sat%2cou/20130531/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638783/; classtype:trojan-activity;sid:84501883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638784)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=chris.woodard%2cou=sat4%2cou=su/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638784/; classtype:trojan-activity;sid:84501884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638785)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ranjit.singh%2cou=sat%2cou=acco/20130819/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638785/; classtype:trojan-activity;sid:84501885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638786)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638786/; classtype:trojan-activity;sid:84501886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638787)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/desktop-m5lpjci/data/%24of/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638787/; classtype:trojan-activity;sid:84501887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638788)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ranjit.singh%2cou=sat%2cou=acco/20131017/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638788/; classtype:trojan-activity;sid:84501888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638789)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ranjit.singh%2cou=sat%2cou=acco/20130618/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638789/; classtype:trojan-activity;sid:84501889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638774)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=alli4477%2cou=sat%2cou=accounts/20121129/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638774/; classtype:trojan-activity;sid:84501874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638775)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/github/rpcv-goss-automation/src/test/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638775/; classtype:trojan-activity;sid:84501875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638776)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=christina.liserio%2cou=sat%2cou/20131210/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638776/; classtype:trojan-activity;sid:84501876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638777)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/minecraft/worlds/lukas-1_14/data/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638777/; classtype:trojan-activity;sid:84501877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638773)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kyle4036%2cou=sat%2cou=accounts/20120808/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638773/; classtype:trojan-activity;sid:84501873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638772)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=carl5667%2cou=sat%2cou=accounts/20130123/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638772/; classtype:trojan-activity;sid:84501872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638771)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/lxk3100series/cardrdr/setupdir/0404/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638771/; classtype:trojan-activity;sid:84501871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638768)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/jdk.dynalink/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638768/; classtype:trojan-activity;sid:84501868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638769)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/java.desktop/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638769/; classtype:trojan-activity;sid:84501869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638770)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/jdk.naming.rmi/info.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638770/; classtype:trojan-activity;sid:84501870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638759)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/minitv/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638759/; classtype:trojan-activity;sid:84501859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638760)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=alli4477%2cou=sat%2cou=accounts/20121108/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638760/; classtype:trojan-activity;sid:84501860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638761)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jame4328%2cou=sat%2cou=accounts/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638761/; classtype:trojan-activity;sid:84501861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638762)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=geoff.hellings%2cou=dfw1%2cou=s/20121121/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638762/; classtype:trojan-activity;sid:84501862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638763)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/minecraft/worlds/oldworld/stats/advancements/info.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638763/; classtype:trojan-activity;sid:84501863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638764)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=gran4804%2cou=sat%2cou=accounts/20121016/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638764/; classtype:trojan-activity;sid:84501864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638765)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=chri4616%2cou=sat%2cou=accounts/20121205/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638765/; classtype:trojan-activity;sid:84501865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638766)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/clx-3170/scan/32/64bit/data/vecp/info.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638766/; classtype:trojan-activity;sid:84501866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638767)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ranjit.singh%2cou=sat%2cou=acco/20131004/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638767/; classtype:trojan-activity;sid:84501867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638756)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/minecraft/worlds/oldworld/stats/region/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638756/; classtype:trojan-activity;sid:84501856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638757)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=orla5535%2cou=sat%2cou=accounts/20130717/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638757/; classtype:trojan-activity;sid:84501857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638758)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=josh4193%2cou=sat%2cou=accounts/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638758/; classtype:trojan-activity;sid:84501858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638752)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/clx-3170/print/32bit/data/vecp/win64/info.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638752/; classtype:trojan-activity;sid:84501852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638753)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=shan3978%2cou=sat%2cou=accounts/20131024/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638753/; classtype:trojan-activity;sid:84501853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638754)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=juan5393%2cou=sat%2cou=accounts/20130312/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638754/; classtype:trojan-activity;sid:84501854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638755)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/minecraft/worlds/lukas-1_14/stats/datapacks/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638755/; classtype:trojan-activity;sid:84501855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638746)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kevin.anders%2cou=sat%2cou=acco/20131010/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638746/; classtype:trojan-activity;sid:84501846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638747)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=christina.liserio%2cou=sat%2cou/20130910/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638747/; classtype:trojan-activity;sid:84501847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638748)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/minecraft/worlds/oldworld/stats/dim1/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638748/; classtype:trojan-activity;sid:84501848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638749)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=gary.porter%2cou=sat4%2cou=supp/20120917/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638749/; classtype:trojan-activity;sid:84501849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638750)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=fran5475%2cou=sat%2cou=accounts/20130130/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638750/; classtype:trojan-activity;sid:84501850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638751)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/camtasia/family/photos-002/photo.scr"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638751/; classtype:trojan-activity;sid:84501851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638741)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=justin.drew%2cou=dfw1%2cou=supp/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638741/; classtype:trojan-activity;sid:84501841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638742)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=denn4607%2cou=sat%2cou=accounts/20130227/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638742/; classtype:trojan-activity;sid:84501842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638743)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/lxk3100series/cardrdr/setupdir/0015/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638743/; classtype:trojan-activity;sid:84501843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638744)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=brook.hudson%2cou=sat4%2cou=sup/20120907/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638744/; classtype:trojan-activity;sid:84501844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638745)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=carl5667%2cou=sat%2cou=accounts/20130226/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638745/; classtype:trojan-activity;sid:84501845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638738)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jame4566%2cou=sat%2cou=accounts/20120803/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638738/; classtype:trojan-activity;sid:84501838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638739)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/downloads/vmware/esximage/installer/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638739/; classtype:trojan-activity;sid:84501839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638740)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=christina.liserio%2cou=sat%2cou/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638740/; classtype:trojan-activity;sid:84501840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638735)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kevin.anders%2cou=sat4%2cou=sup/20130111/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638735/; classtype:trojan-activity;sid:84501835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638736)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jean4576%2cou=sat%2cou=accounts/20121130/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638736/; classtype:trojan-activity;sid:84501836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638737)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/expense/2016/may/info.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638737/; classtype:trojan-activity;sid:84501837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638734)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=alej4329%2cou=sat%2cou=accounts/20130304/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638734/; classtype:trojan-activity;sid:84501834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638731)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kbedsole%2cou=sat4%2cou=support/20121030/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638731/; classtype:trojan-activity;sid:84501831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638732)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/videos/family%20dv8%202002/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638732/; classtype:trojan-activity;sid:84501832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638733)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=chaz.nickerson%2cou=ord1%2cou=s/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638733/; classtype:trojan-activity;sid:84501833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638730)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=alfonso.zamudio%2cou=sat%2cou=a/20130816/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638730/; classtype:trojan-activity;sid:84501830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638727)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=brook.hudson%2cou=sat4%2cou=sup/20121126/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638727/; classtype:trojan-activity;sid:84501827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638728)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/videos/family%202022/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638728/; classtype:trojan-activity;sid:84501828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638729)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=guillermo.rodriguez%2cou=sat%2c/20130726/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638729/; classtype:trojan-activity;sid:84501829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638725)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jason.smith%2cou=sat4%2cou=supp/20120918/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638725/; classtype:trojan-activity;sid:84501825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638726)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=eric.abrams%2cou=sat4%2cou=supp/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638726/; classtype:trojan-activity;sid:84501826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638723)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=dale.perreault%2cou=sat4%2cou=s/20120912/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638723/; classtype:trojan-activity;sid:84501823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638724)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kyle4036%2cou=sat%2cou=accounts/20120824/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638724/; classtype:trojan-activity;sid:84501824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638722)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/heather/heather/heather-pc/data/%24of/111/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638722/; classtype:trojan-activity;sid:84501822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638721)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kyle4036%2cou=sat%2cou=accounts/20120809/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638721/; classtype:trojan-activity;sid:84501821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638720)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/demo/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638720/; classtype:trojan-activity;sid:84501820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638714)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/desktop-m5lpjci/data/c/users/ken_l/videos/captures/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638714/; classtype:trojan-activity;sid:84501814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638715)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/rocket2/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638715/; classtype:trojan-activity;sid:84501815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638716)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/include/win32/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638716/; classtype:trojan-activity;sid:84501816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638717)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=william.demarigny%2cou=sat%2cou/20131209/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638717/; classtype:trojan-activity;sid:84501817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638718)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=orla5535%2cou=sat%2cou=accounts/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638718/; classtype:trojan-activity;sid:84501818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638719)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=john.helms%2cou=aus%2cou=accoun/20130802/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638719/; classtype:trojan-activity;sid:84501819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638709)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/intel10.2/proxgb/ws0332/info.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638709/; classtype:trojan-activity;sid:84501809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638710)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/bin/server/info.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638710/; classtype:trojan-activity;sid:84501810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638711)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=dale.perreault%2cou=sat4%2cou=s/20130304/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638711/; classtype:trojan-activity;sid:84501811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638712)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=angela.streeter%2cou=aus1%2cou=/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638712/; classtype:trojan-activity;sid:84501812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638713)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=lcadena%2cou=sat%2cou=accounts%2c/20131121/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638713/; classtype:trojan-activity;sid:84501813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638706)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/desktop-m5lpjci/data/c/users/ken_l/downloads/info.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638706/; classtype:trojan-activity;sid:84501806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638707)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=william.demarigny%2cou=sat%2cou/20131009/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638707/; classtype:trojan-activity;sid:84501807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638708)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/saved_files/httyd/info.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638708/; classtype:trojan-activity;sid:84501808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638703)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/ken_l/laptop-ldebsi5h/data/c/users/ken_l/onedrive/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638703/; classtype:trojan-activity;sid:84501803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638704)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jose5540%2cou=sat%2cou=accounts/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638704/; classtype:trojan-activity;sid:84501804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638705)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ranjit.singh%2cou=sat%2cou=acco/20131126/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638705/; classtype:trojan-activity;sid:84501805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638692)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=chris.breu%2cou=sat%2cou=accoun/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638692/; classtype:trojan-activity;sid:84501792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638693)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jesse.barron%2cou=sat6%2cou=sal/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638693/; classtype:trojan-activity;sid:84501793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638694)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=forrest.burrows%2cou=sat4%2cou=/20130312/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638694/; classtype:trojan-activity;sid:84501794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638695)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=chris.large%2cou=dfw1%2cou=supp/20121120/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638695/; classtype:trojan-activity;sid:84501795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638696)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jona4179%2cou=sat%2cou=accounts/20120921/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638696/; classtype:trojan-activity;sid:84501796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638697)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=cameron.ortiz%2cou=sat4%2cou=su/20121109/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638697/; classtype:trojan-activity;sid:84501797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638698)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=andrew.glenn%2cou=sat6%2cou=sal/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638698/; classtype:trojan-activity;sid:84501798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638699)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/clx-3170/print/32bit/data/vecp/win64/photo.scr"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638699/; classtype:trojan-activity;sid:84501799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638700)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ranjit.singh%2cou=sat%2cou=acco/20131014/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638700/; classtype:trojan-activity;sid:84501800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638701)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/tct/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638701/; classtype:trojan-activity;sid:84501801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638702)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/minecraft/worlds/lukas-1_14/stats/dim-1/info.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638702/; classtype:trojan-activity;sid:84501802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638691)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=dale.perreault%2cou=sat4%2cou=s/20120921/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638691/; classtype:trojan-activity;sid:84501791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638687)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=john.helms%2cou=aus1%2cou=suppo/20130419/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638687/; classtype:trojan-activity;sid:84501787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638688)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/java.logging/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638688/; classtype:trojan-activity;sid:84501788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638689)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/clx-3170/scan/32/64bit/application/scanmanager/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638689/; classtype:trojan-activity;sid:84501789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638690)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/java.base/info.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638690/; classtype:trojan-activity;sid:84501790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638686)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=eddie.harmoush%2cou=sat4%2cou=s/20120927/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638686/; classtype:trojan-activity;sid:84501786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638683)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/pictures/sorted/2016/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638683/; classtype:trojan-activity;sid:84501783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638684)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=christina.liserio%2cou=sat%2cou/20130919/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638684/; classtype:trojan-activity;sid:84501784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638685)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=carlos.deleon%2cou=sat4%2cou=su/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638685/; classtype:trojan-activity;sid:84501785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638682)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=forrest.burrows%2cou=sat4%2cou=/20130122/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638682/; classtype:trojan-activity;sid:84501782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638680)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/conf/management/info.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638680/; classtype:trojan-activity;sid:84501780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638681)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=john.helms%2cou=aus1%2cou=suppo/20130423/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638681/; classtype:trojan-activity;sid:84501781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638678)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=alli4477%2cou=sat%2cou=accounts/20121109/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638678/; classtype:trojan-activity;sid:84501778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638679)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/jdk.management.agent/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638679/; classtype:trojan-activity;sid:84501779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638675)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ranjit.singh%2cou=sat%2cou=acco/20131120/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638675/; classtype:trojan-activity;sid:84501775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638676)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/demo/nbproject/management/info.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638676/; classtype:trojan-activity;sid:84501776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638677)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/linksys/nas200-setup%2c1/utility/info.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638677/; classtype:trojan-activity;sid:84501777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638673)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/audio/theocratic/dramas/info.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638673/; classtype:trojan-activity;sid:84501773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638674)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/clx-3170/print/32bit/data/strings/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638674/; classtype:trojan-activity;sid:84501774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638666)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/camtasia/tv/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638666/; classtype:trojan-activity;sid:84501766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638667)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=mich4045%2cou=sat%2cou=accounts/20130618/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638667/; classtype:trojan-activity;sid:84501767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638668)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/castle/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638668/; classtype:trojan-activity;sid:84501768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638669)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=justin.ellis%2cou=sat%2cou=acco/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638669/; classtype:trojan-activity;sid:84501769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638670)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/conf/security/policy/unlimited/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638670/; classtype:trojan-activity;sid:84501770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638671)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/expense/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638671/; classtype:trojan-activity;sid:84501771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638672)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=william.demarigny%2cou=sat%2cou/20131107/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638672/; classtype:trojan-activity;sid:84501772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638655)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ranjit.singh%2cou=sat%2cou=acco/20130906/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638655/; classtype:trojan-activity;sid:84501755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638656)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jame4566%2cou=sat%2cou=accounts/20130422/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638656/; classtype:trojan-activity;sid:84501756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638657)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jose5521%2cou=sat%2cou=accounts/20130318/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638657/; classtype:trojan-activity;sid:84501757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638658)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/rocket/info.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638658/; classtype:trojan-activity;sid:84501758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638659)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=frank.marroquin%2cou=sat%2cou=a/20131001/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638659/; classtype:trojan-activity;sid:84501759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638660)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=aver4919%2cou=sat%2cou=accounts/20121210/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638660/; classtype:trojan-activity;sid:84501760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638661)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/viiv/info.zip"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638661/; classtype:trojan-activity;sid:84501761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638662)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/github/rpc-vmware/doc/vmware-cloud/getting-started/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638662/; classtype:trojan-activity;sid:84501762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638663)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/info.zip"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638663/; classtype:trojan-activity;sid:84501763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638664)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=keith.fralick%2cou=sat4%2cou=su/20120925/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638664/; classtype:trojan-activity;sid:84501764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638665)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=david.bennett%2cou=sat4%2cou=su/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638665/; classtype:trojan-activity;sid:84501765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638650)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/tuner/sku333087/info.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638650/; classtype:trojan-activity;sid:84501750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638651)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/intel10.2/apps/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638651/; classtype:trojan-activity;sid:84501751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638652)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/clx-3170/scan/32/64bit/data/info.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638652/; classtype:trojan-activity;sid:84501752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638653)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/intel10.2/apps/setup/autorun/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638653/; classtype:trojan-activity;sid:84501753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638654)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=aaron.jensen%2cou=sat4%2cou=sup/20121122/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638654/; classtype:trojan-activity;sid:84501754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638648)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/pictures/sorted/2006/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638648/; classtype:trojan-activity;sid:84501748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638649)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=william.demarigny%2cou=sat%2cou/20130927/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638649/; classtype:trojan-activity;sid:84501749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638645)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kyle.chrisman%2cou=sat6%2cou=sa/20130115/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638645/; classtype:trojan-activity;sid:84501745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638646)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=gran4804%2cou=sat%2cou=accounts/20121119/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638646/; classtype:trojan-activity;sid:84501746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638647)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kbedsole%2cou=sat4%2cou=support/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638647/; classtype:trojan-activity;sid:84501747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638644)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/desktop-m5lpjci/data/c/users/ken_l/onedrive/pictures/info.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638644/; classtype:trojan-activity;sid:84501744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638643)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=john.gillaspy%2cou=sat4%2cou=su/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638643/; classtype:trojan-activity;sid:84501743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638642)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jame5180%2cou=sat%2cou=accounts/20121031/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638642/; classtype:trojan-activity;sid:84501742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638640)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jonathan.somers%2cou=sat%2cou=a/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638640/; classtype:trojan-activity;sid:84501740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638641)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=krys4630%2cou=aus%2cou=accounts/20121113/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638641/; classtype:trojan-activity;sid:84501741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638638)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/clx-3170/sp/application/info.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638638/; classtype:trojan-activity;sid:84501738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638639)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=chri4352%2cou=sat%2cou=accounts/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638639/; classtype:trojan-activity;sid:84501739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638634)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kris.silva%2cou=sat4%2cou=suppo/20120905/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638634/; classtype:trojan-activity;sid:84501734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638635)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/pictures/sorted/2009/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638635/; classtype:trojan-activity;sid:84501735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638636)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=just0264%2cou=ord%2cou=accounts/20131121/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638636/; classtype:trojan-activity;sid:84501736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638637)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=matt6451%2cou=sat%2cou=accounts/20131107/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638637/; classtype:trojan-activity;sid:84501737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638606)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=william.demarigny%2cou=sat%2cou/20131122/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638606/; classtype:trojan-activity;sid:84501706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638607)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=forrest.burrows%2cou=sat4%2cou=/20121109/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638607/; classtype:trojan-activity;sid:84501707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638608)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kbedsole%2cou=sat4%2cou=support/20121018/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638608/; classtype:trojan-activity;sid:84501708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638609)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ranjit.singh%2cou=sat%2cou=acco/20130503/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638609/; classtype:trojan-activity;sid:84501709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638610)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ian.kelso%2cou=sat4%2cou=suppor/20120917/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638610/; classtype:trojan-activity;sid:84501710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638611)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=frank.marroquin%2cou=sat%2cou=a/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638611/; classtype:trojan-activity;sid:84501711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638612)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/clx-3170/scan/32/64bit/application/info.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638612/; classtype:trojan-activity;sid:84501712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638613)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/clx-3170/scan/32/64bit/info.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638613/; classtype:trojan-activity;sid:84501713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638614)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=christina.liserio%2cou=sat%2cou/20131113/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638614/; classtype:trojan-activity;sid:84501714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638615)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/lib/jfr/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638615/; classtype:trojan-activity;sid:84501715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638616)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/desktop-m5lpjci/data/c/users/ken_l/searches/info.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638616/; classtype:trojan-activity;sid:84501716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638617)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=brook.hudson%2cou=sat4%2cou=sup/20130120/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638617/; classtype:trojan-activity;sid:84501717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638618)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=dani5258%2cou=sat%2cou=accounts/20121023/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638618/; classtype:trojan-activity;sid:84501718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638619)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=just0264%2cou=ord%2cou=accounts/20131122/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638619/; classtype:trojan-activity;sid:84501719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638620)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/jdk.sctp/info.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638620/; classtype:trojan-activity;sid:84501720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638621)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kris.silva%2cou=sat4%2cou=suppo/20130227/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638621/; classtype:trojan-activity;sid:84501721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638622)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=patr3922%2cou=sat%2cou=accounts/20131115/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638622/; classtype:trojan-activity;sid:84501722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638623)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/expense/2015/vmworld2015/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638623/; classtype:trojan-activity;sid:84501723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638624)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=mike.burris%2cou=sat%2cou=accou/20130430/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638624/; classtype:trojan-activity;sid:84501724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638625)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/heather/heather/heather-pc/data/c/info.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638625/; classtype:trojan-activity;sid:84501725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638626)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=frank.marroquin%2cou=sat%2cou=a/20131003/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638626/; classtype:trojan-activity;sid:84501726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638627)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/minecraft/worlds/oldworld/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638627/; classtype:trojan-activity;sid:84501727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638628)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ian.kelso%2cou=sat4%2cou=suppor/20121226/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638628/; classtype:trojan-activity;sid:84501728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638629)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jame4566%2cou=sat%2cou=accounts/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638629/; classtype:trojan-activity;sid:84501729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638630)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ian.kelso%2cou=sat4%2cou=suppor/20121115/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638630/; classtype:trojan-activity;sid:84501730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638631)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/movies/my_fair_lady/info.zip"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638631/; classtype:trojan-activity;sid:84501731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638632)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=dani5306%2cou=sat%2cou=accounts/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638632/; classtype:trojan-activity;sid:84501732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638633)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/lxk3100series/cardrdr/setupdir/040c/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638633/; classtype:trojan-activity;sid:84501733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638603)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ian4259%2cou=sat%2cou=accounts%2c/20130911/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638603/; classtype:trojan-activity;sid:84501703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638604)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ian4259%2cou=sat%2cou=accounts%2c/20130220/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638604/; classtype:trojan-activity;sid:84501704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638605)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/jdk.management.jfr/info.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638605/; classtype:trojan-activity;sid:84501705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638599)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jame4566%2cou=sat%2cou=accounts/20121116/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638599/; classtype:trojan-activity;sid:84501699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638600)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=gran4804%2cou=sat%2cou=accounts/20130115/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638600/; classtype:trojan-activity;sid:84501700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638601)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/demo/jfc/transparentruler/info.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638601/; classtype:trojan-activity;sid:84501701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638602)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ranjit.singh%2cou=sat%2cou=acco/20130904/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638602/; classtype:trojan-activity;sid:84501702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638597)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/github/rpc-vmware/doc/server-virt-handbook/info.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638597/; classtype:trojan-activity;sid:84501697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638598)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=gustavo.ramirez%2cou=sat4%2cou=/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638598/; classtype:trojan-activity;sid:84501698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638594)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=justin.ellis%2cou=sat4%2cou=iss/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638594/; classtype:trojan-activity;sid:84501694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638595)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/github/rpc-vmware/doc/vcenter-handbook/vmware-vrealize/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638595/; classtype:trojan-activity;sid:84501695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638596)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=v.gananathan%2cou=sat4%2cou=sup/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638596/; classtype:trojan-activity;sid:84501696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638593)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ian4259%2cou=sat%2cou=accounts%2c/20120920/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638593/; classtype:trojan-activity;sid:84501693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638592)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/minecraft/worlds/lukas-1_14/stats/advancements/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638592/; classtype:trojan-activity;sid:84501692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638591)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/clx-3170/print/32bit/data/vecp/vista/info.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638591/; classtype:trojan-activity;sid:84501691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638588)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/github/rpc-vmware/doc/server-virt-handbook/_static/photo.scr"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638588/; classtype:trojan-activity;sid:84501688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638589)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=brook.hudson%2cou=sat4%2cou=sup/20130130/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638589/; classtype:trojan-activity;sid:84501689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638590)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=andrew.glenn%2cou=sat6%2cou=sal/20130123/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638590/; classtype:trojan-activity;sid:84501690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638587)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/demo/nbproject/management/jtop/nbproject/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638587/; classtype:trojan-activity;sid:84501687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638584)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/clx-3170/sp/data/strings/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638584/; classtype:trojan-activity;sid:84501684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638585)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/github/rpc-vmware/doc/rpc-vmware-customer-handbook/vro/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638585/; classtype:trojan-activity;sid:84501685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638586)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/minecraft/worlds/lukas-1_14/dim1/data/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638586/; classtype:trojan-activity;sid:84501686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638582)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/lxk3100series/cardrdr/setupdir/0011/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638582/; classtype:trojan-activity;sid:84501682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638583)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=christina.liserio%2cou=sat%2cou/20130625/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638583/; classtype:trojan-activity;sid:84501683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638579)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jona5523%2cou=sat%2cou=accounts/20130312/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638579/; classtype:trojan-activity;sid:84501679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638580)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=christina.liserio%2cou=sat%2cou/20131125/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638580/; classtype:trojan-activity;sid:84501680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638581)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jame4566%2cou=sat%2cou=accounts/20120809/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638581/; classtype:trojan-activity;sid:84501681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638575)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638575/; classtype:trojan-activity;sid:84501675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638576)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=mike.burris%2cou=sat4%2cou=supp/20130424/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638576/; classtype:trojan-activity;sid:84501676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638577)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=davi4587%2cou=sat%2cou=accounts/20120906/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638577/; classtype:trojan-activity;sid:84501677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638578)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kris.silva%2cou=sat4%2cou=suppo/20120921/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638578/; classtype:trojan-activity;sid:84501678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638573)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=james.pricemelland%2cou=sat6%2c/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638573/; classtype:trojan-activity;sid:84501673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638574)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/conf/security/policy/limited/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638574/; classtype:trojan-activity;sid:84501674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638570)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ian4259%2cou=sat%2cou=accounts%2c/20131018/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638570/; classtype:trojan-activity;sid:84501670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638571)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=christina.liserio%2cou=sat%2cou/20130815/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638571/; classtype:trojan-activity;sid:84501671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638572)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kris.silva%2cou=sat4%2cou=suppo/20130116/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638572/; classtype:trojan-activity;sid:84501672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638567)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=christina.liserio%2cou=sat%2cou/20130604/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638567/; classtype:trojan-activity;sid:84501667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638568)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/intel10.2/apps/prosetdx/info.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638568/; classtype:trojan-activity;sid:84501668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638569)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=david.bennett%2cou=sat4%2cou=su/20121122/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638569/; classtype:trojan-activity;sid:84501669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638566)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/desktop-m5lpjci/data/c/users/ken_l/contacts/info.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638566/; classtype:trojan-activity;sid:84501666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638563)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=javier.barrera%2cou=sat4%2cou=s/20120828/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638563/; classtype:trojan-activity;sid:84501663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638564)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/minecraft/worlds/lukas-1_14/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638564/; classtype:trojan-activity;sid:84501664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638565)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/minecraft/worlds/oldworld/dim-1/info.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638565/; classtype:trojan-activity;sid:84501665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638559)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=javier.barrera%2cou=sat4%2cou=s/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638559/; classtype:trojan-activity;sid:84501659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638560)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kyle4036%2cou=sat%2cou=accounts/20121203/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638560/; classtype:trojan-activity;sid:84501660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638561)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=christina.liserio%2cou=sat%2cou/20131008/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638561/; classtype:trojan-activity;sid:84501661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638562)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=christina.liserio%2cou=sat%2cou/20130731/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638562/; classtype:trojan-activity;sid:84501662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638557)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=joel.valdez%2cou=sat4%2cou=supp/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638557/; classtype:trojan-activity;sid:84501657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638558)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=brook.hudson%2cou=sat4%2cou=sup/20130305/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638558/; classtype:trojan-activity;sid:84501658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638556)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=victor.ramos%2cou=aus%2cou=acco/20130730/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638556/; classtype:trojan-activity;sid:84501656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638553)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=albe5178%2cou=sat%2cou=accounts/20130312/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638553/; classtype:trojan-activity;sid:84501653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638554)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=christina.liserio%2cou=sat%2cou/20130725/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638554/; classtype:trojan-activity;sid:84501654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638555)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ranjit.singh%2cou=sat%2cou=acco/20130701/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638555/; classtype:trojan-activity;sid:84501655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638552)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/audio/music/teletubbies/info.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638552/; classtype:trojan-activity;sid:84501652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638548)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/minecraft/worlds/oldworld/advancements/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638548/; classtype:trojan-activity;sid:84501648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638549)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/clx-3170/sp/application/spanel/panelmgr/mgrmlang/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638549/; classtype:trojan-activity;sid:84501649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638550)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/info.zip"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638550/; classtype:trojan-activity;sid:84501650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638551)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/clx-3170/print/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638551/; classtype:trojan-activity;sid:84501651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638545)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/minecraft/worlds/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638545/; classtype:trojan-activity;sid:84501645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638546)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=alej4329%2cou=sat%2cou=accounts/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638546/; classtype:trojan-activity;sid:84501646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638547)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/minecraft/worlds/lukas-1_14/dim-1/region/info.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638547/; classtype:trojan-activity;sid:84501647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638543)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/jdk.jsobject/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638543/; classtype:trojan-activity;sid:84501643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638544)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/clx-3170/sp/application/spanel/setlang/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638544/; classtype:trojan-activity;sid:84501644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638539)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/pictures/sorted/2017/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638539/; classtype:trojan-activity;sid:84501639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638540)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=gran4804%2cou=sat%2cou=accounts/20121224/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638540/; classtype:trojan-activity;sid:84501640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638541)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=lromero%2cou=sat%2cou=accounts%2c/20131115/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638541/; classtype:trojan-activity;sid:84501641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638542)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/pictures/sorted/2002/photo.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638542/; classtype:trojan-activity;sid:84501642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638538)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/minecraft/worlds/oldworld/stats/dim-1/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638538/; classtype:trojan-activity;sid:84501638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638533)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=carl5667%2cou=sat%2cou=accounts/20130111/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638533/; classtype:trojan-activity;sid:84501633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638534)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/downloads/vmware/esximage/info.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638534/; classtype:trojan-activity;sid:84501634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638535)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jason.vick%2cou=sat4%2cou=iss%2co/20121120/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638535/; classtype:trojan-activity;sid:84501635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638536)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kyle4036%2cou=sat%2cou=accounts/20120914/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638536/; classtype:trojan-activity;sid:84501636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638537)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kris.silva%2cou=sat4%2cou=suppo/20120828/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638537/; classtype:trojan-activity;sid:84501637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638532)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=christina.liserio%2cou=sat%2cou/20130528/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638532/; classtype:trojan-activity;sid:84501632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638530)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ranjit.singh%2cou=sat4%2cou=sup/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638530/; classtype:trojan-activity;sid:84501630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638531)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/ken_l/laptop-ldebsi5h/data/c/users/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638531/; classtype:trojan-activity;sid:84501631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638527)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kyle4036%2cou=sat%2cou=accounts/20120829/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638527/; classtype:trojan-activity;sid:84501627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638528)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/clx-3170/scan/32/64bit/scanner/winxp_2000_vista_32/info.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638528/; classtype:trojan-activity;sid:84501628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638529)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=arsa5837%2cou=sat%2cou=accounts/20131127/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638529/; classtype:trojan-activity;sid:84501629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638525)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jcintron%2cou=sat4%2cou=admin%2co/20121024/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638525/; classtype:trojan-activity;sid:84501625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638526)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/java.net.http/info.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638526/; classtype:trojan-activity;sid:84501626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638524)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/videos/theocratic/meetings/rc2019/info.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638524/; classtype:trojan-activity;sid:84501624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638522)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/macbook/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638522/; classtype:trojan-activity;sid:84501622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638523)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=dave.custodio%2cou=sat4%2cou=su/20120914/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638523/; classtype:trojan-activity;sid:84501623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638520)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/demo/nbproject/management/fullthreaddump/nbproject/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638520/; classtype:trojan-activity;sid:84501620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638521)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/jdk.compiler/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638521/; classtype:trojan-activity;sid:84501621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638518)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/ken_l/laptop-ldebsi5h/data/c/info.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638518/; classtype:trojan-activity;sid:84501618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638519)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/evaluations/info.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638519/; classtype:trojan-activity;sid:84501619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638515)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jame4566%2cou=sat%2cou=accounts/20130307/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638515/; classtype:trojan-activity;sid:84501615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638516)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jame4566%2cou=sat%2cou=accounts/20120907/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638516/; classtype:trojan-activity;sid:84501616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638517)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=brian.walsh%2cou=sat4%2cou=supp/20120906/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638517/; classtype:trojan-activity;sid:84501617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638513)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=dale.perreault%2cou=sat4%2cou=s/20121210/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638513/; classtype:trojan-activity;sid:84501613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638514)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=mitch.robins%2cou=sat%2cou=acco/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638514/; classtype:trojan-activity;sid:84501614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638509)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/ken_l/laptop-ldebsi5h/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638509/; classtype:trojan-activity;sid:84501609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638510)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ranjit.singh%2cou=sat4%2cou=sup/20130418/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638510/; classtype:trojan-activity;sid:84501610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638511)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=amie.naber%2cou=sat6%2cou=sales/20121126/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638511/; classtype:trojan-activity;sid:84501611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638512)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kbedsole%2cou=sat4%2cou=support/20130110/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638512/; classtype:trojan-activity;sid:84501612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638506)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jame3935%2cou=sat%2cou=accounts/20130306/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638506/; classtype:trojan-activity;sid:84501606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638507)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=brian.funkhouser%2cou=sat6%2cou/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638507/; classtype:trojan-activity;sid:84501607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638508)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=daniel.seydler%2cou=sat4%2cou=s/20130207/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638508/; classtype:trojan-activity;sid:84501608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638504)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jesse.olguin%2cou=sat6%2cou=sal/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638504/; classtype:trojan-activity;sid:84501604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638505)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/mqm0rrg8wl.purgeable.sparsebundle/photo.scr"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638505/; classtype:trojan-activity;sid:84501605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638502)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=gary.porter%2cou=sat4%2cou=supp/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638502/; classtype:trojan-activity;sid:84501602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638503)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jame4328%2cou=sat%2cou=accounts/20130308/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638503/; classtype:trojan-activity;sid:84501603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638500)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=gustavo.ramirez%2cou=sat4%2cou=/20121126/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638500/; classtype:trojan-activity;sid:84501600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638501)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jame4566%2cou=sat%2cou=accounts/20121016/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638501/; classtype:trojan-activity;sid:84501601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638497)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=davi4606%2cou=sat%2cou=accounts/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638497/; classtype:trojan-activity;sid:84501597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638498)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/demo/nbproject/jfc/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638498/; classtype:trojan-activity;sid:84501598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638499)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=adrian.garza%2cou=sat%2cou=acco/20131024/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638499/; classtype:trojan-activity;sid:84501599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638496)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/jdk.localedata/info.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638496/; classtype:trojan-activity;sid:84501596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638493)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ranjit.singh%2cou=sat%2cou=acco/20131112/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638493/; classtype:trojan-activity;sid:84501593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638494)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=chri0710%2cou=sat%2cou=accounts/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638494/; classtype:trojan-activity;sid:84501594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638495)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/photo.scr"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638495/; classtype:trojan-activity;sid:84501595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638492)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jona4179%2cou=sat%2cou=accounts/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638492/; classtype:trojan-activity;sid:84501592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638488)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=aver4919%2cou=sat%2cou=accounts/20121102/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638488/; classtype:trojan-activity;sid:84501588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638489)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/techn/laptop-bmnihgil/data/c/users/techn/mcedit/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638489/; classtype:trojan-activity;sid:84501589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638490)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/ken_l/laptop-f5c880n2/configuration/info.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638490/; classtype:trojan-activity;sid:84501590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638491)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=aaron.jensen%2cou=sat4%2cou=sup/20121123/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638491/; classtype:trojan-activity;sid:84501591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638487)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/minecraft/worlds/lukas-1_14/dim1/region/info.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638487/; classtype:trojan-activity;sid:84501587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638482)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jesse.olguin%2cou=sat6%2cou=sal/20120831/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638482/; classtype:trojan-activity;sid:84501582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638483)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/minecraft/worlds/oldworld/region/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638483/; classtype:trojan-activity;sid:84501583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638484)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jose4705%2cou=sat%2cou=accounts/20131018/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638484/; classtype:trojan-activity;sid:84501584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638485)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ranjit.singh%2cou=sat%2cou=acco/20131113/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638485/; classtype:trojan-activity;sid:84501585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638486)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ranjit.singh%2cou=sat%2cou=acco/20130808/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638486/; classtype:trojan-activity;sid:84501586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638477)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/github/rpc-vmware/doc/vcloud-handbook/_static/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638477/; classtype:trojan-activity;sid:84501577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638478)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jame4566%2cou=sat%2cou=accounts/20121102/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638478/; classtype:trojan-activity;sid:84501578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638479)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=craig.ackerman%2cou=sat4%2cou=s/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638479/; classtype:trojan-activity;sid:84501579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638480)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/minecraft/worlds/lukas-1_14/stats/dim-1/region/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638480/; classtype:trojan-activity;sid:84501580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638481)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/linksys/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638481/; classtype:trojan-activity;sid:84501581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638473)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=anth4718%2cou=aus%2cou=accounts/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638473/; classtype:trojan-activity;sid:84501573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638474)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kbedsole%2cou=sat4%2cou=support/20121102/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638474/; classtype:trojan-activity;sid:84501574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638475)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=william.demarigny%2cou=sat%2cou/20131119/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638475/; classtype:trojan-activity;sid:84501575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638476)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/lxk3100series/cardrdr/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638476/; classtype:trojan-activity;sid:84501576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638471)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/techn/laptop-bmnihgil/data/c/users/techn/searches/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638471/; classtype:trojan-activity;sid:84501571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638472)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jayala%2cou=sat4%2cou=support%2co/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638472/; classtype:trojan-activity;sid:84501572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638470)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/lxk3100series/drivers/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638470/; classtype:trojan-activity;sid:84501570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638467)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/github/rpc-vmware/doc/vmware-cloud/introduction/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638467/; classtype:trojan-activity;sid:84501567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638468)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jose5521%2cou=sat%2cou=accounts/20130822/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638468/; classtype:trojan-activity;sid:84501568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638469)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kbedsole%2cou=sat4%2cou=support/20130208/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638469/; classtype:trojan-activity;sid:84501569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638466)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jame4566%2cou=sat%2cou=accounts/20121120/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638466/; classtype:trojan-activity;sid:84501566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638463)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=william.demarigny%2cou=sat%2cou/20131126/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638463/; classtype:trojan-activity;sid:84501563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638464)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kyle4036%2cou=sat%2cou=accounts/20120807/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638464/; classtype:trojan-activity;sid:84501564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638465)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/minecraft/worlds/oldworld/dim1/info.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638465/; classtype:trojan-activity;sid:84501565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638461)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=eli.robertson%2cou=sat4%2cou=su/20130114/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638461/; classtype:trojan-activity;sid:84501561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638462)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/techn/laptop-bmnihgil/data/info.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638462/; classtype:trojan-activity;sid:84501562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638459)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/minecraft/worlds/lukas-1_14/dim-1/data/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638459/; classtype:trojan-activity;sid:84501559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638460)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=daniel.seydler%2cou=sat4%2cou=s/20130108/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638460/; classtype:trojan-activity;sid:84501560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638454)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/videos/theocratic/meetings/rc2023/info.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638454/; classtype:trojan-activity;sid:84501554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638455)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/heather/heather/heather-pc/info.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638455/; classtype:trojan-activity;sid:84501555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638456)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=brennham.cockreham%2cou=aus%2co/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638456/; classtype:trojan-activity;sid:84501556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638457)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kris.silva%2cou=sat4%2cou=suppo/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638457/; classtype:trojan-activity;sid:84501557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638458)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/techn/laptop-bmnihgil/data/c/users/techn/contacts/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638458/; classtype:trojan-activity;sid:84501558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638450)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/ken_l/laptop-ldebsi5h/data/c/users/ken_l/pictures/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638450/; classtype:trojan-activity;sid:84501550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638451)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/clx-3170/scan/32/64bit/data/strings/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638451/; classtype:trojan-activity;sid:84501551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638452)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/github/rpc-vmware/doc/rpc-vmware-customer-handbook/disaster-recovery/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638452/; classtype:trojan-activity;sid:84501552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638453)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=lmoreno%2cou=sat%2cou=accounts%2c/20131011/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638453/; classtype:trojan-activity;sid:84501553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638449)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638449/; classtype:trojan-activity;sid:84501549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638448)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ranjit.singh%2cou=sat%2cou=acco/20131016/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638448/; classtype:trojan-activity;sid:84501548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638445)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/minitv/mediatv-3.0.18.122/info.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638445/; classtype:trojan-activity;sid:84501545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638446)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kyle4036%2cou=sat%2cou=accounts/20121128/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638446/; classtype:trojan-activity;sid:84501546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638447)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/videos/family%202020/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638447/; classtype:trojan-activity;sid:84501547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638442)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=james.pricemelland%2cou=sat6%2c/20121025/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638442/; classtype:trojan-activity;sid:84501542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638443)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jame4566%2cou=sat%2cou=accounts/20130305/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638443/; classtype:trojan-activity;sid:84501543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638444)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/github/rpc-vmware/doc/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638444/; classtype:trojan-activity;sid:84501544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638440)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/minecraft/worlds/oldworld/playerdata/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638440/; classtype:trojan-activity;sid:84501540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638441)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/lib/security/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638441/; classtype:trojan-activity;sid:84501541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638438)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kris.silva%2cou=sat4%2cou=suppo/20120924/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638438/; classtype:trojan-activity;sid:84501538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638439)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kris.silva%2cou=sat4%2cou=suppo/20130122/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638439/; classtype:trojan-activity;sid:84501539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638435)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/saved_files/w41k3r/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638435/; classtype:trojan-activity;sid:84501535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638436)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/mqf0edg8wl.backupbundle/mapped/photo.scr"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638436/; classtype:trojan-activity;sid:84501536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638437)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/github/rpc-vmware/doc/server-virt-handbook/getting-started/info.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638437/; classtype:trojan-activity;sid:84501537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638432)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=william.demarigny%2cou=sat%2cou/20131202/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638432/; classtype:trojan-activity;sid:84501532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638433)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=geoff.hellings%2cou=dfw%2cou=ac/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638433/; classtype:trojan-activity;sid:84501533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638434)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kyle.beam%2cou=sat%2cou=account/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638434/; classtype:trojan-activity;sid:84501534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638427)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=char5472%2cou=aus%2cou=accounts/20121207/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638427/; classtype:trojan-activity;sid:84501527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638428)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=mike.burris%2cou=sat4%2cou=supp/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638428/; classtype:trojan-activity;sid:84501528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638429)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/clx-3170/sp/application/spanel/spanel/psu/info.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638429/; classtype:trojan-activity;sid:84501529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638430)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/demo/jfc/font2dtest/info.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638430/; classtype:trojan-activity;sid:84501530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638431)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ian4259%2cou=sat%2cou=accounts%2c/20130701/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638431/; classtype:trojan-activity;sid:84501531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638426)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=joe.hellsten%2cou=sat4%2cou=sup/20130122/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638426/; classtype:trojan-activity;sid:84501526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638425)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kyle4036%2cou=sat%2cou=accounts/20121105/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638425/; classtype:trojan-activity;sid:84501525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638424)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=aver4919%2cou=sat%2cou=accounts/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638424/; classtype:trojan-activity;sid:84501524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638423)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=chri4616%2cou=sat%2cou=accounts/20120802/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638423/; classtype:trojan-activity;sid:84501523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638417)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/clx-3170/sp/data/vecp/vista_64/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638417/; classtype:trojan-activity;sid:84501517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638418)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=guillermo.rodriguez%2cou=sat4/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638418/; classtype:trojan-activity;sid:84501518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638419)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=denn4607%2cou=sat%2cou=accounts/20130219/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638419/; classtype:trojan-activity;sid:84501519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638420)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=guillermo.rodriguez%2cou=sat%2c/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638420/; classtype:trojan-activity;sid:84501520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638421)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=christina.liserio%2cou=sat%2cou/20130624/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638421/; classtype:trojan-activity;sid:84501521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638422)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/videos/theocratic/meetings/cabr2024/info.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638422/; classtype:trojan-activity;sid:84501522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638416)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/heather/heather/heather-pc/data/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638416/; classtype:trojan-activity;sid:84501516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638413)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/lxk3100series/cardrdr/setupdir/0013/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638413/; classtype:trojan-activity;sid:84501513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638414)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=juan5393%2cou=sat%2cou=accounts/20121113/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638414/; classtype:trojan-activity;sid:84501514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638415)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kris.silva%2cou=sat4%2cou=suppo/20130108/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638415/; classtype:trojan-activity;sid:84501515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638410)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kyle4036%2cou=sat%2cou=accounts/20121102/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638410/; classtype:trojan-activity;sid:84501510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638411)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jose4705%2cou=sat%2cou=accounts/20130904/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638411/; classtype:trojan-activity;sid:84501511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638412)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ian4259%2cou=sat%2cou=accounts%2c/20130110/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638412/; classtype:trojan-activity;sid:84501512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638409)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/jdk.net/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638409/; classtype:trojan-activity;sid:84501509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638404)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jan.alcala%2cou=sat6%2cou=sales/20121129/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638404/; classtype:trojan-activity;sid:84501504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638405)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=dave.custodio%2cou=sat4%2cou=su/20120924/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638405/; classtype:trojan-activity;sid:84501505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638406)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jayala%2cou=sat4%2cou=support%2co/20121025/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638406/; classtype:trojan-activity;sid:84501506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638407)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/minecraft/worlds/lukas-1_14/dim-1/info.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638407/; classtype:trojan-activity;sid:84501507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638408)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kaly4222%2cou=sat%2cou=accounts/20120926/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638408/; classtype:trojan-activity;sid:84501508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638403)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=james.mcculley%2cou=aus1%2cou=s/20120910/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638403/; classtype:trojan-activity;sid:84501503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638402)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/jdk.naming.dns/info.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638402/; classtype:trojan-activity;sid:84501502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638396)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kaly4222%2cou=sat%2cou=accounts/20131018/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638396/; classtype:trojan-activity;sid:84501496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638397)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/github/rpc-vmware/doc/server-virt-handbook/photo.scr"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638397/; classtype:trojan-activity;sid:84501497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638398)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/demo/nbproject/jfc/tableexample/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638398/; classtype:trojan-activity;sid:84501498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638399)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kevi5971%2cou=other%2cou=accoun/20130716/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638399/; classtype:trojan-activity;sid:84501499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638400)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/jdk.charsets/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638400/; classtype:trojan-activity;sid:84501500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638401)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=john.helms%2cou=aus%2cou=accoun/20131211/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638401/; classtype:trojan-activity;sid:84501501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638392)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/intel10.2/apps/prosetdx/2kxpws03/drivers/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638392/; classtype:trojan-activity;sid:84501492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638393)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/videos/theocratic/meetings/cabr2025/info.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638393/; classtype:trojan-activity;sid:84501493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638394)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=dave.custodio%2cou=sat%2cou=acc/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638394/; classtype:trojan-activity;sid:84501494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638395)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=emily.einhaus%2cou=aus1%2cou=su/20120910/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638395/; classtype:trojan-activity;sid:84501495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638384)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kyle4036%2cou=sat%2cou=accounts/20120828/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638384/; classtype:trojan-activity;sid:84501484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638385)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=aver4919%2cou=sat%2cou=accounts/20121016/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638385/; classtype:trojan-activity;sid:84501485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638386)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=lmoreno%2cou=sat%2cou=accounts%2c/20130730/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638386/; classtype:trojan-activity;sid:84501486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638387)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=alli4477%2cou=sat%2cou=accounts/20121022/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638387/; classtype:trojan-activity;sid:84501487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638388)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=dale.perreault%2cou=sat4%2cou=s/20121019/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638388/; classtype:trojan-activity;sid:84501488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638389)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=aver4919%2cou=sat%2cou=accounts/20130305/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638389/; classtype:trojan-activity;sid:84501489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638390)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=christina.liserio%2cou=sat%2cou/20131104/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638390/; classtype:trojan-activity;sid:84501490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638391)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kevin.anders%2cou=sat%2cou=acco/20130816/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638391/; classtype:trojan-activity;sid:84501491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638382)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=forrest.burrows%2cou=sat4%2cou=/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638382/; classtype:trojan-activity;sid:84501482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638383)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kaly4222%2cou=sat%2cou=accounts/20120921/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638383/; classtype:trojan-activity;sid:84501483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638380)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=aver4919%2cou=sat%2cou=accounts/20120910/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638380/; classtype:trojan-activity;sid:84501480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638381)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ian.kelso%2cou=sat4%2cou=suppor/20121024/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638381/; classtype:trojan-activity;sid:84501481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638379)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=william.bechiom%2cou=sat%2cou=a/20130926/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638379/; classtype:trojan-activity;sid:84501479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638377)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=william.demarigny%2cou=sat%2cou/20131211/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638377/; classtype:trojan-activity;sid:84501477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638378)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jean4576%2cou=sat%2cou=accounts/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638378/; classtype:trojan-activity;sid:84501478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638373)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/videos/theocratic/meetings/caco2023/info.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638373/; classtype:trojan-activity;sid:84501473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638374)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=eric.abrams%2cou=sat4%2cou=supp/20130227/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638374/; classtype:trojan-activity;sid:84501474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638375)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/conf/security/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638375/; classtype:trojan-activity;sid:84501475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638376)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/github/rpc-vmware/doc/rpc-vmware-customer-handbook/vsan/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638376/; classtype:trojan-activity;sid:84501476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638372)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kyle.beam%2cou=sat%2cou=account/20131016/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638372/; classtype:trojan-activity;sid:84501472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638371)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ranjit.singh%2cou=sat%2cou=acco/20131024/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638371/; classtype:trojan-activity;sid:84501471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638367)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=christina.liserio%2cou=sat%2cou/20130808/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638367/; classtype:trojan-activity;sid:84501467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638368)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/videos/theocratic/info.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638368/; classtype:trojan-activity;sid:84501468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638369)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=dave.custodio%2cou=sat%2cou=acc/20130801/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638369/; classtype:trojan-activity;sid:84501469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638370)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/camtasia/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638370/; classtype:trojan-activity;sid:84501470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638365)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/taxes/2018/info.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638365/; classtype:trojan-activity;sid:84501465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638366)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kris.silva%2cou=sat4%2cou=suppo/20120801/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638366/; classtype:trojan-activity;sid:84501466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638364)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=chris.parsons%2cou=sat%2cou=acc/20131018/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638364/; classtype:trojan-activity;sid:84501464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638362)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=mike.burris%2cou=sat%2cou=accou/20130528/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638362/; classtype:trojan-activity;sid:84501462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638363)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ranjit.singh%2cou=sat%2cou=acco/20131028/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638363/; classtype:trojan-activity;sid:84501463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638359)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/pictures/sorted/2003/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638359/; classtype:trojan-activity;sid:84501459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638360)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=christina.liserio%2cou=sat%2cou/20130904/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638360/; classtype:trojan-activity;sid:84501460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638361)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/mqm0rrg8wl.sparsebundle/photo.scr"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638361/; classtype:trojan-activity;sid:84501461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638355)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kbedsole%2cou=sat4%2cou=support/20121207/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638355/; classtype:trojan-activity;sid:84501455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638356)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/demo/nbproject/scripting/info.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638356/; classtype:trojan-activity;sid:84501456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638357)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jame3935%2cou=sat%2cou=accounts/20130125/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638357/; classtype:trojan-activity;sid:84501457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638358)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=cynt4315%2cou=sat%2cou=accounts/20121204/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638358/; classtype:trojan-activity;sid:84501458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638351)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/videos/info.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638351/; classtype:trojan-activity;sid:84501451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638352)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=chris.hudson%2cou=sat6%2cou=sup/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638352/; classtype:trojan-activity;sid:84501452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638353)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/desktop-m5lpjci/data/c/users/ken_l/videos/jwlibrary/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638353/; classtype:trojan-activity;sid:84501453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638354)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/minecraft/worlds/lukas-1_14/stats/dim-1/data/info.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638354/; classtype:trojan-activity;sid:84501454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638350)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/lxk3100series/cardrdr/setupdir/0014/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638350/; classtype:trojan-activity;sid:84501450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638346)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/lxk3100series/cardrdr/setupdir/001d/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638346/; classtype:trojan-activity;sid:84501446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638347)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ranjit.singh%2cou=sat%2cou=acco/20131121/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638347/; classtype:trojan-activity;sid:84501447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638348)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=christina.liserio%2cou=sat%2cou/20131031/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638348/; classtype:trojan-activity;sid:84501448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638349)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=v.gananathan%2cou=sat4%2cou=sup/20130419/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638349/; classtype:trojan-activity;sid:84501449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638344)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/techn/laptop-bmnihgil/data/c/users/techn/favorites/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638344/; classtype:trojan-activity;sid:84501444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638345)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/java.instrument/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638345/; classtype:trojan-activity;sid:84501445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638342)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/bin/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638342/; classtype:trojan-activity;sid:84501442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638343)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/lxk3100series/cardrdr/setupdir/0007/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638343/; classtype:trojan-activity;sid:84501443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638340)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ian.kelso%2cou=sat4%2cou=suppor/20121220/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638340/; classtype:trojan-activity;sid:84501440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638341)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=aver4919%2cou=sat%2cou=accounts/20130125/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638341/; classtype:trojan-activity;sid:84501441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638336)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=daniel.seydler%2cou=sat4%2cou=s/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638336/; classtype:trojan-activity;sid:84501436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638337)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=gran4804%2cou=sat%2cou=accounts/20130529/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638337/; classtype:trojan-activity;sid:84501437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638338)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/intel10.2/pro1000/ws03xp2k/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638338/; classtype:trojan-activity;sid:84501438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638339)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/techn/laptop-bmnihgil/data/c/users/techn/music/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638339/; classtype:trojan-activity;sid:84501439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638335)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=geoff.hellings%2cou=dfw1%2cou=s/20130321/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638335/; classtype:trojan-activity;sid:84501435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638331)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jesse.olguin%2cou=sat6%2cou=sal/20130116/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638331/; classtype:trojan-activity;sid:84501431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638332)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kaly4222%2cou=sat%2cou=accounts/20121217/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638332/; classtype:trojan-activity;sid:84501432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638333)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/lxk3100series/cardrdr/setupdir/0006/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638333/; classtype:trojan-activity;sid:84501433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638334)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=dave.custodio%2cou=sat4%2cou=su/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638334/; classtype:trojan-activity;sid:84501434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638330)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/videos/theocratic/meetings/rc2018/info.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638330/; classtype:trojan-activity;sid:84501430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638328)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/jdk.aot/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638328/; classtype:trojan-activity;sid:84501428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638329)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=frank.marroquin%2cou=sat%2cou=a/20130923/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638329/; classtype:trojan-activity;sid:84501429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638326)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jona4179%2cou=sat%2cou=accounts/20120911/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638326/; classtype:trojan-activity;sid:84501426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638327)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/mqf0edg8wl.backupbundle/info.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638327/; classtype:trojan-activity;sid:84501427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638325)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/linksys/nas200-setup%2c1/manual/info.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638325/; classtype:trojan-activity;sid:84501425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638321)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/intel10.2/info.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638321/; classtype:trojan-activity;sid:84501421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638322)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/lxk3100series/cardrdr/setupdir/0416/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638322/; classtype:trojan-activity;sid:84501422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638323)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=matt6451%2cou=sat%2cou=accounts/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638323/; classtype:trojan-activity;sid:84501423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638324)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=william.demarigny%2cou=sat%2cou/20130909/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638324/; classtype:trojan-activity;sid:84501424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638316)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/pictures/sorted/2008/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638316/; classtype:trojan-activity;sid:84501416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638317)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/videos/theocratic/meetings/rc2022/info.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638317/; classtype:trojan-activity;sid:84501417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638318)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/jdk.jartool/info.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638318/; classtype:trojan-activity;sid:84501418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638319)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ian.kelso%2cou=sat4%2cou=suppor/20120914/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638319/; classtype:trojan-activity;sid:84501419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638320)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/expense/2016/december/info.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638320/; classtype:trojan-activity;sid:84501420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638313)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/clx-3170/sp/application/spanel/spanel/lang/info.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638313/; classtype:trojan-activity;sid:84501413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638314)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ian4259%2cou=sat%2cou=accounts%2c/20130528/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638314/; classtype:trojan-activity;sid:84501414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638315)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jame4566%2cou=sat%2cou=accounts/20121217/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638315/; classtype:trojan-activity;sid:84501415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638312)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=john.helms%2cou=aus%2cou=accoun/20130823/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638312/; classtype:trojan-activity;sid:84501412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638307)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=william.demarigny%2cou=sat%2cou/20130930/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638307/; classtype:trojan-activity;sid:84501407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638308)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kat4622%2cou=aus%2cou=accounts%2c/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638308/; classtype:trojan-activity;sid:84501408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638309)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/videos/family%20dv8%202003-4/plex%20versions/info.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638309/; classtype:trojan-activity;sid:84501409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638310)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/demo/nbproject/jfc/transparentruler/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638310/; classtype:trojan-activity;sid:84501410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638311)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jame4566%2cou=sat%2cou=accounts/20121108/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638311/; classtype:trojan-activity;sid:84501411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638304)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=eddie.harmoush%2cou=sat4%2cou=s/20121205/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638304/; classtype:trojan-activity;sid:84501404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638305)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kevi5971%2cou=other%2cou=accoun/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638305/; classtype:trojan-activity;sid:84501405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638306)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/github/rpc-vmware/doc/figures/info.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638306/; classtype:trojan-activity;sid:84501406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638296)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=gran4804%2cou=sat%2cou=accounts/20130531/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638296/; classtype:trojan-activity;sid:84501396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638297)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/clx-3170/print/32bit/data/altitude/info.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638297/; classtype:trojan-activity;sid:84501397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638298)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/github/rpcv-goss-automation/gradle/wrapper/info.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638298/; classtype:trojan-activity;sid:84501398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638299)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=andre.ruffin%2cou=sat4%2cou=sup/20121016/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638299/; classtype:trojan-activity;sid:84501399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638300)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jeremy.carter%2cou=sat%2cou=acc/20130816/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638300/; classtype:trojan-activity;sid:84501400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638301)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/minecraft/worlds/oldworld/dim1/data/info.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638301/; classtype:trojan-activity;sid:84501401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638302)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=dave.custodio%2cou=sat4%2cou=su/20130115/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638302/; classtype:trojan-activity;sid:84501402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638303)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=guillermo.rodriguez%2cou=sat%2c/20130815/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638303/; classtype:trojan-activity;sid:84501403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638295)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/camtasia/temp/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638295/; classtype:trojan-activity;sid:84501395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638293)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kat4622%2cou=aus%2cou=accounts%2c/20120924/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638293/; classtype:trojan-activity;sid:84501393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638294)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/github/rpcv-goss-automation/src/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638294/; classtype:trojan-activity;sid:84501394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638292)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=lromero%2cou=sat%2cou=accounts%2c/20131121/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638292/; classtype:trojan-activity;sid:84501392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638285)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/mkc00adv30.sparsebundle/info.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638285/; classtype:trojan-activity;sid:84501385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638286)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ranjit.singh%2cou=sat%2cou=acco/20130626/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638286/; classtype:trojan-activity;sid:84501386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638287)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=davi4587%2cou=sat%2cou=accounts/20130227/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638287/; classtype:trojan-activity;sid:84501387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638288)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/clx-3170/scan/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638288/; classtype:trojan-activity;sid:84501388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638289)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/expense/2016/march/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638289/; classtype:trojan-activity;sid:84501389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638290)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=rich4608%2cou=sat%2cou=accounts/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638290/; classtype:trojan-activity;sid:84501390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638291)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=christina.liserio%2cou=sat%2cou/20131120/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638291/; classtype:trojan-activity;sid:84501391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638282)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jmoran%2cou=sat4%2cou=support%2co/20120914/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638282/; classtype:trojan-activity;sid:84501382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638283)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kyle4036%2cou=sat%2cou=accounts/20121030/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638283/; classtype:trojan-activity;sid:84501383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638284)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/jdk.internal.vm.compiler/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638284/; classtype:trojan-activity;sid:84501384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638279)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=juan.espinoza%2cou=sat4%2cou=su/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638279/; classtype:trojan-activity;sid:84501379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638280)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=case4738%2cou=sat%2cou=accounts/20121017/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638280/; classtype:trojan-activity;sid:84501380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638281)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=juan5393%2cou=sat%2cou=accounts/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638281/; classtype:trojan-activity;sid:84501381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638275)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/khsbackup/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638275/; classtype:trojan-activity;sid:84501375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638276)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/apc/info.zip"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638276/; classtype:trojan-activity;sid:84501376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638277)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=richard.mccaslin%2cou=sat%2cou=/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638277/; classtype:trojan-activity;sid:84501377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638278)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/clx-3170/sp/data/vecp/win64/info.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638278/; classtype:trojan-activity;sid:84501378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638271)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=brian.walsh%2cou=sat4%2cou=supp/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638271/; classtype:trojan-activity;sid:84501371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638272)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=james.mcculley%2cou=aus1%2cou=s/20121205/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638272/; classtype:trojan-activity;sid:84501372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638273)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kris.silva%2cou=sat4%2cou=suppo/20121206/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638273/; classtype:trojan-activity;sid:84501373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638274)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/clx-3170/print/32bit/printer/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638274/; classtype:trojan-activity;sid:84501374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638267)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/techn/laptop-bmnihgil/data/c/info.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638267/; classtype:trojan-activity;sid:84501367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638268)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/saved_files/info.zip"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638268/; classtype:trojan-activity;sid:84501368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638269)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/videos/theocratic/meetings/cabr2023/info.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638269/; classtype:trojan-activity;sid:84501369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638270)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=gran4804%2cou=sat%2cou=accounts/20121023/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638270/; classtype:trojan-activity;sid:84501370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638266)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=christina.liserio%2cou=sat%2cou/20131213/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638266/; classtype:trojan-activity;sid:84501366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638263)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=gran4804%2cou=sat%2cou=accounts/20130122/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638263/; classtype:trojan-activity;sid:84501363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638264)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ranjit.singh%2cou=sat%2cou=acco/20130621/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638264/; classtype:trojan-activity;sid:84501364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638265)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/netgear/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638265/; classtype:trojan-activity;sid:84501365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638262)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=dani5258%2cou=sat%2cou=accounts/20121217/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638262/; classtype:trojan-activity;sid:84501362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638261)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/downloads/vmware/net55-r8168-8.045a-napi-offline_bundle/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638261/; classtype:trojan-activity;sid:84501361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638257)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/ken_l/laptop-f5c880n2/data/info.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638257/; classtype:trojan-activity;sid:84501357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638258)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=alli4477%2cou=sat%2cou=accounts/20121105/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638258/; classtype:trojan-activity;sid:84501358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638259)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/pictures/sorted/2010/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638259/; classtype:trojan-activity;sid:84501359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638260)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=dave.custodio%2cou=sat4%2cou=su/20130121/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638260/; classtype:trojan-activity;sid:84501360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638256)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/mqm0rrg8wl.purgeable.sparsebundle/info.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638256/; classtype:trojan-activity;sid:84501356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638255)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kyle4036%2cou=sat%2cou=accounts/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638255/; classtype:trojan-activity;sid:84501355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638252)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=christina.liserio%2cou=sat%2cou/20130612/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638252/; classtype:trojan-activity;sid:84501352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638253)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/videos/wedding/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638253/; classtype:trojan-activity;sid:84501353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638254)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=chris.breu%2cou=sat%2cou=accoun/20121123/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638254/; classtype:trojan-activity;sid:84501354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638251)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/intel10.2/pro100/ws03xp2k/info.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638251/; classtype:trojan-activity;sid:84501351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638250)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/mqf0edg8wl.backupbundle/bands/photo.scr"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638250/; classtype:trojan-activity;sid:84501350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638247)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=aaron.segura%2cou=sat4%2cou=sup/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638247/; classtype:trojan-activity;sid:84501347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638248)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=chris.woodard%2cou=sat4%2cou=su/20120910/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638248/; classtype:trojan-activity;sid:84501348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638249)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kyle4036%2cou=sat%2cou=accounts/20121029/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638249/; classtype:trojan-activity;sid:84501349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638243)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=william.demarigny%2cou=sat%2cou/20131003/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638243/; classtype:trojan-activity;sid:84501343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638244)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=aver4919%2cou=sat%2cou=accounts/20120921/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638244/; classtype:trojan-activity;sid:84501344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638245)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ian.kelso%2cou=sat4%2cou=suppor/20121018/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638245/; classtype:trojan-activity;sid:84501345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638246)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=maryann.abercrombie%2cou=sat%2c/20131210/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638246/; classtype:trojan-activity;sid:84501346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638240)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/minecraft/worlds/oldworld/dim-1/region/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638240/; classtype:trojan-activity;sid:84501340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638241)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/recycler/s-1-5-21-1770320470-204575269-1465812353-1010/photo.scr"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638241/; classtype:trojan-activity;sid:84501341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638242)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=andre.ruffin%2cou=sat4%2cou=sup/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638242/; classtype:trojan-activity;sid:84501342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638238)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jame4566%2cou=sat%2cou=accounts/20130408/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638238/; classtype:trojan-activity;sid:84501338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638239)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=richard.mccaslin%2cou=sat%2cou=/20130807/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638239/; classtype:trojan-activity;sid:84501339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638237)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/github/rpc-vmware/doc/common/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638237/; classtype:trojan-activity;sid:84501337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638236)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/pictures/sorted/2013/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638236/; classtype:trojan-activity;sid:84501336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638235)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/desktop-m5lpjci/data/c/users/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638235/; classtype:trojan-activity;sid:84501335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638233)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=chri4616%2cou=sat%2cou=accounts/20120822/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638233/; classtype:trojan-activity;sid:84501333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638234)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kaly4222%2cou=sat%2cou=accounts/20120815/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638234/; classtype:trojan-activity;sid:84501334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638229)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=josh4193%2cou=sat%2cou=accounts/20130226/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638229/; classtype:trojan-activity;sid:84501329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638230)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=eric4281%2cou=sat%2cou=accounts/20130111/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638230/; classtype:trojan-activity;sid:84501330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638231)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/java.sql.rowset/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638231/; classtype:trojan-activity;sid:84501331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638232)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ranjit.singh%2cou=sat%2cou=acco/20130521/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638232/; classtype:trojan-activity;sid:84501332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638227)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ranjit.singh%2cou=sat%2cou=acco/20131125/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638227/; classtype:trojan-activity;sid:84501327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638228)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/demo/jfc/filechooserdemo/info.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638228/; classtype:trojan-activity;sid:84501328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638224)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jame4566%2cou=sat%2cou=accounts/20120808/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638224/; classtype:trojan-activity;sid:84501324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638225)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/demo/jfc/notepad/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638225/; classtype:trojan-activity;sid:84501325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638226)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/minecraft/worlds/lukas-1_14/stats/info.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638226/; classtype:trojan-activity;sid:84501326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638222)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jesu4769%2cou=sat%2cou=accounts/20121031/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638222/; classtype:trojan-activity;sid:84501322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638223)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kaly4222%2cou=sat%2cou=accounts/20131014/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638223/; classtype:trojan-activity;sid:84501323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638221)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/pictures/japan/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638221/; classtype:trojan-activity;sid:84501321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638219)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/audio/theocratic/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638219/; classtype:trojan-activity;sid:84501319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638220)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=william.demarigny%2cou=sat%2cou/20131004/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638220/; classtype:trojan-activity;sid:84501320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638215)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kyle4036%2cou=sat%2cou=accounts/20121107/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638215/; classtype:trojan-activity;sid:84501315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638216)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/jdk.jcmd/info.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638216/; classtype:trojan-activity;sid:84501316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638217)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ian4259%2cou=sat%2cou=accounts%2c/20131024/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638217/; classtype:trojan-activity;sid:84501317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638218)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=justin.drew%2cou=dfw1%2cou=supp/20130201/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638218/; classtype:trojan-activity;sid:84501318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638214)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/xe80_82xpe/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638214/; classtype:trojan-activity;sid:84501314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638213)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/theme/info.zip"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638213/; classtype:trojan-activity;sid:84501313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638207)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jose.hernandez%2cou=sat4%2cou=s/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638207/; classtype:trojan-activity;sid:84501307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638208)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/java.transaction.xa/info.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638208/; classtype:trojan-activity;sid:84501308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638209)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=denn4607%2cou=sat%2cou=accounts/20130118/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638209/; classtype:trojan-activity;sid:84501309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638210)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=arturo.romo%2cou=sat4%2cou=admi/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638210/; classtype:trojan-activity;sid:84501310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638211)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/jdk.xml.dom/info.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638211/; classtype:trojan-activity;sid:84501311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638212)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=aver4919%2cou=sat%2cou=accounts/20121030/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638212/; classtype:trojan-activity;sid:84501312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638203)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/ken_l/laptop-ldebsi5h/configuration/info.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638203/; classtype:trojan-activity;sid:84501303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638204)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/demo/jfc/swingset2/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638204/; classtype:trojan-activity;sid:84501304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638205)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/java.naming/info.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638205/; classtype:trojan-activity;sid:84501305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638206)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ian4259%2cou=sat%2cou=accounts%2c/20121119/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638206/; classtype:trojan-activity;sid:84501306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638200)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jame4328%2cou=sat%2cou=accounts/20120914/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638200/; classtype:trojan-activity;sid:84501300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638201)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=forrest.burrows%2cou=sat4%2cou=/20120905/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638201/; classtype:trojan-activity;sid:84501301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638202)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kyle4036%2cou=sat%2cou=accounts/20121206/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638202/; classtype:trojan-activity;sid:84501302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638196)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/lxk3100series/cardrdr/english/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638196/; classtype:trojan-activity;sid:84501296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638197)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/java.xml/info.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638197/; classtype:trojan-activity;sid:84501297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638198)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/minecraft/worlds/oldworld/stats/dim1/data/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638198/; classtype:trojan-activity;sid:84501298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638199)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/pictures/sorted/2015/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638199/; classtype:trojan-activity;sid:84501299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638193)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/jdk.jshell/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638193/; classtype:trojan-activity;sid:84501293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638194)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kbedsole%2cou=sat4%2cou=support/20121221/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638194/; classtype:trojan-activity;sid:84501294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638195)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=marc.ragsdale%2cou=sat%2cou=acc/20130906/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638195/; classtype:trojan-activity;sid:84501295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638191)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ranjit.singh%2cou=sat%2cou=acco/20131114/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638191/; classtype:trojan-activity;sid:84501291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638192)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=dhopkins%2cou=sat4%2cou=support/20130227/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638192/; classtype:trojan-activity;sid:84501292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638185)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=brook.hudson%2cou=sat4%2cou=sup/20120925/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638185/; classtype:trojan-activity;sid:84501285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638186)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/clx-3170/print/32bit/data/vecp/vista/photo.scr"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638186/; classtype:trojan-activity;sid:84501286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638187)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jame4566%2cou=sat%2cou=accounts/20120822/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638187/; classtype:trojan-activity;sid:84501287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638188)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jame3935%2cou=sat%2cou=accounts/20131008/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638188/; classtype:trojan-activity;sid:84501288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638189)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/github/rpcv-goss-automation/src/test/groovy/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638189/; classtype:trojan-activity;sid:84501289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638190)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/desktop-m5lpjci/data/c/users/ken_l/intel/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638190/; classtype:trojan-activity;sid:84501290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638181)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jame4566%2cou=sat%2cou=accounts/20130326/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638181/; classtype:trojan-activity;sid:84501281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638182)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=eric.wills%2cou=aus%2cou=accoun/20130821/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638182/; classtype:trojan-activity;sid:84501282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638183)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ian4259%2cou=sat%2cou=accounts%2c/20130912/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638183/; classtype:trojan-activity;sid:84501283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638184)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=christina.liserio%2cou=sat%2cou/20130618/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638184/; classtype:trojan-activity;sid:84501284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638180)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kyle4036%2cou=sat%2cou=accounts/20121031/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638180/; classtype:trojan-activity;sid:84501280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638179)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=james.mcculley%2cou=aus1%2cou=s/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638179/; classtype:trojan-activity;sid:84501279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638178)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=christina.liserio%2cou=sat%2cou/20130917/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638178/; classtype:trojan-activity;sid:84501278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638177)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=eric4281%2cou=sat%2cou=accounts/20121123/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638177/; classtype:trojan-activity;sid:84501277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638176)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=krista.stevens%2cou=sat4%2cou=s/20121101/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638176/; classtype:trojan-activity;sid:84501276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638174)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/videos/theocratic/compilations/info.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638174/; classtype:trojan-activity;sid:84501274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638175)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ranjit.singh%2cou=sat%2cou=acco/20131007/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638175/; classtype:trojan-activity;sid:84501275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638169)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ian.kelso%2cou=sat4%2cou=suppor/20121204/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638169/; classtype:trojan-activity;sid:84501269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638170)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/clx-3170/sp/application/spanel/spanel/info.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638170/; classtype:trojan-activity;sid:84501270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638171)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/demo/nbproject/management/memorymonitor/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638171/; classtype:trojan-activity;sid:84501271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638172)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/audio/music/enya/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638172/; classtype:trojan-activity;sid:84501272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638173)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=mike.mcbain%2cou=sat%2cou=accou/20131120/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638173/; classtype:trojan-activity;sid:84501273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638168)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/videos/theocratic/meetings/caco2022/info.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638168/; classtype:trojan-activity;sid:84501268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638163)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=chri4616%2cou=sat%2cou=accounts/20121119/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638163/; classtype:trojan-activity;sid:84501263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638164)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/jdk.hotspot.agent/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638164/; classtype:trojan-activity;sid:84501264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638165)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/clx-3170/sp/data/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638165/; classtype:trojan-activity;sid:84501265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638166)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/github/rpc-vmware/doc/server-virt-handbook/user-manual/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638166/; classtype:trojan-activity;sid:84501266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638167)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=emily.einhaus%2cou=aus1%2cou=su/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638167/; classtype:trojan-activity;sid:84501267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638159)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=brad4423%2cou=sat%2cou=accounts/20120913/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638159/; classtype:trojan-activity;sid:84501259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638160)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/ken_l/laptop-f5c880n2/data/c/users/ken_l/music/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638160/; classtype:trojan-activity;sid:84501260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638161)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ian4259%2cou=sat%2cou=accounts%2c/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638161/; classtype:trojan-activity;sid:84501261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638162)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/github/rpc-vmware/doc/rpc-vmware-customer-handbook/hcx/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638162/; classtype:trojan-activity;sid:84501262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638156)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=krista.stevens%2cou=sat4%2cou=s/20121018/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638156/; classtype:trojan-activity;sid:84501256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638157)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/pictures/sorted/2018/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638157/; classtype:trojan-activity;sid:84501257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638158)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jesse.olguin%2cou=sat6%2cou=sal/20130314/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638158/; classtype:trojan-activity;sid:84501258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638153)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kaly4222%2cou=sat%2cou=accounts/20130227/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638153/; classtype:trojan-activity;sid:84501253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638154)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/ken_l/laptop-f5c880n2/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638154/; classtype:trojan-activity;sid:84501254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638155)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=brook.hudson%2cou=sat4%2cou=sup/20121102/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638155/; classtype:trojan-activity;sid:84501255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638149)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=hdeleon%2cou=sat4%2cou=admin%2cou/20121018/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638149/; classtype:trojan-activity;sid:84501249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638150)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/github/rpc-vmware/doc/vcenter-handbook/info.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638150/; classtype:trojan-activity;sid:84501250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638151)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=marc.ragsdale%2cou=sat%2cou=acc/20131104/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638151/; classtype:trojan-activity;sid:84501251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638152)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/expense/2016/january/info.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638152/; classtype:trojan-activity;sid:84501252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638147)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jess0239%2cou=ord%2cou=accounts/20120830/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638147/; classtype:trojan-activity;sid:84501247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638148)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=christina.liserio%2cou=sat%2cou/20130717/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638148/; classtype:trojan-activity;sid:84501248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638140)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638140/; classtype:trojan-activity;sid:84501240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638141)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=christina.liserio%2cou=sat%2cou/20131017/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638141/; classtype:trojan-activity;sid:84501241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638142)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=william.demarigny%2cou=sat%2cou/20131114/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638142/; classtype:trojan-activity;sid:84501242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638143)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=krys4630%2cou=aus%2cou=accounts/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638143/; classtype:trojan-activity;sid:84501243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638144)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/minecraft/worlds/oldworld/stats/info.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638144/; classtype:trojan-activity;sid:84501244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638145)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/intel10.2/apps/makedisk/info.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638145/; classtype:trojan-activity;sid:84501245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638146)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=fira5363%2cou=sat%2cou=accounts/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638146/; classtype:trojan-activity;sid:84501246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638138)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/audio/music/info.zip"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638138/; classtype:trojan-activity;sid:84501238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638139)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/windowsimagebackup/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638139/; classtype:trojan-activity;sid:84501239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638135)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/marcone/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638135/; classtype:trojan-activity;sid:84501235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638136)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/clx-3170/print/32bit/printer/spl_color/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638136/; classtype:trojan-activity;sid:84501236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638137)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/java.rmi/info.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638137/; classtype:trojan-activity;sid:84501237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638134)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=krista.stevens%2cou=sat4%2cou=s/20121102/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638134/; classtype:trojan-activity;sid:84501234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638132)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jame4566%2cou=sat%2cou=accounts/20120905/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638132/; classtype:trojan-activity;sid:84501232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638133)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ian.kelso%2cou=sat4%2cou=suppor/20130131/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638133/; classtype:trojan-activity;sid:84501233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638131)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jame4566%2cou=sat%2cou=accounts/20120918/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638131/; classtype:trojan-activity;sid:84501231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638129)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=aaron.segura%2cou=sat4%2cou=sup/20130206/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638129/; classtype:trojan-activity;sid:84501229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638130)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=justin.ellis%2cou=sat%2cou=acco/20131007/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638130/; classtype:trojan-activity;sid:84501230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638128)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/videos/events/info.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638128/; classtype:trojan-activity;sid:84501228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638127)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=cynt4315%2cou=sat%2cou=accounts/20121210/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638127/; classtype:trojan-activity;sid:84501227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638126)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=chris.large%2cou=dfw1%2cou=supp/20130125/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638126/; classtype:trojan-activity;sid:84501226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638121)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ranjit.singh%2cou=sat%2cou=acco/20130611/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638121/; classtype:trojan-activity;sid:84501221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638122)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/demo/nbproject/jfc/transparentruler/nbproject/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638122/; classtype:trojan-activity;sid:84501222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638123)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/jdk.pack/info.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638123/; classtype:trojan-activity;sid:84501223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638124)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=dlane%2cou=sat4%2cou=support%2cou/20121220/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638124/; classtype:trojan-activity;sid:84501224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638125)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=aaron.jensen%2cou=sat4%2cou=sup/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638125/; classtype:trojan-activity;sid:84501225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638116)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=eric.wills%2cou=aus%2cou=accoun/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638116/; classtype:trojan-activity;sid:84501216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638117)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/jdk.internal.vm.ci/info.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638117/; classtype:trojan-activity;sid:84501217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638118)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=juan.espinoza%2cou=sat4%2cou=su/20130122/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638118/; classtype:trojan-activity;sid:84501218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638119)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=gran4804%2cou=sat%2cou=accounts/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638119/; classtype:trojan-activity;sid:84501219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638120)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=dale.perreault%2cou=sat4%2cou=s/20130121/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638120/; classtype:trojan-activity;sid:84501220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638114)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/lxk3100series/cardrdr/setupdir/0009/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638114/; classtype:trojan-activity;sid:84501214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638115)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/jdk.internal.ed/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638115/; classtype:trojan-activity;sid:84501215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638112)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ranjit.singh%2cou=sat4%2cou=sup/20130417/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638112/; classtype:trojan-activity;sid:84501212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638113)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ian4259%2cou=sat%2cou=accounts%2c/20131008/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638113/; classtype:trojan-activity;sid:84501213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638107)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=arsa5837%2cou=sat%2cou=accounts/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638107/; classtype:trojan-activity;sid:84501207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638108)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ranjit.singh%2cou=sat%2cou=acco/20130912/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638108/; classtype:trojan-activity;sid:84501208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638109)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ranjit.singh%2cou=sat%2cou=acco/20130801/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638109/; classtype:trojan-activity;sid:84501209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638110)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/jdk.internal.opt/info.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638110/; classtype:trojan-activity;sid:84501210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638111)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=carl5667%2cou=sat%2cou=accounts/20130118/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638111/; classtype:trojan-activity;sid:84501211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638103)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=juan5393%2cou=sat%2cou=accounts/20121218/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638103/; classtype:trojan-activity;sid:84501203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638104)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jame4566%2cou=sat%2cou=accounts/20130607/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638104/; classtype:trojan-activity;sid:84501204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638105)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=chris.large%2cou=dfw1%2cou=supp/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638105/; classtype:trojan-activity;sid:84501205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638106)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/ken_l/laptop-ldebsi5h/data/c/users/ken_l/info.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638106/; classtype:trojan-activity;sid:84501206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638102)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/desktop-m5lpjci/data/c/users/ken_l/favorites/acer/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638102/; classtype:trojan-activity;sid:84501202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638099)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=richard.mccaslin%2cou=sat%2cou=/20130814/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638099/; classtype:trojan-activity;sid:84501199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638100)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jame4566%2cou=sat%2cou=accounts/20120910/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638100/; classtype:trojan-activity;sid:84501200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638101)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/java.management.rmi/info.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638101/; classtype:trojan-activity;sid:84501201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638094)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=matt.erben2%2cou=sat%2cou=accou/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638094/; classtype:trojan-activity;sid:84501194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638095)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ranjit.singh%2cou=sat%2cou=acco/20130515/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638095/; classtype:trojan-activity;sid:84501195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638096)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/jdk.crypto.mscapi/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638096/; classtype:trojan-activity;sid:84501196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638097)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ian.kelso%2cou=sat4%2cou=suppor/20130117/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638097/; classtype:trojan-activity;sid:84501197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638098)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=cindy.mason%2cou=sat4%2cou=supp/20120926/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638098/; classtype:trojan-activity;sid:84501198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638093)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kaly4222%2cou=sat%2cou=accounts/20130314/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638093/; classtype:trojan-activity;sid:84501193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638091)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/windowsimagebackup/ethan-pc/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638091/; classtype:trojan-activity;sid:84501191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638092)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/techn/laptop-bmnihgil/data/c/users/techn/onedrive/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638092/; classtype:trojan-activity;sid:84501192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638089)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/mqf0edg8wl.backupbundle/bands/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638089/; classtype:trojan-activity;sid:84501189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638090)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kyle4036%2cou=sat%2cou=accounts/20120913/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638090/; classtype:trojan-activity;sid:84501190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638085)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/jdk.accessibility/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638085/; classtype:trojan-activity;sid:84501185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638086)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ian4259%2cou=sat%2cou=accounts%2c/20121026/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638086/; classtype:trojan-activity;sid:84501186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638087)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/github/rpc-vmware/doc/vcloud-handbook/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638087/; classtype:trojan-activity;sid:84501187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638088)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=william.demarigny%2cou=sat%2cou/20131125/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638088/; classtype:trojan-activity;sid:84501188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638082)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=mike.mcbain%2cou=sat%2cou=accou/20131119/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638082/; classtype:trojan-activity;sid:84501182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638083)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=christina.liserio%2cou=sat%2cou/20131023/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638083/; classtype:trojan-activity;sid:84501183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638084)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=care5508%2cou=sat%2cou=accounts/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638084/; classtype:trojan-activity;sid:84501184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638079)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/java.smartcardio/info.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638079/; classtype:trojan-activity;sid:84501179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638080)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=chas4494%2cou=sat%2cou=accounts/20120907/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638080/; classtype:trojan-activity;sid:84501180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638081)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/mkc00adv30.sparsebundle/bands/photo.scr"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638081/; classtype:trojan-activity;sid:84501181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638077)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=davi6217%2cou=sat%2cou=accounts/20131121/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638077/; classtype:trojan-activity;sid:84501177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638078)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=gary.porter%2cou=sat4%2cou=supp/20121015/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638078/; classtype:trojan-activity;sid:84501178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638071)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/videos/theocratic/meetings/caco2021/info.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638071/; classtype:trojan-activity;sid:84501171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638072)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jesse.olguin%2cou=sat%2cou=acco/20131104/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638072/; classtype:trojan-activity;sid:84501172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638073)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/demo/nbproject/management/jtop/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638073/; classtype:trojan-activity;sid:84501173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638074)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jord4793%2cou=sat%2cou=accounts/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638074/; classtype:trojan-activity;sid:84501174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638075)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/videos/friends/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638075/; classtype:trojan-activity;sid:84501175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638076)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kris.silva%2cou=sat4%2cou=suppo/20121203/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638076/; classtype:trojan-activity;sid:84501176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638068)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/theme/royale_noir/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638068/; classtype:trojan-activity;sid:84501168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638069)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=chas4494%2cou=sat%2cou=accounts/20130116/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638069/; classtype:trojan-activity;sid:84501169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638070)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=james.buchan%2cou=sat4%2cou=sup/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638070/; classtype:trojan-activity;sid:84501170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638066)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=rich4608%2cou=sat%2cou=accounts/20131122/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638066/; classtype:trojan-activity;sid:84501166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638067)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=joel.valdez%2cou=sat4%2cou=supp/20121226/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638067/; classtype:trojan-activity;sid:84501167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638061)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jame4566%2cou=sat%2cou=accounts/20120914/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638061/; classtype:trojan-activity;sid:84501161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638062)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kyle4036%2cou=sat%2cou=accounts/20120806/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638062/; classtype:trojan-activity;sid:84501162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638063)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=brian.kendrick%2cou=aus1%2cou=s/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638063/; classtype:trojan-activity;sid:84501163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638064)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/desktop-m5lpjci/data/c/users/ken_l/documents/info.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638064/; classtype:trojan-activity;sid:84501164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638065)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/lxk3100series/cardrdr/setupdir/0019/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638065/; classtype:trojan-activity;sid:84501165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638058)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/info.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638058/; classtype:trojan-activity;sid:84501158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638059)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ecomsti%2cou=sat4%2cou=support%2c/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638059/; classtype:trojan-activity;sid:84501159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638060)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/usb_drive/info.zip"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638060/; classtype:trojan-activity;sid:84501160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638055)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ian4259%2cou=sat%2cou=accounts%2c/20120803/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638055/; classtype:trojan-activity;sid:84501155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638056)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/videos/family%20dv8%202001/plex%20versions/info.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638056/; classtype:trojan-activity;sid:84501156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638057)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ranjit.singh%2cou=sat%2cou=acco/20130807/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638057/; classtype:trojan-activity;sid:84501157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638051)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=juan5393%2cou=sat%2cou=accounts/20130320/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638051/; classtype:trojan-activity;sid:84501151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638052)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/minecraft/worlds/lukas-1_14/region/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638052/; classtype:trojan-activity;sid:84501152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638053)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kyle4036%2cou=sat%2cou=accounts/20120814/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638053/; classtype:trojan-activity;sid:84501153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638054)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=aaron.dumar%2cou=sat6%2cou=sale/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638054/; classtype:trojan-activity;sid:84501154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638050)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kris.silva%2cou=sat4%2cou=suppo/20130201/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638050/; classtype:trojan-activity;sid:84501150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638047)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/desktop-m5lpjci/data/c/users/ken_l/desktop/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638047/; classtype:trojan-activity;sid:84501147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638048)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ranjit.singh%2cou=sat%2cou=acco/20131115/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638048/; classtype:trojan-activity;sid:84501148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638049)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=gliserio%2cou=sat%2cou=accounts/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638049/; classtype:trojan-activity;sid:84501149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638043)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jason.vick%2cou=sat4%2cou=iss%2co/20120914/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638043/; classtype:trojan-activity;sid:84501143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638044)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jennifer.cueto%2cou=sat4%2cou=s/20120914/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638044/; classtype:trojan-activity;sid:84501144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638045)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ian.kelso%2cou=sat4%2cou=suppor/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638045/; classtype:trojan-activity;sid:84501145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638046)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/netgear/psv301/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638046/; classtype:trojan-activity;sid:84501146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638041)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=william.demarigny%2cou=sat%2cou/20131203/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638041/; classtype:trojan-activity;sid:84501141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638042)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=frank.marroquin%2cou=sat%2cou=a/20130919/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638042/; classtype:trojan-activity;sid:84501142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638040)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=dave.custodio%2cou=sat4%2cou=su/20130222/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638040/; classtype:trojan-activity;sid:84501140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638039)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kris.silva%2cou=sat4%2cou=suppo/20120927/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638039/; classtype:trojan-activity;sid:84501139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638034)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=v.gananathan%2cou=sat4%2cou=sup/20130422/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638034/; classtype:trojan-activity;sid:84501134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638035)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=gran4804%2cou=sat%2cou=accounts/20120917/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638035/; classtype:trojan-activity;sid:84501135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638036)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kbedsole%2cou=sat4%2cou=support/20121024/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638036/; classtype:trojan-activity;sid:84501136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638037)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=justin.ellis%2cou=sat%2cou=acco/20130815/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638037/; classtype:trojan-activity;sid:84501137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638038)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/heather/heather/heather-pc/data/%24of/info.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638038/; classtype:trojan-activity;sid:84501138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638033)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/java.management/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638033/; classtype:trojan-activity;sid:84501133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638032)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/videos/family%20dv8%202002/plex%20versions/info.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638032/; classtype:trojan-activity;sid:84501132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638027)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/conf/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638027/; classtype:trojan-activity;sid:84501127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638028)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=christina.liserio%2cou=sat%2cou/20131024/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638028/; classtype:trojan-activity;sid:84501128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638029)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=fran5475%2cou=sat%2cou=accounts/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638029/; classtype:trojan-activity;sid:84501129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638030)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=john.gillaspy%2cou=sat4%2cou=su/20130206/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638030/; classtype:trojan-activity;sid:84501130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638031)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=juan.espinoza%2cou=sat4%2cou=su/20130115/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638031/; classtype:trojan-activity;sid:84501131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638023)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/expense/2017/vmworld/info.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638023/; classtype:trojan-activity;sid:84501123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638024)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kris.silva%2cou=sat4%2cou=suppo/20121017/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638024/; classtype:trojan-activity;sid:84501124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638025)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/github/rpc-vmware/doc/vmware-cloud/support/info.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638025/; classtype:trojan-activity;sid:84501125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638026)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/demo/nbproject/info.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638026/; classtype:trojan-activity;sid:84501126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638016)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/ricoh/twain/info.zip"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638016/; classtype:trojan-activity;sid:84501116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638017)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=william.demarigny%2cou=sat%2cou/20131024/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638017/; classtype:trojan-activity;sid:84501117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638018)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/pictures/sorted/2010/photo.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638018/; classtype:trojan-activity;sid:84501118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638019)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=aver4919%2cou=sat%2cou=accounts/20121116/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638019/; classtype:trojan-activity;sid:84501119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638020)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/clx-3170/sp/data/altitude/info.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638020/; classtype:trojan-activity;sid:84501120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638021)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/ken_l/laptop-ldebsi5h/data/c/users/ken_l/documents/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638021/; classtype:trojan-activity;sid:84501121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638022)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=john.helms%2cou=aus%2cou=accoun/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638022/; classtype:trojan-activity;sid:84501122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638012)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/clx-3170/scan/32/64bit/scanner/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638012/; classtype:trojan-activity;sid:84501112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638013)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ian4259%2cou=sat%2cou=accounts%2c/20121029/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638013/; classtype:trojan-activity;sid:84501113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638014)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/intel10.2/apps/tools/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638014/; classtype:trojan-activity;sid:84501114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638015)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=amyclaire.wieser%2cou=sat4%2cou/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638015/; classtype:trojan-activity;sid:84501115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638003)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ian4259%2cou=sat%2cou=accounts%2c/20131014/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638003/; classtype:trojan-activity;sid:84501103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638004)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ecomsti%2cou=sat4%2cou=support%2c/20120822/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638004/; classtype:trojan-activity;sid:84501104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638005)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ian.kelso%2cou=sat4%2cou=suppor/20121022/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638005/; classtype:trojan-activity;sid:84501105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638006)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=daniel.dang%2cou=sat4%2cou=supp/20130111/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638006/; classtype:trojan-activity;sid:84501106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638007)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/jdk.editpad/info.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638007/; classtype:trojan-activity;sid:84501107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638008)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jonathan.somers%2cou=sat%2cou=a/20130801/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638008/; classtype:trojan-activity;sid:84501108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638009)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=cameron.ortiz%2cou=sat4%2cou=su/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638009/; classtype:trojan-activity;sid:84501109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638010)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=chris.hudson%2cou=sat6%2cou=sup/20121128/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638010/; classtype:trojan-activity;sid:84501110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638011)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ranjit.singh%2cou=sat%2cou=acco/20131211/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638011/; classtype:trojan-activity;sid:84501111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638001)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=joey.gomez%2cou=sat%2cou=accoun/20130612/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638001/; classtype:trojan-activity;sid:84501101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638002)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/minecraft/worlds/oldworld/poi/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638002/; classtype:trojan-activity;sid:84501102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637999)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=gary.porter%2cou=sat4%2cou=supp/20120816/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637999/; classtype:trojan-activity;sid:84501099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638000)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/pictures/friends/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3638000/; classtype:trojan-activity;sid:84501100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637995)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=dani5258%2cou=sat%2cou=accounts/20121119/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637995/; classtype:trojan-activity;sid:84501095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637996)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/desktop-m5lpjci/data/c/users/ken_l/pictures/info.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637996/; classtype:trojan-activity;sid:84501096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637997)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jona4179%2cou=sat%2cou=accounts/20120801/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637997/; classtype:trojan-activity;sid:84501097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637998)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=alli4477%2cou=sat%2cou=accounts/20120927/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637998/; classtype:trojan-activity;sid:84501098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637993)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=dale.perreault%2cou=sat4%2cou=s/20121015/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637993/; classtype:trojan-activity;sid:84501093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637994)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=geoff.hellings%2cou=dfw1%2cou=s/20121220/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637994/; classtype:trojan-activity;sid:84501094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637990)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jeremy.carter%2cou=sat%2cou=acc/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637990/; classtype:trojan-activity;sid:84501090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637991)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=katie.powers%2cou=sat4%2cou=sup/20121029/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637991/; classtype:trojan-activity;sid:84501091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637992)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/mac/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637992/; classtype:trojan-activity;sid:84501092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637988)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=william.demarigny%2cou=sat%2cou/20131204/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637988/; classtype:trojan-activity;sid:84501088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637989)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/github/rpcv-goss-automation/src/main/groovy/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637989/; classtype:trojan-activity;sid:84501089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637986)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=just0264%2cou=ord%2cou=accounts/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637986/; classtype:trojan-activity;sid:84501086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637987)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/heather/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637987/; classtype:trojan-activity;sid:84501087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637983)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=juan5393%2cou=sat%2cou=accounts/20130130/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637983/; classtype:trojan-activity;sid:84501083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637984)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=mike.burris%2cou=sat%2cou=accou/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637984/; classtype:trojan-activity;sid:84501084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637985)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=christina.liserio%2cou=sat%2cou/20131022/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637985/; classtype:trojan-activity;sid:84501085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637981)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/expense/2017/april/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637981/; classtype:trojan-activity;sid:84501081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637982)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/demo/jfc/tableexample/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637982/; classtype:trojan-activity;sid:84501082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637978)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/linksys/nas200-setup1/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637978/; classtype:trojan-activity;sid:84501078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637979)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/jdk.attach/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637979/; classtype:trojan-activity;sid:84501079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637980)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kyle4036%2cou=sat%2cou=accounts/20120827/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637980/; classtype:trojan-activity;sid:84501080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637974)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ranjit.singh%2cou=sat%2cou=acco/20130531/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637974/; classtype:trojan-activity;sid:84501074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637975)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kevin.anders%2cou=sat4%2cou=sup/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637975/; classtype:trojan-activity;sid:84501075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637976)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=cindy.mason%2cou=sat4%2cou=supp/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637976/; classtype:trojan-activity;sid:84501076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637977)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/jdk.jdeps/info.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637977/; classtype:trojan-activity;sid:84501077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637971)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/videos/family%20dv8%202003-4/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637971/; classtype:trojan-activity;sid:84501071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637972)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=christina.liserio%2cou=sat%2cou/20130827/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637972/; classtype:trojan-activity;sid:84501072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637973)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/ken_l/laptop-f5c880n2/data/c/users/ken_l/desktop/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637973/; classtype:trojan-activity;sid:84501073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637968)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jame4566%2cou=sat%2cou=accounts/20121029/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637968/; classtype:trojan-activity;sid:84501068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637969)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=christina.liserio%2cou=sat%2cou/20130819/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637969/; classtype:trojan-activity;sid:84501069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637970)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/ati2016wd_build33/info.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637970/; classtype:trojan-activity;sid:84501070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637967)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=james.dober%2cou=dfw1%2cou=supp/20130207/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637967/; classtype:trojan-activity;sid:84501067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637965)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=aaron.dumar%2cou=sat6%2cou=sale/20120813/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637965/; classtype:trojan-activity;sid:84501065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637966)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/videos/theocratic/meetings/rc2024/info.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637966/; classtype:trojan-activity;sid:84501066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637963)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ranjit.singh%2cou=sat%2cou=acco/20130501/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637963/; classtype:trojan-activity;sid:84501063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637964)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/desktop-m5lpjci/data/c/users/ken_l/videos/info.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637964/; classtype:trojan-activity;sid:84501064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637959)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=christina.liserio%2cou=sat%2cou/20130617/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637959/; classtype:trojan-activity;sid:84501059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637960)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/mkc00adv30.sparsebundle/photo.scr"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637960/; classtype:trojan-activity;sid:84501060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637961)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/jdk.zipfs/info.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637961/; classtype:trojan-activity;sid:84501061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637962)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=chris.large%2cou=dfw1%2cou=supp/20121108/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637962/; classtype:trojan-activity;sid:84501062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637948)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=char5472%2cou=aus%2cou=accounts/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637948/; classtype:trojan-activity;sid:84501048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637949)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jame4566%2cou=sat%2cou=accounts/20130905/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637949/; classtype:trojan-activity;sid:84501049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637950)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/recycler/info.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637950/; classtype:trojan-activity;sid:84501050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637951)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=chri4616%2cou=sat%2cou=accounts/20121203/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637951/; classtype:trojan-activity;sid:84501051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637952)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=eli.robertson%2cou=sat4%2cou=su/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637952/; classtype:trojan-activity;sid:84501052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637953)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jmoran%2cou=sat4%2cou=support%2co/20121017/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637953/; classtype:trojan-activity;sid:84501053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637954)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jesse.olguin%2cou=sat6%2cou=sal/20130304/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637954/; classtype:trojan-activity;sid:84501054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637955)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/clx-3170/print/32bit/data/vecp/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637955/; classtype:trojan-activity;sid:84501055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637956)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kris.silva%2cou=sat4%2cou=suppo/20120831/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637956/; classtype:trojan-activity;sid:84501056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637957)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=christina.liserio%2cou=sat%2cou/20130523/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637957/; classtype:trojan-activity;sid:84501057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637958)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/clx-3170/print/32bit/data/altitude/photo.scr"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637958/; classtype:trojan-activity;sid:84501058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637946)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ian4259%2cou=sat%2cou=accounts%2c/20131011/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637946/; classtype:trojan-activity;sid:84501046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637947)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=christina.liserio%2cou=sat%2cou/20130930/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637947/; classtype:trojan-activity;sid:84501047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637945)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/clx-3170/print/32bit/data/info.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637945/; classtype:trojan-activity;sid:84501045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637944)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/demos/info.zip"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637944/; classtype:trojan-activity;sid:84501044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637943)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=joel.valdez%2cou=sat4%2cou=supp/20130131/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637943/; classtype:trojan-activity;sid:84501043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637940)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=william.demarigny%2cou=sat%2cou/20131112/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637940/; classtype:trojan-activity;sid:84501040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637941)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jason.vick%2cou=sat4%2cou=iss%2co/20130227/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637941/; classtype:trojan-activity;sid:84501041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637942)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/videos/family/info.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637942/; classtype:trojan-activity;sid:84501042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637938)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/ken_l/laptop-f5c880n2/data/c/users/ken_l/videos/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637938/; classtype:trojan-activity;sid:84501038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637939)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=joel.valdez%2cou=sat4%2cou=supp/20120917/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637939/; classtype:trojan-activity;sid:84501039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637937)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=gran4804%2cou=sat%2cou=accounts/20130116/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637937/; classtype:trojan-activity;sid:84501037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637935)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ranjit.singh%2cou=sat%2cou=acco/20130823/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637935/; classtype:trojan-activity;sid:84501035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637936)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/recycler/s-1-5-21-1770320470-204575269-1465812353-1010/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637936/; classtype:trojan-activity;sid:84501036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637931)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=alli4477%2cou=sat%2cou=accounts/20121119/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637931/; classtype:trojan-activity;sid:84501031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637932)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/videos/theocratic/meetings/cabr2021/info.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637932/; classtype:trojan-activity;sid:84501032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637933)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/desktop-m5lpjci/data/c/users/ken_l/favorites/info.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637933/; classtype:trojan-activity;sid:84501033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637934)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=bruc4268%2cou=sat%2cou=accounts/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637934/; classtype:trojan-activity;sid:84501034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637929)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/minecraft/worlds/oldworld/stats/data/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637929/; classtype:trojan-activity;sid:84501029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637930)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=aver4919%2cou=sat%2cou=accounts/20130318/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637930/; classtype:trojan-activity;sid:84501030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637921)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/desktop-m5lpjci/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637921/; classtype:trojan-activity;sid:84501021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637922)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/clx-3170/sp/data/vecp/vista/info.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637922/; classtype:trojan-activity;sid:84501022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637923)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/pictures/loganspics/2016-08/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637923/; classtype:trojan-activity;sid:84501023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637924)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ranjit.singh%2cou=sat4%2cou=sup/20130423/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637924/; classtype:trojan-activity;sid:84501024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637925)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=mike.burris%2cou=sat%2cou=accou/20130522/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637925/; classtype:trojan-activity;sid:84501025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637926)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ian4259%2cou=sat%2cou=accounts%2c/20131028/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637926/; classtype:trojan-activity;sid:84501026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637927)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=aver4919%2cou=sat%2cou=accounts/20121015/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637927/; classtype:trojan-activity;sid:84501027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637928)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/audio/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637928/; classtype:trojan-activity;sid:84501028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637919)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jesse.olguin%2cou=sat%2cou=acco/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637919/; classtype:trojan-activity;sid:84501019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637920)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/minecraft/info.zip"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637920/; classtype:trojan-activity;sid:84501020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637916)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/pictures/sorted/2002/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637916/; classtype:trojan-activity;sid:84501016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637917)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=brian.kendrick%2cou=aus1%2cou=s/20121109/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637917/; classtype:trojan-activity;sid:84501017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637918)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/ken_l/laptop-f5c880n2/data/c/users/ken_l/downloads/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637918/; classtype:trojan-activity;sid:84501018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637912)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=brook.hudson%2cou=sat4%2cou=sup/20121105/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637912/; classtype:trojan-activity;sid:84501012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637913)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=lmoreno%2cou=sat%2cou=accounts%2c/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637913/; classtype:trojan-activity;sid:84501013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637914)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637914/; classtype:trojan-activity;sid:84501014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637915)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ranjit.singh%2cou=sat%2cou=acco/20130717/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637915/; classtype:trojan-activity;sid:84501015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637911)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/videos/motion/info.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637911/; classtype:trojan-activity;sid:84501011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637909)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ian4259%2cou=sat%2cou=accounts%2c/20121206/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637909/; classtype:trojan-activity;sid:84501009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637910)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/pictures/info.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637910/; classtype:trojan-activity;sid:84501010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637907)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=angela.howell%2cou=sat%2cou=acc/20131115/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637907/; classtype:trojan-activity;sid:84501007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637908)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/minecraft/worlds/oldworld/stats/playerdata/info.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637908/; classtype:trojan-activity;sid:84501008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637905)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/tuner/sku333087/driver/info.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637905/; classtype:trojan-activity;sid:84501005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637906)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=christina.liserio%2cou=sat%2cou/20130611/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637906/; classtype:trojan-activity;sid:84501006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637904)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=aaron.dumar%2cou=sat6%2cou=sale/20120905/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637904/; classtype:trojan-activity;sid:84501004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637903)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/minecraft/worlds/oldworld/data/info.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637903/; classtype:trojan-activity;sid:84501003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637899)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/demo/nbproject/jfc/sampletree/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637899/; classtype:trojan-activity;sid:84500999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637900)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=eric4281%2cou=sat%2cou=accounts/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637900/; classtype:trojan-activity;sid:84501000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637901)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/desktop-m5lpjci/data/c/users/ken_l/music/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637901/; classtype:trojan-activity;sid:84501001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637902)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/clx-3170/sp/data/vecp/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637902/; classtype:trojan-activity;sid:84501002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637898)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jame4566%2cou=sat%2cou=accounts/20120917/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637898/; classtype:trojan-activity;sid:84500998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637897)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kyle4036%2cou=sat%2cou=accounts/20121129/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637897/; classtype:trojan-activity;sid:84500997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637893)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/ken_l/laptop-ldebsi5h/data/c/users/ken_l/videos/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637893/; classtype:trojan-activity;sid:84500993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637894)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=christina.liserio%2cou=sat%2cou/20131112/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637894/; classtype:trojan-activity;sid:84500994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637895)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=james.pricemelland%2cou=sat6%2c/20130305/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637895/; classtype:trojan-activity;sid:84500995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637896)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=joey.gomez%2cou=sat%2cou=accoun/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637896/; classtype:trojan-activity;sid:84500996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637892)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jame3935%2cou=sat%2cou=accounts/20121102/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637892/; classtype:trojan-activity;sid:84500992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637885)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/github/rpcv-goss-automation/src/main/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637885/; classtype:trojan-activity;sid:84500985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637886)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=dani5306%2cou=sat%2cou=accounts/20121018/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637886/; classtype:trojan-activity;sid:84500986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637887)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kyle.beam%2cou=sat%2cou=account/20130909/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637887/; classtype:trojan-activity;sid:84500987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637888)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=matt.erben2%2cou=sat%2cou=accou/20130531/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637888/; classtype:trojan-activity;sid:84500988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637889)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/expense/2019/vmworld/info.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637889/; classtype:trojan-activity;sid:84500989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637890)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jean4576%2cou=sat%2cou=accounts/20130228/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637890/; classtype:trojan-activity;sid:84500990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637891)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/intel10.2/apps/setup/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637891/; classtype:trojan-activity;sid:84500991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637882)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/pictures/sorted/2001/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637882/; classtype:trojan-activity;sid:84500982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637883)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/minecraft/worlds/lukas-1_14/datapacks/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637883/; classtype:trojan-activity;sid:84500983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637884)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kevin.anders%2cou=sat%2cou=acco/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637884/; classtype:trojan-activity;sid:84500984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637879)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=chri4616%2cou=sat%2cou=accounts/20120821/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637879/; classtype:trojan-activity;sid:84500979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637880)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=angela.howell%2cou=sat%2cou=acc/20131121/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637880/; classtype:trojan-activity;sid:84500980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637881)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kyle.chrisman%2cou=sat6%2cou=sa/20130208/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637881/; classtype:trojan-activity;sid:84500981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637876)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kris.silva%2cou=sat4%2cou=suppo/20120807/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637876/; classtype:trojan-activity;sid:84500976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637877)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=davi4587%2cou=sat%2cou=accounts/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637877/; classtype:trojan-activity;sid:84500977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637878)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kris.silva%2cou=sat4%2cou=suppo/20121126/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637878/; classtype:trojan-activity;sid:84500978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637875)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=edga5236%2cou=sat%2cou=accounts/20121023/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637875/; classtype:trojan-activity;sid:84500975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637873)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jess0239%2cou=ord%2cou=accounts/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637873/; classtype:trojan-activity;sid:84500973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637874)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=just0264%2cou=ord%2cou=accounts/20131114/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637874/; classtype:trojan-activity;sid:84500974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637870)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=carl5667%2cou=sat%2cou=accounts/20130115/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637870/; classtype:trojan-activity;sid:84500970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637871)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/heather/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637871/; classtype:trojan-activity;sid:84500971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637872)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=chris.reyes%2cou=sat4%2cou=supp/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637872/; classtype:trojan-activity;sid:84500972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637867)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/videos/theocratic/meetings/rc2016/info.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637867/; classtype:trojan-activity;sid:84500967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637868)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=frank.marroquin%2cou=sat%2cou=a/20131007/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637868/; classtype:trojan-activity;sid:84500968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637869)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/demo/nbproject/scripting/jconsole-plugin/nbproject/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637869/; classtype:trojan-activity;sid:84500969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637866)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/audio/music/journey/info.zip"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637866/; classtype:trojan-activity;sid:84500966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637865)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ian4259%2cou=sat%2cou=accounts%2c/20131010/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637865/; classtype:trojan-activity;sid:84500965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637862)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/techn/laptop-bmnihgil/data/c/users/techn/info.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637862/; classtype:trojan-activity;sid:84500962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637863)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=frank.marroquin%2cou=sat%2cou=a/20131108/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637863/; classtype:trojan-activity;sid:84500963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637864)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/clx-3170/print/32bit/printer/spl_color/winxp_2000_vista_32/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637864/; classtype:trojan-activity;sid:84500964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637860)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/techn/laptop-bmnihgil/data/c/users/techn/desktop/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637860/; classtype:trojan-activity;sid:84500960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637861)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ranjit.singh%2cou=sat%2cou=acco/20131202/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637861/; classtype:trojan-activity;sid:84500961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637858)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jesse.olguin%2cou=sat6%2cou=sal/20121220/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637858/; classtype:trojan-activity;sid:84500958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637859)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/info.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637859/; classtype:trojan-activity;sid:84500959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637853)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ranjit.singh%2cou=sat%2cou=acco/20131119/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637853/; classtype:trojan-activity;sid:84500953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637854)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=william.demarigny%2cou=sat%2cou/20130919/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637854/; classtype:trojan-activity;sid:84500954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637855)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jose4705%2cou=sat%2cou=accounts/20131016/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637855/; classtype:trojan-activity;sid:84500955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637856)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kyle4036%2cou=sat%2cou=accounts/20120830/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637856/; classtype:trojan-activity;sid:84500956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637857)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/demo/nbproject/jfc/metalworks/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637857/; classtype:trojan-activity;sid:84500957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637848)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/clx-3170/print/32bit/data/strings/photo.scr"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637848/; classtype:trojan-activity;sid:84500948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637849)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/camtasia/tv/media.localized/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637849/; classtype:trojan-activity;sid:84500949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637850)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/expense/2019/info.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637850/; classtype:trojan-activity;sid:84500950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637851)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/jdk.internal.jvmstat/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637851/; classtype:trojan-activity;sid:84500951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637852)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=chad4956%2cou=aus%2cou=accounts/20120828/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637852/; classtype:trojan-activity;sid:84500952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637847)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=andrew.glenn%2cou=sat6%2cou=sal/20130115/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637847/; classtype:trojan-activity;sid:84500947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637845)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=cinco.coates%2cou=sat6%2cou=mai/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637845/; classtype:trojan-activity;sid:84500945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637846)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/github/rpc-vmware/doc/vcloud-handbook-v1.5/vmware-vrealize/info.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637846/; classtype:trojan-activity;sid:84500946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637843)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/pictures/profiles/info.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637843/; classtype:trojan-activity;sid:84500943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637844)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jame4566%2cou=sat%2cou=accounts/20130315/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637844/; classtype:trojan-activity;sid:84500944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637839)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=christina.liserio%2cou=sat%2cou/20130809/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637839/; classtype:trojan-activity;sid:84500939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637840)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/pictures/loganspics/2017-02-14/info.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637840/; classtype:trojan-activity;sid:84500940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637841)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/accesslog/info.zip"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637841/; classtype:trojan-activity;sid:84500941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637842)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jame3935%2cou=sat%2cou=accounts/20130305/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637842/; classtype:trojan-activity;sid:84500942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637834)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/ricoh/twain-new/network/info.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637834/; classtype:trojan-activity;sid:84500934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637835)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jame3935%2cou=sat%2cou=accounts/20130123/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637835/; classtype:trojan-activity;sid:84500935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637836)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/netgear/psv301/utility/info.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637836/; classtype:trojan-activity;sid:84500936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637837)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/audio/theocratic/dramas%20-%20old/info.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637837/; classtype:trojan-activity;sid:84500937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637838)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=christina.liserio%2cou=sat%2cou/20130924/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637838/; classtype:trojan-activity;sid:84500938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637833)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/intel10.2/pro100/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637833/; classtype:trojan-activity;sid:84500933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637831)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/github/rpc-vmware/doc/vmware-cloud/service-level/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637831/; classtype:trojan-activity;sid:84500931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637832)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=dale.perreault%2cou=sat4%2cou=s/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637832/; classtype:trojan-activity;sid:84500932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637829)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/pictures/sorted/2012/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637829/; classtype:trojan-activity;sid:84500929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637830)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=alli4477%2cou=sat%2cou=accounts/20121015/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637830/; classtype:trojan-activity;sid:84500930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637823)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/demo/nbproject/management/verbosegc/nbproject/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637823/; classtype:trojan-activity;sid:84500923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637824)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/ricoh/z82816l17/misc/izon/info.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637824/; classtype:trojan-activity;sid:84500924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637825)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ian4259%2cou=sat%2cou=accounts%2c/20130130/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637825/; classtype:trojan-activity;sid:84500925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637826)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/jdk.scripting.nashorn.shell/info.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637826/; classtype:trojan-activity;sid:84500926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637827)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jose5521%2cou=sat%2cou=accounts/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637827/; classtype:trojan-activity;sid:84500927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637828)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=chas4494%2cou=sat%2cou=accounts/20130118/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637828/; classtype:trojan-activity;sid:84500928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637820)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=bonn4492%2cou=sat%2cou=accounts/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637820/; classtype:trojan-activity;sid:84500920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637821)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=aver4919%2cou=sat%2cou=accounts/20121217/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637821/; classtype:trojan-activity;sid:84500921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637822)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=frank.marroquin%2cou=sat%2cou=a/20131101/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637822/; classtype:trojan-activity;sid:84500922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637819)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=bruc4268%2cou=sat%2cou=accounts/20130219/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637819/; classtype:trojan-activity;sid:84500919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637818)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/expense/2018/info.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637818/; classtype:trojan-activity;sid:84500918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637816)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=lcadena%2cou=sat%2cou=accounts%2c/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637816/; classtype:trojan-activity;sid:84500916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637817)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/techn/laptop-bmnihgil/data/c/users/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637817/; classtype:trojan-activity;sid:84500917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637814)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/audio/boys/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637814/; classtype:trojan-activity;sid:84500914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637815)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/lxk3100series/drivers/win_xp2k/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637815/; classtype:trojan-activity;sid:84500915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637811)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=david.bennett%2cou=sat4%2cou=su/20120912/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637811/; classtype:trojan-activity;sid:84500911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637812)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kyle4036%2cou=sat%2cou=accounts/20121205/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637812/; classtype:trojan-activity;sid:84500912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637813)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/jdk.security.jgss/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637813/; classtype:trojan-activity;sid:84500913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637809)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/jdk.jdwp.agent/info.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637809/; classtype:trojan-activity;sid:84500909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637810)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/windowsimagebackup/rocket/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637810/; classtype:trojan-activity;sid:84500910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637806)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/github/rpc-vmware/doc/vmware-cloud/_static/info.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637806/; classtype:trojan-activity;sid:84500906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637807)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/expense/2017/info.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637807/; classtype:trojan-activity;sid:84500907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637808)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/java.security.sasl/info.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637808/; classtype:trojan-activity;sid:84500908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637805)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ranjit.singh%2cou=sat%2cou=acco/20130718/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637805/; classtype:trojan-activity;sid:84500905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637804)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=gran4804%2cou=sat%2cou=accounts/20131114/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637804/; classtype:trojan-activity;sid:84500904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637800)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jason.vick%2cou=sat4%2cou=iss%2co/20121129/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637800/; classtype:trojan-activity;sid:84500900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637801)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kris.silva%2cou=sat4%2cou=suppo/20130226/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637801/; classtype:trojan-activity;sid:84500901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637802)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/ken_l/laptop-f5c880n2/data/c/users/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637802/; classtype:trojan-activity;sid:84500902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637803)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=lromero%2cou=sat%2cou=accounts%2c/20131122/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637803/; classtype:trojan-activity;sid:84500903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637799)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=christina.liserio%2cou=sat%2cou/20130702/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637799/; classtype:trojan-activity;sid:84500899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637796)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=john.helms%2cou=aus1%2cou=suppo/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637796/; classtype:trojan-activity;sid:84500896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637797)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=char4153%2cou=sat%2cou=accounts/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637797/; classtype:trojan-activity;sid:84500897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637798)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ranjit.singh%2cou=sat%2cou=acco/20130619/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637798/; classtype:trojan-activity;sid:84500898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637792)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/github/rpc-vmware/doc/vcloud-handbook-v1.5/info.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637792/; classtype:trojan-activity;sid:84500892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637793)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=brook.hudson%2cou=sat%2cou=acco/20130508/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637793/; classtype:trojan-activity;sid:84500893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637794)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=beth4765%2cou=sat%2cou=accounts/20121024/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637794/; classtype:trojan-activity;sid:84500894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637795)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jame4566%2cou=sat%2cou=accounts/20130219/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637795/; classtype:trojan-activity;sid:84500895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637788)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jame3935%2cou=sat%2cou=accounts/20120813/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637788/; classtype:trojan-activity;sid:84500888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637789)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=william.demarigny%2cou=sat%2cou/20130814/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637789/; classtype:trojan-activity;sid:84500889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637790)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ian4259%2cou=sat%2cou=accounts%2c/20130404/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637790/; classtype:trojan-activity;sid:84500890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637791)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=joe.hellsten%2cou=sat4%2cou=sup/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637791/; classtype:trojan-activity;sid:84500891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637786)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=christina.liserio%2cou=sat%2cou/20130712/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637786/; classtype:trojan-activity;sid:84500886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637787)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/minecraft/worlds/oldworld/dim-1/data/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637787/; classtype:trojan-activity;sid:84500887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637784)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/desktop-m5lpjci/data/c/users/ken_l/intel/logs/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637784/; classtype:trojan-activity;sid:84500884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637785)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/clx-3170/sp/application/spanel/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637785/; classtype:trojan-activity;sid:84500885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637781)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=guillermo.rodriguez%2cou=sat4/20130408/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637781/; classtype:trojan-activity;sid:84500881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637782)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ashley.deforest%2cou=sat4%2cou=/20120926/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637782/; classtype:trojan-activity;sid:84500882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637783)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kris.silva%2cou=sat4%2cou=suppo/20130125/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637783/; classtype:trojan-activity;sid:84500883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637779)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/netgear/psv301/guide/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637779/; classtype:trojan-activity;sid:84500879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637780)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=egarib%2cou=sat4%2cou=support%2co/20130111/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637780/; classtype:trojan-activity;sid:84500880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637778)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jason.vick%2cou=sat4%2cou=iss%2co/20120918/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637778/; classtype:trojan-activity;sid:84500878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637776)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/java.scripting/info.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637776/; classtype:trojan-activity;sid:84500876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637777)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/jdk.internal.le/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637777/; classtype:trojan-activity;sid:84500877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637774)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/accenture/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637774/; classtype:trojan-activity;sid:84500874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637775)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ranjit.singh%2cou=sat%2cou=acco/20130802/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637775/; classtype:trojan-activity;sid:84500875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637773)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/minitv/mediatv-3.0.18.122/thirdapp/info.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637773/; classtype:trojan-activity;sid:84500873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637770)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ranjit.singh%2cou=sat4%2cou=sup/20130422/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637770/; classtype:trojan-activity;sid:84500870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637771)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/minecraft/worlds/oldworld/stats/dim1/region/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637771/; classtype:trojan-activity;sid:84500871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637772)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/demo/jfc/stylepad/info.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637772/; classtype:trojan-activity;sid:84500872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637765)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=james.mcculley%2cou=aus1%2cou=s/20121031/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637765/; classtype:trojan-activity;sid:84500865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637766)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ajay.indukuri%2cou=sat4%2cou=su/20120907/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637766/; classtype:trojan-activity;sid:84500866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637767)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=mich5224%2cou=other%2cou=accoun/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637767/; classtype:trojan-activity;sid:84500867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637768)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/trendnet/fw-tew-432brp-d%283.00b28%29/info.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637768/; classtype:trojan-activity;sid:84500868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637769)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/sonicwall/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637769/; classtype:trojan-activity;sid:84500869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637760)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=alli4477%2cou=sat%2cou=accounts/20121024/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637760/; classtype:trojan-activity;sid:84500860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637761)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/minecraft/worlds/lukas-1_14/advancements/info.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637761/; classtype:trojan-activity;sid:84500861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637762)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=john.helms%2cou=aus1%2cou=suppo/20130422/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637762/; classtype:trojan-activity;sid:84500862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637763)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ranjit.singh%2cou=sat%2cou=acco/20130624/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637763/; classtype:trojan-activity;sid:84500863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637764)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/downloads/vmware/esximage/imagebuilder/info.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637764/; classtype:trojan-activity;sid:84500864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637755)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ajay.indukuri%2cou=sat4%2cou=su/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637755/; classtype:trojan-activity;sid:84500855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637756)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=angela.streeter%2cou=aus1%2cou=/20130123/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637756/; classtype:trojan-activity;sid:84500856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637757)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/github/rpcv-goss-automation/src/test/resources/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637757/; classtype:trojan-activity;sid:84500857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637758)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=frank.marroquin%2cou=sat%2cou=a/20131210/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637758/; classtype:trojan-activity;sid:84500858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637759)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/heather/usmt2.unc/info.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637759/; classtype:trojan-activity;sid:84500859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637750)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=angela.howell%2cou=sat%2cou=acc/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637750/; classtype:trojan-activity;sid:84500850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637751)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ian.kelso%2cou=sat4%2cou=suppor/20130123/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637751/; classtype:trojan-activity;sid:84500851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637752)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=fira5363%2cou=sat%2cou=accounts/20121116/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637752/; classtype:trojan-activity;sid:84500852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637753)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/techn/laptop-bmnihgil/data/c/users/techn/links/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637753/; classtype:trojan-activity;sid:84500853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637754)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=keith.fralick%2cou=sat4%2cou=su/20121206/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637754/; classtype:trojan-activity;sid:84500854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637749)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/heather/heather/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637749/; classtype:trojan-activity;sid:84500849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637748)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jose5540%2cou=sat%2cou=accounts/20130318/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637748/; classtype:trojan-activity;sid:84500848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637747)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=gran4804%2cou=sat%2cou=accounts/20130107/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637747/; classtype:trojan-activity;sid:84500847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637743)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ranjit.singh%2cou=sat%2cou=acco/20130506/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637743/; classtype:trojan-activity;sid:84500843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637744)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/lxk3100series/cardrdr/setupdir/0008/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637744/; classtype:trojan-activity;sid:84500844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637745)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=edga5236%2cou=sat%2cou=accounts/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637745/; classtype:trojan-activity;sid:84500845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637746)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=william.demarigny%2cou=sat%2cou/20131007/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637746/; classtype:trojan-activity;sid:84500846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637742)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/downloads/vmware/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637742/; classtype:trojan-activity;sid:84500842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637739)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=christina.liserio%2cou=sat%2cou/20131001/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637739/; classtype:trojan-activity;sid:84500839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637740)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/mqm0rrg8wl.sparsebundle/info.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637740/; classtype:trojan-activity;sid:84500840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637741)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=william.demarigny%2cou=sat%2cou/20131210/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637741/; classtype:trojan-activity;sid:84500841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637737)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=just0264%2cou=ord%2cou=accounts/20131120/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637737/; classtype:trojan-activity;sid:84500837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637738)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/desktop-m5lpjci/data/c/users/ken_l/info.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637738/; classtype:trojan-activity;sid:84500838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637735)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=gran4804%2cou=sat%2cou=accounts/20120904/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637735/; classtype:trojan-activity;sid:84500835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637736)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/pictures/sorted/2004/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637736/; classtype:trojan-activity;sid:84500836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637733)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jame3935%2cou=sat%2cou=accounts/20121023/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637733/; classtype:trojan-activity;sid:84500833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637734)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=dustin.coates%2cou=sat4%2cou=su/20121123/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637734/; classtype:trojan-activity;sid:84500834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637730)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=dale.perreault%2cou=sat4%2cou=s/20120821/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637730/; classtype:trojan-activity;sid:84500830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637731)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=christina.liserio%2cou=sat%2cou/20131015/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637731/; classtype:trojan-activity;sid:84500831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637732)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/acer_tablet/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637732/; classtype:trojan-activity;sid:84500832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637726)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/ken_l/laptop-f5c880n2/data/c/info.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637726/; classtype:trojan-activity;sid:84500826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637727)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ranjit.singh%2cou=sat%2cou=acco/20130606/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637727/; classtype:trojan-activity;sid:84500827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637728)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=lromero%2cou=sat%2cou=accounts%2c/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637728/; classtype:trojan-activity;sid:84500828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637729)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/expense/2013/info.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637729/; classtype:trojan-activity;sid:84500829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637722)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=cindy.mason%2cou=sat4%2cou=supp/20121204/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637722/; classtype:trojan-activity;sid:84500822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637723)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jan.alcala%2cou=sat6%2cou=sales/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637723/; classtype:trojan-activity;sid:84500823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637724)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/pictures/loganspics/info.zip"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637724/; classtype:trojan-activity;sid:84500824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637725)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/jdk.crypto.cryptoki/info.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637725/; classtype:trojan-activity;sid:84500825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637720)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=gran4804%2cou=sat%2cou=accounts/20130108/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637720/; classtype:trojan-activity;sid:84500820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637721)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/intel10.2/apps/prosetdx/2kxpws03/info.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637721/; classtype:trojan-activity;sid:84500821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637719)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=brook.hudson%2cou=sat%2cou=acco/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637719/; classtype:trojan-activity;sid:84500819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637716)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=christina.liserio%2cou=sat%2cou/20130821/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637716/; classtype:trojan-activity;sid:84500816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637717)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/demo/jfc/info.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637717/; classtype:trojan-activity;sid:84500817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637718)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jose5521%2cou=sat%2cou=accounts/20130307/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637718/; classtype:trojan-activity;sid:84500818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637714)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=eric.campbell%2cou=sat%2cou=acc/20130820/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637714/; classtype:trojan-activity;sid:84500814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637715)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/github/rpc-vmware/doc/vmware-cloud/billing/info.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637715/; classtype:trojan-activity;sid:84500815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637710)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=cameron.ortiz%2cou=sat4%2cou=su/20120927/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637710/; classtype:trojan-activity;sid:84500810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637711)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=carlos.sheller%2cou=sat4%2cou=s/20121130/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637711/; classtype:trojan-activity;sid:84500811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637712)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=eric.wills%2cou=aus%2cou=accoun/20130819/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637712/; classtype:trojan-activity;sid:84500812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637713)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ranjit.singh%2cou=sat%2cou=acco/20131011/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637713/; classtype:trojan-activity;sid:84500813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637708)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/ken_l/laptop-f5c880n2/data/c/users/ken_l/contacts/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637708/; classtype:trojan-activity;sid:84500808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637709)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=dani5258%2cou=sat%2cou=accounts/20120911/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637709/; classtype:trojan-activity;sid:84500809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637703)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/clx-3170/sp/application/spanel/spanel/help/info.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637703/; classtype:trojan-activity;sid:84500803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637704)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ian4259%2cou=sat%2cou=accounts%2c/20130124/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637704/; classtype:trojan-activity;sid:84500804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637705)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/mqf0edg8wl.backupbundle/photo.scr"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637705/; classtype:trojan-activity;sid:84500805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637706)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ranjit.singh%2cou=sat4%2cou=sup/20130419/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637706/; classtype:trojan-activity;sid:84500806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637707)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=alli4477%2cou=sat%2cou=accounts/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637707/; classtype:trojan-activity;sid:84500807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637698)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ranjit.singh%2cou=sat%2cou=acco/20130806/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637698/; classtype:trojan-activity;sid:84500798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637699)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=cynt4315%2cou=sat%2cou=accounts/20120817/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637699/; classtype:trojan-activity;sid:84500799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637700)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=chri4616%2cou=sat%2cou=accounts/20121022/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637700/; classtype:trojan-activity;sid:84500800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637701)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jona5523%2cou=sat%2cou=accounts/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637701/; classtype:trojan-activity;sid:84500801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637702)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=christina.liserio%2cou=sat%2cou/20130807/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637702/; classtype:trojan-activity;sid:84500802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637696)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/minecraft/worlds/lukas-1_14/playerdata/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637696/; classtype:trojan-activity;sid:84500796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637697)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=bill4504%2cou=other%2cou=accoun/20120813/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637697/; classtype:trojan-activity;sid:84500797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637693)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jame4566%2cou=sat%2cou=accounts/20120913/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637693/; classtype:trojan-activity;sid:84500793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637694)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/techn/laptop-bmnihgil/data/c/users/techn/pictures/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637694/; classtype:trojan-activity;sid:84500794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637695)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/clx-3170/print/32bit/data/vecp/photo.scr"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637695/; classtype:trojan-activity;sid:84500795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637692)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=daniel.dang%2cou=sat4%2cou=supp/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637692/; classtype:trojan-activity;sid:84500792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637691)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/pictures/sorted/2007/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637691/; classtype:trojan-activity;sid:84500791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637688)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jame4566%2cou=sat%2cou=accounts/20120817/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637688/; classtype:trojan-activity;sid:84500788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637689)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=chas4494%2cou=sat%2cou=accounts/20120810/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637689/; classtype:trojan-activity;sid:84500789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637690)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ranjit.singh%2cou=sat%2cou=acco/20131025/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637690/; classtype:trojan-activity;sid:84500790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637685)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=adrian.garza%2cou=sat%2cou=acco/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637685/; classtype:trojan-activity;sid:84500785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637686)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/videos/theocratic/meetings/rc2020/info.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637686/; classtype:trojan-activity;sid:84500786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637687)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/videos/theocratic/meetings/cabr2020/info.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637687/; classtype:trojan-activity;sid:84500787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637681)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=christina.liserio%2cou=sat%2cou/20130820/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637681/; classtype:trojan-activity;sid:84500781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637682)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kris.silva%2cou=sat4%2cou=suppo/20130118/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637682/; classtype:trojan-activity;sid:84500782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637683)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/expense/2015/vforumchicago/info.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637683/; classtype:trojan-activity;sid:84500783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637684)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ian4259%2cou=sat%2cou=accounts%2c/20121205/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637684/; classtype:trojan-activity;sid:84500784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637678)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jason.vick%2cou=sat4%2cou=iss%2co/20121220/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637678/; classtype:trojan-activity;sid:84500778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637679)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=brian.jeffreys%2cou=sat4%2cou=s/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637679/; classtype:trojan-activity;sid:84500779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637680)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=dale.perreault%2cou=sat4%2cou=s/20120920/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637680/; classtype:trojan-activity;sid:84500780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637677)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/downloads/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637677/; classtype:trojan-activity;sid:84500777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637673)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/videos/theocratic/meetings/caco2020/info.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637673/; classtype:trojan-activity;sid:84500773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637674)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jonathan.somers%2cou=sat%2cou=a/20130814/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637674/; classtype:trojan-activity;sid:84500774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637675)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=john.gillaspy%2cou=sat4%2cou=su/20121019/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637675/; classtype:trojan-activity;sid:84500775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637676)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/jdk.internal.vm.compiler.management/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637676/; classtype:trojan-activity;sid:84500776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637671)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jesse.barron%2cou=sat6%2cou=sal/20121107/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637671/; classtype:trojan-activity;sid:84500771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637672)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kbedsole%2cou=sat4%2cou=support/20121120/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637672/; classtype:trojan-activity;sid:84500772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637668)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=juan.espinoza%2cou=sat4%2cou=su/20120913/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637668/; classtype:trojan-activity;sid:84500768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637669)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=brian.funkhouser%2cou=sat6%2cou/20121016/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637669/; classtype:trojan-activity;sid:84500769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637670)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jame4328%2cou=sat%2cou=accounts/20121026/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637670/; classtype:trojan-activity;sid:84500770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637666)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/demo/nbproject/jfc/sampletree/nbproject/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637666/; classtype:trojan-activity;sid:84500766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637667)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/conf/security/policy/info.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637667/; classtype:trojan-activity;sid:84500767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637660)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/clx-3170/print/spl_mono/winxp_2000_vista_32/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637660/; classtype:trojan-activity;sid:84500760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637661)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/github/rpc-vmware/doc/rpc-vmware-customer-handbook/mbu/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637661/; classtype:trojan-activity;sid:84500761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637662)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/include/win32/bridge/info.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637662/; classtype:trojan-activity;sid:84500762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637663)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/demo/nbproject/jfc/swingapplet/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637663/; classtype:trojan-activity;sid:84500763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637664)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/expense/2016/info.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637664/; classtype:trojan-activity;sid:84500764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637665)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/lxk3100series/cardrdr/setupdir/0005/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637665/; classtype:trojan-activity;sid:84500765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637658)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/wallpapers/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637658/; classtype:trojan-activity;sid:84500758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637659)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/jdk.unsupported/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637659/; classtype:trojan-activity;sid:84500759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637653)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=chas4494%2cou=sat%2cou=accounts/20130123/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637653/; classtype:trojan-activity;sid:84500753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637654)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=carl5667%2cou=sat%2cou=accounts/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637654/; classtype:trojan-activity;sid:84500754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637655)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=christina.liserio%2cou=sat%2cou/20130715/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637655/; classtype:trojan-activity;sid:84500755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637656)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/jdk.javadoc/info.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637656/; classtype:trojan-activity;sid:84500756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637657)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=alli4477%2cou=sat%2cou=accounts/20121023/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637657/; classtype:trojan-activity;sid:84500757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637651)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=shan3978%2cou=sat%2cou=accounts/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637651/; classtype:trojan-activity;sid:84500751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637652)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/ati2016wd_build33/userguides/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637652/; classtype:trojan-activity;sid:84500752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637649)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/ken_l/info.zip"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637649/; classtype:trojan-activity;sid:84500749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637650)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/github/rpc-vmware/doc/vmware-cloud/security/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637650/; classtype:trojan-activity;sid:84500750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637648)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/github/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637648/; classtype:trojan-activity;sid:84500748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637640)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=patr3922%2cou=sat%2cou=accounts/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637640/; classtype:trojan-activity;sid:84500740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637641)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kris.silva%2cou=sat4%2cou=suppo/20120920/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637641/; classtype:trojan-activity;sid:84500741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637642)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jason.vick%2cou=sat4%2cou=iss%2co/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637642/; classtype:trojan-activity;sid:84500742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637643)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=eddie.harmoush%2cou=sat4%2cou=s/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637643/; classtype:trojan-activity;sid:84500743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637644)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kyle4036%2cou=sat%2cou=accounts/20120817/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637644/; classtype:trojan-activity;sid:84500744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637645)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=christina.liserio%2cou=sat%2cou/20131126/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637645/; classtype:trojan-activity;sid:84500745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637646)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/java.xml.crypto/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637646/; classtype:trojan-activity;sid:84500746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637647)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ranjit.singh%2cou=sat%2cou=acco/20131015/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637647/; classtype:trojan-activity;sid:84500747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637638)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=william.bechiom%2cou=sat%2cou=a/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637638/; classtype:trojan-activity;sid:84500738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637639)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=katie.powers%2cou=sat4%2cou=sup/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637639/; classtype:trojan-activity;sid:84500739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637632)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/demo/nbproject/jfc/filechooserdemo/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637632/; classtype:trojan-activity;sid:84500732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637633)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=john.helms%2cou=aus%2cou=accoun/20130719/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637633/; classtype:trojan-activity;sid:84500733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637634)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/java.compiler/info.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637634/; classtype:trojan-activity;sid:84500734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637635)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=william.demarigny%2cou=sat%2cou/20131206/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637635/; classtype:trojan-activity;sid:84500735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637636)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/linksys/nas200-setup%2c1/utility/nti/info.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637636/; classtype:trojan-activity;sid:84500736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637637)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=chad4956%2cou=aus%2cou=accounts/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637637/; classtype:trojan-activity;sid:84500737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637630)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=gary.porter%2cou=sat4%2cou=supp/20121204/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637630/; classtype:trojan-activity;sid:84500730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637631)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=alli4477%2cou=sat%2cou=accounts/20121107/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637631/; classtype:trojan-activity;sid:84500731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637628)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/java.security.jgss/info.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637628/; classtype:trojan-activity;sid:84500728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637629)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jason.vick%2cou=sat4%2cou=iss%2co/20121109/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637629/; classtype:trojan-activity;sid:84500729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637624)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=william.demarigny%2cou=sat%2cou/20131108/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637624/; classtype:trojan-activity;sid:84500724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637625)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=keith.ross%2cou=sat4%2cou=suppo/20120828/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637625/; classtype:trojan-activity;sid:84500725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637626)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jame4566%2cou=sat%2cou=accounts/20120921/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637626/; classtype:trojan-activity;sid:84500726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637627)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kaly4222%2cou=sat%2cou=accounts/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637627/; classtype:trojan-activity;sid:84500727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637621)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/ken_l/laptop-ldebsi5h/data/info.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637621/; classtype:trojan-activity;sid:84500721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637622)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/clx-3170/scan/32/64bit/data/altitude/info.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637622/; classtype:trojan-activity;sid:84500722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637623)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=alli4477%2cou=sat%2cou=accounts/20121113/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637623/; classtype:trojan-activity;sid:84500723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637620)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=just0264%2cou=ord%2cou=accounts/20130207/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637620/; classtype:trojan-activity;sid:84500720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637617)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/github/rpc-vmware/doc/rpc-vmware-customer-handbook/nsx/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637617/; classtype:trojan-activity;sid:84500717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637618)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=james.dober%2cou=dfw1%2cou=supp/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637618/; classtype:trojan-activity;sid:84500718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637619)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=mich5224%2cou=other%2cou=accoun/20130926/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637619/; classtype:trojan-activity;sid:84500719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637616)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jcintron%2cou=sat4%2cou=admin%2co/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637616/; classtype:trojan-activity;sid:84500716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637612)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=cynt4315%2cou=sat%2cou=accounts/20121022/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637612/; classtype:trojan-activity;sid:84500712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637613)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/heather/heather/heather-pc/data/c/users/heather/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637613/; classtype:trojan-activity;sid:84500713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637614)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=angela.howell%2cou=sat6%2cou=ma/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637614/; classtype:trojan-activity;sid:84500714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637615)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=chas4494%2cou=sat%2cou=accounts/20130207/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637615/; classtype:trojan-activity;sid:84500715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637604)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=dale.perreault%2cou=sat4%2cou=s/20130118/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637604/; classtype:trojan-activity;sid:84500704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637605)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kaly4222%2cou=sat%2cou=accounts/20120803/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637605/; classtype:trojan-activity;sid:84500705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637606)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=care5508%2cou=sat%2cou=accounts/20121220/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637606/; classtype:trojan-activity;sid:84500706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637607)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jose5521%2cou=sat%2cou=accounts/20130429/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637607/; classtype:trojan-activity;sid:84500707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637608)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/linksys/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637608/; classtype:trojan-activity;sid:84500708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637609)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/iso/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637609/; classtype:trojan-activity;sid:84500709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637610)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=geoff.hellings%2cou=dfw1%2cou=s/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637610/; classtype:trojan-activity;sid:84500710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637611)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kaly4222%2cou=sat%2cou=accounts/20130812/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637611/; classtype:trojan-activity;sid:84500711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637602)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/jmods/info.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637602/; classtype:trojan-activity;sid:84500702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637603)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jose5521%2cou=sat%2cou=accounts/20130228/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637603/; classtype:trojan-activity;sid:84500703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637600)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/lxk3100series/cardrdr/setupdir/000a/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637600/; classtype:trojan-activity;sid:84500700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637601)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/minecraft/worlds/oldworld/datapacks/info.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637601/; classtype:trojan-activity;sid:84500701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637597)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=eric.ebron%2cou=sat6%2cou=sales/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637597/; classtype:trojan-activity;sid:84500697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637598)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kris.silva%2cou=sat4%2cou=suppo/20120910/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637598/; classtype:trojan-activity;sid:84500698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637599)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637599/; classtype:trojan-activity;sid:84500699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637596)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=denn4607%2cou=sat%2cou=accounts/20121115/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637596/; classtype:trojan-activity;sid:84500696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637592)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/ricoh/z82816l17/misc/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637592/; classtype:trojan-activity;sid:84500692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637593)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ranjit.singh%2cou=sat%2cou=acco/20130903/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637593/; classtype:trojan-activity;sid:84500693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637594)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/demo/nbproject/jfc/swingapplet/nbproject/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637594/; classtype:trojan-activity;sid:84500694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637595)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ajay.indukuri%2cou=sat%2cou=acc/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637595/; classtype:trojan-activity;sid:84500695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637587)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/lxk3100series/cardrdr/setupdir/0010/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637587/; classtype:trojan-activity;sid:84500687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637588)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=mitch.robins%2cou=sat%2cou=acco/20130822/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637588/; classtype:trojan-activity;sid:84500688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637589)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/taxes/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637589/; classtype:trojan-activity;sid:84500689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637590)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kaly4222%2cou=sat%2cou=accounts/20121112/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637590/; classtype:trojan-activity;sid:84500690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637591)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/minitv/mediatv-3.0.18.122/plugremote/info.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637591/; classtype:trojan-activity;sid:84500691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637586)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/minecraft/worlds/oldworld/stats/dim-1/region/info.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637586/; classtype:trojan-activity;sid:84500686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637582)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/heather/heather/heather-pc/configuration/info.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637582/; classtype:trojan-activity;sid:84500682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637583)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=frank.marroquin%2cou=sat%2cou=a/20131017/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637583/; classtype:trojan-activity;sid:84500683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637584)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ian4259%2cou=sat%2cou=accounts%2c/20130307/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637584/; classtype:trojan-activity;sid:84500684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637585)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=bill4504%2cou=other%2cou=accoun/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637585/; classtype:trojan-activity;sid:84500685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637580)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/n5550_si3132raid5_x64_driver/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637580/; classtype:trojan-activity;sid:84500680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637581)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/tuner/info.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637581/; classtype:trojan-activity;sid:84500681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637576)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jmoran%2cou=sat4%2cou=support%2co/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637576/; classtype:trojan-activity;sid:84500676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637577)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/ricoh/twain-new/info.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637577/; classtype:trojan-activity;sid:84500677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637578)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=dani5258%2cou=sat%2cou=accounts/20121024/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637578/; classtype:trojan-activity;sid:84500678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637579)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=cindy.mason%2cou=sat4%2cou=supp/20130108/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637579/; classtype:trojan-activity;sid:84500679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637573)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=victor.ramos%2cou=aus%2cou=acco/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637573/; classtype:trojan-activity;sid:84500673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637574)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kyle4036%2cou=sat%2cou=accounts/20120905/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637574/; classtype:trojan-activity;sid:84500674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637575)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=mike.mcbain%2cou=sat%2cou=accou/20131114/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637575/; classtype:trojan-activity;sid:84500675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637572)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/camtasia/tv/media.localized/photo.scr"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637572/; classtype:trojan-activity;sid:84500672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637568)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/expense/2016/vmworld/info.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637568/; classtype:trojan-activity;sid:84500668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637569)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jose5521%2cou=sat%2cou=accounts/20130321/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637569/; classtype:trojan-activity;sid:84500669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637570)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/videos/family%20dv8%202001/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637570/; classtype:trojan-activity;sid:84500670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637571)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/clx-3170/scan/32/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637571/; classtype:trojan-activity;sid:84500671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637565)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ian4259%2cou=sat%2cou=accounts%2c/20120828/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637565/; classtype:trojan-activity;sid:84500665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637566)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=davi4587%2cou=sat%2cou=accounts/20130304/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637566/; classtype:trojan-activity;sid:84500666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637567)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=amie.naber%2cou=sat6%2cou=sales/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637567/; classtype:trojan-activity;sid:84500667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637563)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=chas4494%2cou=sat%2cou=accounts/20120829/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637563/; classtype:trojan-activity;sid:84500663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637564)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kaly4222%2cou=sat%2cou=accounts/20121227/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637564/; classtype:trojan-activity;sid:84500664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637556)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jason.vick%2cou=sat4%2cou=iss%2co/20130308/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637556/; classtype:trojan-activity;sid:84500656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637557)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/videos/theocratic/meetings/caco2025/info.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637557/; classtype:trojan-activity;sid:84500657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637558)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=marc.ragsdale%2cou=sat%2cou=acc/20130909/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637558/; classtype:trojan-activity;sid:84500658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637559)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/lxk3100series/drivers/scan/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637559/; classtype:trojan-activity;sid:84500659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637560)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/pictures/sorted/2017/family/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637560/; classtype:trojan-activity;sid:84500660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637561)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/linksys/nas200-setup%2c1/pnpx/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637561/; classtype:trojan-activity;sid:84500661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637562)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/linksys/nas200-setup%2c1/utility/en/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637562/; classtype:trojan-activity;sid:84500662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637552)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=hdeleon%2cou=sat4%2cou=admin%2cou/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637552/; classtype:trojan-activity;sid:84500652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637553)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/clx-3170/scan/32/64bit/scanner/winxp_vista_64/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637553/; classtype:trojan-activity;sid:84500653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637554)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=christina.liserio%2cou=sat%2cou/20131025/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637554/; classtype:trojan-activity;sid:84500654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637555)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=amyclaire.wieser%2cou=sat4%2cou/20130122/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637555/; classtype:trojan-activity;sid:84500655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637550)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/minecraft/worlds/lukas-1_14/stats/data/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637550/; classtype:trojan-activity;sid:84500650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637551)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=davi4606%2cou=sat%2cou=accounts/20121026/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637551/; classtype:trojan-activity;sid:84500651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637549)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/expense/2019/cptab/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637549/; classtype:trojan-activity;sid:84500649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637545)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ian4259%2cou=sat%2cou=accounts%2c/20121102/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637545/; classtype:trojan-activity;sid:84500645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637546)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/demo/jfc/codepointim/info.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637546/; classtype:trojan-activity;sid:84500646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637547)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/pictures/loganspics/2017-02/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637547/; classtype:trojan-activity;sid:84500647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637548)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ian.kelso%2cou=sat4%2cou=suppor/20121107/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637548/; classtype:trojan-activity;sid:84500648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637543)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=marc.ragsdale%2cou=sat%2cou=acc/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637543/; classtype:trojan-activity;sid:84500643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637544)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=chri4352%2cou=sat%2cou=accounts/20130226/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637544/; classtype:trojan-activity;sid:84500644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637540)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=will.douglas%2cou=ord%2cou=acco/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637540/; classtype:trojan-activity;sid:84500640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637541)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/desktop-m5lpjci/data/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637541/; classtype:trojan-activity;sid:84500641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637542)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/demo/nbproject/management/verbosegc/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637542/; classtype:trojan-activity;sid:84500642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637539)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=eric.wills%2cou=aus%2cou=accoun/20130822/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637539/; classtype:trojan-activity;sid:84500639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637536)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/clx-3170/print/32bit/data/photo.scr"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637536/; classtype:trojan-activity;sid:84500636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637537)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/pictures/loganspics/2020conv/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637537/; classtype:trojan-activity;sid:84500637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637538)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jesu4769%2cou=sat%2cou=accounts/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637538/; classtype:trojan-activity;sid:84500638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637533)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/minecraft/worlds/oldworld/stats/datapacks/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637533/; classtype:trojan-activity;sid:84500633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637534)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=lromero%2cou=sat%2cou=accounts%2c/20131007/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637534/; classtype:trojan-activity;sid:84500634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637535)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jayala%2cou=sat4%2cou=support%2co/20121203/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637535/; classtype:trojan-activity;sid:84500635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637532)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=gran4804%2cou=sat%2cou=accounts/20121031/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637532/; classtype:trojan-activity;sid:84500632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637530)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=haja5628%2cou=sat%2cou=accounts/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637530/; classtype:trojan-activity;sid:84500630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637531)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=christina.liserio%2cou=sat%2cou/20131003/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637531/; classtype:trojan-activity;sid:84500631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637524)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=albe5178%2cou=sat%2cou=accounts/20130314/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637524/; classtype:trojan-activity;sid:84500624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637525)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=dale.perreault%2cou=sat4%2cou=s/20120917/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637525/; classtype:trojan-activity;sid:84500625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637526)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=forrest.burrows%2cou=sat4%2cou=/20121030/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637526/; classtype:trojan-activity;sid:84500626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637527)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=frank.marroquin%2cou=sat%2cou=a/20131030/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637527/; classtype:trojan-activity;sid:84500627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637528)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=lcadena%2cou=sat%2cou=accounts%2c/20131114/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637528/; classtype:trojan-activity;sid:84500628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637529)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/demo/nbproject/jfc/font2dtest/nbproject/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637529/; classtype:trojan-activity;sid:84500629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637521)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=christina.liserio%2cou=sat%2cou/20131018/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637521/; classtype:trojan-activity;sid:84500621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637522)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=care5508%2cou=sat%2cou=accounts/20121218/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637522/; classtype:trojan-activity;sid:84500622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637523)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=william.demarigny%2cou=sat%2cou/20131121/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637523/; classtype:trojan-activity;sid:84500623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637519)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/videos/theocratic/cleaningvideopackage/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637519/; classtype:trojan-activity;sid:84500619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637520)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=christina.liserio%2cou=sat%2cou/20130906/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637520/; classtype:trojan-activity;sid:84500620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637517)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/minecraft/worlds/lukas-1_14/stats/playerdata/info.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637517/; classtype:trojan-activity;sid:84500617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637518)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/github/rpc-vmware/doc/vmware-cloud/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637518/; classtype:trojan-activity;sid:84500618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637514)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jose4705%2cou=sat%2cou=accounts/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637514/; classtype:trojan-activity;sid:84500614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637515)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/github/rpc-vmware/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637515/; classtype:trojan-activity;sid:84500615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637516)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/desktop-m5lpjci/configuration/info.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637516/; classtype:trojan-activity;sid:84500616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637512)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=carl5667%2cou=sat%2cou=accounts/20130114/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637512/; classtype:trojan-activity;sid:84500612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637513)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/expense/2015/info.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637513/; classtype:trojan-activity;sid:84500613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637508)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=daniel.seydler%2cou=sat4%2cou=s/20130124/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637508/; classtype:trojan-activity;sid:84500608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637509)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/expense/2018/certifications/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637509/; classtype:trojan-activity;sid:84500609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637510)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/aoc/info.zip"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637510/; classtype:trojan-activity;sid:84500610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637511)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=chri0710%2cou=sat%2cou=accounts/20130304/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637511/; classtype:trojan-activity;sid:84500611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637507)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/clx-3170/sp/info.zip"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637507/; classtype:trojan-activity;sid:84500607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637506)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jame3935%2cou=sat%2cou=accounts/20130111/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637506/; classtype:trojan-activity;sid:84500606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637504)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ranjit.singh%2cou=sat%2cou=acco/20130820/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637504/; classtype:trojan-activity;sid:84500604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637505)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ian.kelso%2cou=sat4%2cou=suppor/20121210/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637505/; classtype:trojan-activity;sid:84500605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637500)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/videos/theocratic/meetings/cabr2022/info.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637500/; classtype:trojan-activity;sid:84500600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637501)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jame4566%2cou=sat%2cou=accounts/20120830/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637501/; classtype:trojan-activity;sid:84500601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637502)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=carlos.deleon%2cou=sat4%2cou=su/20121210/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637502/; classtype:trojan-activity;sid:84500602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637503)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=lromero%2cou=sat%2cou=accounts%2c/20130930/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637503/; classtype:trojan-activity;sid:84500603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637498)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ranjit.singh%2cou=sat%2cou=acco/20130528/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637498/; classtype:trojan-activity;sid:84500598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637499)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=john.helms%2cou=aus%2cou=accoun/20130815/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637499/; classtype:trojan-activity;sid:84500599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637489)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kyle.beam%2cou=sat%2cou=account/20131030/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637489/; classtype:trojan-activity;sid:84500589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637490)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/lxk3100series/cardrdr/setupdir/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637490/; classtype:trojan-activity;sid:84500590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637491)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/mouse/info.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637491/; classtype:trojan-activity;sid:84500591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637492)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=chris.reyes%2cou=sat4%2cou=supp/20130123/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637492/; classtype:trojan-activity;sid:84500592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637493)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jason.smith%2cou=sat4%2cou=supp/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637493/; classtype:trojan-activity;sid:84500593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637494)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/java.prefs/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637494/; classtype:trojan-activity;sid:84500594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637495)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=mike.burris%2cou=sat%2cou=accou/20130520/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637495/; classtype:trojan-activity;sid:84500595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637496)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=dustin.coates%2cou=sat4%2cou=su/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637496/; classtype:trojan-activity;sid:84500596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637497)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/github/rpc-vmware/doc/server-virt-handbook/_static/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637497/; classtype:trojan-activity;sid:84500597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637488)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/lxk3100series/cardrdr/setupdir/000b/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637488/; classtype:trojan-activity;sid:84500588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637485)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/ricoh/info.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637485/; classtype:trojan-activity;sid:84500585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637486)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=brook.hudson%2cou=sat4%2cou=sup/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637486/; classtype:trojan-activity;sid:84500586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637487)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jame3935%2cou=sat%2cou=accounts/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637487/; classtype:trojan-activity;sid:84500587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637480)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/minecraft/worlds/lukas-1_14/stats/region/info.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637480/; classtype:trojan-activity;sid:84500580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637481)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/ricoh/z82816l17/disk1/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637481/; classtype:trojan-activity;sid:84500581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637482)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kris.silva%2cou=sat4%2cou=suppo/20130208/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637482/; classtype:trojan-activity;sid:84500582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637483)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jame4328%2cou=sat%2cou=accounts/20130118/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637483/; classtype:trojan-activity;sid:84500583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637484)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/clx-3170/print/32bit/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637484/; classtype:trojan-activity;sid:84500584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637477)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/pictures/sorted/2005/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637477/; classtype:trojan-activity;sid:84500577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637478)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/camtasia/family/photos-002/info.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637478/; classtype:trojan-activity;sid:84500578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637479)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/jdk.jdi/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637479/; classtype:trojan-activity;sid:84500579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637474)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=joey.gomez%2cou=sat4%2cou=suppo/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637474/; classtype:trojan-activity;sid:84500574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637475)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jame3935%2cou=sat%2cou=accounts/20120924/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637475/; classtype:trojan-activity;sid:84500575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637476)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/videos/instructions/info.zip"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637476/; classtype:trojan-activity;sid:84500576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637473)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=brook.hudson%2cou=sat4%2cou=sup/20121113/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637473/; classtype:trojan-activity;sid:84500573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637471)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=joel.valdez%2cou=sat4%2cou=supp/20120822/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637471/; classtype:trojan-activity;sid:84500571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637472)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=joey.gomez%2cou=sat4%2cou=suppo/20120829/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637472/; classtype:trojan-activity;sid:84500572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637469)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ian4259%2cou=sat%2cou=accounts%2c/20130227/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637469/; classtype:trojan-activity;sid:84500569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637470)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/github/rpc-vmware/doc/server-virt-handbook/getting-started/photo.scr"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637470/; classtype:trojan-activity;sid:84500570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637468)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/ricoh/twain/network/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637468/; classtype:trojan-activity;sid:84500568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637465)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=chad4956%2cou=aus%2cou=accounts/20130304/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637465/; classtype:trojan-activity;sid:84500565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637466)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=chris.parsons%2cou=sat%2cou=acc/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637466/; classtype:trojan-activity;sid:84500566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637467)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kaly4222%2cou=sat%2cou=accounts/20120731/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637467/; classtype:trojan-activity;sid:84500567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637461)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=mike.mcbain%2cou=sat%2cou=accou/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637461/; classtype:trojan-activity;sid:84500561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637462)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/demo/jfc/sampletree/info.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637462/; classtype:trojan-activity;sid:84500562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637463)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jame4566%2cou=sat%2cou=accounts/20130220/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637463/; classtype:trojan-activity;sid:84500563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637464)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ranjit.singh%2cou=sat%2cou=acco/20130612/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637464/; classtype:trojan-activity;sid:84500564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637460)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/demo/nbproject/jfc/metalworks/nbproject/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637460/; classtype:trojan-activity;sid:84500560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637458)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=john.helms%2cou=aus%2cou=accoun/20130717/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637458/; classtype:trojan-activity;sid:84500558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637459)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/github/rpc-vmware/doc/_static/info.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637459/; classtype:trojan-activity;sid:84500559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637452)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=char4153%2cou=sat%2cou=accounts/20121205/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637452/; classtype:trojan-activity;sid:84500552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637453)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/lib/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637453/; classtype:trojan-activity;sid:84500553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637454)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/expense/2016/november/info.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637454/; classtype:trojan-activity;sid:84500554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637455)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=brook.hudson%2cou=sat4%2cou=sup/20130128/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637455/; classtype:trojan-activity;sid:84500555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637456)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/techn/laptop-bmnihgil/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637456/; classtype:trojan-activity;sid:84500556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637457)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/minecraft/worlds/lukas-1_14/dim1/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637457/; classtype:trojan-activity;sid:84500557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637450)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jame4566%2cou=sat%2cou=accounts/20121107/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637450/; classtype:trojan-activity;sid:84500550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637451)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=christina.liserio%2cou=sat%2cou/20130822/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637451/; classtype:trojan-activity;sid:84500551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637445)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/minecraft/worlds/lukas-1_14/stats/dim1/region/info.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637445/; classtype:trojan-activity;sid:84500545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637446)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kyle4036%2cou=sat%2cou=accounts/20120813/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637446/; classtype:trojan-activity;sid:84500546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637447)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ranjit.singh%2cou=sat%2cou=acco/20130812/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637447/; classtype:trojan-activity;sid:84500547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637448)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/github/rpc-vmware/doc/rpc-vmware-customer-handbook/_static/info.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637448/; classtype:trojan-activity;sid:84500548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637449)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=brennon.hall%2cou=sat%2cou=acco/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637449/; classtype:trojan-activity;sid:84500549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637440)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=josh.yost%2cou=aus1%2cou=suppor/20121207/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637440/; classtype:trojan-activity;sid:84500540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637441)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=david.bennett%2cou=sat4%2cou=su/20130122/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637441/; classtype:trojan-activity;sid:84500541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637442)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=christina.liserio%2cou=sat%2cou/20130816/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637442/; classtype:trojan-activity;sid:84500542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637443)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=christina.liserio%2cou=sat%2cou/20130801/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637443/; classtype:trojan-activity;sid:84500543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637444)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=william.demarigny%2cou=sat%2cou/20131028/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637444/; classtype:trojan-activity;sid:84500544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637438)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=mich4045%2cou=sat%2cou=accounts/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637438/; classtype:trojan-activity;sid:84500538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637439)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kyle4036%2cou=sat%2cou=accounts/20120831/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637439/; classtype:trojan-activity;sid:84500539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637437)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ian.kelso%2cou=sat4%2cou=suppor/20120927/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637437/; classtype:trojan-activity;sid:84500537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637436)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=egarib%2cou=sat4%2cou=support%2co/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637436/; classtype:trojan-activity;sid:84500536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637433)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=chaz.nickerson%2cou=ord1%2cou=s/20121113/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637433/; classtype:trojan-activity;sid:84500533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637434)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/temp/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637434/; classtype:trojan-activity;sid:84500534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637435)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/clx-3170/print/spl_mono/info.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637435/; classtype:trojan-activity;sid:84500535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637429)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=christina.liserio%2cou=sat%2cou/20130726/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637429/; classtype:trojan-activity;sid:84500529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637430)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=cinco.coates%2cou=sat6%2cou=mai/20121022/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637430/; classtype:trojan-activity;sid:84500530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637431)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/clx-3170/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637431/; classtype:trojan-activity;sid:84500531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637432)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kaly4222%2cou=sat%2cou=accounts/20130226/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637432/; classtype:trojan-activity;sid:84500532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637428)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=steve.pye%2cou=sat%2cou=account/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637428/; classtype:trojan-activity;sid:84500528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637424)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ashley.deforest%2cou=sat4%2cou=/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637424/; classtype:trojan-activity;sid:84500524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637425)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=eric.ebron%2cou=sat6%2cou=sales/20121022/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637425/; classtype:trojan-activity;sid:84500525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637426)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=dani5306%2cou=sat%2cou=accounts/20121122/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637426/; classtype:trojan-activity;sid:84500526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637427)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/videos/theocratic/meetings/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637427/; classtype:trojan-activity;sid:84500527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637423)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=krista.stevens%2cou=sat4%2cou=s/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637423/; classtype:trojan-activity;sid:84500523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637421)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=brian.jeffreys%2cou=sat4%2cou=s/20130122/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637421/; classtype:trojan-activity;sid:84500521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637422)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ranjit.singh%2cou=sat%2cou=acco/20131212/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637422/; classtype:trojan-activity;sid:84500522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637419)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=alli4477%2cou=sat%2cou=accounts/20120913/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637419/; classtype:trojan-activity;sid:84500519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637420)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/trendnet/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637420/; classtype:trojan-activity;sid:84500520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637416)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/minecraft/worlds/oldworld/dim1/region/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637416/; classtype:trojan-activity;sid:84500516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637417)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/desktop-m5lpjci/data/c/users/ken_l/onedrive/documents/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637417/; classtype:trojan-activity;sid:84500517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637418)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/pictures/sorted/2014/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637418/; classtype:trojan-activity;sid:84500518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637413)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ranjit.singh%2cou=sat%2cou=acco/20130805/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637413/; classtype:trojan-activity;sid:84500513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637414)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/ken_l/laptop-ldebsi5h/data/c/users/ken_l/favorites/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637414/; classtype:trojan-activity;sid:84500514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637415)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=maryann.abercrombie%2cou=sat%2c/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637415/; classtype:trojan-activity;sid:84500515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637409)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/jdk.unsupported.desktop/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637409/; classtype:trojan-activity;sid:84500509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637410)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=care5508%2cou=sat%2cou=accounts/20121226/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637410/; classtype:trojan-activity;sid:84500510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637411)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=daniel.seydler%2cou=sat4%2cou=s/20130208/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637411/; classtype:trojan-activity;sid:84500511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637412)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=christina.liserio%2cou=sat%2cou/20131029/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637412/; classtype:trojan-activity;sid:84500512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637405)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=alli4477%2cou=sat%2cou=accounts/20121026/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637405/; classtype:trojan-activity;sid:84500505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637406)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/lxk3100series/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637406/; classtype:trojan-activity;sid:84500506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637407)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/ricoh/z82816l17/info.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637407/; classtype:trojan-activity;sid:84500507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637408)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=bruc4268%2cou=sat%2cou=accounts/20130110/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637408/; classtype:trojan-activity;sid:84500508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637401)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jord4793%2cou=sat%2cou=accounts/20130815/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637401/; classtype:trojan-activity;sid:84500501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637402)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=william.demarigny%2cou=sat%2cou/20131106/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637402/; classtype:trojan-activity;sid:84500502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637403)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/desktop-m5lpjci/data/c/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637403/; classtype:trojan-activity;sid:84500503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637404)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/camtasia/tv/photo.scr"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637404/; classtype:trojan-activity;sid:84500504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637400)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=william.demarigny%2cou=sat%2cou/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637400/; classtype:trojan-activity;sid:84500500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637398)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/movies/info.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637398/; classtype:trojan-activity;sid:84500498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637399)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/demo/nbproject/jfc/font2dtest/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637399/; classtype:trojan-activity;sid:84500499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637397)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ranjit.singh%2cou=sat%2cou=acco/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637397/; classtype:trojan-activity;sid:84500497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637396)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jame5180%2cou=sat%2cou=accounts/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637396/; classtype:trojan-activity;sid:84500496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637391)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/camtasia/family/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637391/; classtype:trojan-activity;sid:84500491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637392)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/github/rpc-vmware/doc/server-virt-handbook/user-manual/photo.scr"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637392/; classtype:trojan-activity;sid:84500492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637393)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kyle.chrisman%2cou=sat6%2cou=sa/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637393/; classtype:trojan-activity;sid:84500493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637394)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/lib/server/info.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637394/; classtype:trojan-activity;sid:84500494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637395)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jean4576%2cou=sat%2cou=accounts/20121022/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637395/; classtype:trojan-activity;sid:84500495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637386)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/usb_drive/test/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637386/; classtype:trojan-activity;sid:84500486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637387)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=josh.yost%2cou=aus1%2cou=suppor/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637387/; classtype:trojan-activity;sid:84500487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637388)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/videos/theocratic/meetings/caco2024/info.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637388/; classtype:trojan-activity;sid:84500488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637389)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/jdk.httpserver/info.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637389/; classtype:trojan-activity;sid:84500489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637390)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=christina.liserio%2cou=sat%2cou/20130813/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637390/; classtype:trojan-activity;sid:84500490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637383)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/zoom/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637383/; classtype:trojan-activity;sid:84500483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637384)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/minecraft/worlds/oldworld/stats/dim-1/data/info.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637384/; classtype:trojan-activity;sid:84500484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637385)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/github/rpcv-goss-automation/info.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637385/; classtype:trojan-activity;sid:84500485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637381)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/demo/nbproject/jfc/notepad/nbproject/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637381/; classtype:trojan-activity;sid:84500481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637382)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=daniel.dang%2cou=sat4%2cou=supp/20121101/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637382/; classtype:trojan-activity;sid:84500482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637379)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/java.datatransfer/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637379/; classtype:trojan-activity;sid:84500479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637380)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/lxk3100series/cardrdr/setupdir/000e/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637380/; classtype:trojan-activity;sid:84500480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637376)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/pictures/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637376/; classtype:trojan-activity;sid:84500476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637377)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/jdk.rmic/info.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637377/; classtype:trojan-activity;sid:84500477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637378)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=dlane%2cou=sat4%2cou=support%2cou/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637378/; classtype:trojan-activity;sid:84500478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637373)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=brook.hudson%2cou=sat4%2cou=sup/20130114/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637373/; classtype:trojan-activity;sid:84500473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637374)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jose.hernandez%2cou=sat4%2cou=s/20120906/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637374/; classtype:trojan-activity;sid:84500474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637375)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=aver4919%2cou=sat%2cou=accounts/20130312/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637375/; classtype:trojan-activity;sid:84500475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637365)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=chri4616%2cou=sat%2cou=accounts/20121207/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637365/; classtype:trojan-activity;sid:84500465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637366)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=alfonso.zamudio%2cou=sat%2cou=a/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637366/; classtype:trojan-activity;sid:84500466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637367)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=chas4494%2cou=sat%2cou=accounts/20130124/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637367/; classtype:trojan-activity;sid:84500467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637368)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=chas4494%2cou=sat%2cou=accounts/20130315/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637368/; classtype:trojan-activity;sid:84500468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637369)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/techn/info.zip"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637369/; classtype:trojan-activity;sid:84500469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637370)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=juan5393%2cou=sat%2cou=accounts/20121126/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637370/; classtype:trojan-activity;sid:84500470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637371)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=eric.campbell%2cou=sat%2cou=acc/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637371/; classtype:trojan-activity;sid:84500471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637372)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/temp/cwagent/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637372/; classtype:trojan-activity;sid:84500472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637364)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=arturo.romo%2cou=sat4%2cou=admi/20121019/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637364/; classtype:trojan-activity;sid:84500464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637362)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jame4566%2cou=sat%2cou=accounts/20130913/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637362/; classtype:trojan-activity;sid:84500462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637363)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jonathan.somers%2cou=sat%2cou=a/20130717/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637363/; classtype:trojan-activity;sid:84500463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637361)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/clx-3170/print/32bit/data/vecp/vista_64/photo.scr"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637361/; classtype:trojan-activity;sid:84500461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637357)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/links/info.zip"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637357/; classtype:trojan-activity;sid:84500457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637358)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kyle4036%2cou=sat%2cou=accounts/20120912/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637358/; classtype:trojan-activity;sid:84500458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637359)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=lcadena%2cou=sat%2cou=accounts%2c/20131122/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637359/; classtype:trojan-activity;sid:84500459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637360)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/techn/laptop-bmnihgil/data/c/users/techn/downloads/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637360/; classtype:trojan-activity;sid:84500460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637353)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/demo/nbproject/jfc/filechooserdemo/nbproject/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637353/; classtype:trojan-activity;sid:84500453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637354)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/techn/laptop-bmnihgil/data/c/users/techn/documents/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637354/; classtype:trojan-activity;sid:84500454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637355)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=will.douglas%2cou=ord%2cou=acco/20130925/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637355/; classtype:trojan-activity;sid:84500455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637356)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=dani5258%2cou=sat%2cou=accounts/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637356/; classtype:trojan-activity;sid:84500456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637352)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=guillermo.rodriguez%2cou=sat4/20130405/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637352/; classtype:trojan-activity;sid:84500452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637349)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/info.zip"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637349/; classtype:trojan-activity;sid:84500449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637350)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=dhopkins%2cou=sat4%2cou=support/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637350/; classtype:trojan-activity;sid:84500450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637351)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=richard.mccaslin%2cou=sat%2cou=/20130808/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637351/; classtype:trojan-activity;sid:84500451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637341)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=albe5178%2cou=sat%2cou=accounts/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637341/; classtype:trojan-activity;sid:84500441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637342)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kris.silva%2cou=sat4%2cou=suppo/20120906/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637342/; classtype:trojan-activity;sid:84500442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637343)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=brad4423%2cou=sat%2cou=accounts/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637343/; classtype:trojan-activity;sid:84500443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637344)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/ken_l/laptop-f5c880n2/data/c/users/ken_l/pictures/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637344/; classtype:trojan-activity;sid:84500444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637345)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/jdk.crypto.ec/info.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637345/; classtype:trojan-activity;sid:84500445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637346)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/heather/heather/heather-pc/data/c/users/public/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637346/; classtype:trojan-activity;sid:84500446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637347)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kyle4036%2cou=sat%2cou=accounts/20121019/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637347/; classtype:trojan-activity;sid:84500447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637348)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kris.silva%2cou=sat4%2cou=suppo/20121112/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637348/; classtype:trojan-activity;sid:84500448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637334)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=christina.liserio%2cou=sat%2cou/20130806/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637334/; classtype:trojan-activity;sid:84500434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637335)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/downloads/vmware/esximage/utils/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637335/; classtype:trojan-activity;sid:84500435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637336)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jeremy.carter%2cou=sat%2cou=acc/20130906/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637336/; classtype:trojan-activity;sid:84500436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637337)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/heather/heather/heather-pc/data/%24of/2954/info.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637337/; classtype:trojan-activity;sid:84500437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637338)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/github/rpc-vmware/doc/rpc-vmware-customer-handbook/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637338/; classtype:trojan-activity;sid:84500438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637339)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/eorganizer/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637339/; classtype:trojan-activity;sid:84500439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637340)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/clx-3170/print/32bit/data/vecp/vista_64/info.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637340/; classtype:trojan-activity;sid:84500440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637330)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/include/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637330/; classtype:trojan-activity;sid:84500430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637331)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ian4259%2cou=sat%2cou=accounts%2c/20130906/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637331/; classtype:trojan-activity;sid:84500431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637332)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=chris.large%2cou=dfw1%2cou=supp/20121217/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637332/; classtype:trojan-activity;sid:84500432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637333)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=william.demarigny%2cou=sat%2cou/20130904/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637333/; classtype:trojan-activity;sid:84500433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637328)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/jdk.management/info.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637328/; classtype:trojan-activity;sid:84500428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637329)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=angela.streeter%2cou=aus1%2cou=/20121112/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637329/; classtype:trojan-activity;sid:84500429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637326)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=cynt4315%2cou=sat%2cou=accounts/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637326/; classtype:trojan-activity;sid:84500426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637327)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/github/rpc-vmware/doc/vmware-cloud/vmware-cloud-services-organization/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637327/; classtype:trojan-activity;sid:84500427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637325)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ranjit.singh%2cou=sat%2cou=acco/20130715/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637325/; classtype:trojan-activity;sid:84500425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637319)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/lxk3100series/cardrdr/setupdir/0804/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637319/; classtype:trojan-activity;sid:84500419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637320)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/pictures/sorted/2011/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637320/; classtype:trojan-activity;sid:84500420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637321)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kaly4222%2cou=sat%2cou=accounts/20130111/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637321/; classtype:trojan-activity;sid:84500421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637322)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/mqf0edg8wl.backupbundle/mapped/info.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637322/; classtype:trojan-activity;sid:84500422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637323)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=dani5258%2cou=sat%2cou=accounts/20121029/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637323/; classtype:trojan-activity;sid:84500423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637324)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/minecraft/worlds/lukas-1_14/stats/dim1/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637324/; classtype:trojan-activity;sid:84500424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637318)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/minecraft/worlds/lukas-1_14/stats/dim1/data/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637318/; classtype:trojan-activity;sid:84500418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637314)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/demo/nbproject/jfc/notepad/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637314/; classtype:trojan-activity;sid:84500414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637315)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/lxk3100series/drivers/scan/english/info.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637315/; classtype:trojan-activity;sid:84500415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637316)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/java.sql/info.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637316/; classtype:trojan-activity;sid:84500416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637317)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=dale.perreault%2cou=sat4%2cou=s/20121126/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637317/; classtype:trojan-activity;sid:84500417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637313)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=davi6217%2cou=sat%2cou=accounts/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637313/; classtype:trojan-activity;sid:84500413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637312)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=chris.breu%2cou=sat%2cou=accoun/20121122/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637312/; classtype:trojan-activity;sid:84500412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637311)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/videos/theocratic/meetings/rc2017/info.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637311/; classtype:trojan-activity;sid:84500411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637307)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/demo/nbproject/scripting/jconsole-plugin/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637307/; classtype:trojan-activity;sid:84500407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637308)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/heather/heather/heather-pc/data/c/users/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637308/; classtype:trojan-activity;sid:84500408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637309)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/github/rpc-vmware/doc/rpc-vmware-customer-handbook/components/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637309/; classtype:trojan-activity;sid:84500409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637310)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/intel10.2/pro1000/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637310/; classtype:trojan-activity;sid:84500410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637298)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=keith.ross%2cou=sat4%2cou=suppo/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637298/; classtype:trojan-activity;sid:84500398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637299)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/ken_l/laptop-f5c880n2/data/c/users/ken_l/info.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637299/; classtype:trojan-activity;sid:84500399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637300)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/videos/family%202020/plex%20versions/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637300/; classtype:trojan-activity;sid:84500400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637301)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/demo/nbproject/management/fullthreaddump/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637301/; classtype:trojan-activity;sid:84500401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637302)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=denn4607%2cou=sat%2cou=accounts/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637302/; classtype:trojan-activity;sid:84500402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637303)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/clx-3170/print/spl_mono/winxp_vista_64/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637303/; classtype:trojan-activity;sid:84500403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637304)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kyle4036%2cou=sat%2cou=accounts/20121024/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637304/; classtype:trojan-activity;sid:84500404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637305)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/intel10.2/proxgb/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637305/; classtype:trojan-activity;sid:84500405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637306)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=john.helms%2cou=aus%2cou=accoun/20131122/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637306/; classtype:trojan-activity;sid:84500406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637292)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=justin.ellis%2cou=sat4%2cou=iss/20120917/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637292/; classtype:trojan-activity;sid:84500392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637293)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/jdk.scripting.nashorn/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637293/; classtype:trojan-activity;sid:84500393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637294)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/jdk.security.auth/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637294/; classtype:trojan-activity;sid:84500394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637295)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ranjit.singh%2cou=sat%2cou=acco/20130617/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637295/; classtype:trojan-activity;sid:84500395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637296)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/mkc00adv30.sparsebundle/bands/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637296/; classtype:trojan-activity;sid:84500396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637297)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/github/rpcv-goss-automation/src/main/resources/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637297/; classtype:trojan-activity;sid:84500397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637287)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/jdk.jfr/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637287/; classtype:trojan-activity;sid:84500387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637288)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=ranjit.singh%2cou=sat%2cou=acco/20131210/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637288/; classtype:trojan-activity;sid:84500388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637289)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kyle4036%2cou=sat%2cou=accounts/20120906/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637289/; classtype:trojan-activity;sid:84500389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637290)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/demo/jfc/metalworks/info.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637290/; classtype:trojan-activity;sid:84500390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637291)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/windowsimagebackup/ethan-pc/catalog/info.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637291/; classtype:trojan-activity;sid:84500391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637283)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=juan.espinoza%2cou=sat4%2cou=su/20130208/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637283/; classtype:trojan-activity;sid:84500383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637284)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/ken_l/laptop-ldebsi5h/data/c/users/ken_l/links/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637284/; classtype:trojan-activity;sid:84500384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637285)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=chris.large%2cou=dfw1%2cou=supp/20130124/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637285/; classtype:trojan-activity;sid:84500385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637286)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/techn/laptop-bmnihgil/configuration/info.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637286/; classtype:trojan-activity;sid:84500386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637280)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/java.se/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637280/; classtype:trojan-activity;sid:84500380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637281)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/github/rpc-vmware/doc/vmware-cloud/access-and-permissions/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637281/; classtype:trojan-activity;sid:84500381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637282)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/jdk.jstatd/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637282/; classtype:trojan-activity;sid:84500382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637279)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=gliserio%2cou=sat%2cou=accounts/20131014/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637279/; classtype:trojan-activity;sid:84500379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637275)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=char4153%2cou=sat%2cou=accounts/20121109/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637275/; classtype:trojan-activity;sid:84500375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637276)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=john.helms%2cou=aus%2cou=accoun/20131121/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637276/; classtype:trojan-activity;sid:84500376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637277)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=anth4718%2cou=aus%2cou=accounts/20121025/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637277/; classtype:trojan-activity;sid:84500377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637278)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=beth4765%2cou=sat%2cou=accounts/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637278/; classtype:trojan-activity;sid:84500378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637271)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=emily.einhaus%2cou=aus1%2cou=su/20121018/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637271/; classtype:trojan-activity;sid:84500371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637272)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=carlos.sheller%2cou=sat4%2cou=s/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637272/; classtype:trojan-activity;sid:84500372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637273)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/backup/ken_l/laptop-ldebsi5h/data/c/users/ken_l/downloads/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637273/; classtype:trojan-activity;sid:84500373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637274)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/jdk.jlink/info.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637274/; classtype:trojan-activity;sid:84500374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637263)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=craig.ackerman%2cou=sat4%2cou=s/20120904/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637263/; classtype:trojan-activity;sid:84500363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637264)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=james.buchan%2cou=sat4%2cou=sup/20130208/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637264/; classtype:trojan-activity;sid:84500364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637265)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=chri4616%2cou=sat%2cou=accounts/20120806/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637265/; classtype:trojan-activity;sid:84500365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637266)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=chas4494%2cou=sat%2cou=accounts/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637266/; classtype:trojan-activity;sid:84500366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637267)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/demo/jfc/j2ddemo/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637267/; classtype:trojan-activity;sid:84500367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637268)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=frank.marroquin%2cou=sat%2cou=a/20131004/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637268/; classtype:trojan-activity;sid:84500368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637269)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=davi6217%2cou=sat%2cou=accounts/20131115/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637269/; classtype:trojan-activity;sid:84500369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637270)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=angela.howell%2cou=sat6%2cou=ma/20130227/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637270/; classtype:trojan-activity;sid:84500370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637261)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=case4738%2cou=sat%2cou=accounts/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637261/; classtype:trojan-activity;sid:84500361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637262)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jason.vick%2cou=sat4%2cou=iss%2co/20121126/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637262/; classtype:trojan-activity;sid:84500362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637260)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=amyclaire.wieser%2cou=sat4%2cou/20120827/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637260/; classtype:trojan-activity;sid:84500360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637259)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/desktop-m5lpjci/data/c/users/ken_l/onedrive/info.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637259/; classtype:trojan-activity;sid:84500359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637256)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/clx-3170/sp/application/spanel/panelmgr/info.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637256/; classtype:trojan-activity;sid:84500356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637257)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=christina.liserio%2cou=sat%2cou/20131021/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637257/; classtype:trojan-activity;sid:84500357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637258)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=chri4616%2cou=sat%2cou=accounts/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637258/; classtype:trojan-activity;sid:84500358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637250)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=keith.fralick%2cou=sat4%2cou=su/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637250/; classtype:trojan-activity;sid:84500350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637251)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=john.helms%2cou=aus%2cou=accoun/20130617/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637251/; classtype:trojan-activity;sid:84500351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637252)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=jame4566%2cou=sat%2cou=accounts/20130619/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637252/; classtype:trojan-activity;sid:84500352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637253)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/documents/levi/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637253/; classtype:trojan-activity;sid:84500353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637254)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/demo/nbproject/management/memorymonitor/nbproject/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637254/; classtype:trojan-activity;sid:84500354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637255)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/drivers/lxk3100series/drivers/win_xp2k/english/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637255/; classtype:trojan-activity;sid:84500355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637247)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=brook.hudson%2cou=sat4%2cou=sup/20121116/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637247/; classtype:trojan-activity;sid:84500347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637248)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/ken_l/rax/employee/sametimetranscripts/cn=kyle4036%2cou=sat%2cou=accounts/20120810/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637248/; classtype:trojan-activity;sid:84500348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637249)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/zulu11.java/legal/jdk.jconsole/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637249/; classtype:trojan-activity;sid:84500349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637246)"; flow:established,from_client; content:"GET"; http_method; content:"/nas_public/applications/winpe10_tools/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"104.0.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637246/; classtype:trojan-activity;sid:84500346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637245)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.147.247.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637245/; classtype:trojan-activity;sid:84500345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637244)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.188.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637244/; classtype:trojan-activity;sid:84500344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637243)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637243/; classtype:trojan-activity;sid:84500343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637242)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.2.61"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637242/; classtype:trojan-activity;sid:84500342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637241)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.160.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637241/; classtype:trojan-activity;sid:84500341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637240)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.242.244.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637240/; classtype:trojan-activity;sid:84500340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637239)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.221.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637239/; classtype:trojan-activity;sid:84500339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637238)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.52.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637238/; classtype:trojan-activity;sid:84500338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637237)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.187.255.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637237/; classtype:trojan-activity;sid:84500337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637236)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.147.247.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637236/; classtype:trojan-activity;sid:84500336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637235)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637235/; classtype:trojan-activity;sid:84500335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637234)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.60.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637234/; classtype:trojan-activity;sid:84500334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637233)"; flow:established,from_client; content:"GET"; http_method; content:"/agent.sfx.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"31.97.162.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637233/; classtype:trojan-activity;sid:84500333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637232)"; flow:established,from_client; content:"GET"; http_method; content:"/dropperleo.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"31.97.162.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637232/; classtype:trojan-activity;sid:84500332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637230)"; flow:established,from_client; content:"GET"; http_method; content:"/agent.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"31.97.162.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637230/; classtype:trojan-activity;sid:84500330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637231)"; flow:established,from_client; content:"GET"; http_method; content:"/dropperlog.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"31.97.162.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637231/; classtype:trojan-activity;sid:84500331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637229)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.67.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637229/; classtype:trojan-activity;sid:84500329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637228)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.15.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637228/; classtype:trojan-activity;sid:84500328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637227)"; flow:established,from_client; content:"GET"; http_method; content:"/dllhost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"redeem.baimless.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637227/; classtype:trojan-activity;sid:84500327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637226)"; flow:established,from_client; content:"GET"; http_method; content:"/super/random.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637226/; classtype:trojan-activity;sid:84500326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637224)"; flow:established,from_client; content:"GET"; http_method; content:"/haozip.100021.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"download.haozip.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637224/; classtype:trojan-activity;sid:84500324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637225)"; flow:established,from_client; content:"GET"; http_method; content:"/9a72e98cf86c4ecd97164522bc70bd2e_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637225/; classtype:trojan-activity;sid:84500325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637223)"; flow:established,from_client; content:"GET"; http_method; content:"/un1/unvurestorehardx.dat"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"45.94.31.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637223/; classtype:trojan-activity;sid:84500323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637222)"; flow:established,from_client; content:"GET"; http_method; content:"/files/data/vcruntime140.dll"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"51.178.30.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637222/; classtype:trojan-activity;sid:84500322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637221)"; flow:established,from_client; content:"GET"; http_method; content:"/a61bee9980.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"b1.h-76a.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637221/; classtype:trojan-activity;sid:84500321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637220)"; flow:established,from_client; content:"GET"; http_method; content:"/74.google|3f|t=vgwrslv3"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"zu.pgka-9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637220/; classtype:trojan-activity;sid:84500320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637219)"; flow:established,from_client; content:"GET"; http_method; content:"/yr0a90h5e4.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"n0.l8w6u.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637219/; classtype:trojan-activity;sid:84500319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637218)"; flow:established,from_client; content:"GET"; http_method; content:"/74.google|3f|t=q9jgo022"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"zu.pgka-9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637218/; classtype:trojan-activity;sid:84500318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637216)"; flow:established,from_client; content:"GET"; http_method; content:"/f1.google|3f|t=w2nmi74l"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"s.h8o4g.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637216/; classtype:trojan-activity;sid:84500316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637217)"; flow:established,from_client; content:"GET"; http_method; content:"/66ouy6oqwf.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"e1.l8w6u.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637217/; classtype:trojan-activity;sid:84500317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637215)"; flow:established,from_client; content:"GET"; http_method; content:"/prx5ib38b2.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pm7.h-76a.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637215/; classtype:trojan-activity;sid:84500315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637214)"; flow:established,from_client; content:"GET"; http_method; content:"/f1.google|3f|t=4u3jw1po"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"s.h8o4g.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637214/; classtype:trojan-activity;sid:84500314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637213)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.67.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637213/; classtype:trojan-activity;sid:84500313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637212)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.15.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637212/; classtype:trojan-activity;sid:84500312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637211)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.98.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637211/; classtype:trojan-activity;sid:84500311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637210)"; flow:established,from_client; content:"GET"; http_method; content:"/images/bot.jpg"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"atasapka.com.tr"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637210/; classtype:trojan-activity;sid:84500310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637208)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.89.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637208/; classtype:trojan-activity;sid:84500308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637209)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.178.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637209/; classtype:trojan-activity;sid:84500309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637206)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.208.112.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637206/; classtype:trojan-activity;sid:84500306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637207)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.208.112.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637207/; classtype:trojan-activity;sid:84500307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637204)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.64.234.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637204/; classtype:trojan-activity;sid:84500304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637205)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.71.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637205/; classtype:trojan-activity;sid:84500305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637202)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.31.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637202/; classtype:trojan-activity;sid:84500302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637203)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.184.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637203/; classtype:trojan-activity;sid:84500303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637201)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.169.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637201/; classtype:trojan-activity;sid:84500301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637198)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.177.22.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637198/; classtype:trojan-activity;sid:84500298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637199)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637199/; classtype:trojan-activity;sid:84500299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637200)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.253.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637200/; classtype:trojan-activity;sid:84500300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637197)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.147.230.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637197/; classtype:trojan-activity;sid:84500297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637196)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.10.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637196/; classtype:trojan-activity;sid:84500296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637195)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.26.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637195/; classtype:trojan-activity;sid:84500295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637194)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.147.230.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637194/; classtype:trojan-activity;sid:84500294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637193)"; flow:established,from_client; content:"GET"; http_method; content:"/kvwdcvin11.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"qk2.l8w6u.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637193/; classtype:trojan-activity;sid:84500293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637192)"; flow:established,from_client; content:"GET"; http_method; content:"/w539w0dau5.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"y.h-76a.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637192/; classtype:trojan-activity;sid:84500292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637190)"; flow:established,from_client; content:"GET"; http_method; content:"/9q2.check|3f|t=5ilow0wy"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"h3.h8o4g.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637190/; classtype:trojan-activity;sid:84500290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637191)"; flow:established,from_client; content:"GET"; http_method; content:"/9q2.check|3f|t=6qb8legr"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"h3.h8o4g.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637191/; classtype:trojan-activity;sid:84500291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637189)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/23082024105108/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637189/; classtype:trojan-activity;sid:84500289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637188)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/26072024113244/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637188/; classtype:trojan-activity;sid:84500288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637186)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/19092024115007/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637186/; classtype:trojan-activity;sid:84500286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637187)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/24072024081607/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637187/; classtype:trojan-activity;sid:84500287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637185)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/12062024095414/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637185/; classtype:trojan-activity;sid:84500285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637184)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/27082024072850/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637184/; classtype:trojan-activity;sid:84500284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637183)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/12082024064105/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637183/; classtype:trojan-activity;sid:84500283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637182)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/16082024070308/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637182/; classtype:trojan-activity;sid:84500282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637181)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/13092024072525/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637181/; classtype:trojan-activity;sid:84500281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637180)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/23072024115252/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637180/; classtype:trojan-activity;sid:84500280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637179)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/21072024112418/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637179/; classtype:trojan-activity;sid:84500279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637178)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/16082024104510/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637178/; classtype:trojan-activity;sid:84500278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637177)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/22082024110540/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637177/; classtype:trojan-activity;sid:84500277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637176)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/04092024104005/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637176/; classtype:trojan-activity;sid:84500276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637175)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8343/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637175/; classtype:trojan-activity;sid:84500275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637174)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/15082024173844/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637174/; classtype:trojan-activity;sid:84500274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637173)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/26072024180426/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637173/; classtype:trojan-activity;sid:84500273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637172)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/03072024101008/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637172/; classtype:trojan-activity;sid:84500272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637171)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/13082024112350/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637171/; classtype:trojan-activity;sid:84500271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637170)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/26072024074431/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637170/; classtype:trojan-activity;sid:84500270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637168)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/01092024171022/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637168/; classtype:trojan-activity;sid:84500268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637169)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/11072024080039/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637169/; classtype:trojan-activity;sid:84500269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637167)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/12092024113946/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637167/; classtype:trojan-activity;sid:84500267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637166)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/08092024115637/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637166/; classtype:trojan-activity;sid:84500266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637165)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/15092024104931/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637165/; classtype:trojan-activity;sid:84500265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637164)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/12072024075828/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637164/; classtype:trojan-activity;sid:84500264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637163)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/11092024115504/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637163/; classtype:trojan-activity;sid:84500263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637160)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/21082024115532/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637160/; classtype:trojan-activity;sid:84500260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637161)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/05072024114132/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637161/; classtype:trojan-activity;sid:84500261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637162)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8465/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637162/; classtype:trojan-activity;sid:84500262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637159)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/25062024073012/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637159/; classtype:trojan-activity;sid:84500259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637158)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/29072024110431/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637158/; classtype:trojan-activity;sid:84500258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637157)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/30072024091401/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637157/; classtype:trojan-activity;sid:84500257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637152)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/%e7%85%a7%e6%98%8e%e4%ba%8c%e7%8f%ad/av.scr"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"58.22.95.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637152/; classtype:trojan-activity;sid:84500252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637153)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/15072024124718/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637153/; classtype:trojan-activity;sid:84500253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637154)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/09082024185433/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637154/; classtype:trojan-activity;sid:84500254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637155)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/09072024110245/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637155/; classtype:trojan-activity;sid:84500255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637156)"; flow:established,from_client; content:"GET"; http_method; content:"/steelames/application%20files/hsmes_1_0_0_2/report/info.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"203.232.37.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637156/; classtype:trojan-activity;sid:84500256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637149)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/09092024072321/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637149/; classtype:trojan-activity;sid:84500249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637150)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/07082024180909/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637150/; classtype:trojan-activity;sid:84500250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637151)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/24092024073908/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637151/; classtype:trojan-activity;sid:84500251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637147)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/19062024071831/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637147/; classtype:trojan-activity;sid:84500247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637148)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/21092024114951/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637148/; classtype:trojan-activity;sid:84500248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637145)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/30062024113348/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637145/; classtype:trojan-activity;sid:84500245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637146)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/04092024113047/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637146/; classtype:trojan-activity;sid:84500246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637144)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/04092024120154/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637144/; classtype:trojan-activity;sid:84500244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637143)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/01082024110241/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637143/; classtype:trojan-activity;sid:84500243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637141)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/14072024110540/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637141/; classtype:trojan-activity;sid:84500241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637142)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/11082024185045/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637142/; classtype:trojan-activity;sid:84500242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637138)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/19062024103023/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637138/; classtype:trojan-activity;sid:84500238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637139)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/06092024072348/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637139/; classtype:trojan-activity;sid:84500239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637140)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/29072024070625/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637140/; classtype:trojan-activity;sid:84500240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637137)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/18072024112759/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637137/; classtype:trojan-activity;sid:84500237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637136)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/11072024155154/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637136/; classtype:trojan-activity;sid:84500236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637135)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/18082024113426/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637135/; classtype:trojan-activity;sid:84500235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637132)"; flow:established,from_client; content:"GET"; http_method; content:"/20231208_%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad_%e6%91%84%e5%bd%b1%e6%8a%80%e6%9c%af%e4%bd%9c%e4%b8%9a/av.lnk"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"58.22.95.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637132/; classtype:trojan-activity;sid:84500232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637133)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/07092024113602/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637133/; classtype:trojan-activity;sid:84500233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637134)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/28082024163408/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637134/; classtype:trojan-activity;sid:84500234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637130)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/10082024110351/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637130/; classtype:trojan-activity;sid:84500230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637131)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/12092024181446/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637131/; classtype:trojan-activity;sid:84500231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637129)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/26082024115142/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637129/; classtype:trojan-activity;sid:84500229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637128)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/09092024091444/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637128/; classtype:trojan-activity;sid:84500228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637127)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/23082024071038/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637127/; classtype:trojan-activity;sid:84500227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637122)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/17062024181518/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637122/; classtype:trojan-activity;sid:84500222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637123)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/05082024120940/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637123/; classtype:trojan-activity;sid:84500223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637124)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/24072024112235/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637124/; classtype:trojan-activity;sid:84500224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637125)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/17092024073614/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637125/; classtype:trojan-activity;sid:84500225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637126)"; flow:established,from_client; content:"GET"; http_method; content:"/steelames/application%20files/hsmes_1_0_0_2/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"203.232.37.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637126/; classtype:trojan-activity;sid:84500226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637121)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.22.95.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637121/; classtype:trojan-activity;sid:84500221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637120)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/09082024122457/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637120/; classtype:trojan-activity;sid:84500220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637117)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/09092024112532/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637117/; classtype:trojan-activity;sid:84500217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637118)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/24062024072602/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637118/; classtype:trojan-activity;sid:84500218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637119)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/12092024070406/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637119/; classtype:trojan-activity;sid:84500219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637115)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/24072024143513/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637115/; classtype:trojan-activity;sid:84500215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637116)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/21082024081755/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637116/; classtype:trojan-activity;sid:84500216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637114)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/13082024120234/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637114/; classtype:trojan-activity;sid:84500214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637113)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/19072024123916/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637113/; classtype:trojan-activity;sid:84500213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637110)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/29082024122318/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637110/; classtype:trojan-activity;sid:84500210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637111)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/15072024080426/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637111/; classtype:trojan-activity;sid:84500211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637112)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/22092024115602/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637112/; classtype:trojan-activity;sid:84500212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637109)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/05082024125302/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637109/; classtype:trojan-activity;sid:84500209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637107)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/16072024114842/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637107/; classtype:trojan-activity;sid:84500207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637108)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/16092024115114/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637108/; classtype:trojan-activity;sid:84500208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637105)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/31072024070936/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637105/; classtype:trojan-activity;sid:84500205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637106)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/17092024104334/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637106/; classtype:trojan-activity;sid:84500206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637104)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/01082024072447/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637104/; classtype:trojan-activity;sid:84500204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637102)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/%e7%85%a7%e6%98%8e%e4%ba%8c%e7%8f%ad/photo.scr"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"58.22.95.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637102/; classtype:trojan-activity;sid:84500202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637103)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/05082024065930/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637103/; classtype:trojan-activity;sid:84500203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637101)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/01082024133101/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637101/; classtype:trojan-activity;sid:84500201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637099)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/02082024083649/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637099/; classtype:trojan-activity;sid:84500199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637100)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/29072024182036/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637100/; classtype:trojan-activity;sid:84500200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637098)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/19072024071620/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637098/; classtype:trojan-activity;sid:84500198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637096)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/8029/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637096/; classtype:trojan-activity;sid:84500196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637097)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/25092024150814/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637097/; classtype:trojan-activity;sid:84500197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637092)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/03072024102505/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637092/; classtype:trojan-activity;sid:84500192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637093)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/03092024131015/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637093/; classtype:trojan-activity;sid:84500193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637094)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/15072024084956/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637094/; classtype:trojan-activity;sid:84500194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637095)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad/128%e7%86%8a%e7%be%8e%e8%8c%b9-%e6%97%a0/photo.scr"; http_uri; depth:178; isdataat:!1,relative; nocase; content:"58.22.95.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637095/; classtype:trojan-activity;sid:84500195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637090)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/25062024105808/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637090/; classtype:trojan-activity;sid:84500190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637091)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/04092024072725/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637091/; classtype:trojan-activity;sid:84500191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637089)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/20062024112748/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637089/; classtype:trojan-activity;sid:84500189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637087)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/17072024103622/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637087/; classtype:trojan-activity;sid:84500187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637088)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/16082024121016/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637088/; classtype:trojan-activity;sid:84500188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637085)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/24092024103551/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637085/; classtype:trojan-activity;sid:84500185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637086)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/15072024080017/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637086/; classtype:trojan-activity;sid:84500186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637082)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/21082024081535/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637082/; classtype:trojan-activity;sid:84500182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637083)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/26072024111342/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637083/; classtype:trojan-activity;sid:84500183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637084)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/11062024125904/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637084/; classtype:trojan-activity;sid:84500184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637081)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp/tek/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637081/; classtype:trojan-activity;sid:84500181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637080)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/11092024075310/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637080/; classtype:trojan-activity;sid:84500180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637076)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/24072024121144/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637076/; classtype:trojan-activity;sid:84500176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637077)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp/badmail/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637077/; classtype:trojan-activity;sid:84500177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637078)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/06082024080109/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637078/; classtype:trojan-activity;sid:84500178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637079)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/12072024072413/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637079/; classtype:trojan-activity;sid:84500179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637075)"; flow:established,from_client; content:"GET"; http_method; content:"/20231208_%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad_%e6%91%84%e5%bd%b1%e6%8a%80%e6%9c%af%e4%bd%9c%e4%b8%9a/photo.scr"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"58.22.95.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637075/; classtype:trojan-activity;sid:84500175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637073)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/08082024071151/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637073/; classtype:trojan-activity;sid:84500173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637074)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/03092024073559/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637074/; classtype:trojan-activity;sid:84500174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637072)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/%e7%85%a7%e6%98%8e%e4%ba%8c%e7%8f%ad/photo.lnk"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"58.22.95.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637072/; classtype:trojan-activity;sid:84500172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637070)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8336/18072024083258/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637070/; classtype:trojan-activity;sid:84500170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637071)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/%e7%85%a7%e6%98%8e%e4%ba%8c%e7%8f%ad/av.lnk"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"58.22.95.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637071/; classtype:trojan-activity;sid:84500171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637069)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/01092024084736/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637069/; classtype:trojan-activity;sid:84500169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637066)"; flow:established,from_client; content:"GET"; http_method; content:"/20231215_%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad_%e6%91%84%e5%bd%b1%e6%8a%80%e6%9c%af%e4%bd%9c%e4%b8%9a/video.scr"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"58.22.95.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637066/; classtype:trojan-activity;sid:84500166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637067)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/08082024072046/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637067/; classtype:trojan-activity;sid:84500167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637068)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/08072024110224/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637068/; classtype:trojan-activity;sid:84500168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637065)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/02092024075924/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637065/; classtype:trojan-activity;sid:84500165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637064)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/30082024115734/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637064/; classtype:trojan-activity;sid:84500164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637062)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/23072024075958/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637062/; classtype:trojan-activity;sid:84500162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637063)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/27082024173545/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637063/; classtype:trojan-activity;sid:84500163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637060)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/06092024074954/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637060/; classtype:trojan-activity;sid:84500160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637061)"; flow:established,from_client; content:"GET"; http_method; content:"/20231208_%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad_%e6%91%84%e5%bd%b1%e6%8a%80%e6%9c%af%e4%bd%9c%e4%b8%9a/photo.lnk"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"58.22.95.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637061/; classtype:trojan-activity;sid:84500161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637059)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"58.22.95.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637059/; classtype:trojan-activity;sid:84500159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637056)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/24082024112958/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637056/; classtype:trojan-activity;sid:84500156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637057)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/04092024180827/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637057/; classtype:trojan-activity;sid:84500157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637058)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/05092024073851/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637058/; classtype:trojan-activity;sid:84500158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637055)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/05092024175914/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637055/; classtype:trojan-activity;sid:84500155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637054)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/07082024181015/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637054/; classtype:trojan-activity;sid:84500154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637053)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/09082024151247/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637053/; classtype:trojan-activity;sid:84500153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637052)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/05072024135901/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637052/; classtype:trojan-activity;sid:84500152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637050)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/04072024073930/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637050/; classtype:trojan-activity;sid:84500150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637051)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/27072024111013/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637051/; classtype:trojan-activity;sid:84500151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637047)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/28092024110908/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637047/; classtype:trojan-activity;sid:84500147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637048)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/17062024124213/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637048/; classtype:trojan-activity;sid:84500148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637049)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/21062024074659/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637049/; classtype:trojan-activity;sid:84500149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637046)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/06082024071203/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637046/; classtype:trojan-activity;sid:84500146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637043)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/%e7%85%a7%e6%98%8e%e4%ba%8c%e7%8f%ad/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"58.22.95.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637043/; classtype:trojan-activity;sid:84500143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637044)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/11092024163133/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637044/; classtype:trojan-activity;sid:84500144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637045)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/25092024084516/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637045/; classtype:trojan-activity;sid:84500145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637042)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/01082024134811/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637042/; classtype:trojan-activity;sid:84500142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637037)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/8336/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637037/; classtype:trojan-activity;sid:84500137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637038)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/26062024074615/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637038/; classtype:trojan-activity;sid:84500138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637039)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/20072024103050/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637039/; classtype:trojan-activity;sid:84500139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637040)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/02072024072748/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637040/; classtype:trojan-activity;sid:84500140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637041)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/17092024073317/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637041/; classtype:trojan-activity;sid:84500141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637035)"; flow:established,from_client; content:"GET"; http_method; content:"/steelames/crystal%20reports%20for%20.net%20framework%204.0/info.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"203.232.37.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637035/; classtype:trojan-activity;sid:84500135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637036)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/25072024124018/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637036/; classtype:trojan-activity;sid:84500136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637034)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/27092024120719/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637034/; classtype:trojan-activity;sid:84500134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637031)"; flow:established,from_client; content:"GET"; http_method; content:"/20231222%e5%bd%b1%e6%8a%80/video.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"58.22.95.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637031/; classtype:trojan-activity;sid:84500131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637032)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/29062024115106/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637032/; classtype:trojan-activity;sid:84500132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637033)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/video.scr"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"58.22.95.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637033/; classtype:trojan-activity;sid:84500133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637030)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/02092024121943/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637030/; classtype:trojan-activity;sid:84500130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637029)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/06092024173040/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637029/; classtype:trojan-activity;sid:84500129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637026)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/17072024080628/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637026/; classtype:trojan-activity;sid:84500126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637027)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/13082024144908/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637027/; classtype:trojan-activity;sid:84500127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637028)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/14092024112531/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637028/; classtype:trojan-activity;sid:84500128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637025)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/29082024110733/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637025/; classtype:trojan-activity;sid:84500125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637024)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/11092024161738/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637024/; classtype:trojan-activity;sid:84500124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637021)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/25062024074726/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637021/; classtype:trojan-activity;sid:84500121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637022)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/02102024124124/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637022/; classtype:trojan-activity;sid:84500122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637023)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/01082024124212/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637023/; classtype:trojan-activity;sid:84500123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637020)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/29072024170139/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637020/; classtype:trojan-activity;sid:84500120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637015)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/13092024090633/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637015/; classtype:trojan-activity;sid:84500115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637016)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad/av.lnk"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"58.22.95.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637016/; classtype:trojan-activity;sid:84500116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637017)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/12082024111719/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637017/; classtype:trojan-activity;sid:84500117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637018)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/av.lnk"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"58.22.95.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637018/; classtype:trojan-activity;sid:84500118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637019)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/13062024073315/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637019/; classtype:trojan-activity;sid:84500119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637011)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/26092024073319/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637011/; classtype:trojan-activity;sid:84500111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637012)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/03072024075801/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637012/; classtype:trojan-activity;sid:84500112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637013)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/13092024065731/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637013/; classtype:trojan-activity;sid:84500113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637014)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/02092024155414/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637014/; classtype:trojan-activity;sid:84500114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637007)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/29062024131718/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637007/; classtype:trojan-activity;sid:84500107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637008)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/21082024163711/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637008/; classtype:trojan-activity;sid:84500108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637009)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/27062024115812/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637009/; classtype:trojan-activity;sid:84500109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637010)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/07072024113310/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637010/; classtype:trojan-activity;sid:84500110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637006)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"58.22.95.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637006/; classtype:trojan-activity;sid:84500106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637005)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/26082024175225/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637005/; classtype:trojan-activity;sid:84500105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637002)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/06092024112226/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637002/; classtype:trojan-activity;sid:84500102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637003)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/1/8325/14062024181140/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637003/; classtype:trojan-activity;sid:84500103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637004)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/15092024163914/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637004/; classtype:trojan-activity;sid:84500104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636998)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.105.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636998/; classtype:trojan-activity;sid:84500098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636999)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/12082024111034/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636999/; classtype:trojan-activity;sid:84500099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637000)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/19062024111300/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637000/; classtype:trojan-activity;sid:84500100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637001)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/02092024070516/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637001/; classtype:trojan-activity;sid:84500101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636997)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/15062024120757/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636997/; classtype:trojan-activity;sid:84500097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636996)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/07082024074934/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636996/; classtype:trojan-activity;sid:84500096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636993)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp/drop/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636993/; classtype:trojan-activity;sid:84500093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636994)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/11092024172104/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636994/; classtype:trojan-activity;sid:84500094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636995)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/23072024072015/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636995/; classtype:trojan-activity;sid:84500095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636992)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/18082024174028/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636992/; classtype:trojan-activity;sid:84500092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636991)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/10072024072615/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636991/; classtype:trojan-activity;sid:84500091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636989)"; flow:established,from_client; content:"GET"; http_method; content:"/20231222%e5%bd%b1%e6%8a%80/av.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"58.22.95.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636989/; classtype:trojan-activity;sid:84500089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636990)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/03102024140347/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636990/; classtype:trojan-activity;sid:84500090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636987)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/29072024094428/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636987/; classtype:trojan-activity;sid:84500087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636988)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/08082024114220/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636988/; classtype:trojan-activity;sid:84500088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636986)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/19072024081323/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636986/; classtype:trojan-activity;sid:84500086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636985)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/08082024072411/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636985/; classtype:trojan-activity;sid:84500085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636983)"; flow:established,from_client; content:"GET"; http_method; content:"/steelames/dotnetfx40/info.zip"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"203.232.37.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636983/; classtype:trojan-activity;sid:84500083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636984)"; flow:established,from_client; content:"GET"; http_method; content:"/steelames/application%20files/hsmes_1_0_0_1/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"203.232.37.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636984/; classtype:trojan-activity;sid:84500084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636981)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad/video.scr"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"58.22.95.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636981/; classtype:trojan-activity;sid:84500081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636982)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/11092024072722/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636982/; classtype:trojan-activity;sid:84500082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636978)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/17062024075813/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636978/; classtype:trojan-activity;sid:84500078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636979)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/26072024071101/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636979/; classtype:trojan-activity;sid:84500079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636980)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/18092024104929/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636980/; classtype:trojan-activity;sid:84500080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636975)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/8051/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636975/; classtype:trojan-activity;sid:84500075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636976)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/25072024144032/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636976/; classtype:trojan-activity;sid:84500076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636977)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/26082024121258/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636977/; classtype:trojan-activity;sid:84500077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636974)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad/photo.scr"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"58.22.95.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636974/; classtype:trojan-activity;sid:84500074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636967)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/27082024111920/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636967/; classtype:trojan-activity;sid:84500067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636968)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/25072024121015/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636968/; classtype:trojan-activity;sid:84500068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636969)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/21082024175843/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636969/; classtype:trojan-activity;sid:84500069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636970)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/18062024121810/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636970/; classtype:trojan-activity;sid:84500070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636971)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/12072024130606/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636971/; classtype:trojan-activity;sid:84500071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636972)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/16062024115815/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636972/; classtype:trojan-activity;sid:84500072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636973)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/13092024164829/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636973/; classtype:trojan-activity;sid:84500073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636965)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/02092024071944/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636965/; classtype:trojan-activity;sid:84500065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636966)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/01092024103900/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636966/; classtype:trojan-activity;sid:84500066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636964)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/23072024130857/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636964/; classtype:trojan-activity;sid:84500064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636963)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/06092024071949/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636963/; classtype:trojan-activity;sid:84500063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636957)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/17062024111134/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636957/; classtype:trojan-activity;sid:84500057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636958)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/12082024174415/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636958/; classtype:trojan-activity;sid:84500058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636959)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/02082024073257/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636959/; classtype:trojan-activity;sid:84500059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636960)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/03092024120537/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636960/; classtype:trojan-activity;sid:84500060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636961)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/01072024102122/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636961/; classtype:trojan-activity;sid:84500061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636962)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/27072024112004/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636962/; classtype:trojan-activity;sid:84500062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636956)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/09072024071533/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636956/; classtype:trojan-activity;sid:84500056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636955)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/22082024070804/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636955/; classtype:trojan-activity;sid:84500055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636954)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/21082024115442/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636954/; classtype:trojan-activity;sid:84500054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636953)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/1/8325/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636953/; classtype:trojan-activity;sid:84500053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636948)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/17072024080732/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636948/; classtype:trojan-activity;sid:84500048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636949)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/19082024080051/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636949/; classtype:trojan-activity;sid:84500049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636950)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/28082024111159/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636950/; classtype:trojan-activity;sid:84500050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636951)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/28072024115238/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636951/; classtype:trojan-activity;sid:84500051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636952)"; flow:established,from_client; content:"GET"; http_method; content:"/20231222%e5%bd%b1%e6%8a%80/photo.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"58.22.95.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636952/; classtype:trojan-activity;sid:84500052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636947)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/07082024070516/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636947/; classtype:trojan-activity;sid:84500047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636946)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/07092024175546/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636946/; classtype:trojan-activity;sid:84500046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636945)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/25072024103203/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636945/; classtype:trojan-activity;sid:84500045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636942)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/31082024165207/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636942/; classtype:trojan-activity;sid:84500042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636943)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/11062024093514/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636943/; classtype:trojan-activity;sid:84500043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636944)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/06092024114755/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636944/; classtype:trojan-activity;sid:84500044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636940)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/27092024123259/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636940/; classtype:trojan-activity;sid:84500040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636941)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/23092024073238/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636941/; classtype:trojan-activity;sid:84500041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636937)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/13072024115545/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636937/; classtype:trojan-activity;sid:84500037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636938)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad/128%e7%86%8a%e7%be%8e%e8%8c%b9-%e6%97%a0/photo.lnk"; http_uri; depth:178; isdataat:!1,relative; nocase; content:"58.22.95.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636938/; classtype:trojan-activity;sid:84500038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636939)"; flow:established,from_client; content:"GET"; http_method; content:"/20231215_%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad_%e6%91%84%e5%bd%b1%e6%8a%80%e6%9c%af%e4%bd%9c%e4%b8%9a/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"58.22.95.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636939/; classtype:trojan-activity;sid:84500039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636936)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/29072024104316/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636936/; classtype:trojan-activity;sid:84500036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636935)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/13072024115848/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636935/; classtype:trojan-activity;sid:84500035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636934)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/24072024071414/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636934/; classtype:trojan-activity;sid:84500034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636933)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/16092024105926/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636933/; classtype:trojan-activity;sid:84500033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636932)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/28082024174605/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636932/; classtype:trojan-activity;sid:84500032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636931)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/08082024174233/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636931/; classtype:trojan-activity;sid:84500031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636927)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/23072024081312/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636927/; classtype:trojan-activity;sid:84500027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636928)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/02102024072353/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636928/; classtype:trojan-activity;sid:84500028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636929)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/08092024174750/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636929/; classtype:trojan-activity;sid:84500029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636930)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8325/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636930/; classtype:trojan-activity;sid:84500030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636925)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8336/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636925/; classtype:trojan-activity;sid:84500025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636926)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/19062024070824/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636926/; classtype:trojan-activity;sid:84500026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636924)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/av.scr"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"58.22.95.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636924/; classtype:trojan-activity;sid:84500024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636920)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/22082024121329/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636920/; classtype:trojan-activity;sid:84500020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636921)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/26062024155216/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636921/; classtype:trojan-activity;sid:84500021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636922)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/24092024120511/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636922/; classtype:trojan-activity;sid:84500022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636923)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/16062024180613/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636923/; classtype:trojan-activity;sid:84500023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636919)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/07072024165922/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636919/; classtype:trojan-activity;sid:84500019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636918)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/13092024114239/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636918/; classtype:trojan-activity;sid:84500018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636917)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/20082024112036/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636917/; classtype:trojan-activity;sid:84500017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636915)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad/128%e7%86%8a%e7%be%8e%e8%8c%b9-%e6%97%a0/video.lnk"; http_uri; depth:178; isdataat:!1,relative; nocase; content:"58.22.95.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636915/; classtype:trojan-activity;sid:84500015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636916)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/8318/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636916/; classtype:trojan-activity;sid:84500016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636913)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/31082024110606/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636913/; classtype:trojan-activity;sid:84500013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636914)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/11062024112609/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636914/; classtype:trojan-activity;sid:84500014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636912)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad/128%e7%86%8a%e7%be%8e%e8%8c%b9-%e6%97%a0/video.scr"; http_uri; depth:178; isdataat:!1,relative; nocase; content:"58.22.95.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636912/; classtype:trojan-activity;sid:84500012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636910)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/02072024115435/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636910/; classtype:trojan-activity;sid:84500010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636911)"; flow:established,from_client; content:"GET"; http_method; content:"/20231215_%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad_%e6%91%84%e5%bd%b1%e6%8a%80%e6%9c%af%e4%bd%9c%e4%b8%9a/av.lnk"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"58.22.95.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636911/; classtype:trojan-activity;sid:84500011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636909)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/07092024122439/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636909/; classtype:trojan-activity;sid:84500009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636906)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/14062024123830/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636906/; classtype:trojan-activity;sid:84500006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636907)"; flow:established,from_client; content:"GET"; http_method; content:"/20231208_%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad_%e6%91%84%e5%bd%b1%e6%8a%80%e6%9c%af%e4%bd%9c%e4%b8%9a/video.scr"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"58.22.95.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636907/; classtype:trojan-activity;sid:84500007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636908)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/17062024180043/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636908/; classtype:trojan-activity;sid:84500008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636905)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/28072024115112/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636905/; classtype:trojan-activity;sid:84500005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636904)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/21082024090731/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636904/; classtype:trojan-activity;sid:84500004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636903)"; flow:established,from_client; content:"GET"; http_method; content:"/steelames/application%20files/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"203.232.37.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636903/; classtype:trojan-activity;sid:84500003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636901)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/photo.scr"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"58.22.95.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636901/; classtype:trojan-activity;sid:84500001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636902)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/23092024113222/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636902/; classtype:trojan-activity;sid:84500002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636900)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/03072024113724/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636900/; classtype:trojan-activity;sid:84500000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636899)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/11092024134516/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636899/; classtype:trojan-activity;sid:84499999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636896)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad/128%e7%86%8a%e7%be%8e%e8%8c%b9-%e6%97%a0/av.lnk"; http_uri; depth:175; isdataat:!1,relative; nocase; content:"58.22.95.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636896/; classtype:trojan-activity;sid:84499996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636897)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/8334/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636897/; classtype:trojan-activity;sid:84499997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636898)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.22.95.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636898/; classtype:trojan-activity;sid:84499998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636894)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/08082024114317/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636894/; classtype:trojan-activity;sid:84499994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636895)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/18072024151745/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636895/; classtype:trojan-activity;sid:84499995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636893)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/19072024124237/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636893/; classtype:trojan-activity;sid:84499993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636892)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/29082024170717/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636892/; classtype:trojan-activity;sid:84499992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636891)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"58.22.95.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636891/; classtype:trojan-activity;sid:84499991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636883)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/08072024075903/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636883/; classtype:trojan-activity;sid:84499983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636884)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/8325/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636884/; classtype:trojan-activity;sid:84499984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636885)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/15062024114520/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636885/; classtype:trojan-activity;sid:84499985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636886)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/13092024153227/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636886/; classtype:trojan-activity;sid:84499986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636887)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/14082024075957/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636887/; classtype:trojan-activity;sid:84499987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636888)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/26082024070716/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636888/; classtype:trojan-activity;sid:84499988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636889)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad/119%e9%a9%ac%e9%9b%af%e5%a9%b7-%e6%97%a0/photo.scr"; http_uri; depth:178; isdataat:!1,relative; nocase; content:"58.22.95.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636889/; classtype:trojan-activity;sid:84499989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636890)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/21062024072959/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636890/; classtype:trojan-activity;sid:84499990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636882)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/1/8325/13062024155232/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636882/; classtype:trojan-activity;sid:84499982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636881)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/23082024111126/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636881/; classtype:trojan-activity;sid:84499981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636880)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/04072024125301/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636880/; classtype:trojan-activity;sid:84499980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636876)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/11082024113244/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636876/; classtype:trojan-activity;sid:84499976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636877)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/04092024091820/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636877/; classtype:trojan-activity;sid:84499977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636878)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/07102024125032/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636878/; classtype:trojan-activity;sid:84499978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636879)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad/119%e9%a9%ac%e9%9b%af%e5%a9%b7-%e6%97%a0/av.lnk"; http_uri; depth:175; isdataat:!1,relative; nocase; content:"58.22.95.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636879/; classtype:trojan-activity;sid:84499979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636872)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/30072024114118/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636872/; classtype:trojan-activity;sid:84499972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636873)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/05082024083850/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636873/; classtype:trojan-activity;sid:84499973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636874)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/17062024072104/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636874/; classtype:trojan-activity;sid:84499974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636875)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/22072024125710/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636875/; classtype:trojan-activity;sid:84499975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636871)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/03072024103601/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636871/; classtype:trojan-activity;sid:84499971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636870)"; flow:established,from_client; content:"GET"; http_method; content:"/20231215_%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad_%e6%91%84%e5%bd%b1%e6%8a%80%e6%9c%af%e4%bd%9c%e4%b8%9a/photo.scr"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"58.22.95.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636870/; classtype:trojan-activity;sid:84499970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636869)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/12082024120632/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636869/; classtype:trojan-activity;sid:84499969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636863)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636863/; classtype:trojan-activity;sid:84499963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636864)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/11072024071932/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636864/; classtype:trojan-activity;sid:84499964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636865)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/11072024143228/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636865/; classtype:trojan-activity;sid:84499965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636866)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/27092024124432/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636866/; classtype:trojan-activity;sid:84499966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636867)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/23082024175244/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636867/; classtype:trojan-activity;sid:84499967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636868)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/13062024070655/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636868/; classtype:trojan-activity;sid:84499968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636862)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/14062024072833/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636862/; classtype:trojan-activity;sid:84499962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636859)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/25092024120601/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636859/; classtype:trojan-activity;sid:84499959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636860)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/08092024115123/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636860/; classtype:trojan-activity;sid:84499960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636861)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad/119%e9%a9%ac%e9%9b%af%e5%a9%b7-%e6%97%a0/av.scr"; http_uri; depth:175; isdataat:!1,relative; nocase; content:"58.22.95.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636861/; classtype:trojan-activity;sid:84499961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636855)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/05072024071033/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636855/; classtype:trojan-activity;sid:84499955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636856)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/04102024094250/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636856/; classtype:trojan-activity;sid:84499956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636857)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/01082024101244/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636857/; classtype:trojan-activity;sid:84499957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636858)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad/av.scr"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"58.22.95.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636858/; classtype:trojan-activity;sid:84499958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636850)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/03072024091538/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636850/; classtype:trojan-activity;sid:84499950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636851)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/05082024114357/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636851/; classtype:trojan-activity;sid:84499951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636852)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/10092024070313/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636852/; classtype:trojan-activity;sid:84499952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636853)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/23092024123854/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636853/; classtype:trojan-activity;sid:84499953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636854)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/22082024112941/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636854/; classtype:trojan-activity;sid:84499954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636849)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/08072024113918/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636849/; classtype:trojan-activity;sid:84499949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636848)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"58.22.95.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636848/; classtype:trojan-activity;sid:84499948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636847)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8326/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636847/; classtype:trojan-activity;sid:84499947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636843)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/11072024110808/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636843/; classtype:trojan-activity;sid:84499943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636844)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/video.lnk"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"58.22.95.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636844/; classtype:trojan-activity;sid:84499944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636845)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/06072024112721/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636845/; classtype:trojan-activity;sid:84499945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636846)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/8326/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636846/; classtype:trojan-activity;sid:84499946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636839)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/15072024151521/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636839/; classtype:trojan-activity;sid:84499939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636840)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/16072024120102/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636840/; classtype:trojan-activity;sid:84499940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636841)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad/119%e9%a9%ac%e9%9b%af%e5%a9%b7-%e6%97%a0/video.lnk"; http_uri; depth:178; isdataat:!1,relative; nocase; content:"58.22.95.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636841/; classtype:trojan-activity;sid:84499941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636842)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/07102024115226/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636842/; classtype:trojan-activity;sid:84499942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636836)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/08072024070547/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636836/; classtype:trojan-activity;sid:84499936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636837)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/26092024103307/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636837/; classtype:trojan-activity;sid:84499937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636838)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad/video.lnk"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"58.22.95.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636838/; classtype:trojan-activity;sid:84499938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636835)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/22072024134639/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636835/; classtype:trojan-activity;sid:84499935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636833)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/29072024120914/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636833/; classtype:trojan-activity;sid:84499933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636834)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/11092024104834/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636834/; classtype:trojan-activity;sid:84499934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636826)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/01072024095738/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636826/; classtype:trojan-activity;sid:84499926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636827)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/10072024073020/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636827/; classtype:trojan-activity;sid:84499927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636828)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/13082024065051/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636828/; classtype:trojan-activity;sid:84499928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636829)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/23092024074730/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636829/; classtype:trojan-activity;sid:84499929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636830)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/05092024071139/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636830/; classtype:trojan-activity;sid:84499930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636831)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/05072024143423/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636831/; classtype:trojan-activity;sid:84499931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636832)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/01072024073548/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636832/; classtype:trojan-activity;sid:84499932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636825)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/16092024075132/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636825/; classtype:trojan-activity;sid:84499925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636824)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/28062024112249/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636824/; classtype:trojan-activity;sid:84499924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636823)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/18072024080738/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636823/; classtype:trojan-activity;sid:84499923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636816)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/06102024112545/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636816/; classtype:trojan-activity;sid:84499916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636817)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/17062024181057/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636817/; classtype:trojan-activity;sid:84499917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636818)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/02072024073145/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636818/; classtype:trojan-activity;sid:84499918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636819)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/21062024070935/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636819/; classtype:trojan-activity;sid:84499919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636820)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/06082024120113/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636820/; classtype:trojan-activity;sid:84499920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636821)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/27062024081736/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636821/; classtype:trojan-activity;sid:84499921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636822)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/29082024071803/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636822/; classtype:trojan-activity;sid:84499922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636815)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/24062024113513/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636815/; classtype:trojan-activity;sid:84499915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636814)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/25072024071606/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636814/; classtype:trojan-activity;sid:84499914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636812)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/12062024085922/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636812/; classtype:trojan-activity;sid:84499912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636813)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/03092024152101/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636813/; classtype:trojan-activity;sid:84499913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636811)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/08072024113231/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636811/; classtype:trojan-activity;sid:84499911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636805)"; flow:established,from_client; content:"GET"; http_method; content:"/20231215_%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad_%e6%91%84%e5%bd%b1%e6%8a%80%e6%9c%af%e4%bd%9c%e4%b8%9a/photo.lnk"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"58.22.95.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636805/; classtype:trojan-activity;sid:84499905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636806)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/22072024130114/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636806/; classtype:trojan-activity;sid:84499906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636807)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/16072024114959/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636807/; classtype:trojan-activity;sid:84499907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636808)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad/photo.lnk"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"58.22.95.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636808/; classtype:trojan-activity;sid:84499908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636809)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/20082024121600/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636809/; classtype:trojan-activity;sid:84499909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636810)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/26092024115544/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636810/; classtype:trojan-activity;sid:84499910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636803)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/28082024070417/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636803/; classtype:trojan-activity;sid:84499903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636804)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/26072024143113/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636804/; classtype:trojan-activity;sid:84499904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636800)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/13092024071052/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636800/; classtype:trojan-activity;sid:84499900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636801)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/10062024180136/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636801/; classtype:trojan-activity;sid:84499901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636802)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/23082024175356/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636802/; classtype:trojan-activity;sid:84499902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636799)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/27082024070328/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636799/; classtype:trojan-activity;sid:84499899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636798)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/8050/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636798/; classtype:trojan-activity;sid:84499898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636795)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/18062024071837/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636795/; classtype:trojan-activity;sid:84499895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636796)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/18072024120409/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636796/; classtype:trojan-activity;sid:84499896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636797)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/30082024111343/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636797/; classtype:trojan-activity;sid:84499897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636793)"; flow:established,from_client; content:"GET"; http_method; content:"/20231222%e5%bd%b1%e6%8a%80/av.scr"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"58.22.95.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636793/; classtype:trojan-activity;sid:84499893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636794)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/21082024112544/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636794/; classtype:trojan-activity;sid:84499894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636791)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/19072024111357/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636791/; classtype:trojan-activity;sid:84499891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636792)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad/128%e7%86%8a%e7%be%8e%e8%8c%b9-%e6%97%a0/av.scr"; http_uri; depth:175; isdataat:!1,relative; nocase; content:"58.22.95.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636792/; classtype:trojan-activity;sid:84499892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636784)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/11062024175200/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636784/; classtype:trojan-activity;sid:84499884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636785)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/30072024115935/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636785/; classtype:trojan-activity;sid:84499885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636786)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/02092024114819/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636786/; classtype:trojan-activity;sid:84499886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636787)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"58.22.95.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636787/; classtype:trojan-activity;sid:84499887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636788)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/30072024070959/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636788/; classtype:trojan-activity;sid:84499888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636789)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/05092024120909/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636789/; classtype:trojan-activity;sid:84499889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636790)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/05072024112530/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636790/; classtype:trojan-activity;sid:84499890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636783)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/09082024115132/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636783/; classtype:trojan-activity;sid:84499883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636782)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/10092024114316/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636782/; classtype:trojan-activity;sid:84499882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636781)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/15082024113136/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636781/; classtype:trojan-activity;sid:84499881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636779)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/04072024170824/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636779/; classtype:trojan-activity;sid:84499879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636780)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/23072024135746/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636780/; classtype:trojan-activity;sid:84499880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636777)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/07102024115515/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636777/; classtype:trojan-activity;sid:84499877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636778)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/12072024115926/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636778/; classtype:trojan-activity;sid:84499878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636775)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/05082024082013/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636775/; classtype:trojan-activity;sid:84499875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636776)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/10072024110114/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636776/; classtype:trojan-activity;sid:84499876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636773)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/17072024071919/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636773/; classtype:trojan-activity;sid:84499873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636774)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/%e7%85%a7%e6%98%8e%e4%ba%8c%e7%8f%ad/video.lnk"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"58.22.95.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636774/; classtype:trojan-activity;sid:84499874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636771)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/19082024070444/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636771/; classtype:trojan-activity;sid:84499871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636772)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/20082024104419/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636772/; classtype:trojan-activity;sid:84499872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636770)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/06082024070754/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636770/; classtype:trojan-activity;sid:84499870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636769)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/12092024074514/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636769/; classtype:trojan-activity;sid:84499869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636768)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/23072024073428/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636768/; classtype:trojan-activity;sid:84499868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636767)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/16082024110029/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636767/; classtype:trojan-activity;sid:84499867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636765)"; flow:established,from_client; content:"GET"; http_method; content:"/20231222%e5%bd%b1%e6%8a%80/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"58.22.95.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636765/; classtype:trojan-activity;sid:84499865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636766)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/30072024075615/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636766/; classtype:trojan-activity;sid:84499866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636764)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/24082024173603/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636764/; classtype:trojan-activity;sid:84499864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636763)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/27092024072930/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636763/; classtype:trojan-activity;sid:84499863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636761)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/14092024070825/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636761/; classtype:trojan-activity;sid:84499861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636762)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/10082024105405/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636762/; classtype:trojan-activity;sid:84499862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636760)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/31072024120304/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636760/; classtype:trojan-activity;sid:84499860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636759)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/16082024171045/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636759/; classtype:trojan-activity;sid:84499859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636757)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/19062024083204/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636757/; classtype:trojan-activity;sid:84499857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636758)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/17062024175202/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636758/; classtype:trojan-activity;sid:84499858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636756)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/6011/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636756/; classtype:trojan-activity;sid:84499856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636755)"; flow:established,from_client; content:"GET"; http_method; content:"/steelames/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"203.232.37.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636755/; classtype:trojan-activity;sid:84499855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636754)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/09082024071028/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636754/; classtype:trojan-activity;sid:84499854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636753)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp/bkp/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636753/; classtype:trojan-activity;sid:84499853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636752)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/11062024074638/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636752/; classtype:trojan-activity;sid:84499852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636751)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8318/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636751/; classtype:trojan-activity;sid:84499851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636750)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/21082024071328/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636750/; classtype:trojan-activity;sid:84499850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636749)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/17082024111540/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636749/; classtype:trojan-activity;sid:84499849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636748)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/25072024111710/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636748/; classtype:trojan-activity;sid:84499848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636747)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"58.22.95.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636747/; classtype:trojan-activity;sid:84499847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636746)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/11062024125639/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636746/; classtype:trojan-activity;sid:84499846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636745)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/26062024072316/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636745/; classtype:trojan-activity;sid:84499845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636744)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/18072024152842/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636744/; classtype:trojan-activity;sid:84499844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636743)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/03092024065611/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636743/; classtype:trojan-activity;sid:84499843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636742)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/20082024074454/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636742/; classtype:trojan-activity;sid:84499842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636741)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/14062024182506/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636741/; classtype:trojan-activity;sid:84499841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636740)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/28062024162227/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636740/; classtype:trojan-activity;sid:84499840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636739)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/25082024112344/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636739/; classtype:trojan-activity;sid:84499839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636736)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/05102024112225/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636736/; classtype:trojan-activity;sid:84499836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636737)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/22072024112228/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636737/; classtype:trojan-activity;sid:84499837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636738)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"58.22.95.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636738/; classtype:trojan-activity;sid:84499838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636735)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/13092024123948/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636735/; classtype:trojan-activity;sid:84499835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636733)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636733/; classtype:trojan-activity;sid:84499833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636734)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/21082024065715/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636734/; classtype:trojan-activity;sid:84499834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636728)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/21082024163507/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636728/; classtype:trojan-activity;sid:84499828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636729)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/05092024111850/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636729/; classtype:trojan-activity;sid:84499829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636730)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/24072024112124/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636730/; classtype:trojan-activity;sid:84499830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636731)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp/pickup/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636731/; classtype:trojan-activity;sid:84499831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636732)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/09072024072801/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636732/; classtype:trojan-activity;sid:84499832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636727)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/30082024070843/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636727/; classtype:trojan-activity;sid:84499827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636723)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/15072024111306/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636723/; classtype:trojan-activity;sid:84499823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636724)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/24072024072622/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636724/; classtype:trojan-activity;sid:84499824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636725)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/photo.lnk"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"58.22.95.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636725/; classtype:trojan-activity;sid:84499825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636726)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/23082024120742/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636726/; classtype:trojan-activity;sid:84499826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636721)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/15072024121001/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636721/; classtype:trojan-activity;sid:84499821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636722)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/14092024162753/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636722/; classtype:trojan-activity;sid:84499822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636719)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/26072024130538/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636719/; classtype:trojan-activity;sid:84499819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636720)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/01102024075913/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636720/; classtype:trojan-activity;sid:84499820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636717)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/31072024110649/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636717/; classtype:trojan-activity;sid:84499817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636718)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/24092024074236/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636718/; classtype:trojan-activity;sid:84499818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636715)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/26092024073810/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636715/; classtype:trojan-activity;sid:84499815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636716)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/19062024073721/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636716/; classtype:trojan-activity;sid:84499816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636714)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/03102024114713/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636714/; classtype:trojan-activity;sid:84499814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636708)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/27062024134606/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636708/; classtype:trojan-activity;sid:84499808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636709)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/25092024074358/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636709/; classtype:trojan-activity;sid:84499809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636710)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636710/; classtype:trojan-activity;sid:84499810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636711)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/12092024065636/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636711/; classtype:trojan-activity;sid:84499811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636712)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/07082024113359/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636712/; classtype:trojan-activity;sid:84499812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636713)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/14082024102908/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636713/; classtype:trojan-activity;sid:84499813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636705)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/27062024074304/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636705/; classtype:trojan-activity;sid:84499805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636706)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/20092024114457/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636706/; classtype:trojan-activity;sid:84499806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636707)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp/idi/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636707/; classtype:trojan-activity;sid:84499807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636703)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/05072024105131/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636703/; classtype:trojan-activity;sid:84499803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636704)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/11062024123414/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636704/; classtype:trojan-activity;sid:84499804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636702)"; flow:established,from_client; content:"GET"; http_method; content:"/20231222%e5%bd%b1%e6%8a%80/photo.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"58.22.95.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636702/; classtype:trojan-activity;sid:84499802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636698)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/12062024122748/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636698/; classtype:trojan-activity;sid:84499798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636699)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636699/; classtype:trojan-activity;sid:84499799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636700)"; flow:established,from_client; content:"GET"; http_method; content:"/20231208_%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad_%e6%91%84%e5%bd%b1%e6%8a%80%e6%9c%af%e4%bd%9c%e4%b8%9a/video.lnk"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"58.22.95.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636700/; classtype:trojan-activity;sid:84499800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636701)"; flow:established,from_client; content:"GET"; http_method; content:"/20231222%e5%bd%b1%e6%8a%80/video.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"58.22.95.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636701/; classtype:trojan-activity;sid:84499801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636693)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/22082024180206/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636693/; classtype:trojan-activity;sid:84499793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636694)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/20082024172514/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636694/; classtype:trojan-activity;sid:84499794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636695)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/20082024070343/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636695/; classtype:trojan-activity;sid:84499795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636696)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/27092024125844/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636696/; classtype:trojan-activity;sid:84499796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636697)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/01082024070127/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636697/; classtype:trojan-activity;sid:84499797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636685)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/30092024073115/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636685/; classtype:trojan-activity;sid:84499785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636686)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/04102024114428/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636686/; classtype:trojan-activity;sid:84499786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636687)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/17072024162506/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636687/; classtype:trojan-activity;sid:84499787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636688)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/17072024112121/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636688/; classtype:trojan-activity;sid:84499788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636689)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/13062024123930/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636689/; classtype:trojan-activity;sid:84499789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636690)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/20082024114833/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636690/; classtype:trojan-activity;sid:84499790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636691)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/22072024071046/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636691/; classtype:trojan-activity;sid:84499791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636692)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/21082024074934/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636692/; classtype:trojan-activity;sid:84499792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636683)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/12072024073215/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636683/; classtype:trojan-activity;sid:84499783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636684)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/11082024113341/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636684/; classtype:trojan-activity;sid:84499784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636681)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/09092024080429/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636681/; classtype:trojan-activity;sid:84499781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636682)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8342/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636682/; classtype:trojan-activity;sid:84499782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636678)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/16092024071437/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636678/; classtype:trojan-activity;sid:84499778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636679)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/11092024070152/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636679/; classtype:trojan-activity;sid:84499779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636680)"; flow:established,from_client; content:"GET"; http_method; content:"/20231208_%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad_%e6%91%84%e5%bd%b1%e6%8a%80%e6%9c%af%e4%bd%9c%e4%b8%9a/av.scr"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"58.22.95.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636680/; classtype:trojan-activity;sid:84499780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636676)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/19072024082257/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636676/; classtype:trojan-activity;sid:84499776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636677)"; flow:established,from_client; content:"GET"; http_method; content:"/20231215_%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad_%e6%91%84%e5%bd%b1%e6%8a%80%e6%9c%af%e4%bd%9c%e4%b8%9a/video.lnk"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"58.22.95.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636677/; classtype:trojan-activity;sid:84499777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636666)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/02092024173539/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636666/; classtype:trojan-activity;sid:84499766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636667)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/14062024074014/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636667/; classtype:trojan-activity;sid:84499767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636668)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp/queue/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636668/; classtype:trojan-activity;sid:84499768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636669)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/13082024112311/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636669/; classtype:trojan-activity;sid:84499769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636670)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/23072024112852/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636670/; classtype:trojan-activity;sid:84499770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636671)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/13092024094613/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636671/; classtype:trojan-activity;sid:84499771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636672)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/19082024113816/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636672/; classtype:trojan-activity;sid:84499772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636673)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad/119%e9%a9%ac%e9%9b%af%e5%a9%b7-%e6%97%a0/photo.lnk"; http_uri; depth:178; isdataat:!1,relative; nocase; content:"58.22.95.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636673/; classtype:trojan-activity;sid:84499773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636674)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/02082024121949/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636674/; classtype:trojan-activity;sid:84499774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636675)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/10092024185923/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636675/; classtype:trojan-activity;sid:84499775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636662)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/22072024130440/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636662/; classtype:trojan-activity;sid:84499762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636663)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/8336/05072024082450/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636663/; classtype:trojan-activity;sid:84499763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636664)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/09092024181236/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636664/; classtype:trojan-activity;sid:84499764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636665)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/20082024150907/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636665/; classtype:trojan-activity;sid:84499765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636655)"; flow:established,from_client; content:"GET"; http_method; content:"/20231215_%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad_%e6%91%84%e5%bd%b1%e6%8a%80%e6%9c%af%e4%bd%9c%e4%b8%9a/av.scr"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"58.22.95.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636655/; classtype:trojan-activity;sid:84499755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636656)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/22082024114017/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636656/; classtype:trojan-activity;sid:84499756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636657)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/14082024065337/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636657/; classtype:trojan-activity;sid:84499757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636658)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/8059/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636658/; classtype:trojan-activity;sid:84499758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636659)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/03072024154958/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636659/; classtype:trojan-activity;sid:84499759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636660)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/24062024075130/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636660/; classtype:trojan-activity;sid:84499760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636661)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/%e7%85%a7%e6%98%8e%e4%ba%8c%e7%8f%ad/video.scr"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"58.22.95.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636661/; classtype:trojan-activity;sid:84499761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636654)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/18072024070807/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636654/; classtype:trojan-activity;sid:84499754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636653)"; flow:established,from_client; content:"GET"; http_method; content:"/steelames/application%20files/hsmes_1_0_0_1/report/info.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"203.232.37.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636653/; classtype:trojan-activity;sid:84499753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636651)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad/119%e9%a9%ac%e9%9b%af%e5%a9%b7-%e6%97%a0/info.zip"; http_uri; depth:177; isdataat:!1,relative; nocase; content:"58.22.95.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636651/; classtype:trojan-activity;sid:84499751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636652)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad/128%e7%86%8a%e7%be%8e%e8%8c%b9-%e6%97%a0/info.zip"; http_uri; depth:177; isdataat:!1,relative; nocase; content:"58.22.95.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636652/; classtype:trojan-activity;sid:84499752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636650)"; flow:established,from_client; content:"GET"; http_method; content:"/20231208_%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad_%e6%91%84%e5%bd%b1%e6%8a%80%e6%9c%af%e4%bd%9c%e4%b8%9a/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"58.22.95.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636650/; classtype:trojan-activity;sid:84499750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636649)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad/119%e9%a9%ac%e9%9b%af%e5%a9%b7-%e6%97%a0/video.scr"; http_uri; depth:178; isdataat:!1,relative; nocase; content:"58.22.95.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636649/; classtype:trojan-activity;sid:84499749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636648)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636648/; classtype:trojan-activity;sid:84499748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636647)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.101.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636647/; classtype:trojan-activity;sid:84499747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636645)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i686"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636645/; classtype:trojan-activity;sid:84499745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636646)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636646/; classtype:trojan-activity;sid:84499746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636634)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636634/; classtype:trojan-activity;sid:84499734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636635)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636635/; classtype:trojan-activity;sid:84499735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636636)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636636/; classtype:trojan-activity;sid:84499736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636637)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636637/; classtype:trojan-activity;sid:84499737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636638)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636638/; classtype:trojan-activity;sid:84499738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636639)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636639/; classtype:trojan-activity;sid:84499739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636640)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636640/; classtype:trojan-activity;sid:84499740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636641)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636641/; classtype:trojan-activity;sid:84499741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636642)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636642/; classtype:trojan-activity;sid:84499742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636643)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636643/; classtype:trojan-activity;sid:84499743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636644)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86_64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636644/; classtype:trojan-activity;sid:84499744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636633)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.10.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636633/; classtype:trojan-activity;sid:84499733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636632)"; flow:established,from_client; content:"GET"; http_method; content:"/0a7.google|3f|t=aeqkbqkv"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"pn.h8o4g.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636632/; classtype:trojan-activity;sid:84499732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636631)"; flow:established,from_client; content:"GET"; http_method; content:"/d60n46ycyf.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u5.l8w6u.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636631/; classtype:trojan-activity;sid:84499731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636630)"; flow:established,from_client; content:"GET"; http_method; content:"/gzfamiun40.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k4.n-80o.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636630/; classtype:trojan-activity;sid:84499730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636629)"; flow:established,from_client; content:"GET"; http_method; content:"/0a7.google|3f|t=4otg2g2b"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"pn.h8o4g.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636629/; classtype:trojan-activity;sid:84499729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636628)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.26.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636628/; classtype:trojan-activity;sid:84499728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636627)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.64.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636627/; classtype:trojan-activity;sid:84499727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636626)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.238.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636626/; classtype:trojan-activity;sid:84499726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636625)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.240.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636625/; classtype:trojan-activity;sid:84499725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636624)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.64.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636624/; classtype:trojan-activity;sid:84499724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636623)"; flow:established,from_client; content:"GET"; http_method; content:"/kkqwmrmska.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"r.l8w6u.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636623/; classtype:trojan-activity;sid:84499723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636622)"; flow:established,from_client; content:"GET"; http_method; content:"/tv.check|3f|t=4zrox3o2"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"x.h8o4g.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636622/; classtype:trojan-activity;sid:84499722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636621)"; flow:established,from_client; content:"GET"; http_method; content:"/w6bpf7xj98.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"z3.n-80o.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636621/; classtype:trojan-activity;sid:84499721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636620)"; flow:established,from_client; content:"GET"; http_method; content:"/tv.check|3f|t=ni44w2zm"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"x.h8o4g.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636620/; classtype:trojan-activity;sid:84499720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636619)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.159.173.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636619/; classtype:trojan-activity;sid:84499719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636618)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.238.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636618/; classtype:trojan-activity;sid:84499718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636617)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.240.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636617/; classtype:trojan-activity;sid:84499717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636616)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.18.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636616/; classtype:trojan-activity;sid:84499716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636615)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.11.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636615/; classtype:trojan-activity;sid:84499715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636614)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.250.202.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636614/; classtype:trojan-activity;sid:84499714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636613)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.59.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636613/; classtype:trojan-activity;sid:84499713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636612)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.59.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636612/; classtype:trojan-activity;sid:84499712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636611)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"1.15.134.238"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636611/; classtype:trojan-activity;sid:84499711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636610)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/document.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"193.233.84.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636610/; classtype:trojan-activity;sid:84499710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636609)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.196.9.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636609/; classtype:trojan-activity;sid:84499709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636608)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.183.123.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636608/; classtype:trojan-activity;sid:84499708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636603)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.239.198.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636603/; classtype:trojan-activity;sid:84499703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.230.40.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636604/; classtype:trojan-activity;sid:84499704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636605)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.50.15.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636605/; classtype:trojan-activity;sid:84499705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636606)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.193.211.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636606/; classtype:trojan-activity;sid:84499706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636607)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.39.2.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636607/; classtype:trojan-activity;sid:84499707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636601)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.109.162.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636601/; classtype:trojan-activity;sid:84499701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636602)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.175.253.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636602/; classtype:trojan-activity;sid:84499702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636598)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.235.202.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636598/; classtype:trojan-activity;sid:84499698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636599)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.109.228.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636599/; classtype:trojan-activity;sid:84499699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636600)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.252.11.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636600/; classtype:trojan-activity;sid:84499700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636597)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"120.157.159.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636597/; classtype:trojan-activity;sid:84499697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636596)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.206.129.255"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636596/; classtype:trojan-activity;sid:84499696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636595)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"120.157.19.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636595/; classtype:trojan-activity;sid:84499695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636592)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.146.0.185"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636592/; classtype:trojan-activity;sid:84499692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636593)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.233.68.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636593/; classtype:trojan-activity;sid:84499693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636594)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"189.165.67.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636594/; classtype:trojan-activity;sid:84499694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636590)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.50.14.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636590/; classtype:trojan-activity;sid:84499690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636591)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.40.119.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636591/; classtype:trojan-activity;sid:84499691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636588)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.80.129.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636588/; classtype:trojan-activity;sid:84499688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636589)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"37.80.79.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636589/; classtype:trojan-activity;sid:84499689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636587)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.224.150.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636587/; classtype:trojan-activity;sid:84499687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636586)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"77.189.26.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636586/; classtype:trojan-activity;sid:84499686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636583)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.71.141.146"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636583/; classtype:trojan-activity;sid:84499683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636584)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.44.71.109"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636584/; classtype:trojan-activity;sid:84499684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636585)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.98.68"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636585/; classtype:trojan-activity;sid:84499685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636582)"; flow:established,from_client; content:"GET"; http_method; content:"/fp0opb511o.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"r3.b3n4o.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636582/; classtype:trojan-activity;sid:84499682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636581)"; flow:established,from_client; content:"GET"; http_method; content:"/mh504wk8lc.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qm9.n-80o.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636581/; classtype:trojan-activity;sid:84499681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636580)"; flow:established,from_client; content:"GET"; http_method; content:"/4wq.google|3f|t=6rf3c5ut"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"m2.h8o4g.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636580/; classtype:trojan-activity;sid:84499680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636579)"; flow:established,from_client; content:"GET"; http_method; content:"/4wq.google|3f|t=h7gkwmgu"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"m2.h8o4g.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636579/; classtype:trojan-activity;sid:84499679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636578)"; flow:established,from_client; content:"GET"; http_method; content:"/h7tm9bxsh2.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"r3.b3n4o.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636578/; classtype:trojan-activity;sid:84499678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636577)"; flow:established,from_client; content:"GET"; http_method; content:"/1n.check|3f|t=csni2tlc"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"qb.h8o4g.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636577/; classtype:trojan-activity;sid:84499677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636576)"; flow:established,from_client; content:"GET"; http_method; content:"/1n.check|3f|t=6dx7mcn1"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"qb.h8o4g.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636576/; classtype:trojan-activity;sid:84499676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636575)"; flow:established,from_client; content:"GET"; http_method; content:"/y1pgcuchay.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"u1.n-80o.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636575/; classtype:trojan-activity;sid:84499675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636573)"; flow:established,from_client; content:"GET"; http_method; content:"/ya04.google|3f|t=tifropvf"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"z9m.h8o4g.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636573/; classtype:trojan-activity;sid:84499673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636574)"; flow:established,from_client; content:"GET"; http_method; content:"/ely72iyyn6.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"u1.n-80o.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636574/; classtype:trojan-activity;sid:84499674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636572)"; flow:established,from_client; content:"GET"; http_method; content:"/ya04.google|3f|t=o70npbuw"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"z9m.h8o4g.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636572/; classtype:trojan-activity;sid:84499672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636571)"; flow:established,from_client; content:"GET"; http_method; content:"/sb7h1y4den.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"k7.b3n4o.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636571/; classtype:trojan-activity;sid:84499671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636570)"; flow:established,from_client; content:"GET"; http_method; content:"/0k.google|3f|t=331wbier"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"a.n6e8h.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636570/; classtype:trojan-activity;sid:84499670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636569)"; flow:established,from_client; content:"GET"; http_method; content:"/dmonxd7x2g.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"u1.n-80o.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636569/; classtype:trojan-activity;sid:84499669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636568)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.253.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636568/; classtype:trojan-activity;sid:84499668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636567)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.188.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636567/; classtype:trojan-activity;sid:84499667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636566)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.29.225.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636566/; classtype:trojan-activity;sid:84499666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636565)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.142.93.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636565/; classtype:trojan-activity;sid:84499665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636564)"; flow:established,from_client; content:"GET"; http_method; content:"/e5zm3ayfe6.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"aa9.b3n4o.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636564/; classtype:trojan-activity;sid:84499664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636562)"; flow:established,from_client; content:"GET"; http_method; content:"/3xq.check|3f|t=a21zxovk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"m7.n6e8h.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636562/; classtype:trojan-activity;sid:84499662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636563)"; flow:established,from_client; content:"GET"; http_method; content:"/060pifflir.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"h.n-80o.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636563/; classtype:trojan-activity;sid:84499663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636561)"; flow:established,from_client; content:"GET"; http_method; content:"/3xq.check|3f|t=tmxlqz3k"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"m7.n6e8h.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636561/; classtype:trojan-activity;sid:84499661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636560)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.7.177"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636560/; classtype:trojan-activity;sid:84499660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636559)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.19.6.84"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636559/; classtype:trojan-activity;sid:84499659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636558)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.253.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636558/; classtype:trojan-activity;sid:84499658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636557)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.188.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636557/; classtype:trojan-activity;sid:84499657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636556)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.64.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636556/; classtype:trojan-activity;sid:84499656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636555)"; flow:established,from_client; content:"GET"; http_method; content:"/2t9m2yx028.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"v2.b3n4o.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636555/; classtype:trojan-activity;sid:84499655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636554)"; flow:established,from_client; content:"GET"; http_method; content:"/yd1.google|3f|t=pv8kmpxh"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"pz.n6e8h.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636554/; classtype:trojan-activity;sid:84499654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636553)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.64.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636553/; classtype:trojan-activity;sid:84499653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636552)"; flow:established,from_client; content:"GET"; http_method; content:"/tr9smcge2w.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"zd.z-11e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636552/; classtype:trojan-activity;sid:84499652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636551)"; flow:established,from_client; content:"GET"; http_method; content:"/yd1.google|3f|t=37tauqvl"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"pz.n6e8h.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636551/; classtype:trojan-activity;sid:84499651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636550)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.197.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636550/; classtype:trojan-activity;sid:84499650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636549)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.29.225.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636549/; classtype:trojan-activity;sid:84499649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636548)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.110.28.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636548/; classtype:trojan-activity;sid:84499648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636547)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.151.158.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636547/; classtype:trojan-activity;sid:84499647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636546)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.19.6.84"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636546/; classtype:trojan-activity;sid:84499646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636545)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.253.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636545/; classtype:trojan-activity;sid:84499645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636544)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.239.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636544/; classtype:trojan-activity;sid:84499644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636543)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.178.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636543/; classtype:trojan-activity;sid:84499643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636540)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.16.142.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636540/; classtype:trojan-activity;sid:84499640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636541)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.16.142.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636541/; classtype:trojan-activity;sid:84499641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636542)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"74.201.28.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636542/; classtype:trojan-activity;sid:84499642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636539)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"178.16.142.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636539/; classtype:trojan-activity;sid:84499639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636538)"; flow:established,from_client; content:"GET"; http_method; content:"/275kg8twvb.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r2.z-11e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636538/; classtype:trojan-activity;sid:84499638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636537)"; flow:established,from_client; content:"GET"; http_method; content:"/n0.check|3f|t=9tohogvk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"t.n6e8h.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636537/; classtype:trojan-activity;sid:84499637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636536)"; flow:established,from_client; content:"GET"; http_method; content:"/tif0vvdhxo.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"m2.q8g1y.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636536/; classtype:trojan-activity;sid:84499636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636535)"; flow:established,from_client; content:"GET"; http_method; content:"/n0.check|3f|t=x9uv4qu9"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"t.n6e8h.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636535/; classtype:trojan-activity;sid:84499635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636534)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.55.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636534/; classtype:trojan-activity;sid:84499634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636533)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.239.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636533/; classtype:trojan-activity;sid:84499633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636532)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.93.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636532/; classtype:trojan-activity;sid:84499632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636531)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.253.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636531/; classtype:trojan-activity;sid:84499631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636530)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.33.44"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636530/; classtype:trojan-activity;sid:84499630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636529)"; flow:established,from_client; content:"GET"; http_method; content:"/7brwtro6rd.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"wq9.z-11e.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636529/; classtype:trojan-activity;sid:84499629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636528)"; flow:established,from_client; content:"GET"; http_method; content:"/r41.google|3f|t=1emoig9v"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"x9.n6e8h.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636528/; classtype:trojan-activity;sid:84499628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636526)"; flow:established,from_client; content:"GET"; http_method; content:"/r41.google|3f|t=yut5759n"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"x9.n6e8h.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636526/; classtype:trojan-activity;sid:84499626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636527)"; flow:established,from_client; content:"GET"; http_method; content:"/8vodb76mdo.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"aa9.q8g1y.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636527/; classtype:trojan-activity;sid:84499627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636525)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.153.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636525/; classtype:trojan-activity;sid:84499625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636524)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.93.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636524/; classtype:trojan-activity;sid:84499624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636523)"; flow:established,from_client; content:"GET"; http_method; content:"/2m.check|3f|t=qoi4a58f"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"hv.n6e8h.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636523/; classtype:trojan-activity;sid:84499623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636522)"; flow:established,from_client; content:"GET"; http_method; content:"/pinqihwmzf.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c7.z-11e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636522/; classtype:trojan-activity;sid:84499622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636521)"; flow:established,from_client; content:"GET"; http_method; content:"/8obcwea0sm.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"xq0.q8g1y.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636521/; classtype:trojan-activity;sid:84499621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636520)"; flow:established,from_client; content:"GET"; http_method; content:"/2m.check|3f|t=2qsqxj4i"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"hv.n6e8h.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636520/; classtype:trojan-activity;sid:84499620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636519)"; flow:established,from_client; content:"GET"; http_method; content:"/v1vd71245r.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c7.z-11e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636519/; classtype:trojan-activity;sid:84499619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636518)"; flow:established,from_client; content:"GET"; http_method; content:"/wb08.google|3f|t=p9eyjsp9"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"c2n.n6e8h.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636518/; classtype:trojan-activity;sid:84499618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636517)"; flow:established,from_client; content:"GET"; http_method; content:"/vpgjclclha.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"xq0.q8g1y.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636517/; classtype:trojan-activity;sid:84499617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636516)"; flow:established,from_client; content:"GET"; http_method; content:"/wb08.google|3f|t=jag9snvc"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"c2n.n6e8h.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636516/; classtype:trojan-activity;sid:84499616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636514)"; flow:established,from_client; content:"GET"; http_method; content:"/q2.google|3f|t=b27br6mb"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"b.n0y8j.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636514/; classtype:trojan-activity;sid:84499614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636515)"; flow:established,from_client; content:"GET"; http_method; content:"/an69ss2qnq.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"n.z-11e.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636515/; classtype:trojan-activity;sid:84499615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636513)"; flow:established,from_client; content:"GET"; http_method; content:"/rzseth1w7h.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"c5.q8g1y.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636513/; classtype:trojan-activity;sid:84499613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636512)"; flow:established,from_client; content:"GET"; http_method; content:"/q2.google|3f|t=rg7yvpzu"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"b.n0y8j.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636512/; classtype:trojan-activity;sid:84499612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636511)"; flow:established,from_client; content:"GET"; http_method; content:"/m7p.check|3f|t=mdtitwon"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"n4.n0y8j.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636511/; classtype:trojan-activity;sid:84499611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636510)"; flow:established,from_client; content:"GET"; http_method; content:"/7whlk1ymp2.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"n.z-11e.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636510/; classtype:trojan-activity;sid:84499610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636509)"; flow:established,from_client; content:"GET"; http_method; content:"/x2o1s17h9l.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"c5.q8g1y.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636509/; classtype:trojan-activity;sid:84499609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636508)"; flow:established,from_client; content:"GET"; http_method; content:"/m7p.check|3f|t=54z0yhwp"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"n4.n0y8j.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636508/; classtype:trojan-activity;sid:84499608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636507)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.103.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636507/; classtype:trojan-activity;sid:84499607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636506)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.176.248.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636506/; classtype:trojan-activity;sid:84499606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636505)"; flow:established,from_client; content:"GET"; http_method; content:"/0y3.google|3f|t=35bh8uwe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"xt.n0y8j.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636505/; classtype:trojan-activity;sid:84499605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636504)"; flow:established,from_client; content:"GET"; http_method; content:"/94u05esvdb.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"l.q8g1y.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636504/; classtype:trojan-activity;sid:84499604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636503)"; flow:established,from_client; content:"GET"; http_method; content:"/0y3.google|3f|t=lbsyaznf"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"xt.n0y8j.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636503/; classtype:trojan-activity;sid:84499603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636502)"; flow:established,from_client; content:"GET"; http_method; content:"/rhqzbc86w4.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k9.q-49o.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636502/; classtype:trojan-activity;sid:84499602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636501)"; flow:established,from_client; content:"GET"; http_method; content:"/bpew1yhd4z.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m7.q-49o.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636501/; classtype:trojan-activity;sid:84499601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636500)"; flow:established,from_client; content:"GET"; http_method; content:"/aa.check|3f|t=i0mky73h"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"q.n0y8j.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636500/; classtype:trojan-activity;sid:84499600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636499)"; flow:established,from_client; content:"GET"; http_method; content:"/i4rgeswdmh.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"aa.k5d1y.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636499/; classtype:trojan-activity;sid:84499599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636498)"; flow:established,from_client; content:"GET"; http_method; content:"/aa.check|3f|t=6t4iln7h"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"q.n0y8j.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636498/; classtype:trojan-activity;sid:84499598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636497)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"38.156.9.75"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636497/; classtype:trojan-activity;sid:84499597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636496)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.70.203.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636496/; classtype:trojan-activity;sid:84499596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636495)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.238.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636495/; classtype:trojan-activity;sid:84499595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636494)"; flow:established,from_client; content:"GET"; http_method; content:"/qjk2txi6jr.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"aa.k5d1y.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636494/; classtype:trojan-activity;sid:84499594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636493)"; flow:established,from_client; content:"GET"; http_method; content:"/zz9.google|3f|t=8exyefre"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"h2.n0y8j.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636493/; classtype:trojan-activity;sid:84499593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636492)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20250930035347.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"okua.42web.io"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636492/; classtype:trojan-activity;sid:84499592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636490)"; flow:established,from_client; content:"GET"; http_method; content:"/zz9.google|3f|t=yq9kdl0u"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"h2.n0y8j.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636490/; classtype:trojan-activity;sid:84499590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636491)"; flow:established,from_client; content:"GET"; http_method; content:"/u11t2akquh.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"tq1.q-49o.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636491/; classtype:trojan-activity;sid:84499591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636489)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20250929221212.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"okua.42web.io"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636489/; classtype:trojan-activity;sid:84499589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636488)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1nxl2uygvjrjxb0uyji9dgqc7rlgx14ao"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636488/; classtype:trojan-activity;sid:84499588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636487)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20250929221156.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"okua.42web.io"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636487/; classtype:trojan-activity;sid:84499587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636486)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1jgcxylhi80eaku5dcotnipzsbwvlv_kp"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636486/; classtype:trojan-activity;sid:84499586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636485)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20250930190835.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"okua.42web.io"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636485/; classtype:trojan-activity;sid:84499585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636484)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1kgolhhxnzrjzyv5lds8lhx6zuan4hjp7"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636484/; classtype:trojan-activity;sid:84499584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636483)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ridg1ag3e2tvl3vmvnptifs9mcqc4wk6"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636483/; classtype:trojan-activity;sid:84499583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636482)"; flow:established,from_client; content:"GET"; http_method; content:"/alco.mix"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"hetenyikorhaz.hu"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636482/; classtype:trojan-activity;sid:84499582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636481)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.64.53"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636481/; classtype:trojan-activity;sid:84499581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636480)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.202.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636480/; classtype:trojan-activity;sid:84499580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636479)"; flow:established,from_client; content:"GET"; http_method; content:"/zap.bin"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"hetenyikorhaz.hu"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636479/; classtype:trojan-activity;sid:84499579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636478)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.202.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636478/; classtype:trojan-activity;sid:84499578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636477)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6400879960/pimmim3.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636477/; classtype:trojan-activity;sid:84499577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636476)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251001012214.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"deliver009.infinityfreeapp.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636476/; classtype:trojan-activity;sid:84499576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636475)"; flow:established,from_client; content:"GET"; http_method; content:"/231/imn__ie__09340040400400t0t040040040404040.hta"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"104.168.0.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636475/; classtype:trojan-activity;sid:84499575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636474)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.70.203.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636474/; classtype:trojan-activity;sid:84499574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636472)"; flow:established,from_client; content:"GET"; http_method; content:"/dw4lwbp02u.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"b2.q-49o.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636472/; classtype:trojan-activity;sid:84499572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636473)"; flow:established,from_client; content:"GET"; http_method; content:"/u9us8kpejl.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"h1.k5d1y.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636473/; classtype:trojan-activity;sid:84499573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636470)"; flow:established,from_client; content:"GET"; http_method; content:"/1rm.check|3f|t=5a8pba2o"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"wz.n0y8j.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636470/; classtype:trojan-activity;sid:84499570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636471)"; flow:established,from_client; content:"GET"; http_method; content:"/1rm.check|3f|t=8s6g071d"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"wz.n0y8j.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636471/; classtype:trojan-activity;sid:84499571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636469)"; flow:established,from_client; content:"GET"; http_method; content:"/577/img__0909090908997878877676767676767000090000000.hta"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"172.245.209.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636469/; classtype:trojan-activity;sid:84499569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636467)"; flow:established,from_client; content:"GET"; http_method; content:"/157/img__pic0399940000003949400030303030204004000440040030000.hta"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"104.243.37.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636467/; classtype:trojan-activity;sid:84499567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636468)"; flow:established,from_client; content:"GET"; http_method; content:"/155/img__pict09000004000039400405049405000595050.hta"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"104.168.7.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636468/; classtype:trojan-activity;sid:84499568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636466)"; flow:established,from_client; content:"GET"; http_method; content:"/200/img__pict00900300000200340000050000600950000004959000000004900.hta"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"96.44.159.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636466/; classtype:trojan-activity;sid:84499566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636465)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.35.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636465/; classtype:trojan-activity;sid:84499565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636464)"; flow:established,from_client; content:"GET"; http_method; content:"/122/img___090000e09884877474838839993948848484949.hta"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"104.168.7.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636464/; classtype:trojan-activity;sid:84499564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636461)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.97.113.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636461/; classtype:trojan-activity;sid:84499561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636462)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.86.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636462/; classtype:trojan-activity;sid:84499562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636463)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.103.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636463/; classtype:trojan-activity;sid:84499563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636460)"; flow:established,from_client; content:"GET"; http_method; content:"/166/pic____img00900600707070550060606070704405045405040.hta"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"198.46.173.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636460/; classtype:trojan-activity;sid:84499560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636459)"; flow:established,from_client; content:"GET"; http_method; content:"/505/ims__pic0949000030040040300404040r0400404040040.hta"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"198.23.177.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636459/; classtype:trojan-activity;sid:84499559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636458)"; flow:established,from_client; content:"GET"; http_method; content:"/4wrxnetpmh.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"x.q-49o.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636458/; classtype:trojan-activity;sid:84499558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636457)"; flow:established,from_client; content:"GET"; http_method; content:"/pq04.google|3f|t=kldd0759"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"c1m.n0y8j.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636457/; classtype:trojan-activity;sid:84499557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636455)"; flow:established,from_client; content:"GET"; http_method; content:"/uzpwvsamqt.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"h1.k5d1y.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636455/; classtype:trojan-activity;sid:84499555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636456)"; flow:established,from_client; content:"GET"; http_method; content:"/157/im__pic009405960060400403000505003030404030300400000040.hta"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"104.168.7.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636456/; classtype:trojan-activity;sid:84499556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636454)"; flow:established,from_client; content:"GET"; http_method; content:"/pq04.google|3f|t=knetvof8"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"c1m.n0y8j.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636454/; classtype:trojan-activity;sid:84499554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636453)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.95.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636453/; classtype:trojan-activity;sid:84499553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636452)"; flow:established,from_client; content:"GET"; http_method; content:"/d4.google|3f|t=hhemru80"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"p.q4e3n.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636452/; classtype:trojan-activity;sid:84499552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636451)"; flow:established,from_client; content:"GET"; http_method; content:"/bzjk9rkhr3.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"x.q-49o.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636451/; classtype:trojan-activity;sid:84499551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636449)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.85.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636449/; classtype:trojan-activity;sid:84499549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636450)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.85.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636450/; classtype:trojan-activity;sid:84499550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636440)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.85.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636440/; classtype:trojan-activity;sid:84499540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636441)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.85.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636441/; classtype:trojan-activity;sid:84499541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636442)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.85.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636442/; classtype:trojan-activity;sid:84499542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636443)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.85.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636443/; classtype:trojan-activity;sid:84499543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636444)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.85.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636444/; classtype:trojan-activity;sid:84499544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636445)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.85.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636445/; classtype:trojan-activity;sid:84499545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636446)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.85.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636446/; classtype:trojan-activity;sid:84499546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636447)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"196.251.85.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636447/; classtype:trojan-activity;sid:84499547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636448)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.85.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636448/; classtype:trojan-activity;sid:84499548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636439)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.60.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636439/; classtype:trojan-activity;sid:84499539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636438)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.55.76.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636438/; classtype:trojan-activity;sid:84499538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636437)"; flow:established,from_client; content:"GET"; http_method; content:"/lol.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.107.74.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636437/; classtype:trojan-activity;sid:84499537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636435)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"wq24-1.g-site.store"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636435/; classtype:trojan-activity;sid:84499535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636436)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"n78vzdib.cfd"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636436/; classtype:trojan-activity;sid:84499536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636434)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8374289233/tmiug8n.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636434/; classtype:trojan-activity;sid:84499534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636433)"; flow:established,from_client; content:"GET"; http_method; content:"/zz201m84de.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"n0.w-52a.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636433/; classtype:trojan-activity;sid:84499533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636432)"; flow:established,from_client; content:"GET"; http_method; content:"/lil.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.107.74.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636432/; classtype:trojan-activity;sid:84499532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636428)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"3bnx23aq.cfd"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636428/; classtype:trojan-activity;sid:84499528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636429)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"cbyq4yr1.cfd"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636429/; classtype:trojan-activity;sid:84499529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636430)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"uutwmrw7.cfd"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636430/; classtype:trojan-activity;sid:84499530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636431)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"qp0tvp7r.cfd"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636431/; classtype:trojan-activity;sid:84499531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636427)"; flow:established,from_client; content:"GET"; http_method; content:"/1v3.check|3f|t=0i832tvl"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"k8.q4e3n.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636427/; classtype:trojan-activity;sid:84499527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636426)"; flow:established,from_client; content:"GET"; http_method; content:"/p9yfmb9vjy.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"pz8.k5d1y.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636426/; classtype:trojan-activity;sid:84499526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636425)"; flow:established,from_client; content:"GET"; http_method; content:"/1v3.check|3f|t=tcnxnr9j"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"k8.q4e3n.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636425/; classtype:trojan-activity;sid:84499525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636424)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.60.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636424/; classtype:trojan-activity;sid:84499524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636423)"; flow:established,from_client; content:"GET"; http_method; content:"/ub8wridp92.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"w4.k5d1y.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636423/; classtype:trojan-activity;sid:84499523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636422)"; flow:established,from_client; content:"GET"; http_method; content:"/m2.google|3f|t=jhl3g3ae"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ve.q4e3n.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636422/; classtype:trojan-activity;sid:84499522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636420)"; flow:established,from_client; content:"GET"; http_method; content:"/m2.google|3f|t=8l072hf9"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ve.q4e3n.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636420/; classtype:trojan-activity;sid:84499520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636421)"; flow:established,from_client; content:"GET"; http_method; content:"/pxcnsql99c.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"e1.w-52a.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636421/; classtype:trojan-activity;sid:84499521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636419)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.178.45.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636419/; classtype:trojan-activity;sid:84499519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636418)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.137.206.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636418/; classtype:trojan-activity;sid:84499518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636417)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.150.112.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636417/; classtype:trojan-activity;sid:84499517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636415)"; flow:established,from_client; content:"GET"; http_method; content:"/tb0.check|3f|t=h415kat5"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"r3.q4e3n.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636415/; classtype:trojan-activity;sid:84499515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636416)"; flow:established,from_client; content:"GET"; http_method; content:"/l7fn21nl95.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qk2.w-52a.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636416/; classtype:trojan-activity;sid:84499516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636414)"; flow:established,from_client; content:"GET"; http_method; content:"/tb0.check|3f|t=h23we0br"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"r3.q4e3n.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636414/; classtype:trojan-activity;sid:84499514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636413)"; flow:established,from_client; content:"GET"; http_method; content:"/51we7h2uw2.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"d.k5d1y.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636413/; classtype:trojan-activity;sid:84499513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636411)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.195.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636411/; classtype:trojan-activity;sid:84499511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636412)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.175.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636412/; classtype:trojan-activity;sid:84499512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636410)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.167.248.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636410/; classtype:trojan-activity;sid:84499510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636409)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.132.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636409/; classtype:trojan-activity;sid:84499509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636408)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.26.210.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636408/; classtype:trojan-activity;sid:84499508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636407)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.193.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636407/; classtype:trojan-activity;sid:84499507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636406)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.205.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636406/; classtype:trojan-activity;sid:84499506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636405)"; flow:established,from_client; content:"GET"; http_method; content:"/-/project/74935885/uploads/54980bec63368805b4df62bba5d4f1ef/svcnz.exe"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"gitlab.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636405/; classtype:trojan-activity;sid:84499505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636404)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"164.163.25.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636404/; classtype:trojan-activity;sid:84499504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636403)"; flow:established,from_client; content:"GET"; http_method; content:"/0nq.google|3f|t=bqjyze9o"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"u.q4e3n.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636403/; classtype:trojan-activity;sid:84499503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636402)"; flow:established,from_client; content:"GET"; http_method; content:"/53hx62cz5m.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"hm.q6t4u.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636402/; classtype:trojan-activity;sid:84499502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636401)"; flow:established,from_client; content:"GET"; http_method; content:"/0nq.google|3f|t=322t1i35"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"u.q4e3n.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636401/; classtype:trojan-activity;sid:84499501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636400)"; flow:established,from_client; content:"GET"; http_method; content:"/rrmbk6wij9.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"u5.w-52a.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636400/; classtype:trojan-activity;sid:84499500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636399)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.87.221.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636399/; classtype:trojan-activity;sid:84499499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636398)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.167.248.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636398/; classtype:trojan-activity;sid:84499498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636397)"; flow:established,from_client; content:"GET"; http_method; content:"/direct77"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"easy1.sbs"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636397/; classtype:trojan-activity;sid:84499497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636395)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|uid=18|7c|26|7c|sid=7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"downloadsoftz.click"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636395/; classtype:trojan-activity;sid:84499495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636396)"; flow:established,from_client; content:"GET"; http_method; content:"/direct77"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"getfile.cfd"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636396/; classtype:trojan-activity;sid:84499496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636387)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|uid=18|7c|26|7c|sid=7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"softsdownlod.pro"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636387/; classtype:trojan-activity;sid:84499487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636388)"; flow:established,from_client; content:"GET"; http_method; content:"/direct77"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"getfiles.pro"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636388/; classtype:trojan-activity;sid:84499488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636389)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|pub_id=276|7c|26|7c|id_site=325"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"abandonelp.store"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636389/; classtype:trojan-activity;sid:84499489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636391)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|e=4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ddfafxfs.icu"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636391/; classtype:trojan-activity;sid:84499491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636394)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|uid=18|7c|26|7c|sid=7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"www.startdownload.live"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636394/; classtype:trojan-activity;sid:84499494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636382)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|uid=18|7c|26|7c|sid=7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"softsfile.pro"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636382/; classtype:trojan-activity;sid:84499482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636383)"; flow:established,from_client; content:"GET"; http_method; content:"/direct77"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"4bind3.cfd"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636383/; classtype:trojan-activity;sid:84499483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636384)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|z=40|7c|26|7c|n=a"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.farescddd.icu"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636384/; classtype:trojan-activity;sid:84499484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636385)"; flow:established,from_client; content:"GET"; http_method; content:"/direct77"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"illu.quest"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636385/; classtype:trojan-activity;sid:84499485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636386)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|z=40|7c|26|7c|n=a"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"katsecuresfiles.icu"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636386/; classtype:trojan-activity;sid:84499486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636378)"; flow:established,from_client; content:"GET"; http_method; content:"/direct77"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"pushbutton.sbs"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636378/; classtype:trojan-activity;sid:84499478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636379)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|e=4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"filezup.pro"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636379/; classtype:trojan-activity;sid:84499479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636380)"; flow:established,from_client; content:"GET"; http_method; content:"/direct77"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"jimy.homes"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636380/; classtype:trojan-activity;sid:84499480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636381)"; flow:established,from_client; content:"GET"; http_method; content:"/direct77"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"gratisdescarga.xyz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636381/; classtype:trojan-activity;sid:84499481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636367)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|pub_id=92|7c|26|7c|site_id=424"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"chapmanlo.cfd"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636367/; classtype:trojan-activity;sid:84499467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636368)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|uid=18|7c|26|7c|sid=7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"installppi.cfd"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636368/; classtype:trojan-activity;sid:84499468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636369)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|e=4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"adfetshex.xyz"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636369/; classtype:trojan-activity;sid:84499469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636370)"; flow:established,from_client; content:"GET"; http_method; content:"/utm_filecontent-v2715-cef80f0252bc5c3499ac6939c752f4e9/dlview_68af28f088fb3/|3f|source=2442"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"53m39h140825oaa.cfd"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636370/; classtype:trojan-activity;sid:84499470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636371)"; flow:established,from_client; content:"GET"; http_method; content:"/utm_filecontent-v2715-cef80f0252bc5c3499ac6939c752f4e9/dlview_68af28f088fb3/|3f|source=2442"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"ykize140825p.cfd"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636371/; classtype:trojan-activity;sid:84499471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636372)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|uid=18|7c|26|7c|sid=7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"softzdwnld.pro"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636372/; classtype:trojan-activity;sid:84499472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636373)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|pub_id=276|7c|26|7c|id_site=325"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"jaropper.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636373/; classtype:trojan-activity;sid:84499473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636375)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|pub_id=276|7c|26|7c|id_site=325"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"filecheck.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636375/; classtype:trojan-activity;sid:84499475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636376)"; flow:established,from_client; content:"GET"; http_method; content:"/direct77"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"eset-nod32-key-2025.xyz"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636376/; classtype:trojan-activity;sid:84499476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636377)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|z=40|7c|26|7c|n=a"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"mediafileslow.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636377/; classtype:trojan-activity;sid:84499477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636363)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|uid=18|7c|26|7c|sid=7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"softsdownload.click"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636363/; classtype:trojan-activity;sid:84499463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636364)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|e=4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"winostan-tm.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636364/; classtype:trojan-activity;sid:84499464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636365)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|pub_id=276|7c|26|7c|id_site=325"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"imrobpolit.pro"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636365/; classtype:trojan-activity;sid:84499465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636366)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|e=4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"downloadsecures.cc"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636366/; classtype:trojan-activity;sid:84499466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636362)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.205.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636362/; classtype:trojan-activity;sid:84499462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636361)"; flow:established,from_client; content:"GET"; http_method; content:"/robertoaguilarfields-blip/my-proyecto/refs/heads/main/loli.exe"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636361/; classtype:trojan-activity;sid:84499461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636360)"; flow:established,from_client; content:"GET"; http_method; content:"/file/vt5crtqc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mega.nz"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636360/; classtype:trojan-activity;sid:84499460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636359)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6863948953/poyfdxm.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636359/; classtype:trojan-activity;sid:84499459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636358)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.95.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636358/; classtype:trojan-activity;sid:84499458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636357)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.148.243.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636357/; classtype:trojan-activity;sid:84499457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636356)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.26.210.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636356/; classtype:trojan-activity;sid:84499456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636355)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.121.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636355/; classtype:trojan-activity;sid:84499455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636354)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.168.247.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636354/; classtype:trojan-activity;sid:84499454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636353)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"96.33.62.53"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636353/; classtype:trojan-activity;sid:84499453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636352)"; flow:established,from_client; content:"GET"; http_method; content:"/az4.check|3f|t=65pdis5q"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"y7.q4e3n.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636352/; classtype:trojan-activity;sid:84499452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636351)"; flow:established,from_client; content:"GET"; http_method; content:"/az7f5qavow.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"t1.q6t4u.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636351/; classtype:trojan-activity;sid:84499451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636350)"; flow:established,from_client; content:"GET"; http_method; content:"/o6ck3emtgp.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r.w-52a.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636350/; classtype:trojan-activity;sid:84499450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636349)"; flow:established,from_client; content:"GET"; http_method; content:"/az4.check|3f|t=62xbo8gj"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"y7.q4e3n.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636349/; classtype:trojan-activity;sid:84499449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636348)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.224.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636348/; classtype:trojan-activity;sid:84499448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636347)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.234.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636347/; classtype:trojan-activity;sid:84499447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636346)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.56.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636346/; classtype:trojan-activity;sid:84499446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636345)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.243.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636345/; classtype:trojan-activity;sid:84499445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636344)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.168.247.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636344/; classtype:trojan-activity;sid:84499444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636343)"; flow:established,from_client; content:"GET"; http_method; content:"/3lovlr1hzh.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r3.g-28e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636343/; classtype:trojan-activity;sid:84499443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636342)"; flow:established,from_client; content:"GET"; http_method; content:"/fk91.google|3f|t=qnqb9bd9"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"cm.q4e3n.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636342/; classtype:trojan-activity;sid:84499442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636341)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.94.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636341/; classtype:trojan-activity;sid:84499441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636339)"; flow:established,from_client; content:"GET"; http_method; content:"/fk91.google|3f|t=6f41q30l"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"cm.q4e3n.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636339/; classtype:trojan-activity;sid:84499439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636340)"; flow:established,from_client; content:"GET"; http_method; content:"/avduzalfau.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"qz9.q6t4u.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636340/; classtype:trojan-activity;sid:84499440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636338)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.234.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636338/; classtype:trojan-activity;sid:84499438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636337)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.190.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636337/; classtype:trojan-activity;sid:84499437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636336)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.105.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636336/; classtype:trojan-activity;sid:84499436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636335)"; flow:established,from_client; content:"GET"; http_method; content:"/kziivhpowx.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k7.g-28e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636335/; classtype:trojan-activity;sid:84499435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636334)"; flow:established,from_client; content:"GET"; http_method; content:"/yn.check|3f|t=1wp1caxy"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"a.p2o7l.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636334/; classtype:trojan-activity;sid:84499434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636333)"; flow:established,from_client; content:"GET"; http_method; content:"/5f88rtm0f6.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"v2.q6t4u.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636333/; classtype:trojan-activity;sid:84499433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636332)"; flow:established,from_client; content:"GET"; http_method; content:"/yn.check|3f|t=kfckidfj"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"a.p2o7l.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636332/; classtype:trojan-activity;sid:84499432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636331)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.224.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636331/; classtype:trojan-activity;sid:84499431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636330)"; flow:established,from_client; content:"GET"; http_method; content:"/aehminxxox.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"aa9.g-28e.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636330/; classtype:trojan-activity;sid:84499430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636329)"; flow:established,from_client; content:"GET"; http_method; content:"/4ta.google|3f|t=0yc86wyq"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"q7.p2o7l.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636329/; classtype:trojan-activity;sid:84499429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636328)"; flow:established,from_client; content:"GET"; http_method; content:"/46f4iftg6x.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"k.q6t4u.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636328/; classtype:trojan-activity;sid:84499428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636327)"; flow:established,from_client; content:"GET"; http_method; content:"/4ta.google|3f|t=ck7y6mo2"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"q7.p2o7l.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636327/; classtype:trojan-activity;sid:84499427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636326)"; flow:established,from_client; content:"GET"; http_method; content:"/mlbelwwu8t.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"aa9.g-28e.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636326/; classtype:trojan-activity;sid:84499426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636325)"; flow:established,from_client; content:"GET"; http_method; content:"/m3.check|3f|t=1w0bofm2"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"bd.p2o7l.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636325/; classtype:trojan-activity;sid:84499425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636324)"; flow:established,from_client; content:"GET"; http_method; content:"/d55xr7qny1.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"k.q6t4u.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636324/; classtype:trojan-activity;sid:84499424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636323)"; flow:established,from_client; content:"GET"; http_method; content:"/m3.check|3f|t=fkkk2kd1"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"bd.p2o7l.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636323/; classtype:trojan-activity;sid:84499423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636322)"; flow:established,from_client; content:"GET"; http_method; content:"/crypted.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"eternity-hacks.su"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636322/; classtype:trojan-activity;sid:84499422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636321)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7338649596/vaomtun.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636321/; classtype:trojan-activity;sid:84499421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636320)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.196.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636320/; classtype:trojan-activity;sid:84499420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636319)"; flow:established,from_client; content:"GET"; http_method; content:"/pk2.google|3f|t=4dqtvk17"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"z1.p2o7l.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636319/; classtype:trojan-activity;sid:84499419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636318)"; flow:established,from_client; content:"GET"; http_method; content:"/ubv0e8fmxs.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2.g-28e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636318/; classtype:trojan-activity;sid:84499418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636317)"; flow:established,from_client; content:"GET"; http_method; content:"/w4sj0018b1.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.x38ii.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636317/; classtype:trojan-activity;sid:84499417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636316)"; flow:established,from_client; content:"GET"; http_method; content:"/pk2.google|3f|t=wfmz80t0"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"z1.p2o7l.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636316/; classtype:trojan-activity;sid:84499416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636315)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.195.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636315/; classtype:trojan-activity;sid:84499415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636314)"; flow:established,from_client; content:"GET"; http_method; content:"/0v9.check|3f|t=h5w4fyv1"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"tq.p2o7l.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636314/; classtype:trojan-activity;sid:84499414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636313)"; flow:established,from_client; content:"GET"; http_method; content:"/oeregsqec6.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2.g-28e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636313/; classtype:trojan-activity;sid:84499413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636312)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.86.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636312/; classtype:trojan-activity;sid:84499412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636311)"; flow:established,from_client; content:"GET"; http_method; content:"/kyfehdvogu.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"qm9.x38ii.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636311/; classtype:trojan-activity;sid:84499411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636310)"; flow:established,from_client; content:"GET"; http_method; content:"/0v9.check|3f|t=1nk7nsyu"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"tq.p2o7l.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636310/; classtype:trojan-activity;sid:84499410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636309)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.196.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636309/; classtype:trojan-activity;sid:84499409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636308)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.62.99"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636308/; classtype:trojan-activity;sid:84499408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636307)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.134.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636307/; classtype:trojan-activity;sid:84499407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636306)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.143.71.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636306/; classtype:trojan-activity;sid:84499406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636305)"; flow:established,from_client; content:"GET"; http_method; content:"/ra0.google|3f|t=j3gellxn"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"h9m.p2o7l.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636305/; classtype:trojan-activity;sid:84499405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636304)"; flow:established,from_client; content:"GET"; http_method; content:"/s7y1dym4rd.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"g.g-28e.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636304/; classtype:trojan-activity;sid:84499404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636303)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.216.0.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636303/; classtype:trojan-activity;sid:84499403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636302)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.134.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636302/; classtype:trojan-activity;sid:84499402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636301)"; flow:established,from_client; content:"GET"; http_method; content:"/zcyi2ffljg.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"k4.t99oo.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636301/; classtype:trojan-activity;sid:84499401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636300)"; flow:established,from_client; content:"GET"; http_method; content:"/ra0.google|3f|t=1g0krx9t"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"h9m.p2o7l.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636300/; classtype:trojan-activity;sid:84499400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636299)"; flow:established,from_client; content:"GET"; http_method; content:"/c3q8rehfwh.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"k4.t99oo.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636299/; classtype:trojan-activity;sid:84499399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636298)"; flow:established,from_client; content:"GET"; http_method; content:"/w2n.check|3f|t=2ktmzwci"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"x.p2o7l.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636298/; classtype:trojan-activity;sid:84499398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636297)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.216.0.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636297/; classtype:trojan-activity;sid:84499397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636296)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7269512085/o5ljuam.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636296/; classtype:trojan-activity;sid:84499396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636295)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7666184463/bvzel6t.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636295/; classtype:trojan-activity;sid:84499395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636294)"; flow:established,from_client; content:"GET"; http_method; content:"/pnoyrrodbd86.bin"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"104.168.5.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636294/; classtype:trojan-activity;sid:84499394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636293)"; flow:established,from_client; content:"GET"; http_method; content:"/233/wccess/img_picture_00495000000004050004044500000503000200000.dot"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"31.40.204.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636293/; classtype:trojan-activity;sid:84499393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636292)"; flow:established,from_client; content:"GET"; http_method; content:"/155/ecrr/im_pict009999040000000000039940050005050500505040404040040040.dot"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"172.86.90.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636292/; classtype:trojan-activity;sid:84499392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636291)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.221.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636291/; classtype:trojan-activity;sid:84499391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636290)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.62.99"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636290/; classtype:trojan-activity;sid:84499390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636289)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.39.131.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636289/; classtype:trojan-activity;sid:84499389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636288)"; flow:established,from_client; content:"GET"; http_method; content:"/bxqy6wzzzn.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"aa.d-54y.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636288/; classtype:trojan-activity;sid:84499388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636287)"; flow:established,from_client; content:"GET"; http_method; content:"/dz.check|3f|t=etg2y6ta"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"p.n4i2m.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636287/; classtype:trojan-activity;sid:84499387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636286)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.141.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636286/; classtype:trojan-activity;sid:84499386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636285)"; flow:established,from_client; content:"GET"; http_method; content:"/9q6podsgn6.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"pm7.t99oo.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636285/; classtype:trojan-activity;sid:84499385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636284)"; flow:established,from_client; content:"GET"; http_method; content:"/dz.check|3f|t=goht8gm2"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"p.n4i2m.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636284/; classtype:trojan-activity;sid:84499384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636283)"; flow:established,from_client; content:"GET"; http_method; content:"/img/optimized_msi.png"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"104.168.7.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636283/; classtype:trojan-activity;sid:84499383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636282)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/c9cdziyhvp"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"pasteide.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636282/; classtype:trojan-activity;sid:84499382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636280)"; flow:established,from_client; content:"GET"; http_method; content:"/f/s2lptukklywuwz_nxs_qe9_hgyunhsfidqhqfntjwodoqodxn6fr4rl3yeq8pymivmsbm4_7okn-yrtwoqupnfc8gm02p9rg5u8_qhgqpgl37jt6yjasvjmzcowdgvtnoe5x0infpfjzifriyodqyjbqetdlm8tq0kmyzhj8dnw02zaqv8lxntuklspbrs5g8ccqtagznl4/filename"; http_uri; depth:215; isdataat:!1,relative; nocase; content:"safecarecpacenter.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636280/; classtype:trojan-activity;sid:84499380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636281)"; flow:established,from_client; content:"GET"; http_method; content:"/bgc0wr.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636281/; classtype:trojan-activity;sid:84499381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636279)"; flow:established,from_client; content:"GET"; http_method; content:"/366/img__pic0099400000300200005050050500500505050050052333.hta"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"172.245.209.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636279/; classtype:trojan-activity;sid:84499379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636278)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636278/; classtype:trojan-activity;sid:84499378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636277)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.221.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636277/; classtype:trojan-activity;sid:84499377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636276)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.190.69.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636276/; classtype:trojan-activity;sid:84499376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636275)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.214.249.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636275/; classtype:trojan-activity;sid:84499375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636274)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.193.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636274/; classtype:trojan-activity;sid:84499374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636272)"; flow:established,from_client; content:"GET"; http_method; content:"/yga0x6k8f0.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"g4.t99oo.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636272/; classtype:trojan-activity;sid:84499372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636273)"; flow:established,from_client; content:"GET"; http_method; content:"/1q3.google|3f|t=1ouky4ab"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"k8.n4i2m.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636273/; classtype:trojan-activity;sid:84499373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636271)"; flow:established,from_client; content:"GET"; http_method; content:"/1qpv6urlp9.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"l.p-55u.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636271/; classtype:trojan-activity;sid:84499371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636270)"; flow:established,from_client; content:"GET"; http_method; content:"/1q3.google|3f|t=2vl9ypu4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"k8.n4i2m.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636270/; classtype:trojan-activity;sid:84499370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636269)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.8.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636269/; classtype:trojan-activity;sid:84499369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636268)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.128.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636268/; classtype:trojan-activity;sid:84499368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636267)"; flow:established,from_client; content:"GET"; http_method; content:"/xnitzziegb.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"k.l99oy.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636267/; classtype:trojan-activity;sid:84499367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636266)"; flow:established,from_client; content:"GET"; http_method; content:"/mx.check|3f|t=n5ukexys"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ve.n4i2m.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636266/; classtype:trojan-activity;sid:84499366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636265)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.190.69.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636265/; classtype:trojan-activity;sid:84499365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636263)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.191.59.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636263/; classtype:trojan-activity;sid:84499363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636264)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636264/; classtype:trojan-activity;sid:84499364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636261)"; flow:established,from_client; content:"GET"; http_method; content:"/mx.check|3f|t=7rvf4w04"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ve.n4i2m.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636261/; classtype:trojan-activity;sid:84499361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636262)"; flow:established,from_client; content:"GET"; http_method; content:"/8mabnw1l67.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c5.p-55u.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636262/; classtype:trojan-activity;sid:84499362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636260)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"196.251.80.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636260/; classtype:trojan-activity;sid:84499360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636258)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"196.251.80.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636258/; classtype:trojan-activity;sid:84499358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636259)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.80.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636259/; classtype:trojan-activity;sid:84499359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636257)"; flow:established,from_client; content:"GET"; http_method; content:"/dcm-t3-group/dcm-t3-project/-/raw/main/t1-9625.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"gitlab.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636257/; classtype:trojan-activity;sid:84499357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636256)"; flow:established,from_client; content:"GET"; http_method; content:"/dcm-t3-group/dcm-t3-project/-/raw/main/t3-9625.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"gitlab.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636256/; classtype:trojan-activity;sid:84499356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636253)"; flow:established,from_client; content:"GET"; http_method; content:"/skvus10mxm.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"v2.l99oy.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636253/; classtype:trojan-activity;sid:84499353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636254)"; flow:established,from_client; content:"GET"; http_method; content:"/tb2.google|3f|t=gjfrtpuy"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"r3.n4i2m.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636254/; classtype:trojan-activity;sid:84499354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636255)"; flow:established,from_client; content:"GET"; http_method; content:"/qnqhzahcja.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"xq0.p-55u.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636255/; classtype:trojan-activity;sid:84499355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636252)"; flow:established,from_client; content:"GET"; http_method; content:"/tb2.google|3f|t=9qlye2fd"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"r3.n4i2m.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636252/; classtype:trojan-activity;sid:84499352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636251)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.8.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636251/; classtype:trojan-activity;sid:84499351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636250)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.214.249.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636250/; classtype:trojan-activity;sid:84499350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636249)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.171.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636249/; classtype:trojan-activity;sid:84499349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636248)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.123.44.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636248/; classtype:trojan-activity;sid:84499348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636244)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.156.178.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636244/; classtype:trojan-activity;sid:84499344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636245)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.34.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636245/; classtype:trojan-activity;sid:84499345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636246)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.192.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636246/; classtype:trojan-activity;sid:84499346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636247)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.105.76.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636247/; classtype:trojan-activity;sid:84499347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636241)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.182.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636241/; classtype:trojan-activity;sid:84499341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636242)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.18.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636242/; classtype:trojan-activity;sid:84499342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636243)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.114.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636243/; classtype:trojan-activity;sid:84499343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636240)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.180.11.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636240/; classtype:trojan-activity;sid:84499340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636239)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.104.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636239/; classtype:trojan-activity;sid:84499339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636237)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.86.111.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636237/; classtype:trojan-activity;sid:84499337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636238)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.249.70.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636238/; classtype:trojan-activity;sid:84499338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636236)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.163.184.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636236/; classtype:trojan-activity;sid:84499336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636235)"; flow:established,from_client; content:"GET"; http_method; content:"/0j15x3e3en.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"qz9.l99oy.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636235/; classtype:trojan-activity;sid:84499335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636234)"; flow:established,from_client; content:"GET"; http_method; content:"/0nq.check|3f|t=dpfvx6e9"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"u.n4i2m.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636234/; classtype:trojan-activity;sid:84499334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636233)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636233/; classtype:trojan-activity;sid:84499333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636231)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.247.88.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636231/; classtype:trojan-activity;sid:84499331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636232)"; flow:established,from_client; content:"GET"; http_method; content:"/pbdma50gp9.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"aa9.p-55u.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636232/; classtype:trojan-activity;sid:84499332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636230)"; flow:established,from_client; content:"GET"; http_method; content:"/0nq.check|3f|t=jxijzcz2"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"u.n4i2m.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636230/; classtype:trojan-activity;sid:84499330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636228)"; flow:established,from_client; content:"GET"; http_method; content:"/rtjbia03m1.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"t1.l99oy.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636228/; classtype:trojan-activity;sid:84499328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636229)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.147.152.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636229/; classtype:trojan-activity;sid:84499329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636227)"; flow:established,from_client; content:"GET"; http_method; content:"/az1.google|3f|t=o4yktq6i"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"y7.n4i2m.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636227/; classtype:trojan-activity;sid:84499327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636226)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.55.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636226/; classtype:trojan-activity;sid:84499326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636225)"; flow:established,from_client; content:"GET"; http_method; content:"/az1.google|3f|t=rtogsihq"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"y7.n4i2m.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636225/; classtype:trojan-activity;sid:84499325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636224)"; flow:established,from_client; content:"GET"; http_method; content:"/sm27p0admz.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m2.p-55u.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636224/; classtype:trojan-activity;sid:84499324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636223)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.83.242.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636223/; classtype:trojan-activity;sid:84499323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636222)"; flow:established,from_client; content:"GET"; http_method; content:"/c6ugmzppfx.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"t1.l99oy.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636222/; classtype:trojan-activity;sid:84499322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636221)"; flow:established,from_client; content:"GET"; http_method; content:"/fk04.check|3f|t=tw0haj00"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"cm.n4i2m.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636221/; classtype:trojan-activity;sid:84499321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636220)"; flow:established,from_client; content:"GET"; http_method; content:"/275ocmvx7p.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m2.p-55u.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636220/; classtype:trojan-activity;sid:84499320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636219)"; flow:established,from_client; content:"GET"; http_method; content:"/fk04.check|3f|t=tr2alal4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"cm.n4i2m.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636219/; classtype:trojan-activity;sid:84499319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636218)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.247.88.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636218/; classtype:trojan-activity;sid:84499318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636217)"; flow:established,from_client; content:"GET"; http_method; content:"/6s.google|3f|t=u4x3whjh"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"xy.prli-1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636217/; classtype:trojan-activity;sid:84499317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636216)"; flow:established,from_client; content:"GET"; http_method; content:"/y8l6bhkkir.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m2.p-55u.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636216/; classtype:trojan-activity;sid:84499316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636215)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.160.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636215/; classtype:trojan-activity;sid:84499315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636214)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.151.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636214/; classtype:trojan-activity;sid:84499314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636213)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.215.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636213/; classtype:trojan-activity;sid:84499313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636212)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.208.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636212/; classtype:trojan-activity;sid:84499312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636211)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.106.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636211/; classtype:trojan-activity;sid:84499311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636209)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.215.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636209/; classtype:trojan-activity;sid:84499309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636210)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.160.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636210/; classtype:trojan-activity;sid:84499310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636208)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.188.46.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636208/; classtype:trojan-activity;sid:84499308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636207)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.97.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636207/; classtype:trojan-activity;sid:84499307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636206)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.136.140.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636206/; classtype:trojan-activity;sid:84499306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636205)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.208.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636205/; classtype:trojan-activity;sid:84499305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636204)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.33.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636204/; classtype:trojan-activity;sid:84499304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636202)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mips64"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636202/; classtype:trojan-activity;sid:84499302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636203)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.sparc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636203/; classtype:trojan-activity;sid:84499303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636201)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i468"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636201/; classtype:trojan-activity;sid:84499301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636200)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.135.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636200/; classtype:trojan-activity;sid:84499300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636199)"; flow:established,from_client; content:"GET"; http_method; content:"/122/img___090000e09884877474838839993948848484949.ht"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"104.168.7.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636199/; classtype:trojan-activity;sid:84499299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636198)"; flow:established,from_client; content:"GET"; http_method; content:"/156/img__picture__09000000300000203000200000400000040000.hta"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"96.44.159.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636198/; classtype:trojan-activity;sid:84499298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636197)"; flow:established,from_client; content:"GET"; http_method; content:"/190/img_pic004999500500500000300400000400003040500000.hta"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"209.54.101.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636197/; classtype:trojan-activity;sid:84499297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636196)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.13.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636196/; classtype:trojan-activity;sid:84499296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636195)"; flow:established,from_client; content:"GET"; http_method; content:"/ud-3/m2-100125/main/ud.png"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636195/; classtype:trojan-activity;sid:84499295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636194)"; flow:established,from_client; content:"GET"; http_method; content:"/dcm-92325-group/dcm-92325-project/-/raw/main/m2-100125.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"gitlab.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636194/; classtype:trojan-activity;sid:84499294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636193)"; flow:established,from_client; content:"GET"; http_method; content:"/dcm-92325-group/dcm-92325-project/-/raw/main/m2-100125.zip|3f|ref_type=heads|7c|26|7c|inline=false"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"gitlab.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636193/; classtype:trojan-activity;sid:84499293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636192)"; flow:established,from_client; content:"GET"; http_method; content:"/dcm-92325-group/dcm-92325-project/-/raw/main/m1-92325.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"gitlab.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636192/; classtype:trojan-activity;sid:84499292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636191)"; flow:established,from_client; content:"GET"; http_method; content:"/ud-3/9325-pd/main/ud.png"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636191/; classtype:trojan-activity;sid:84499291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636188)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5419477542/ein49sm.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636188/; classtype:trojan-activity;sid:84499288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636189)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7666184463/1tdgjbz.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636189/; classtype:trojan-activity;sid:84499289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636190)"; flow:established,from_client; content:"GET"; http_method; content:"/dcm-92325-group/dcm-92325-project/-/raw/main/m1-92325.zip|3f|ref_type=heads|7c|26|7c|inline=false"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"gitlab.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636190/; classtype:trojan-activity;sid:84499290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636185)"; flow:established,from_client; content:"GET"; http_method; content:"/ud-3/9325-m1/main/ud.png"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636185/; classtype:trojan-activity;sid:84499285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636186)"; flow:established,from_client; content:"GET"; http_method; content:"/ugd/94fae7_2c7a859032924ae0aa0e819669ae9f3f.txt"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"94fae730-597f-4442-813c-86263972a8f0.usrfiles.com"; http_host; depth:49; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636186/; classtype:trojan-activity;sid:84499286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636187)"; flow:established,from_client; content:"GET"; http_method; content:"/ud-3/9325-m1/main/u-p.png"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636187/; classtype:trojan-activity;sid:84499287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636184)"; flow:established,from_client; content:"GET"; http_method; content:"/ud-3/9325-m1/raw/main/u-p.png"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636184/; classtype:trojan-activity;sid:84499284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636178)"; flow:established,from_client; content:"GET"; http_method; content:"///////////i.pdf"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"potalgonabunbunsed.blogspot.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636178/; classtype:trojan-activity;sid:84499278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636179)"; flow:established,from_client; content:"GET"; http_method; content:"/atom.xml"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"potalgonabunbunsed.blogspot.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636179/; classtype:trojan-activity;sid:84499279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636180)"; flow:established,from_client; content:"GET"; http_method; content:"/atom.xml"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"potalgonabunbunsed.blogspot.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636180/; classtype:trojan-activity;sid:84499280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636181)"; flow:established,from_client; content:"GET"; http_method; content:"/master/5208wlg6.vnad9"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.196.9.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636181/; classtype:trojan-activity;sid:84499281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636182)"; flow:established,from_client; content:"GET"; http_method; content:"/puddi.pdf"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"hotelsep.blogspot.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636182/; classtype:trojan-activity;sid:84499282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636183)"; flow:established,from_client; content:"GET"; http_method; content:"/i.pdf"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"potalgonabunbunsed.blogspot.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636183/; classtype:trojan-activity;sid:84499283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636177)"; flow:established,from_client; content:"GET"; http_method; content:"/master/5208wlg6.vnad9"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"bthizkquvq.pw"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636177/; classtype:trojan-activity;sid:84499277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636176)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.52.194.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636176/; classtype:trojan-activity;sid:84499276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636175)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.107.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636175/; classtype:trojan-activity;sid:84499275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636174)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.135.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636174/; classtype:trojan-activity;sid:84499274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636173)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.33.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636173/; classtype:trojan-activity;sid:84499273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636172)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.47.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636172/; classtype:trojan-activity;sid:84499272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636171)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.13.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636171/; classtype:trojan-activity;sid:84499271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636170)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.138.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636170/; classtype:trojan-activity;sid:84499270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636169)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.52.194.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636169/; classtype:trojan-activity;sid:84499269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636168)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.255.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636168/; classtype:trojan-activity;sid:84499268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636167)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.177.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636167/; classtype:trojan-activity;sid:84499267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636166)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.42.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636166/; classtype:trojan-activity;sid:84499266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636165)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.138.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636165/; classtype:trojan-activity;sid:84499265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636164)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.46.143"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636164/; classtype:trojan-activity;sid:84499264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636163)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.255.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636163/; classtype:trojan-activity;sid:84499263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636162)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.47.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636162/; classtype:trojan-activity;sid:84499262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636161)"; flow:established,from_client; content:"GET"; http_method; content:"/pd1-pd/d/main/pd-92725.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636161/; classtype:trojan-activity;sid:84499261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636160)"; flow:established,from_client; content:"GET"; http_method; content:"/kal64"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"199.217.99.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636160/; classtype:trojan-activity;sid:84499260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636159)"; flow:established,from_client; content:"GET"; http_method; content:"/pd1-pd/d/raw/main/pd-92725.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636159/; classtype:trojan-activity;sid:84499259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636157)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1781548144/p1l5xpq.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636157/; classtype:trojan-activity;sid:84499257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636158)"; flow:established,from_client; content:"GET"; http_method; content:"/kal64"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"80.94.95.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636158/; classtype:trojan-activity;sid:84499258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636154)"; flow:established,from_client; content:"GET"; http_method; content:"/raw_files/qdcrq5ljjlxi"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"tempshare.su"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636154/; classtype:trojan-activity;sid:84499254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636155)"; flow:established,from_client; content:"GET"; http_method; content:"/mh1-m1/pd/main/mh1-pd-92725.png"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636155/; classtype:trojan-activity;sid:84499255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636156)"; flow:established,from_client; content:"GET"; http_method; content:"/ud-prog/6325-pudam/main/u-p.png"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636156/; classtype:trojan-activity;sid:84499256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636150)"; flow:established,from_client; content:"GET"; http_method; content:"/ud-prog/6325-pudam/raw/main/u-p.png"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636150/; classtype:trojan-activity;sid:84499250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636151)"; flow:established,from_client; content:"GET"; http_method; content:"/ud-prog/6325-mrw/f096dbcbef9efb4ac45d4b7171898fbc1a4d5d38/ud.png"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636151/; classtype:trojan-activity;sid:84499251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636152)"; flow:established,from_client; content:"GET"; http_method; content:"/ud-prog/u-mrw-1/feeddc44327a3d7f5328ebad35ebe132d0e18f92/ud.png"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636152/; classtype:trojan-activity;sid:84499252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636153)"; flow:established,from_client; content:"GET"; http_method; content:"/ud-prog/6325-pudam/a4916b0dfc5588abf04daa866fddc42054a11368/ud.png"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636153/; classtype:trojan-activity;sid:84499253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636147)"; flow:established,from_client; content:"GET"; http_method; content:"/ud-prog/6325-pudam/66bcf33bad15036f44df9c2ca7808a5de38435a5/u-p.png"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636147/; classtype:trojan-activity;sid:84499247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636148)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/c.sh"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636148/; classtype:trojan-activity;sid:84499248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636149)"; flow:established,from_client; content:"GET"; http_method; content:"/o.xml"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636149/; classtype:trojan-activity;sid:84499249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636141)"; flow:established,from_client; content:"GET"; http_method; content:"/ud-prog/1/296b891ef5d15bc30620bcccb0660d36d3d0a0f9/ud.png"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636141/; classtype:trojan-activity;sid:84499241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636142)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/debug"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636142/; classtype:trojan-activity;sid:84499242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636143)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636143/; classtype:trojan-activity;sid:84499243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636144)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636144/; classtype:trojan-activity;sid:84499244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636145)"; flow:established,from_client; content:"GET"; http_method; content:"/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636145/; classtype:trojan-activity;sid:84499245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636146)"; flow:established,from_client; content:"GET"; http_method; content:"/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636146/; classtype:trojan-activity;sid:84499246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636140)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6441410640/pfphen0.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636140/; classtype:trojan-activity;sid:84499240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636139)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1781548144/fjhlshv.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636139/; classtype:trojan-activity;sid:84499239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636138)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.239.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636138/; classtype:trojan-activity;sid:84499238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636137)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.88.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636137/; classtype:trojan-activity;sid:84499237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636136)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.46.143"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636136/; classtype:trojan-activity;sid:84499236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636135)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.134.166.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636135/; classtype:trojan-activity;sid:84499235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636134)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.53.202.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636134/; classtype:trojan-activity;sid:84499234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636133)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.166.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636133/; classtype:trojan-activity;sid:84499233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636132)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.239.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636132/; classtype:trojan-activity;sid:84499232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636131)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.180.95.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636131/; classtype:trojan-activity;sid:84499231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636130)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.160.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636130/; classtype:trojan-activity;sid:84499230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636129)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.242.55.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636129/; classtype:trojan-activity;sid:84499229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636128)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.126.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636128/; classtype:trojan-activity;sid:84499228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636127)"; flow:established,from_client; content:"GET"; http_method; content:"/jsjbql93u9.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"h.x38ii.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636127/; classtype:trojan-activity;sid:84499227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636126)"; flow:established,from_client; content:"GET"; http_method; content:"/6s.google|3f|t=f6o110z5"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"xy.prli-1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636126/; classtype:trojan-activity;sid:84499226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636125)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.97.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636125/; classtype:trojan-activity;sid:84499225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636124)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.25.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636124/; classtype:trojan-activity;sid:84499224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636123)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.124.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636123/; classtype:trojan-activity;sid:84499223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636122)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.25.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636122/; classtype:trojan-activity;sid:84499222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636121)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.178.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636121/; classtype:trojan-activity;sid:84499221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636120)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.178.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636120/; classtype:trojan-activity;sid:84499220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636119)"; flow:established,from_client; content:"GET"; http_method; content:"/9kzmzrijmb.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"wq9.z88ae.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636119/; classtype:trojan-activity;sid:84499219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636118)"; flow:established,from_client; content:"GET"; http_method; content:"/rih1bta9af.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"w4.d-54y.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636118/; classtype:trojan-activity;sid:84499218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636116)"; flow:established,from_client; content:"GET"; http_method; content:"/0o.google|3f|t=o57d5go2"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ze.prli-1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636116/; classtype:trojan-activity;sid:84499216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636117)"; flow:established,from_client; content:"GET"; http_method; content:"/0o.google|3f|t=bk116jn0"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ze.prli-1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636117/; classtype:trojan-activity;sid:84499217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636115)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.72.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636115/; classtype:trojan-activity;sid:84499215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636114)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7712568273/kexcnfr.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636114/; classtype:trojan-activity;sid:84499214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636113)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7427009775/qbstgxg.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636113/; classtype:trojan-activity;sid:84499213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636112)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7435642179/ncdl53r.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636112/; classtype:trojan-activity;sid:84499212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636111)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.175.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636111/; classtype:trojan-activity;sid:84499211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636110)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.84.87"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636110/; classtype:trojan-activity;sid:84499210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636109)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.0.88"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636109/; classtype:trojan-activity;sid:84499209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636098)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.180.82.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636098/; classtype:trojan-activity;sid:84499198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636099)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"5.180.82.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636099/; classtype:trojan-activity;sid:84499199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636100)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.80.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636100/; classtype:trojan-activity;sid:84499200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636101)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"196.251.80.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636101/; classtype:trojan-activity;sid:84499201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636102)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"196.251.80.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636102/; classtype:trojan-activity;sid:84499202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636103)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.80.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636103/; classtype:trojan-activity;sid:84499203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636104)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"196.251.80.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636104/; classtype:trojan-activity;sid:84499204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636105)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.80.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636105/; classtype:trojan-activity;sid:84499205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636106)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.80.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636106/; classtype:trojan-activity;sid:84499206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636107)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.80.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636107/; classtype:trojan-activity;sid:84499207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636108)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"5.180.82.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636108/; classtype:trojan-activity;sid:84499208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636097)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636097/; classtype:trojan-activity;sid:84499197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636088)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636088/; classtype:trojan-activity;sid:84499188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636089)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636089/; classtype:trojan-activity;sid:84499189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636090)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636090/; classtype:trojan-activity;sid:84499190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636091)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636091/; classtype:trojan-activity;sid:84499191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636092)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636092/; classtype:trojan-activity;sid:84499192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636093)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636093/; classtype:trojan-activity;sid:84499193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636094)"; flow:established,from_client; content:"GET"; http_method; content:"/debug"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636094/; classtype:trojan-activity;sid:84499194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636095)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636095/; classtype:trojan-activity;sid:84499195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636096)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636096/; classtype:trojan-activity;sid:84499196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636084)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636084/; classtype:trojan-activity;sid:84499184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636085)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636085/; classtype:trojan-activity;sid:84499185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636086)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636086/; classtype:trojan-activity;sid:84499186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636087)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636087/; classtype:trojan-activity;sid:84499187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636083)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.232.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636083/; classtype:trojan-activity;sid:84499183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636082)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.124.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636082/; classtype:trojan-activity;sid:84499182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636081)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.84.87"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636081/; classtype:trojan-activity;sid:84499181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636079)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.5.33.44"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636079/; classtype:trojan-activity;sid:84499179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636080)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.221.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636080/; classtype:trojan-activity;sid:84499180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636077)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.129.211.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636077/; classtype:trojan-activity;sid:84499177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636078)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.224.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636078/; classtype:trojan-activity;sid:84499178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636076)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.56.2.169"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636076/; classtype:trojan-activity;sid:84499176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636075)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.232.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636075/; classtype:trojan-activity;sid:84499175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636074)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.67.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636074/; classtype:trojan-activity;sid:84499174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636073)"; flow:established,from_client; content:"GET"; http_method; content:"/totrlhz0lz.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"c7.z88ae.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636073/; classtype:trojan-activity;sid:84499173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636072)"; flow:established,from_client; content:"GET"; http_method; content:"/1b9796z4of.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"d.d-54y.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636072/; classtype:trojan-activity;sid:84499172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636070)"; flow:established,from_client; content:"GET"; http_method; content:"/0x.check|3f|t=80mk8eil"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"zi.prli-1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636070/; classtype:trojan-activity;sid:84499170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636071)"; flow:established,from_client; content:"GET"; http_method; content:"/0x.check|3f|t=pkiaiq94"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"zi.prli-1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636071/; classtype:trojan-activity;sid:84499171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636069)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.79.128.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636069/; classtype:trojan-activity;sid:84499169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636068)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.120.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636068/; classtype:trojan-activity;sid:84499168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636066)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.148.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636066/; classtype:trojan-activity;sid:84499166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636067)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.165.21.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636067/; classtype:trojan-activity;sid:84499167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636065)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.189.158.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636065/; classtype:trojan-activity;sid:84499165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636064)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.180.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636064/; classtype:trojan-activity;sid:84499164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636063)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.142.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636063/; classtype:trojan-activity;sid:84499163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636062)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636062/; classtype:trojan-activity;sid:84499162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636061)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.148.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636061/; classtype:trojan-activity;sid:84499161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636060)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.86.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636060/; classtype:trojan-activity;sid:84499160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636059)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.197.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636059/; classtype:trojan-activity;sid:84499159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636058)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.92.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636058/; classtype:trojan-activity;sid:84499158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636057)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.142.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636057/; classtype:trojan-activity;sid:84499157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636056)"; flow:established,from_client; content:"GET"; http_method; content:"/pcl.check|3f|t=7leig60h"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"zo.prli-1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636056/; classtype:trojan-activity;sid:84499156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636055)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.116.36.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636055/; classtype:trojan-activity;sid:84499155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636054)"; flow:established,from_client; content:"GET"; http_method; content:"/litd61obbx.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"hm.j-70o.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636054/; classtype:trojan-activity;sid:84499154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636053)"; flow:established,from_client; content:"GET"; http_method; content:"/evnwc4bo88.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"n.z88ae.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636053/; classtype:trojan-activity;sid:84499153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636052)"; flow:established,from_client; content:"GET"; http_method; content:"/pcl.check|3f|t=jcbmwarl"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"zo.prli-1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636052/; classtype:trojan-activity;sid:84499152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636051)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.104.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636051/; classtype:trojan-activity;sid:84499151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636050)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.105.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636050/; classtype:trojan-activity;sid:84499150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636049)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.183.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636049/; classtype:trojan-activity;sid:84499149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636048)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.85.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636048/; classtype:trojan-activity;sid:84499148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636047)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.105.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3636047/; classtype:trojan-activity;sid:84499147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636046)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.183.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3636046/; classtype:trojan-activity;sid:84499146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636045)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.85.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3636045/; classtype:trojan-activity;sid:84499145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636044)"; flow:established,from_client; content:"GET"; http_method; content:"/ui.check|3f|t=omduehtx"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"da.lkci1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3636044/; classtype:trojan-activity;sid:84499144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636043)"; flow:established,from_client; content:"GET"; http_method; content:"/2z37w05ky4.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t1.j-70o.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3636043/; classtype:trojan-activity;sid:84499143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636042)"; flow:established,from_client; content:"GET"; http_method; content:"/wvwj0ztoup.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"m7.f14ey.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3636042/; classtype:trojan-activity;sid:84499142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636041)"; flow:established,from_client; content:"GET"; http_method; content:"/ui.check|3f|t=ycexs6e2"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"da.lkci1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3636041/; classtype:trojan-activity;sid:84499141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636040)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.0.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3636040/; classtype:trojan-activity;sid:84499140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636039)"; flow:established,from_client; content:"GET"; http_method; content:"/ybyfw4yy7d.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qz9.j-70o.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3636039/; classtype:trojan-activity;sid:84499139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636038)"; flow:established,from_client; content:"GET"; http_method; content:"/vm.google|3f|t=76snqv7a"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"de.lkci1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3636038/; classtype:trojan-activity;sid:84499138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636037)"; flow:established,from_client; content:"GET"; http_method; content:"/trbq1a76t9.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"tq1.f14ey.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3636037/; classtype:trojan-activity;sid:84499137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636036)"; flow:established,from_client; content:"GET"; http_method; content:"/vm.google|3f|t=zlekeuhk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"de.lkci1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3636036/; classtype:trojan-activity;sid:84499136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636035)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.24.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3636035/; classtype:trojan-activity;sid:84499135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636034)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.191.59.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3636034/; classtype:trojan-activity;sid:84499134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636033)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.191.59.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3636033/; classtype:trojan-activity;sid:84499133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636032)"; flow:established,from_client; content:"GET"; http_method; content:"/jhto6inlhu.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"b2.f14ey.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3636032/; classtype:trojan-activity;sid:84499132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636031)"; flow:established,from_client; content:"GET"; http_method; content:"/cf.google|3f|t=geaivbjl"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"di.lkci1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3636031/; classtype:trojan-activity;sid:84499131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636030)"; flow:established,from_client; content:"GET"; http_method; content:"/cf.google|3f|t=k6ziyr2q"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"di.lkci1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3636030/; classtype:trojan-activity;sid:84499130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636029)"; flow:established,from_client; content:"GET"; http_method; content:"/86xhx4wr9r.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2.j-70o.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3636029/; classtype:trojan-activity;sid:84499129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636028)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.71.176.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3636028/; classtype:trojan-activity;sid:84499128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636027)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.216.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3636027/; classtype:trojan-activity;sid:84499127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636026)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.216.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3636026/; classtype:trojan-activity;sid:84499126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636024)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.106.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3636024/; classtype:trojan-activity;sid:84499124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636025)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.24.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3636025/; classtype:trojan-activity;sid:84499125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636023)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.71.176.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3636023/; classtype:trojan-activity;sid:84499123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636022)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.237.101.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3636022/; classtype:trojan-activity;sid:84499122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636021)"; flow:established,from_client; content:"GET"; http_method; content:"/23h4yv5dby.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k.j-70o.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3636021/; classtype:trojan-activity;sid:84499121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636020)"; flow:established,from_client; content:"GET"; http_method; content:"/jg3fxo0gby.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"e1.j86ei.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3636020/; classtype:trojan-activity;sid:84499120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636019)"; flow:established,from_client; content:"GET"; http_method; content:"/1s1.check|3f|t=vtx4oiup"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"do.lkci1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3636019/; classtype:trojan-activity;sid:84499119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636018)"; flow:established,from_client; content:"GET"; http_method; content:"/1s1.check|3f|t=hoesz2ev"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"do.lkci1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3636018/; classtype:trojan-activity;sid:84499118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636017)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.118.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3636017/; classtype:trojan-activity;sid:84499117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636016)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.252.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3636016/; classtype:trojan-activity;sid:84499116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636015)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"49.70.129.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3636015/; classtype:trojan-activity;sid:84499115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636014)"; flow:established,from_client; content:"GET"; http_method; content:"/qn8ffntop7.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m6.nu-96.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3636014/; classtype:trojan-activity;sid:84499114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636013)"; flow:established,from_client; content:"GET"; http_method; content:"/1e.google|3f|t=gikbu6ba"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ed.lkci1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3636013/; classtype:trojan-activity;sid:84499113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636012)"; flow:established,from_client; content:"GET"; http_method; content:"/oh0k6g9n2j.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"qk2.j86ei.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3636012/; classtype:trojan-activity;sid:84499112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636011)"; flow:established,from_client; content:"GET"; http_method; content:"/1e.google|3f|t=5xxlqbya"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ed.lkci1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3636011/; classtype:trojan-activity;sid:84499111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636010)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.237.101.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3636010/; classtype:trojan-activity;sid:84499110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636009)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.136.140.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3636009/; classtype:trojan-activity;sid:84499109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636008)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.92.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3636008/; classtype:trojan-activity;sid:84499108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636007)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.126.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3636007/; classtype:trojan-activity;sid:84499107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636006)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.166.112.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3636006/; classtype:trojan-activity;sid:84499106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636005)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm5"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3636005/; classtype:trojan-activity;sid:84499105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636004)"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.180.82.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3636004/; classtype:trojan-activity;sid:84499104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635994)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"5.180.82.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635994/; classtype:trojan-activity;sid:84499094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635995)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.180.82.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635995/; classtype:trojan-activity;sid:84499095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635996)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"5.180.82.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635996/; classtype:trojan-activity;sid:84499096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635997)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.180.82.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635997/; classtype:trojan-activity;sid:84499097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635998)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.180.82.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635998/; classtype:trojan-activity;sid:84499098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635999)"; flow:established,from_client; content:"GET"; http_method; content:"/i486"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.180.82.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635999/; classtype:trojan-activity;sid:84499099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636000)"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.180.82.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3636000/; classtype:trojan-activity;sid:84499100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636001)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.180.82.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3636001/; classtype:trojan-activity;sid:84499101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636002)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"5.180.82.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3636002/; classtype:trojan-activity;sid:84499102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636003)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.180.82.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3636003/; classtype:trojan-activity;sid:84499103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635993)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm6"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635993/; classtype:trojan-activity;sid:84499093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635988)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635988/; classtype:trojan-activity;sid:84499088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635989)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm6"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635989/; classtype:trojan-activity;sid:84499089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635990)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm7"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635990/; classtype:trojan-activity;sid:84499090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635991)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.sh4"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635991/; classtype:trojan-activity;sid:84499091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635992)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.m68k"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635992/; classtype:trojan-activity;sid:84499092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635987)"; flow:established,from_client; content:"GET"; http_method; content:"/mp.check|3f|t=3qqzcswy"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ef.mxta6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635987/; classtype:trojan-activity;sid:84499087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635986)"; flow:established,from_client; content:"GET"; http_method; content:"/y05ukcik0d.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t1.nu-96.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635986/; classtype:trojan-activity;sid:84499086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635985)"; flow:established,from_client; content:"GET"; http_method; content:"/mp.check|3f|t=r0ljizz6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ef.mxta6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635985/; classtype:trojan-activity;sid:84499085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635984)"; flow:established,from_client; content:"GET"; http_method; content:"/6iupgsojvg.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u5.j86ei.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635984/; classtype:trojan-activity;sid:84499084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635983)"; flow:established,from_client; content:"GET"; http_method; content:"/tslvvsmiuy.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qz9.nu-96.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635983/; classtype:trojan-activity;sid:84499083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635982)"; flow:established,from_client; content:"GET"; http_method; content:"/oumpx050t5.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u5.j86ei.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635982/; classtype:trojan-activity;sid:84499082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635980)"; flow:established,from_client; content:"GET"; http_method; content:"/m6.check|3f|t=v1dad3gg"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"eh.mxta6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635980/; classtype:trojan-activity;sid:84499080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635981)"; flow:established,from_client; content:"GET"; http_method; content:"/m6.check|3f|t=lpb3vzpz"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"eh.mxta6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635981/; classtype:trojan-activity;sid:84499081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635979)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.249.55.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635979/; classtype:trojan-activity;sid:84499079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635978)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.207.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635978/; classtype:trojan-activity;sid:84499078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635974)"; flow:established,from_client; content:"GET"; http_method; content:"/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635974/; classtype:trojan-activity;sid:84499074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635975)"; flow:established,from_client; content:"GET"; http_method; content:"/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635975/; classtype:trojan-activity;sid:84499075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635976)"; flow:established,from_client; content:"GET"; http_method; content:"/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635976/; classtype:trojan-activity;sid:84499076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635977)"; flow:established,from_client; content:"GET"; http_method; content:"/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635977/; classtype:trojan-activity;sid:84499077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635966)"; flow:established,from_client; content:"GET"; http_method; content:"/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635966/; classtype:trojan-activity;sid:84499066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635967)"; flow:established,from_client; content:"GET"; http_method; content:"/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635967/; classtype:trojan-activity;sid:84499067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635968)"; flow:established,from_client; content:"GET"; http_method; content:"/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635968/; classtype:trojan-activity;sid:84499068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635969)"; flow:established,from_client; content:"GET"; http_method; content:"/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635969/; classtype:trojan-activity;sid:84499069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635970)"; flow:established,from_client; content:"GET"; http_method; content:"/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635970/; classtype:trojan-activity;sid:84499070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635971)"; flow:established,from_client; content:"GET"; http_method; content:"/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635971/; classtype:trojan-activity;sid:84499071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635972)"; flow:established,from_client; content:"GET"; http_method; content:"/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635972/; classtype:trojan-activity;sid:84499072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635973)"; flow:established,from_client; content:"GET"; http_method; content:"/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635973/; classtype:trojan-activity;sid:84499073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635965)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.6.64.205"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635965/; classtype:trojan-activity;sid:84499065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635964)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.134.10.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635964/; classtype:trojan-activity;sid:84499064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635963)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"211.97.152.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635963/; classtype:trojan-activity;sid:84499063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635962)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.207.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635962/; classtype:trojan-activity;sid:84499062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635961)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.72.162"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635961/; classtype:trojan-activity;sid:84499061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635960)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.6.64.205"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635960/; classtype:trojan-activity;sid:84499060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635958)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.134.10.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635958/; classtype:trojan-activity;sid:84499058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635959)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"211.97.152.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635959/; classtype:trojan-activity;sid:84499059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635957)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.126.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635957/; classtype:trojan-activity;sid:84499057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635956)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.236.244.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635956/; classtype:trojan-activity;sid:84499056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635955)"; flow:established,from_client; content:"GET"; http_method; content:"/u2u4i5kdje.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2.nu-96.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635955/; classtype:trojan-activity;sid:84499055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635954)"; flow:established,from_client; content:"GET"; http_method; content:"/pc.check|3f|t=hnl96pyw"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"el.mxta6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635954/; classtype:trojan-activity;sid:84499054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635953)"; flow:established,from_client; content:"GET"; http_method; content:"/xmiy97570k.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"r.j86ei.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635953/; classtype:trojan-activity;sid:84499053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635952)"; flow:established,from_client; content:"GET"; http_method; content:"/pc.check|3f|t=opwuo5ao"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"el.mxta6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635952/; classtype:trojan-activity;sid:84499052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635951)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"178.16.142.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635951/; classtype:trojan-activity;sid:84499051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635949)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.189.158.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635949/; classtype:trojan-activity;sid:84499049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635950)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.213.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635950/; classtype:trojan-activity;sid:84499050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635948)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.42.203.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635948/; classtype:trojan-activity;sid:84499048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635947)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.235.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635947/; classtype:trojan-activity;sid:84499047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635945)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635945/; classtype:trojan-activity;sid:84499045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635946)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.162.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635946/; classtype:trojan-activity;sid:84499046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635939)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"178.16.142.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635939/; classtype:trojan-activity;sid:84499039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635940)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"178.16.142.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635940/; classtype:trojan-activity;sid:84499040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635941)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.190.11.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635941/; classtype:trojan-activity;sid:84499041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635942)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.131.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635942/; classtype:trojan-activity;sid:84499042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635943)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.38.3.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635943/; classtype:trojan-activity;sid:84499043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635944)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.83.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635944/; classtype:trojan-activity;sid:84499044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635938)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.71.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635938/; classtype:trojan-activity;sid:84499038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635937)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.236.244.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635937/; classtype:trojan-activity;sid:84499037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635936)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.87.182.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635936/; classtype:trojan-activity;sid:84499036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635935)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.151.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635935/; classtype:trojan-activity;sid:84499035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635934)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.0.104"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635934/; classtype:trojan-activity;sid:84499034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635933)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.67.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635933/; classtype:trojan-activity;sid:84499033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635932)"; flow:established,from_client; content:"GET"; http_method; content:"/bhkysuau0f.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k.nu-96.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635932/; classtype:trojan-activity;sid:84499032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635931)"; flow:established,from_client; content:"GET"; http_method; content:"/5k6.google|3f|t=4vn7tiqo"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"em.mxta6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635931/; classtype:trojan-activity;sid:84499031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635930)"; flow:established,from_client; content:"GET"; http_method; content:"/uvzf5a7rg3.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"k7.x12uy.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635930/; classtype:trojan-activity;sid:84499030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635929)"; flow:established,from_client; content:"GET"; http_method; content:"/5k6.google|3f|t=opm4ka3v"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"em.mxta6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635929/; classtype:trojan-activity;sid:84499029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635928)"; flow:established,from_client; content:"GET"; http_method; content:"/mpyk302ruc.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"aa9.x12uy.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635928/; classtype:trojan-activity;sid:84499028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635927)"; flow:established,from_client; content:"GET"; http_method; content:"/0d.check|3f|t=kdb7hdgy"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"en.mxta6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635927/; classtype:trojan-activity;sid:84499027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635926)"; flow:established,from_client; content:"GET"; http_method; content:"/0d.check|3f|t=8wrr97vg"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"en.mxta6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635926/; classtype:trojan-activity;sid:84499026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635925)"; flow:established,from_client; content:"GET"; http_method; content:"/yhifd4l43w.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"aa9.x12uy.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635925/; classtype:trojan-activity;sid:84499025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635924)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.188.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635924/; classtype:trojan-activity;sid:84499024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635923)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.151.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635923/; classtype:trojan-activity;sid:84499023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635922)"; flow:established,from_client; content:"GET"; http_method; content:"/dihpewy291.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"v2.x12uy.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635922/; classtype:trojan-activity;sid:84499022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635921)"; flow:established,from_client; content:"GET"; http_method; content:"/0d.check|3f|t=vbdykvi0"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"en.mxta6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635921/; classtype:trojan-activity;sid:84499021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635920)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.177.215.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635920/; classtype:trojan-activity;sid:84499020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635918)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.85.161.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635918/; classtype:trojan-activity;sid:84499018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635919)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.87.182.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635919/; classtype:trojan-activity;sid:84499019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635917)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.188.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635917/; classtype:trojan-activity;sid:84499017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635916)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.4.155.141"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635916/; classtype:trojan-activity;sid:84499016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635915)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.43.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635915/; classtype:trojan-activity;sid:84499015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635914)"; flow:established,from_client; content:"GET"; http_method; content:"/0d.check|3f|t=kakf5gwd"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"en.mxta6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635914/; classtype:trojan-activity;sid:84499014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635913)"; flow:established,from_client; content:"GET"; http_method; content:"/idmi7urx33.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"b1.zi-87.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635913/; classtype:trojan-activity;sid:84499013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635912)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.246.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635912/; classtype:trojan-activity;sid:84499012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635911)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.177.98.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635911/; classtype:trojan-activity;sid:84499011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635910)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.190.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635910/; classtype:trojan-activity;sid:84499010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635909)"; flow:established,from_client; content:"GET"; http_method; content:"/c8c7011c8d8dce568489e4983fd4606e"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"x2.vototao9.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635909/; classtype:trojan-activity;sid:84499009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635908)"; flow:established,from_client; content:"GET"; http_method; content:"/wu5.google|3f|t=z3s4iceu"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"vi.sgdi-6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635908/; classtype:trojan-activity;sid:84499008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635907)"; flow:established,from_client; content:"GET"; http_method; content:"/8kmbdaiaqa.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"g4.zi-87.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635907/; classtype:trojan-activity;sid:84499007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635906)"; flow:established,from_client; content:"GET"; http_method; content:"/wu5.google|3f|t=oibs6uij"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"vi.sgdi-6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635906/; classtype:trojan-activity;sid:84499006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635905)"; flow:established,from_client; content:"GET"; http_method; content:"/rnsmbkds94.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"g.x12uy.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635905/; classtype:trojan-activity;sid:84499005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635904)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.3.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635904/; classtype:trojan-activity;sid:84499004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635903)"; flow:established,from_client; content:"GET"; http_method; content:"/god.check|3f|t=ozggxrnp"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"vo.sgdi-6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635903/; classtype:trojan-activity;sid:84499003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635902)"; flow:established,from_client; content:"GET"; http_method; content:"/6nqan6it8j.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"g.x12uy.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635902/; classtype:trojan-activity;sid:84499002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635901)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.246.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635901/; classtype:trojan-activity;sid:84499001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635900)"; flow:established,from_client; content:"GET"; http_method; content:"/god.check|3f|t=dczzkdj1"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"vo.sgdi-6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635900/; classtype:trojan-activity;sid:84499000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635899)"; flow:established,from_client; content:"GET"; http_method; content:"/mykcwvphmu.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pm7.zi-87.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635899/; classtype:trojan-activity;sid:84498999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635898)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.138.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635898/; classtype:trojan-activity;sid:84498998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635896)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.24.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635896/; classtype:trojan-activity;sid:84498996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635897)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.93.32"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635897/; classtype:trojan-activity;sid:84498997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635895)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.3.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635895/; classtype:trojan-activity;sid:84498995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635894)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.179.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635894/; classtype:trojan-activity;sid:84498994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635893)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.236.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635893/; classtype:trojan-activity;sid:84498993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635892)"; flow:established,from_client; content:"GET"; http_method; content:"/lj0igywosn.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"aa9.r99ae.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635892/; classtype:trojan-activity;sid:84498992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635890)"; flow:established,from_client; content:"GET"; http_method; content:"/vam.check|3f|t=3ria4czz"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"vu.sgdi-6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635890/; classtype:trojan-activity;sid:84498990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635891)"; flow:established,from_client; content:"GET"; http_method; content:"/q1oucew3f1.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k4.zi-87.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635891/; classtype:trojan-activity;sid:84498991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635889)"; flow:established,from_client; content:"GET"; http_method; content:"/vam.check|3f|t=6tofzecr"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"vu.sgdi-6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635889/; classtype:trojan-activity;sid:84498989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635888)"; flow:established,from_client; content:"GET"; http_method; content:"/pn0syp2phh.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k4.zi-87.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635888/; classtype:trojan-activity;sid:84498988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635887)"; flow:established,from_client; content:"GET"; http_method; content:"/twb.check|3f|t=y2spg5y0"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"vy.sgdi-6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635887/; classtype:trojan-activity;sid:84498987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635886)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.93.32"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635886/; classtype:trojan-activity;sid:84498986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635885)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.11.86.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635885/; classtype:trojan-activity;sid:84498985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635884)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.196.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635884/; classtype:trojan-activity;sid:84498984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635883)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.87.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635883/; classtype:trojan-activity;sid:84498983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635882)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.11.86.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635882/; classtype:trojan-activity;sid:84498982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635881)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.179.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635881/; classtype:trojan-activity;sid:84498981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635880)"; flow:established,from_client; content:"GET"; http_method; content:"/91aq36dthm.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"xq0.r99ae.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635880/; classtype:trojan-activity;sid:84498980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635879)"; flow:established,from_client; content:"GET"; http_method; content:"/o09.google|3f|t=hiw5ix6v"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"wa.sgdi-6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635879/; classtype:trojan-activity;sid:84498979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635878)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.44.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635878/; classtype:trojan-activity;sid:84498978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635877)"; flow:established,from_client; content:"GET"; http_method; content:"/gp251da7gs.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"y.zi-87.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635877/; classtype:trojan-activity;sid:84498977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635876)"; flow:established,from_client; content:"GET"; http_method; content:"/o09.google|3f|t=zghu6w0p"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"wa.sgdi-6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635876/; classtype:trojan-activity;sid:84498976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635874)"; flow:established,from_client; content:"GET"; http_method; content:"/155/img___pict004995005000003599505005005040405000600.hta"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"104.243.37.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635874/; classtype:trojan-activity;sid:84498974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635875)"; flow:established,from_client; content:"GET"; http_method; content:"/155/imgs___kissing__09000000030002000000040506000000.hta"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"96.44.159.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635875/; classtype:trojan-activity;sid:84498975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635873)"; flow:established,from_client; content:"GET"; http_method; content:"/78/img___pict____009000009900000000770000000.hta"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"172.245.12.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635873/; classtype:trojan-activity;sid:84498973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635872)"; flow:established,from_client; content:"GET"; http_method; content:"/kfcay6b2ef.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k4.ri-04.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635872/; classtype:trojan-activity;sid:84498972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635871)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/w9z1zcvmc5pnv0yu204ac/medellin.txt|3f|rlkey=6ns7rg702qqchbucondxa51bl|7c|26|7c|st=55uqfm78|7c|26|7c|dl=1"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635871/; classtype:trojan-activity;sid:84498971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635870)"; flow:established,from_client; content:"GET"; http_method; content:"/la.check|3f|t=aq0zumbs"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"wi.sxqy-9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635870/; classtype:trojan-activity;sid:84498970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635869)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/loloer3434.firebasestorage.app/o/cifrado%20fff3333%2fpesky%20(5).txt|3f|alt=media|7c|26|7c|token=7e30d39e-c339-4bf9-82f6-84ca73f9407b"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635869/; classtype:trojan-activity;sid:84498969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635868)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/loloer3434.firebasestorage.app/o/cifrado%20fff3333%2fdllsky%20(1).txt|3f|alt=media|7c|26|7c|token=534a43d1-25fa-4b07-9351-33997cb48df4"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635868/; classtype:trojan-activity;sid:84498968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635867)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.161.49.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635867/; classtype:trojan-activity;sid:84498967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635866)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.175.153.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635866/; classtype:trojan-activity;sid:84498966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635865)"; flow:established,from_client; content:"GET"; http_method; content:"/files/bit/logme.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635865/; classtype:trojan-activity;sid:84498965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635864)"; flow:established,from_client; content:"GET"; http_method; content:"/install_1.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"eyoiext.org"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635864/; classtype:trojan-activity;sid:84498964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635863)"; flow:established,from_client; content:"GET"; http_method; content:"/022b63ba1671438baf93c3478a38c1f3_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635863/; classtype:trojan-activity;sid:84498963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635862)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6863948953/tw08ytt.ps1"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635862/; classtype:trojan-activity;sid:84498962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635861)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.46.55.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635861/; classtype:trojan-activity;sid:84498961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635859)"; flow:established,from_client; content:"GET"; http_method; content:"/tj47l15ct6.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"z3.ri-04.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635859/; classtype:trojan-activity;sid:84498959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635860)"; flow:established,from_client; content:"GET"; http_method; content:"/ifr.google|3f|t=cbw5js9r"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"wu.sxqy-9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635860/; classtype:trojan-activity;sid:84498960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635858)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.79.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635858/; classtype:trojan-activity;sid:84498958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635857)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.138.74.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635857/; classtype:trojan-activity;sid:84498957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635852)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.204.222.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635852/; classtype:trojan-activity;sid:84498952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635853)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.111.146.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635853/; classtype:trojan-activity;sid:84498953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635854)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"191.235.236.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635854/; classtype:trojan-activity;sid:84498954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635855)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"118.89.73.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635855/; classtype:trojan-activity;sid:84498955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635856)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"113.44.4.61"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635856/; classtype:trojan-activity;sid:84498956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635851)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.221.8.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635851/; classtype:trojan-activity;sid:84498951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635850)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.44.3.176"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635850/; classtype:trojan-activity;sid:84498950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635849)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"105.214.34.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635849/; classtype:trojan-activity;sid:84498949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635847)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.109.228.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635847/; classtype:trojan-activity;sid:84498947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635848)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.157.28.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635848/; classtype:trojan-activity;sid:84498948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635846)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"1.53.43.14"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635846/; classtype:trojan-activity;sid:84498946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635845)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.50.32.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635845/; classtype:trojan-activity;sid:84498945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635844)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.224.142.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635844/; classtype:trojan-activity;sid:84498944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635841)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"113.184.236.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635841/; classtype:trojan-activity;sid:84498941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635842)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"183.185.212.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635842/; classtype:trojan-activity;sid:84498942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635843)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.146.65.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635843/; classtype:trojan-activity;sid:84498943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635840)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.197.122.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635840/; classtype:trojan-activity;sid:84498940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635839)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"77.12.116.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635839/; classtype:trojan-activity;sid:84498939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635838)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.195.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635838/; classtype:trojan-activity;sid:84498938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635837)"; flow:established,from_client; content:"GET"; http_method; content:"/02.google|3f|t=2lhupc8m"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"wy.sxqy-9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635837/; classtype:trojan-activity;sid:84498937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635836)"; flow:established,from_client; content:"GET"; http_method; content:"/okqykvzihg.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qm9.ri-04.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635836/; classtype:trojan-activity;sid:84498936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635835)"; flow:established,from_client; content:"GET"; http_method; content:"/02.google|3f|t=hb7sglm5"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"wy.sxqy-9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635835/; classtype:trojan-activity;sid:84498935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635834)"; flow:established,from_client; content:"GET"; http_method; content:"/1dw98x2lgr.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"c5.r99ae.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635834/; classtype:trojan-activity;sid:84498934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635833)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.161.49.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635833/; classtype:trojan-activity;sid:84498933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635831)"; flow:established,from_client; content:"GET"; http_method; content:"/gv.check|3f|t=drf62xdm"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"xa.sxqy-9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635831/; classtype:trojan-activity;sid:84498931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635832)"; flow:established,from_client; content:"GET"; http_method; content:"/lnl8d8svme.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"u1.ri-04.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635832/; classtype:trojan-activity;sid:84498932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635830)"; flow:established,from_client; content:"GET"; http_method; content:"/gv.check|3f|t=bl2c79tv"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"xa.sxqy-9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635830/; classtype:trojan-activity;sid:84498930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635829)"; flow:established,from_client; content:"GET"; http_method; content:"/9b79i458wt.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"c5.r99ae.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635829/; classtype:trojan-activity;sid:84498929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635828)"; flow:established,from_client; content:"GET"; http_method; content:"/financial_report.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"172.86.72.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635828/; classtype:trojan-activity;sid:84498928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635827)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%86%85%e9%83%a8%e9%80%9a%e7%9f%a5.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"172.86.72.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635827/; classtype:trojan-activity;sid:84498927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635825)"; flow:established,from_client; content:"GET"; http_method; content:"/%e4%bc%9a%e8%ae%ae%e7%ba%aa%e8%a6%81.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"172.86.72.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635825/; classtype:trojan-activity;sid:84498925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635826)"; flow:established,from_client; content:"GET"; http_method; content:"/client_information.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"172.86.72.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635826/; classtype:trojan-activity;sid:84498926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635824)"; flow:established,from_client; content:"GET"; http_method; content:"/main_amd64_srdi.bin"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"172.86.72.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635824/; classtype:trojan-activity;sid:84498924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635819)"; flow:established,from_client; content:"GET"; http_method; content:"/%e9%87%8d%e8%a6%81%e6%96%87%e6%a1%a3-%e8%af%b7%e6%9f%a5%e7%9c%8b.exe"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"172.86.72.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635819/; classtype:trojan-activity;sid:84498919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635820)"; flow:established,from_client; content:"GET"; http_method; content:"/confidential.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"172.86.72.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635820/; classtype:trojan-activity;sid:84498920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635821)"; flow:established,from_client; content:"GET"; http_method; content:"/meeting_minutes.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"172.86.72.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635821/; classtype:trojan-activity;sid:84498921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635822)"; flow:established,from_client; content:"GET"; http_method; content:"/contract_details.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"172.86.72.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635822/; classtype:trojan-activity;sid:84498922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635823)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b7%a5%e8%b5%84%e5%8d%95%e6%98%8e%e7%bb%86.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"172.86.72.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635823/; classtype:trojan-activity;sid:84498923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635818)"; flow:established,from_client; content:"GET"; http_method; content:"/main_amd64_obfuscated.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"172.86.72.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635818/; classtype:trojan-activity;sid:84498918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635813)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%ae%a2%e6%88%b7%e8%b5%84%e6%96%99.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"172.86.72.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635813/; classtype:trojan-activity;sid:84498913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635814)"; flow:established,from_client; content:"GET"; http_method; content:"/project_plan.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"172.86.72.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635814/; classtype:trojan-activity;sid:84498914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635815)"; flow:established,from_client; content:"GET"; http_method; content:"/annual_summary.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"172.86.72.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635815/; classtype:trojan-activity;sid:84498915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635816)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%b4%a2%e5%8a%a1%e6%8a%a5%e8%a1%a82025.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"172.86.72.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635816/; classtype:trojan-activity;sid:84498916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635817)"; flow:established,from_client; content:"GET"; http_method; content:"/urgent_notice.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"172.86.72.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635817/; classtype:trojan-activity;sid:84498917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635805)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b9%b4%e7%bb%88%e6%80%bb%e7%bb%93.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"172.86.72.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635805/; classtype:trojan-activity;sid:84498905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635806)"; flow:established,from_client; content:"GET"; http_method; content:"/main_amd64.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"172.86.72.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635806/; classtype:trojan-activity;sid:84498906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635807)"; flow:established,from_client; content:"GET"; http_method; content:"/%e7%b4%a7%e6%80%a5%e9%80%9a%e7%9f%a5.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"172.86.72.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635807/; classtype:trojan-activity;sid:84498907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635808)"; flow:established,from_client; content:"GET"; http_method; content:"/main_amd64_word_style.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"172.86.72.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635808/; classtype:trojan-activity;sid:84498908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635809)"; flow:established,from_client; content:"GET"; http_method; content:"/document.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"172.86.72.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635809/; classtype:trojan-activity;sid:84498909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635810)"; flow:established,from_client; content:"GET"; http_method; content:"/%e9%a1%b9%e7%9b%ae%e8%ae%a1%e5%88%92.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"172.86.72.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635810/; classtype:trojan-activity;sid:84498910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635811)"; flow:established,from_client; content:"GET"; http_method; content:"/important_notice.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"172.86.72.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635811/; classtype:trojan-activity;sid:84498911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635812)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%90%88%e5%90%8c%e6%96%87%e4%bb%b6.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"172.86.72.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635812/; classtype:trojan-activity;sid:84498912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635804)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.55.76.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635804/; classtype:trojan-activity;sid:84498904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635803)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.79.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635803/; classtype:trojan-activity;sid:84498903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635802)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.109.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635802/; classtype:trojan-activity;sid:84498902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635801)"; flow:established,from_client; content:"GET"; http_method; content:"/client.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.81.113.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635801/; classtype:trojan-activity;sid:84498901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635800)"; flow:established,from_client; content:"GET"; http_method; content:"/client.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.81.113.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635800/; classtype:trojan-activity;sid:84498900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635799)"; flow:established,from_client; content:"GET"; http_method; content:"/vxldqudt2v.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"l.r99ae.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635799/; classtype:trojan-activity;sid:84498899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635798)"; flow:established,from_client; content:"GET"; http_method; content:"/rz.google|3f|t=7f8iin88"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"xe.sxqy-9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635798/; classtype:trojan-activity;sid:84498898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635797)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.spc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635797/; classtype:trojan-activity;sid:84498897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635794)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mips"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635794/; classtype:trojan-activity;sid:84498894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635795)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635795/; classtype:trojan-activity;sid:84498895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635796)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.i686"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635796/; classtype:trojan-activity;sid:84498896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635786)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86_64"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635786/; classtype:trojan-activity;sid:84498886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635787)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635787/; classtype:trojan-activity;sid:84498887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635788)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635788/; classtype:trojan-activity;sid:84498888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635789)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.m68k"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635789/; classtype:trojan-activity;sid:84498889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635790)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.sh4"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635790/; classtype:trojan-activity;sid:84498890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635791)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.ppc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635791/; classtype:trojan-activity;sid:84498891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635792)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mpsl"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635792/; classtype:trojan-activity;sid:84498892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635793)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm7"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635793/; classtype:trojan-activity;sid:84498893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635784)"; flow:established,from_client; content:"GET"; http_method; content:"/rz.google|3f|t=3aaqwfmr"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"xe.sxqy-9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635784/; classtype:trojan-activity;sid:84498884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635785)"; flow:established,from_client; content:"GET"; http_method; content:"/g24ay0zj5p.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"h.ri-04.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635785/; classtype:trojan-activity;sid:84498885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635783)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.109.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635783/; classtype:trojan-activity;sid:84498883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635782)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.65.28.93"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635782/; classtype:trojan-activity;sid:84498882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635781)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.36.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635781/; classtype:trojan-activity;sid:84498881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635780)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.6.32.169"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635780/; classtype:trojan-activity;sid:84498880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635779)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.136.55.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635779/; classtype:trojan-activity;sid:84498879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635778)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.118.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635778/; classtype:trojan-activity;sid:84498878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.249.91.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635777/; classtype:trojan-activity;sid:84498877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635776)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.58.236.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635776/; classtype:trojan-activity;sid:84498876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635775)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.250.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635775/; classtype:trojan-activity;sid:84498875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635774)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.136.55.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635774/; classtype:trojan-activity;sid:84498874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635773)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.249.91.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635773/; classtype:trojan-activity;sid:84498873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635772)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.250.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635772/; classtype:trojan-activity;sid:84498872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635771)"; flow:established,from_client; content:"GET"; http_method; content:"/ping.bin"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"hetenyikorhaz.hu"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635771/; classtype:trojan-activity;sid:84498871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635770)"; flow:established,from_client; content:"GET"; http_method; content:"/alberg205.sea"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"hetenyikorhaz.hu"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635770/; classtype:trojan-activity;sid:84498870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635769)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.41.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635769/; classtype:trojan-activity;sid:84498869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635767)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635767/; classtype:trojan-activity;sid:84498867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635768)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.153.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635768/; classtype:trojan-activity;sid:84498868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635766)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.85.161.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635766/; classtype:trojan-activity;sid:84498866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635765)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.140.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635765/; classtype:trojan-activity;sid:84498865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635764)"; flow:established,from_client; content:"GET"; http_method; content:"/h5zdznmktsuin1f.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.92.240.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635764/; classtype:trojan-activity;sid:84498864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635762)"; flow:established,from_client; content:"GET"; http_method; content:"/wff.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"alpinreisan1.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635762/; classtype:trojan-activity;sid:84498862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635763)"; flow:established,from_client; content:"GET"; http_method; content:"/3nxw7k1naozhquf.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.92.240.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635763/; classtype:trojan-activity;sid:84498863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635761)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.69.234.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635761/; classtype:trojan-activity;sid:84498861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635760)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.81.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635760/; classtype:trojan-activity;sid:84498860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635758)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.178.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635758/; classtype:trojan-activity;sid:84498858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635759)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.175.8.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635759/; classtype:trojan-activity;sid:84498859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635755)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"142.90.8.106"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635755/; classtype:trojan-activity;sid:84498855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635756)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.98.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635756/; classtype:trojan-activity;sid:84498856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635757)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.177.215.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635757/; classtype:trojan-activity;sid:84498857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.226.129.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635754/; classtype:trojan-activity;sid:84498854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635753)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.39.131.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635753/; classtype:trojan-activity;sid:84498853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635752)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635752/; classtype:trojan-activity;sid:84498852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635750)"; flow:established,from_client; content:"GET"; http_method; content:"/kal64"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"195.177.94.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635750/; classtype:trojan-activity;sid:84498850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635751)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.177.94.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635751/; classtype:trojan-activity;sid:84498851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635749)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.140.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635749/; classtype:trojan-activity;sid:84498849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635748)"; flow:established,from_client; content:"GET"; http_method; content:"/%e4%ba%89%e9%9c%b8%e9%ad%94%e5%9f%9f.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"192.140.165.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635748/; classtype:trojan-activity;sid:84498848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635747)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.153.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635747/; classtype:trojan-activity;sid:84498847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635746)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.210.20.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635746/; classtype:trojan-activity;sid:84498846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635745)"; flow:established,from_client; content:"GET"; http_method; content:"/hkcg"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.180.151.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635745/; classtype:trojan-activity;sid:84498845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635744)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.190.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635744/; classtype:trojan-activity;sid:84498844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635743)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.39.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635743/; classtype:trojan-activity;sid:84498843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635742)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/video.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"151.81.51.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635742/; classtype:trojan-activity;sid:84498842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635740)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/32gb/video.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"151.81.51.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635740/; classtype:trojan-activity;sid:84498840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635741)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/av.lnk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"151.81.51.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635741/; classtype:trojan-activity;sid:84498841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635739)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/32gb/video.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"151.81.51.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635739/; classtype:trojan-activity;sid:84498839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635738)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/32gb/av.lnk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"151.81.51.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635738/; classtype:trojan-activity;sid:84498838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635731)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/video.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"151.81.51.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635731/; classtype:trojan-activity;sid:84498831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635732)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/32gb/photo.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"151.81.51.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635732/; classtype:trojan-activity;sid:84498832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635733)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/32gb/av.scr"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"151.81.51.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635733/; classtype:trojan-activity;sid:84498833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635734)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/32gb/photo.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"151.81.51.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635734/; classtype:trojan-activity;sid:84498834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635735)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/photo.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"151.81.51.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635735/; classtype:trojan-activity;sid:84498835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635736)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/av.scr"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"151.81.51.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635736/; classtype:trojan-activity;sid:84498836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635737)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/photo.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"151.81.51.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635737/; classtype:trojan-activity;sid:84498837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635730)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.202.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635730/; classtype:trojan-activity;sid:84498830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635729)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.222.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635729/; classtype:trojan-activity;sid:84498829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635728)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.39.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635728/; classtype:trojan-activity;sid:84498828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635727)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.253.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635727/; classtype:trojan-activity;sid:84498827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635726)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.77.250.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635726/; classtype:trojan-activity;sid:84498826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635724)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.230.103.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635724/; classtype:trojan-activity;sid:84498824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635725)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.191.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635725/; classtype:trojan-activity;sid:84498825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635723)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"174.34.242.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635723/; classtype:trojan-activity;sid:84498823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635722)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.7.81.69"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635722/; classtype:trojan-activity;sid:84498822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635721)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.253.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635721/; classtype:trojan-activity;sid:84498821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635720)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.175.153.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635720/; classtype:trojan-activity;sid:84498820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635719)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.179.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635719/; classtype:trojan-activity;sid:84498819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635718)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.31.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635718/; classtype:trojan-activity;sid:84498818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635717)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.32.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635717/; classtype:trojan-activity;sid:84498817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635716)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.214.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635716/; classtype:trojan-activity;sid:84498816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635715)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.115.65.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635715/; classtype:trojan-activity;sid:84498815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635714)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.224.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635714/; classtype:trojan-activity;sid:84498814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635713)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.189.157.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635713/; classtype:trojan-activity;sid:84498813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635712)"; flow:established,from_client; content:"GET"; http_method; content:"/eg5i82uu78.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"zd.qe-10.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635712/; classtype:trojan-activity;sid:84498812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635711)"; flow:established,from_client; content:"GET"; http_method; content:"/j2b.google|3f|t=tgv0hak5"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ax.khhu8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635711/; classtype:trojan-activity;sid:84498811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635710)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.32.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635710/; classtype:trojan-activity;sid:84498810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635709)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.114.174.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635709/; classtype:trojan-activity;sid:84498809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635708)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.190.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635708/; classtype:trojan-activity;sid:84498808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635707)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.115.65.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635707/; classtype:trojan-activity;sid:84498807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635706)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.182.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635706/; classtype:trojan-activity;sid:84498806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635705)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.144.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635705/; classtype:trojan-activity;sid:84498805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635704)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.224.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635704/; classtype:trojan-activity;sid:84498804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635703)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.96.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635703/; classtype:trojan-activity;sid:84498803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635702)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.189.157.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635702/; classtype:trojan-activity;sid:84498802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635701)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.182.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635701/; classtype:trojan-activity;sid:84498801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635699)"; flow:established,from_client; content:"GET"; http_method; content:"/2y8cfz28gh.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r2.qe-10.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635699/; classtype:trojan-activity;sid:84498799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635700)"; flow:established,from_client; content:"GET"; http_method; content:"/j2b.google|3f|t=96s8b83b"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ax.khhu8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635700/; classtype:trojan-activity;sid:84498800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635698)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.188.78.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635698/; classtype:trojan-activity;sid:84498798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635697)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.144.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635697/; classtype:trojan-activity;sid:84498797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635695)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.114.174.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635695/; classtype:trojan-activity;sid:84498795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635696)"; flow:established,from_client; content:"GET"; http_method; content:"/tn3chiqv19.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"h1.d03ui.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635696/; classtype:trojan-activity;sid:84498796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635694)"; flow:established,from_client; content:"GET"; http_method; content:"/0n.google|3f|t=8tmplask"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"aw.khhu8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635694/; classtype:trojan-activity;sid:84498794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635692)"; flow:established,from_client; content:"GET"; http_method; content:"/0n.google|3f|t=igtcpydg"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"aw.khhu8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635692/; classtype:trojan-activity;sid:84498792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635693)"; flow:established,from_client; content:"GET"; http_method; content:"/4w1pckhrjr.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"wq9.qe-10.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635693/; classtype:trojan-activity;sid:84498793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635691)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.77.250.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635691/; classtype:trojan-activity;sid:84498791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635690)"; flow:established,from_client; content:"GET"; http_method; content:"/reedba6me9.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"wq9.qe-10.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635690/; classtype:trojan-activity;sid:84498790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635686)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/px86_64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.94.31.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635686/; classtype:trojan-activity;sid:84498786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635687)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.94.31.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635687/; classtype:trojan-activity;sid:84498787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635688)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pi686"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.94.31.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635688/; classtype:trojan-activity;sid:84498788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635689)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pi468"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.94.31.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635689/; classtype:trojan-activity;sid:84498789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635684)"; flow:established,from_client; content:"GET"; http_method; content:"/xl.check|3f|t=jiwuxu1j"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"at.khhu8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635684/; classtype:trojan-activity;sid:84498784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635685)"; flow:established,from_client; content:"GET"; http_method; content:"/nba9nvri8f.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"h1.d03ui.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635685/; classtype:trojan-activity;sid:84498785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635683)"; flow:established,from_client; content:"GET"; http_method; content:"/xl.check|3f|t=6w3869z3"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"at.khhu8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635683/; classtype:trojan-activity;sid:84498783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635682)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.189.147.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635682/; classtype:trojan-activity;sid:84498782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635681)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.5.39"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635681/; classtype:trojan-activity;sid:84498781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635680)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.90.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635680/; classtype:trojan-activity;sid:84498780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635679)"; flow:established,from_client; content:"GET"; http_method; content:"/c7u751dm6o.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"pz7.d03ui.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635679/; classtype:trojan-activity;sid:84498779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635678)"; flow:established,from_client; content:"GET"; http_method; content:"/c5m8.google|3f|t=n8n9s219"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"z.m1y8v.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635678/; classtype:trojan-activity;sid:84498778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635677)"; flow:established,from_client; content:"GET"; http_method; content:"/yy0yxcuy9n.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c7.qe-10.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635677/; classtype:trojan-activity;sid:84498777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635676)"; flow:established,from_client; content:"GET"; http_method; content:"/c5m8.google|3f|t=ji721jjj"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"z.m1y8v.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635676/; classtype:trojan-activity;sid:84498776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635675)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.35.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635675/; classtype:trojan-activity;sid:84498775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635674)"; flow:established,from_client; content:"GET"; http_method; content:"/yx06px8c7l.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"n.qe-10.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635674/; classtype:trojan-activity;sid:84498774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635671)"; flow:established,from_client; content:"GET"; http_method; content:"/owc7jnhe25.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"w4.d03ui.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635671/; classtype:trojan-activity;sid:84498771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635672)"; flow:established,from_client; content:"GET"; http_method; content:"/7b0.check|3f|t=4q2mck71"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"t1v.m1y8v.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635672/; classtype:trojan-activity;sid:84498772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635673)"; flow:established,from_client; content:"GET"; http_method; content:"/7b0.check|3f|t=sjkuj7j4"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"t1v.m1y8v.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635673/; classtype:trojan-activity;sid:84498773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635670)"; flow:established,from_client; content:"GET"; http_method; content:"/test/filed.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635670/; classtype:trojan-activity;sid:84498770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635669)"; flow:established,from_client; content:"GET"; http_method; content:"/ra6slr5rdn.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"d.d03ui.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635669/; classtype:trojan-activity;sid:84498769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635668)"; flow:established,from_client; content:"GET"; http_method; content:"/k8.google|3f|t=b1dgxotn"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"m2.m1y8v.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635668/; classtype:trojan-activity;sid:84498768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635667)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.189.147.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635667/; classtype:trojan-activity;sid:84498767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635666)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.90.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635666/; classtype:trojan-activity;sid:84498766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635665)"; flow:established,from_client; content:"GET"; http_method; content:"/evtzzlvobr.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k9.wy-72.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635665/; classtype:trojan-activity;sid:84498765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635664)"; flow:established,from_client; content:"GET"; http_method; content:"/k8.google|3f|t=o4gfkrzx"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"m2.m1y8v.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635664/; classtype:trojan-activity;sid:84498764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635663)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.35.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635663/; classtype:trojan-activity;sid:84498763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635662)"; flow:established,from_client; content:"GET"; http_method; content:"/jk34065l0m.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m7.wy-72.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635662/; classtype:trojan-activity;sid:84498762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635661)"; flow:established,from_client; content:"GET"; http_method; content:"/tn3.check|3f|t=xqkk22ho"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"q.m1y8v.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635661/; classtype:trojan-activity;sid:84498761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635660)"; flow:established,from_client; content:"GET"; http_method; content:"/8289n3u4q9.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"t1.n46uu.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635660/; classtype:trojan-activity;sid:84498760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635659)"; flow:established,from_client; content:"GET"; http_method; content:"/tn3.check|3f|t=a5ont6p8"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"q.m1y8v.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635659/; classtype:trojan-activity;sid:84498759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635658)"; flow:established,from_client; content:"GET"; http_method; content:"/0jzds2zrs5.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"t1.n46uu.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635658/; classtype:trojan-activity;sid:84498758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635657)"; flow:established,from_client; content:"GET"; http_method; content:"/0c1.google|3f|t=dj0bazwa"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"hx.m1y8v.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635657/; classtype:trojan-activity;sid:84498757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635656)"; flow:established,from_client; content:"GET"; http_method; content:"/0c1.google|3f|t=0jqhvk9i"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"hx.m1y8v.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635656/; classtype:trojan-activity;sid:84498756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635655)"; flow:established,from_client; content:"GET"; http_method; content:"/zpuuqcq6t7.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m7.wy-72.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635655/; classtype:trojan-activity;sid:84498755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635654)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.53.199.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635654/; classtype:trojan-activity;sid:84498754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635653)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.75.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635653/; classtype:trojan-activity;sid:84498753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635652)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.165.21.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635652/; classtype:trojan-activity;sid:84498752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635651)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.86.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635651/; classtype:trojan-activity;sid:84498751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635650)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.207.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635650/; classtype:trojan-activity;sid:84498750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635648)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.i686"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"91.235.116.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635648/; classtype:trojan-activity;sid:84498748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635649)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.x86_64"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.235.116.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635649/; classtype:trojan-activity;sid:84498749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635646)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.mipsl"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"91.235.116.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635646/; classtype:trojan-activity;sid:84498746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635647)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm5"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"91.235.116.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635647/; classtype:trojan-activity;sid:84498747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635645)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.ppc440"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.235.116.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635645/; classtype:trojan-activity;sid:84498745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635644)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"91.235.116.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635644/; classtype:trojan-activity;sid:84498744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635642)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"91.235.116.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635642/; classtype:trojan-activity;sid:84498742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635643)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.ppc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"91.235.116.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635643/; classtype:trojan-activity;sid:84498743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635641)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.141.221.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635641/; classtype:trojan-activity;sid:84498741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635640)"; flow:established,from_client; content:"GET"; http_method; content:"/ar7w7k8nrv.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"tq1.wy-72.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635640/; classtype:trojan-activity;sid:84498740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635639)"; flow:established,from_client; content:"GET"; http_method; content:"/qk7.check|3f|t=jb1qtjox"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"d4.m1y8v.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635639/; classtype:trojan-activity;sid:84498739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635638)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.90.238.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635638/; classtype:trojan-activity;sid:84498738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635637)"; flow:established,from_client; content:"GET"; http_method; content:"/mic18p7zsi.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"qz9.n46uu.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635637/; classtype:trojan-activity;sid:84498737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635636)"; flow:established,from_client; content:"GET"; http_method; content:"/qk7.check|3f|t=4vpq0k0p"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"d4.m1y8v.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635636/; classtype:trojan-activity;sid:84498736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635635)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.199.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635635/; classtype:trojan-activity;sid:84498735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635634)"; flow:established,from_client; content:"GET"; http_method; content:"/n318j0k9nk.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"b2.wy-72.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635634/; classtype:trojan-activity;sid:84498734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635633)"; flow:established,from_client; content:"GET"; http_method; content:"/2x.google|3f|t=psj2ppei"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"n.m1y8v.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635633/; classtype:trojan-activity;sid:84498733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635632)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.207.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635632/; classtype:trojan-activity;sid:84498732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635631)"; flow:established,from_client; content:"GET"; http_method; content:"/mgaldafdh7.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"v2.n46uu.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635631/; classtype:trojan-activity;sid:84498731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635630)"; flow:established,from_client; content:"GET"; http_method; content:"/2x.google|3f|t=8sshegpc"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"n.m1y8v.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635630/; classtype:trojan-activity;sid:84498730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635629)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.86.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635629/; classtype:trojan-activity;sid:84498729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635628)"; flow:established,from_client; content:"GET"; http_method; content:"/w7q4.google|3f|t=k41t0jpe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"p2n.j0a8n.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635628/; classtype:trojan-activity;sid:84498728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635627)"; flow:established,from_client; content:"GET"; http_method; content:"/1r9t1fryjv.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"b2.wy-72.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635627/; classtype:trojan-activity;sid:84498727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635626)"; flow:established,from_client; content:"GET"; http_method; content:"/pj3zjjkzkm.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"x.wy-72.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635626/; classtype:trojan-activity;sid:84498726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635625)"; flow:established,from_client; content:"GET"; http_method; content:"/3m1.check|3f|t=p4zylbro"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"hv.j0a8n.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635625/; classtype:trojan-activity;sid:84498725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635624)"; flow:established,from_client; content:"GET"; http_method; content:"/2p7wx0sb0r.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"k.n46uu.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635624/; classtype:trojan-activity;sid:84498724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635623)"; flow:established,from_client; content:"GET"; http_method; content:"/3m1.check|3f|t=dalnvld6"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"hv.j0a8n.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635623/; classtype:trojan-activity;sid:84498723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635622)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.121.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635622/; classtype:trojan-activity;sid:84498722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635621)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.68.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635621/; classtype:trojan-activity;sid:84498721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635620)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.13.251.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635620/; classtype:trojan-activity;sid:84498720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635619)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.174.96.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635619/; classtype:trojan-activity;sid:84498719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635618)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.203.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635618/; classtype:trojan-activity;sid:84498718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635617)"; flow:established,from_client; content:"GET"; http_method; content:"/dvesdnm6xq.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"um.svga3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635617/; classtype:trojan-activity;sid:84498717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635616)"; flow:established,from_client; content:"GET"; http_method; content:"/k7p.google|3f|t=iiz1avaa"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"x9.j0a8n.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635616/; classtype:trojan-activity;sid:84498716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635615)"; flow:established,from_client; content:"GET"; http_method; content:"/k7p.google|3f|t=ta6d4so2"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"x9.j0a8n.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635615/; classtype:trojan-activity;sid:84498715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635614)"; flow:established,from_client; content:"GET"; http_method; content:"/exjykh7apa.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"n0.su-08.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635614/; classtype:trojan-activity;sid:84498714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635613)"; flow:established,from_client; content:"GET"; http_method; content:"/dq.check|3f|t=rj2jm380"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"t1.j0a8n.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635613/; classtype:trojan-activity;sid:84498713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635612)"; flow:established,from_client; content:"GET"; http_method; content:"/52rj0ao0cv.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"n0.su-08.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635612/; classtype:trojan-activity;sid:84498712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635611)"; flow:established,from_client; content:"GET"; http_method; content:"/rqol4j0r6d.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"um.svga3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635611/; classtype:trojan-activity;sid:84498711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635610)"; flow:established,from_client; content:"GET"; http_method; content:"/dq.check|3f|t=m3w0x2u9"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"t1.j0a8n.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635610/; classtype:trojan-activity;sid:84498710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635609)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.112.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635609/; classtype:trojan-activity;sid:84498709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635608)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.13.251.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635608/; classtype:trojan-activity;sid:84498708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635607)"; flow:established,from_client; content:"GET"; http_method; content:"/1sisoukjde.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"uh.svga3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635607/; classtype:trojan-activity;sid:84498707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635606)"; flow:established,from_client; content:"GET"; http_method; content:"/0a1.google|3f|t=m875icmv"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"qs.j0a8n.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635606/; classtype:trojan-activity;sid:84498706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635605)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.188.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635605/; classtype:trojan-activity;sid:84498705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635604)"; flow:established,from_client; content:"GET"; http_method; content:"/hnrblp4aof.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"e1.su-08.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635604/; classtype:trojan-activity;sid:84498704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635603)"; flow:established,from_client; content:"GET"; http_method; content:"/0a1.google|3f|t=3rtlxlb0"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"qs.j0a8n.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635603/; classtype:trojan-activity;sid:84498703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635602)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.174.96.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635602/; classtype:trojan-activity;sid:84498702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635601)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.242.55.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635601/; classtype:trojan-activity;sid:84498701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635600)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.160.35.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635600/; classtype:trojan-activity;sid:84498700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635594)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.114.108.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635594/; classtype:trojan-activity;sid:84498694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635595)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.85.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635595/; classtype:trojan-activity;sid:84498695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635596)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.127.170.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635596/; classtype:trojan-activity;sid:84498696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635597)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.177.98.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635597/; classtype:trojan-activity;sid:84498697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635598)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.215.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635598/; classtype:trojan-activity;sid:84498698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635599)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.86.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635599/; classtype:trojan-activity;sid:84498699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635591)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.162.189.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635591/; classtype:trojan-activity;sid:84498691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635592)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.110.181.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635592/; classtype:trojan-activity;sid:84498692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635593)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.233.247.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635593/; classtype:trojan-activity;sid:84498693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635590)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.62.75"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635590/; classtype:trojan-activity;sid:84498690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635588)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.226.192.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635588/; classtype:trojan-activity;sid:84498688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635589)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.162.189.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635589/; classtype:trojan-activity;sid:84498689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635587)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.188.78.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635587/; classtype:trojan-activity;sid:84498687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635585)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.26.226.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635585/; classtype:trojan-activity;sid:84498685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635586)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.118.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635586/; classtype:trojan-activity;sid:84498686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635584)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.151.158.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635584/; classtype:trojan-activity;sid:84498684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635582)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"96.33.62.53"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635582/; classtype:trojan-activity;sid:84498682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635583)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.133.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635583/; classtype:trojan-activity;sid:84498683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635581)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.210.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635581/; classtype:trojan-activity;sid:84498681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635580)"; flow:established,from_client; content:"GET"; http_method; content:"/c8c7011c8d8dce568489e4983fd4606e"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"x1.vototao9.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635580/; classtype:trojan-activity;sid:84498680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635578)"; flow:established,from_client; content:"GET"; http_method; content:"/xyxcnd5y0r.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qk2.su-08.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635578/; classtype:trojan-activity;sid:84498678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635579)"; flow:established,from_client; content:"GET"; http_method; content:"/7kz.check|3f|t=h0lzjfxc"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"m8.j0a8n.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635579/; classtype:trojan-activity;sid:84498679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635577)"; flow:established,from_client; content:"GET"; http_method; content:"/yfi5gpvouk.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ow.svga3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635577/; classtype:trojan-activity;sid:84498677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635576)"; flow:established,from_client; content:"GET"; http_method; content:"/7kz.check|3f|t=twvkyg6f"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"m8.j0a8n.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635576/; classtype:trojan-activity;sid:84498676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635575)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.10.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635575/; classtype:trojan-activity;sid:84498675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635574)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.118.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635574/; classtype:trojan-activity;sid:84498674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635573)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.10.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635573/; classtype:trojan-activity;sid:84498673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635572)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.249.178.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635572/; classtype:trojan-activity;sid:84498672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635571)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635571/; classtype:trojan-activity;sid:84498671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635570)"; flow:established,from_client; content:"GET"; http_method; content:"/15hvv5c21d.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"qi.svga3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635570/; classtype:trojan-activity;sid:84498670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635569)"; flow:established,from_client; content:"GET"; http_method; content:"/r2.google|3f|t=clae37vf"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"b.j0a8n.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635569/; classtype:trojan-activity;sid:84498669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635567)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.191.59.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635567/; classtype:trojan-activity;sid:84498667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635568)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635568/; classtype:trojan-activity;sid:84498668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635566)"; flow:established,from_client; content:"GET"; http_method; content:"/jin9cammz4.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"u5.su-08.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635566/; classtype:trojan-activity;sid:84498666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635565)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.148.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635565/; classtype:trojan-activity;sid:84498665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635564)"; flow:established,from_client; content:"GET"; http_method; content:"/r2.google|3f|t=30cmas2c"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"b.j0a8n.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635564/; classtype:trojan-activity;sid:84498664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635563)"; flow:established,from_client; content:"GET"; http_method; content:"/w1m3.google|3f|t=9f0ad58p"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"xq9.k6u7d.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635563/; classtype:trojan-activity;sid:84498663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635562)"; flow:established,from_client; content:"GET"; http_method; content:"/3asf4b50iv.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"qi.svga3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635562/; classtype:trojan-activity;sid:84498662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635561)"; flow:established,from_client; content:"GET"; http_method; content:"/w1m3.google|3f|t=5ip4z9yq"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"xq9.k6u7d.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635561/; classtype:trojan-activity;sid:84498661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635560)"; flow:established,from_client; content:"GET"; http_method; content:"/fvdcgjja69.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r.su-08.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635560/; classtype:trojan-activity;sid:84498660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635559)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.249.178.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635559/; classtype:trojan-activity;sid:84498659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635558)"; flow:established,from_client; content:"GET"; http_method; content:"/lh41rw7c9l.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r.su-08.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635558/; classtype:trojan-activity;sid:84498658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635557)"; flow:established,from_client; content:"GET"; http_method; content:"/t39.check|3f|t=k709l1cp"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"h7.k6u7d.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635557/; classtype:trojan-activity;sid:84498657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635555)"; flow:established,from_client; content:"GET"; http_method; content:"/1qj54q803d.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"za.svga3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635555/; classtype:trojan-activity;sid:84498655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635556)"; flow:established,from_client; content:"GET"; http_method; content:"/t39.check|3f|t=gj1a1ks8"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"h7.k6u7d.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635556/; classtype:trojan-activity;sid:84498656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635554)"; flow:established,from_client; content:"GET"; http_method; content:"/v75kjkfrav.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"yo.grjy2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635554/; classtype:trojan-activity;sid:84498654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635553)"; flow:established,from_client; content:"GET"; http_method; content:"/0xq.google|3f|t=5s1lbe8t"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"pv.k6u7d.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635553/; classtype:trojan-activity;sid:84498653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635552)"; flow:established,from_client; content:"GET"; http_method; content:"/1mspui2rnj.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r3.he-22.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635552/; classtype:trojan-activity;sid:84498652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635551)"; flow:established,from_client; content:"GET"; http_method; content:"/0xq.google|3f|t=ahhwq7ir"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"pv.k6u7d.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635551/; classtype:trojan-activity;sid:84498651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635550)"; flow:established,from_client; content:"GET"; http_method; content:"/m4d.check|3f|t=m7q84zsc"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"a1.k6u7d.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635550/; classtype:trojan-activity;sid:84498650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635549)"; flow:established,from_client; content:"GET"; http_method; content:"/s60266tuxp.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ye.grjy2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635549/; classtype:trojan-activity;sid:84498649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635548)"; flow:established,from_client; content:"GET"; http_method; content:"/s8jadhpcwf.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r3.he-22.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635548/; classtype:trojan-activity;sid:84498648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635547)"; flow:established,from_client; content:"GET"; http_method; content:"/m4d.check|3f|t=8cicma1h"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"a1.k6u7d.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635547/; classtype:trojan-activity;sid:84498647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635546)"; flow:established,from_client; content:"GET"; http_method; content:"/1r.google|3f|t=oydg97dd"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"zt.k6u7d.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635546/; classtype:trojan-activity;sid:84498646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635545)"; flow:established,from_client; content:"GET"; http_method; content:"/djdiffjdei.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k7.he-22.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635545/; classtype:trojan-activity;sid:84498645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635544)"; flow:established,from_client; content:"GET"; http_method; content:"/1r.google|3f|t=x7spe1na"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"zt.k6u7d.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635544/; classtype:trojan-activity;sid:84498644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635543)"; flow:established,from_client; content:"GET"; http_method; content:"/fqmt881jky.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ti.grjy2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635543/; classtype:trojan-activity;sid:84498643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635542)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"75.180.21.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635542/; classtype:trojan-activity;sid:84498642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635541)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.159.173.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635541/; classtype:trojan-activity;sid:84498641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635540)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.122.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635540/; classtype:trojan-activity;sid:84498640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635539)"; flow:established,from_client; content:"GET"; http_method; content:"/q8p.google|3f|t=7a1jw1lb"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"n3.k6u7d.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635539/; classtype:trojan-activity;sid:84498639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635538)"; flow:established,from_client; content:"GET"; http_method; content:"/xcaxku6kfy.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"aa9.he-22.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635538/; classtype:trojan-activity;sid:84498638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635537)"; flow:established,from_client; content:"GET"; http_method; content:"/tmca6mfsoz.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ta.grjy2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635537/; classtype:trojan-activity;sid:84498637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635536)"; flow:established,from_client; content:"GET"; http_method; content:"/q8p.google|3f|t=bh087b4p"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"n3.k6u7d.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635536/; classtype:trojan-activity;sid:84498636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635535)"; flow:established,from_client; content:"GET"; http_method; content:"/2a5y14ovrr.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ta.grjy2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635535/; classtype:trojan-activity;sid:84498635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635534)"; flow:established,from_client; content:"GET"; http_method; content:"/u9.check|3f|t=udy4sx0w"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"e.k6u7d.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635534/; classtype:trojan-activity;sid:84498634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635533)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.201.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635533/; classtype:trojan-activity;sid:84498633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635532)"; flow:established,from_client; content:"GET"; http_method; content:"/ldo7id7pwr.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"aa9.he-22.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635532/; classtype:trojan-activity;sid:84498632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635531)"; flow:established,from_client; content:"GET"; http_method; content:"/u9.check|3f|t=uy2cdykd"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"e.k6u7d.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635531/; classtype:trojan-activity;sid:84498631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635530)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.147.152.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635530/; classtype:trojan-activity;sid:84498630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635529)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1wfbv-eswpgh2v0t5z14ffl_ki3d1xtcb"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635529/; classtype:trojan-activity;sid:84498629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635528)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1v764cbhs6ympjo7dllx1s3wx3gzx971r"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635528/; classtype:trojan-activity;sid:84498628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635525)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1lvd81d5pgu7-jdtmuvjlfpda_akycv_m"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635525/; classtype:trojan-activity;sid:84498625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635526)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1d3gmp3jt1t3vwdvgspn6gldlgd6twwir"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635526/; classtype:trojan-activity;sid:84498626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635527)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1jfuj2qntnih-nwhisy73ftfimbtddyyh"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635527/; classtype:trojan-activity;sid:84498627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635524)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1rightx5qpgwguezaj9bmhhbyg5llo5c4"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635524/; classtype:trojan-activity;sid:84498624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635523)"; flow:established,from_client; content:"GET"; http_method; content:"/nueva%20carpeta/vmdocumenots.txt"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"hostphpwindowsdriversapp.duckdns.org"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635523/; classtype:trojan-activity;sid:84498623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635521)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=18_k8sfpg1iiao6pawge2pv4hceup68p9"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635521/; classtype:trojan-activity;sid:84498621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635522)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1qvwdyble_l_us8_rzcfscbgzujuwbcmi"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635522/; classtype:trojan-activity;sid:84498622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635520)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.122.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635520/; classtype:trojan-activity;sid:84498620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635519)"; flow:established,from_client; content:"GET"; http_method; content:"/u2r28e.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635519/; classtype:trojan-activity;sid:84498619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635518)"; flow:established,from_client; content:"GET"; http_method; content:"/nueva%20carpeta/copi.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"hostphpwindowsdriversapp.duckdns.org"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635518/; classtype:trojan-activity;sid:84498618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635517)"; flow:established,from_client; content:"GET"; http_method; content:"/download/optimized_msi_20250917/optimized_msi.png"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"archive.org"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635517/; classtype:trojan-activity;sid:84498617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635515)"; flow:established,from_client; content:"GET"; http_method; content:"/wftdlbwknrxbm242.bin"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"malverneng.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635515/; classtype:trojan-activity;sid:84498615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635516)"; flow:established,from_client; content:"GET"; http_method; content:"/squiddo/dnhfbtgs38.bin"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.iqadmex.com.mx"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635516/; classtype:trojan-activity;sid:84498616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635514)"; flow:established,from_client; content:"GET"; http_method; content:"/goularo.lzh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"malverneng.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635514/; classtype:trojan-activity;sid:84498614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635513)"; flow:established,from_client; content:"GET"; http_method; content:"/squiddo/iconsrer.msi"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.iqadmex.com.mx"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635513/; classtype:trojan-activity;sid:84498613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635512)"; flow:established,from_client; content:"GET"; http_method; content:"/sep12lnk/re-79304804392.pdf.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"static-obligations-baths-carnival.trycloudflare.com"; http_host; depth:51; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635512/; classtype:trojan-activity;sid:84498612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635511)"; flow:established,from_client; content:"GET"; http_method; content:"/psep22w/re-1z5390263730.pdf.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"static-obligations-baths-carnival.trycloudflare.com"; http_host; depth:51; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635511/; classtype:trojan-activity;sid:84498611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635510)"; flow:established,from_client; content:"GET"; http_method; content:"/sep12wsf/jkwep.wsf"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"static-obligations-baths-carnival.trycloudflare.com"; http_host; depth:51; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635510/; classtype:trojan-activity;sid:84498610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635509)"; flow:established,from_client; content:"GET"; http_method; content:"/sep22pdf/re-58039435.pdf.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"static-obligations-baths-carnival.trycloudflare.com"; http_host; depth:51; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635509/; classtype:trojan-activity;sid:84498609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635508)"; flow:established,from_client; content:"GET"; http_method; content:"/6bibrokn3t.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2.he-22.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635508/; classtype:trojan-activity;sid:84498608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635507)"; flow:established,from_client; content:"GET"; http_method; content:"/w904.google|3f|t=ma72n6rr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"v2n.x3u0s.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635507/; classtype:trojan-activity;sid:84498607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635505)"; flow:established,from_client; content:"GET"; http_method; content:"/se.bat"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pretty-ebony-feeds-ericsson.trycloudflare.com"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635505/; classtype:trojan-activity;sid:84498605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635506)"; flow:established,from_client; content:"GET"; http_method; content:"/oma4yr4ujk.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"re.grjy2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635506/; classtype:trojan-activity;sid:84498606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635504)"; flow:established,from_client; content:"GET"; http_method; content:"/w904.google|3f|t=mthzkobl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"v2n.x3u0s.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635504/; classtype:trojan-activity;sid:84498604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635503)"; flow:established,from_client; content:"GET"; http_method; content:"/sep22.bat"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"pretty-ebony-feeds-ericsson.trycloudflare.com"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635503/; classtype:trojan-activity;sid:84498603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635502)"; flow:established,from_client; content:"GET"; http_method; content:"/renhe.pfb"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"malverneng.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635502/; classtype:trojan-activity;sid:84498602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635501)"; flow:established,from_client; content:"GET"; http_method; content:"/vcljvewwhgslsyzekrykald70.bin"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"malverneng.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635501/; classtype:trojan-activity;sid:84498601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635500)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.168.2.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635500/; classtype:trojan-activity;sid:84498600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635499)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/yw17acktb09w1nw5pn20h/itinerary.js|3f|rlkey=n6ftt6svc2gzfd166c65dat9b|7c|26|7c|st=69tdlr1e|7c|26|7c|dl=1"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635499/; classtype:trojan-activity;sid:84498599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635498)"; flow:established,from_client; content:"GET"; http_method; content:"/h3q.check|3f|t=hnmjwpoa"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"tn.x3u0s.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635498/; classtype:trojan-activity;sid:84498598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635497)"; flow:established,from_client; content:"GET"; http_method; content:"/l2rrjikzju.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"g.he-22.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635497/; classtype:trojan-activity;sid:84498597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635496)"; flow:established,from_client; content:"GET"; http_method; content:"/h3q.check|3f|t=hk20zesi"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"tn.x3u0s.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635496/; classtype:trojan-activity;sid:84498596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635495)"; flow:established,from_client; content:"GET"; http_method; content:"/4fzwizt07k.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"pi.vhhe9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635495/; classtype:trojan-activity;sid:84498595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635493)"; flow:established,from_client; content:"GET"; http_method; content:"/sb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"199.168.98.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635493/; classtype:trojan-activity;sid:84498593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635494)"; flow:established,from_client; content:"GET"; http_method; content:"/9am.google|3f|t=6srp3cg8"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"x.x3u0s.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635494/; classtype:trojan-activity;sid:84498594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635492)"; flow:established,from_client; content:"GET"; http_method; content:"/l62l8rjh9j.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m2.mu-16.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635492/; classtype:trojan-activity;sid:84498592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635491)"; flow:established,from_client; content:"GET"; http_method; content:"/cb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"199.168.98.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635491/; classtype:trojan-activity;sid:84498591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635490)"; flow:established,from_client; content:"GET"; http_method; content:"/sl"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"199.168.98.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635490/; classtype:trojan-activity;sid:84498590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635489)"; flow:established,from_client; content:"GET"; http_method; content:"/cl"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"199.168.98.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635489/; classtype:trojan-activity;sid:84498589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635488)"; flow:established,from_client; content:"GET"; http_method; content:"/9am.google|3f|t=h5fgt9cp"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"x.x3u0s.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635488/; classtype:trojan-activity;sid:84498588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635487)"; flow:established,from_client; content:"GET"; http_method; content:"/lzn8ox8m2d.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"pi.vhhe9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635487/; classtype:trojan-activity;sid:84498587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635486)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.142.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635486/; classtype:trojan-activity;sid:84498586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635485)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.85.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635485/; classtype:trojan-activity;sid:84498585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635484)"; flow:established,from_client; content:"GET"; http_method; content:"/hgt.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"alpinreisan1.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635484/; classtype:trojan-activity;sid:84498584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635483)"; flow:established,from_client; content:"GET"; http_method; content:"/nl2vm7vx4i.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"pa.vhhe9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635483/; classtype:trojan-activity;sid:84498583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635482)"; flow:established,from_client; content:"GET"; http_method; content:"/za.check|3f|t=ynicble1"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"r1.x3u0s.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635482/; classtype:trojan-activity;sid:84498582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635481)"; flow:established,from_client; content:"GET"; http_method; content:"/sciw9idiri.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"aa9.mu-16.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635481/; classtype:trojan-activity;sid:84498581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635480)"; flow:established,from_client; content:"GET"; http_method; content:"/za.check|3f|t=bpex0usg"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"r1.x3u0s.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635480/; classtype:trojan-activity;sid:84498580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635479)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.212.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635479/; classtype:trojan-activity;sid:84498579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635478)"; flow:established,from_client; content:"GET"; http_method; content:"/bott174.mdp"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"shalouxt.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635478/; classtype:trojan-activity;sid:84498578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635477)"; flow:established,from_client; content:"GET"; http_method; content:"/usnacafrlphmkczmx242.bin"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"shalouxt.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635477/; classtype:trojan-activity;sid:84498577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635476)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.46.90.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635476/; classtype:trojan-activity;sid:84498576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635475)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.142.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635475/; classtype:trojan-activity;sid:84498575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635474)"; flow:established,from_client; content:"GET"; http_method; content:"/am9w78ffru.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ma.vhhe9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635474/; classtype:trojan-activity;sid:84498574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635473)"; flow:established,from_client; content:"GET"; http_method; content:"/0b2.google|3f|t=sjut7vsu"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"qz.x3u0s.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635473/; classtype:trojan-activity;sid:84498573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635472)"; flow:established,from_client; content:"GET"; http_method; content:"/nls0z1dp5j.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"xq0.mu-16.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635472/; classtype:trojan-activity;sid:84498572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635471)"; flow:established,from_client; content:"GET"; http_method; content:"/0b2.google|3f|t=u5699yrj"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"qz.x3u0s.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635471/; classtype:trojan-activity;sid:84498571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635470)"; flow:established,from_client; content:"GET"; http_method; content:"/0yovwcr6ly.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ma.vhhe9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635470/; classtype:trojan-activity;sid:84498570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635469)"; flow:established,from_client; content:"GET"; http_method; content:"/vnjubvbcy0.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"xq0.mu-16.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635469/; classtype:trojan-activity;sid:84498569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635468)"; flow:established,from_client; content:"GET"; http_method; content:"/tq3.check|3f|t=u5qrbe1o"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"m9.x3u0s.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635468/; classtype:trojan-activity;sid:84498568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635467)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/v1/object/public/nano/image.jpg"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"ybgctdtbzvgpdxjivafy.supabase.co"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635467/; classtype:trojan-activity;sid:84498567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635466)"; flow:established,from_client; content:"GET"; http_method; content:"/tq3.check|3f|t=4lagt6z2"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"m9.x3u0s.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635466/; classtype:trojan-activity;sid:84498566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635465)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.212.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635465/; classtype:trojan-activity;sid:84498565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635464)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.74.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635464/; classtype:trojan-activity;sid:84498564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635463)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.46.90.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635463/; classtype:trojan-activity;sid:84498563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635459)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"161.97.149.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635459/; classtype:trojan-activity;sid:84498559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635460)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i468"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"89.32.41.64"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635460/; classtype:trojan-activity;sid:84498560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635461)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86_64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"89.32.41.64"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635461/; classtype:trojan-activity;sid:84498561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635462)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i686"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"89.32.41.64"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635462/; classtype:trojan-activity;sid:84498562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635458)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"161.97.149.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635458/; classtype:trojan-activity;sid:84498558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635457)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.171.177.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635457/; classtype:trojan-activity;sid:84498557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635455)"; flow:established,from_client; content:"GET"; http_method; content:"/tnwhkhsqgnikokpfyie152.bin"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"104.168.5.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635455/; classtype:trojan-activity;sid:84498555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635456)"; flow:established,from_client; content:"GET"; http_method; content:"/cvskqhm.html"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"104.168.5.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635456/; classtype:trojan-activity;sid:84498556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635453)"; flow:established,from_client; content:"GET"; http_method; content:"/bfwcqobhdlymnxzjgxcj6.bin"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"104.168.5.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635453/; classtype:trojan-activity;sid:84498553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635454)"; flow:established,from_client; content:"GET"; http_method; content:"/heskv214.bin"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"104.168.5.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635454/; classtype:trojan-activity;sid:84498554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635452)"; flow:established,from_client; content:"GET"; http_method; content:"/xwca2t7kpz.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"lo.vhhe9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635452/; classtype:trojan-activity;sid:84498552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635451)"; flow:established,from_client; content:"GET"; http_method; content:"/k7.google|3f|t=brjbbxc7"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"a.x3u0s.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635451/; classtype:trojan-activity;sid:84498551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635450)"; flow:established,from_client; content:"GET"; http_method; content:"/r6uw86ny4q.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c5.mu-16.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635450/; classtype:trojan-activity;sid:84498550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635449)"; flow:established,from_client; content:"GET"; http_method; content:"/k7.google|3f|t=m59wed4f"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"a.x3u0s.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635449/; classtype:trojan-activity;sid:84498549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635448)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.71.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635448/; classtype:trojan-activity;sid:84498548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635446)"; flow:established,from_client; content:"GET"; http_method; content:"/o.xml"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.94.31.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635446/; classtype:trojan-activity;sid:84498546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635447)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/o.xml"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.94.31.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635447/; classtype:trojan-activity;sid:84498547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635443)"; flow:established,from_client; content:"GET"; http_method; content:"/dlrs/dlrs.ppcl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635443/; classtype:trojan-activity;sid:84498543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635444)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"84.201.5.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635444/; classtype:trojan-activity;sid:84498544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635445)"; flow:established,from_client; content:"GET"; http_method; content:"/2.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.94.31.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635445/; classtype:trojan-activity;sid:84498545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635435)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"84.201.5.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635435/; classtype:trojan-activity;sid:84498535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635436)"; flow:established,from_client; content:"GET"; http_method; content:"/dlrs/dlrs.arm5l"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635436/; classtype:trojan-activity;sid:84498536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635437)"; flow:established,from_client; content:"GET"; http_method; content:"/cr.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635437/; classtype:trojan-activity;sid:84498537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635438)"; flow:established,from_client; content:"GET"; http_method; content:"/dlrs/dlrs.sh4l"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635438/; classtype:trojan-activity;sid:84498538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635439)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"84.201.5.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635439/; classtype:trojan-activity;sid:84498539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635440)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"84.201.5.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635440/; classtype:trojan-activity;sid:84498540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635441)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"84.201.5.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635441/; classtype:trojan-activity;sid:84498541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635442)"; flow:established,from_client; content:"GET"; http_method; content:"/dlrs/dlrs.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635442/; classtype:trojan-activity;sid:84498542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635422)"; flow:established,from_client; content:"GET"; http_method; content:"/w2.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635422/; classtype:trojan-activity;sid:84498522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635423)"; flow:established,from_client; content:"GET"; http_method; content:"/tplink.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635423/; classtype:trojan-activity;sid:84498523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635424)"; flow:established,from_client; content:"GET"; http_method; content:"/dlrs/dlrs.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635424/; classtype:trojan-activity;sid:84498524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635425)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"84.201.5.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635425/; classtype:trojan-activity;sid:84498525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635426)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"84.201.5.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635426/; classtype:trojan-activity;sid:84498526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635427)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"84.201.5.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635427/; classtype:trojan-activity;sid:84498527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635428)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"84.201.5.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635428/; classtype:trojan-activity;sid:84498528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635429)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"84.201.5.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635429/; classtype:trojan-activity;sid:84498529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635430)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"84.201.5.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635430/; classtype:trojan-activity;sid:84498530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635431)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"84.201.5.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635431/; classtype:trojan-activity;sid:84498531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635432)"; flow:established,from_client; content:"GET"; http_method; content:"/dlrs/dlrs.mpsll"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635432/; classtype:trojan-activity;sid:84498532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635433)"; flow:established,from_client; content:"GET"; http_method; content:"/dlrs/dlrs.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635433/; classtype:trojan-activity;sid:84498533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635434)"; flow:established,from_client; content:"GET"; http_method; content:"/dlrs/dlrs.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635434/; classtype:trojan-activity;sid:84498534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635408)"; flow:established,from_client; content:"GET"; http_method; content:"/dlrs/dlrs.i586l"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635408/; classtype:trojan-activity;sid:84498508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635409)"; flow:established,from_client; content:"GET"; http_method; content:"/dlrs/dlrs.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635409/; classtype:trojan-activity;sid:84498509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635410)"; flow:established,from_client; content:"GET"; http_method; content:"/dlrs/dlrs.i586"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635410/; classtype:trojan-activity;sid:84498510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635411)"; flow:established,from_client; content:"GET"; http_method; content:"/dlrs/dlrs.arm7l"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635411/; classtype:trojan-activity;sid:84498511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635412)"; flow:established,from_client; content:"GET"; http_method; content:"/dlrs/dlrs.m68kl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635412/; classtype:trojan-activity;sid:84498512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635413)"; flow:established,from_client; content:"GET"; http_method; content:"/wget2.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635413/; classtype:trojan-activity;sid:84498513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635414)"; flow:established,from_client; content:"GET"; http_method; content:"/dlrs/dlrs.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635414/; classtype:trojan-activity;sid:84498514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635415)"; flow:established,from_client; content:"GET"; http_method; content:"/dlrs/dlrs.x86_64l"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635415/; classtype:trojan-activity;sid:84498515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635416)"; flow:established,from_client; content:"GET"; http_method; content:"/dlrs/dlrs.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635416/; classtype:trojan-activity;sid:84498516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635417)"; flow:established,from_client; content:"GET"; http_method; content:"/dlrs/dlrs.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635417/; classtype:trojan-activity;sid:84498517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635418)"; flow:established,from_client; content:"GET"; http_method; content:"/hik.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635418/; classtype:trojan-activity;sid:84498518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635419)"; flow:established,from_client; content:"GET"; http_method; content:"/dlrs/dlrs.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635419/; classtype:trojan-activity;sid:84498519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635420)"; flow:established,from_client; content:"GET"; http_method; content:"/dlrs/dlrs.mipsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635420/; classtype:trojan-activity;sid:84498520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635421)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.94.31.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635421/; classtype:trojan-activity;sid:84498521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635406)"; flow:established,from_client; content:"GET"; http_method; content:"/dlrs/dlrs.arm6l"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635406/; classtype:trojan-activity;sid:84498506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635407)"; flow:established,from_client; content:"GET"; http_method; content:"/dlrs/dlrs.i686l"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635407/; classtype:trojan-activity;sid:84498507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635405)"; flow:established,from_client; content:"GET"; http_method; content:"/giga.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635405/; classtype:trojan-activity;sid:84498505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635404)"; flow:established,from_client; content:"GET"; http_method; content:"/dlrs/dlrs.spcl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635404/; classtype:trojan-activity;sid:84498504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635402)"; flow:established,from_client; content:"GET"; http_method; content:"/dlrs/dlrs.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635402/; classtype:trojan-activity;sid:84498502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635403)"; flow:established,from_client; content:"GET"; http_method; content:"/toot"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635403/; classtype:trojan-activity;sid:84498503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635401)"; flow:established,from_client; content:"GET"; http_method; content:"/dlrs/dlrs.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635401/; classtype:trojan-activity;sid:84498501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635400)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7687975642/0eznzvf.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635400/; classtype:trojan-activity;sid:84498500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635399)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6012304042/vkgso6q.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635399/; classtype:trojan-activity;sid:84498499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635398)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/389"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"paste.isomorphis.me"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635398/; classtype:trojan-activity;sid:84498498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635397)"; flow:established,from_client; content:"GET"; http_method; content:"/newdef/random.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635397/; classtype:trojan-activity;sid:84498497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635396)"; flow:established,from_client; content:"GET"; http_method; content:"/dlrs/dlrs.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635396/; classtype:trojan-activity;sid:84498496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635394)"; flow:established,from_client; content:"GET"; http_method; content:"/toto.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635394/; classtype:trojan-activity;sid:84498494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635395)"; flow:established,from_client; content:"GET"; http_method; content:"/dlrs/dlrs.x86_32"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635395/; classtype:trojan-activity;sid:84498495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635393)"; flow:established,from_client; content:"GET"; http_method; content:"/dlrs/dlrs.arml"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635393/; classtype:trojan-activity;sid:84498493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635389)"; flow:established,from_client; content:"GET"; http_method; content:"/dlrs/dlrs.x86l"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635389/; classtype:trojan-activity;sid:84498489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635390)"; flow:established,from_client; content:"GET"; http_method; content:"/dlrs/dlrs.x86_32l"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635390/; classtype:trojan-activity;sid:84498490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635391)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.32.41.64"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635391/; classtype:trojan-activity;sid:84498491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635392)"; flow:established,from_client; content:"GET"; http_method; content:"/dlrs/dlrs.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635392/; classtype:trojan-activity;sid:84498492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635388)"; flow:established,from_client; content:"GET"; http_method; content:"/dno/filed.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635388/; classtype:trojan-activity;sid:84498488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635387)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.74.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635387/; classtype:trojan-activity;sid:84498487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635386)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.171.177.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635386/; classtype:trojan-activity;sid:84498486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635385)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.98.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635385/; classtype:trojan-activity;sid:84498485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635384)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"91.235.116.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635384/; classtype:trojan-activity;sid:84498484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635383)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm6"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"91.235.116.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635383/; classtype:trojan-activity;sid:84498483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635376)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.237.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635376/; classtype:trojan-activity;sid:84498476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635377)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"91.235.116.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635377/; classtype:trojan-activity;sid:84498477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635378)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"91.235.116.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635378/; classtype:trojan-activity;sid:84498478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635379)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm7"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"91.235.116.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635379/; classtype:trojan-activity;sid:84498479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635380)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"91.235.116.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635380/; classtype:trojan-activity;sid:84498480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635381)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.x86_32"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.235.116.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635381/; classtype:trojan-activity;sid:84498481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635382)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.i486"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"91.235.116.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635382/; classtype:trojan-activity;sid:84498482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635375)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.245.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635375/; classtype:trojan-activity;sid:84498475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635374)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.32.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635374/; classtype:trojan-activity;sid:84498474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635373)"; flow:established,from_client; content:"GET"; http_method; content:"/lgkd0uzx1e.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"id.vhhe9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635373/; classtype:trojan-activity;sid:84498473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635372)"; flow:established,from_client; content:"GET"; http_method; content:"/xkq.google|3f|t=ix47cuwr"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ye.txso-1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635372/; classtype:trojan-activity;sid:84498472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635371)"; flow:established,from_client; content:"GET"; http_method; content:"/899suaxuei.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"l.mu-16.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635371/; classtype:trojan-activity;sid:84498471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635370)"; flow:established,from_client; content:"GET"; http_method; content:"/xkq.google|3f|t=kck09j8l"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ye.txso-1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635370/; classtype:trojan-activity;sid:84498470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635369)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.98.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635369/; classtype:trojan-activity;sid:84498469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635368)"; flow:established,from_client; content:"GET"; http_method; content:"/2w1db5rrui.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"id.vhhe9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635368/; classtype:trojan-activity;sid:84498468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635367)"; flow:established,from_client; content:"GET"; http_method; content:"/rg.check|3f|t=lh5pn354"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ya.txso-1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635367/; classtype:trojan-activity;sid:84498467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635366)"; flow:established,from_client; content:"GET"; http_method; content:"/rg.check|3f|t=j9qtf88u"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ya.txso-1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635366/; classtype:trojan-activity;sid:84498466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635365)"; flow:established,from_client; content:"GET"; http_method; content:"/vyb24y810b.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"l.mu-16.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635365/; classtype:trojan-activity;sid:84498465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635364)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.245.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635364/; classtype:trojan-activity;sid:84498464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635363)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.60.224.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635363/; classtype:trojan-activity;sid:84498463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635362)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.32.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635362/; classtype:trojan-activity;sid:84498462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635361)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.120.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635361/; classtype:trojan-activity;sid:84498461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635360)"; flow:established,from_client; content:"GET"; http_method; content:"/1tvr65corl.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ho.jdho3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635360/; classtype:trojan-activity;sid:84498460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635359)"; flow:established,from_client; content:"GET"; http_method; content:"/rsn.google|3f|t=m1dfxzgs"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"xu.txso-1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635359/; classtype:trojan-activity;sid:84498459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635358)"; flow:established,from_client; content:"GET"; http_method; content:"/h4b5q5bcvx.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"aa.fa-99.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635358/; classtype:trojan-activity;sid:84498458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635357)"; flow:established,from_client; content:"GET"; http_method; content:"/rsn.google|3f|t=38ua69ox"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"xu.txso-1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635357/; classtype:trojan-activity;sid:84498457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635356)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.41.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635356/; classtype:trojan-activity;sid:84498456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635355)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7782139129/nfeyuoz.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635355/; classtype:trojan-activity;sid:84498455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635354)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7559408112/wpnajnt.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635354/; classtype:trojan-activity;sid:84498454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635353)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.248.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635353/; classtype:trojan-activity;sid:84498453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635352)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.120.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635352/; classtype:trojan-activity;sid:84498452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635351)"; flow:established,from_client; content:"GET"; http_method; content:"/afu.check|3f|t=n493krau"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"xi.txso-1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635351/; classtype:trojan-activity;sid:84498451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635349)"; flow:established,from_client; content:"GET"; http_method; content:"/mdk8xmiu0e.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ha.jdho3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635349/; classtype:trojan-activity;sid:84498449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635350)"; flow:established,from_client; content:"GET"; http_method; content:"/0fflh13eip.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"h1.fa-99.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635350/; classtype:trojan-activity;sid:84498450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635348)"; flow:established,from_client; content:"GET"; http_method; content:"/afu.check|3f|t=yd0y4azg"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"xi.txso-1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635348/; classtype:trojan-activity;sid:84498448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635347)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.203.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635347/; classtype:trojan-activity;sid:84498447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635346)"; flow:established,from_client; content:"GET"; http_method; content:"/oh7.google|3f|t=r6rgpboy"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"wo.txso-1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635346/; classtype:trojan-activity;sid:84498446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635345)"; flow:established,from_client; content:"GET"; http_method; content:"/fndhbpr0x7.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pz8.fa-99.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635345/; classtype:trojan-activity;sid:84498445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635344)"; flow:established,from_client; content:"GET"; http_method; content:"/q6m06o2od2.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ha.jdho3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635344/; classtype:trojan-activity;sid:84498444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635343)"; flow:established,from_client; content:"GET"; http_method; content:"/oh7.google|3f|t=lh4ldfka"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"wo.txso-1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635343/; classtype:trojan-activity;sid:84498443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635342)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.173.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635342/; classtype:trojan-activity;sid:84498442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635341)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.197.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635341/; classtype:trojan-activity;sid:84498441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635340)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.45.72"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635340/; classtype:trojan-activity;sid:84498440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635339)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.6.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635339/; classtype:trojan-activity;sid:84498439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635338)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.197.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635338/; classtype:trojan-activity;sid:84498438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635337)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.248.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635337/; classtype:trojan-activity;sid:84498437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635336)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.144.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635336/; classtype:trojan-activity;sid:84498436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635335)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.238.119.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635335/; classtype:trojan-activity;sid:84498435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635334)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.6.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635334/; classtype:trojan-activity;sid:84498434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635333)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.242.96.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635333/; classtype:trojan-activity;sid:84498433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635332)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.159.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635332/; classtype:trojan-activity;sid:84498432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635331)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.228.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635331/; classtype:trojan-activity;sid:84498431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635330)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.79.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635330/; classtype:trojan-activity;sid:84498430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635328)"; flow:established,from_client; content:"GET"; http_method; content:"/2zp3eok83i.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"w4.fa-99.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635328/; classtype:trojan-activity;sid:84498428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635329)"; flow:established,from_client; content:"GET"; http_method; content:"/gh4y5qhl1f.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ex.jdho3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635329/; classtype:trojan-activity;sid:84498429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635326)"; flow:established,from_client; content:"GET"; http_method; content:"/27e.check|3f|t=u7oog8gy"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"we.xrly-8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635326/; classtype:trojan-activity;sid:84498426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635327)"; flow:established,from_client; content:"GET"; http_method; content:"/27e.check|3f|t=wahgwsga"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"we.xrly-8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635327/; classtype:trojan-activity;sid:84498427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635325)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.71.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635325/; classtype:trojan-activity;sid:84498425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635324)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.149.119.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635324/; classtype:trojan-activity;sid:84498424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635323)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.84.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635323/; classtype:trojan-activity;sid:84498423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635322)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.228.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635322/; classtype:trojan-activity;sid:84498422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635320)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.159.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635320/; classtype:trojan-activity;sid:84498420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635321)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.238.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635321/; classtype:trojan-activity;sid:84498421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635319)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.114.255"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635319/; classtype:trojan-activity;sid:84498419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635318)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"189.131.181.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635318/; classtype:trojan-activity;sid:84498418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635317)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.84.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635317/; classtype:trojan-activity;sid:84498417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635316)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"79.106.247.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635316/; classtype:trojan-activity;sid:84498416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635315)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.188.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635315/; classtype:trojan-activity;sid:84498415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635314)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.188.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635314/; classtype:trojan-activity;sid:84498414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635313)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.0.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635313/; classtype:trojan-activity;sid:84498413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635312)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.192.248.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635312/; classtype:trojan-activity;sid:84498412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635310)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.180.11.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635310/; classtype:trojan-activity;sid:84498410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635311)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.177.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635311/; classtype:trojan-activity;sid:84498411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635309)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.192.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635309/; classtype:trojan-activity;sid:84498409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635307)"; flow:established,from_client; content:"GET"; http_method; content:"/am94zurex5.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"d.fa-99.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635307/; classtype:trojan-activity;sid:84498407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635308)"; flow:established,from_client; content:"GET"; http_method; content:"/muha8fiyqm.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"er.jdho3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635308/; classtype:trojan-activity;sid:84498408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635305)"; flow:established,from_client; content:"GET"; http_method; content:"/bg.check|3f|t=iekea42g"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ut.xrly-8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635305/; classtype:trojan-activity;sid:84498405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635306)"; flow:established,from_client; content:"GET"; http_method; content:"/bg.check|3f|t=hkzy6qcv"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ut.xrly-8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635306/; classtype:trojan-activity;sid:84498406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635304)"; flow:established,from_client; content:"GET"; http_method; content:"/r6qxbvrs0r.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"hm.jo-59.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635304/; classtype:trojan-activity;sid:84498404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635303)"; flow:established,from_client; content:"GET"; http_method; content:"/z1.google|3f|t=s0pydt0g"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"us.xrly-8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635303/; classtype:trojan-activity;sid:84498403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635301)"; flow:established,from_client; content:"GET"; http_method; content:"/z1.google|3f|t=o5h7h1ms"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"us.xrly-8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635301/; classtype:trojan-activity;sid:84498401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635302)"; flow:established,from_client; content:"GET"; http_method; content:"/ze12imgxrr.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"eh.jdho3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635302/; classtype:trojan-activity;sid:84498402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635300)"; flow:established,from_client; content:"GET"; http_method; content:"/t4cymjwnxt.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"hm.jo-59.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635300/; classtype:trojan-activity;sid:84498400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635299)"; flow:established,from_client; content:"GET"; http_method; content:"/op.check|3f|t=y6h2uvfh"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ur.xrly-8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635299/; classtype:trojan-activity;sid:84498399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635298)"; flow:established,from_client; content:"GET"; http_method; content:"/ho27gztb80.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"eh.jdho3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635298/; classtype:trojan-activity;sid:84498398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635297)"; flow:established,from_client; content:"GET"; http_method; content:"/op.check|3f|t=639g2ew1"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ur.xrly-8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635297/; classtype:trojan-activity;sid:84498397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635296)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.192.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635296/; classtype:trojan-activity;sid:84498396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635295)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"138.255.176.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635295/; classtype:trojan-activity;sid:84498395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635294)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.176.101.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635294/; classtype:trojan-activity;sid:84498394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635293)"; flow:established,from_client; content:"GET"; http_method; content:"/ru2rdju1uk.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ah.qjxo4.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635293/; classtype:trojan-activity;sid:84498393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635292)"; flow:established,from_client; content:"GET"; http_method; content:"/8p0fe75v2s.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t1.jo-59.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635292/; classtype:trojan-activity;sid:84498392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635290)"; flow:established,from_client; content:"GET"; http_method; content:"/ulw.google|3f|t=kx7sodyd"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"up.xrly-8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635290/; classtype:trojan-activity;sid:84498390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635291)"; flow:established,from_client; content:"GET"; http_method; content:"/ulw.google|3f|t=0rbgvztj"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"up.xrly-8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635291/; classtype:trojan-activity;sid:84498391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635289)"; flow:established,from_client; content:"GET"; http_method; content:"/uahw736ml7.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ah.qjxo4.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635289/; classtype:trojan-activity;sid:84498389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635288)"; flow:established,from_client; content:"GET"; http_method; content:"/3s.google|3f|t=5wftq4y7"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"un.xvqy-8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635288/; classtype:trojan-activity;sid:84498388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635287)"; flow:established,from_client; content:"GET"; http_method; content:"/pxsbgt4mle.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qz9.jo-59.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635287/; classtype:trojan-activity;sid:84498387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635286)"; flow:established,from_client; content:"GET"; http_method; content:"/3s.google|3f|t=0p1pdnrm"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"un.xvqy-8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635286/; classtype:trojan-activity;sid:84498386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635285)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"138.255.176.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635285/; classtype:trojan-activity;sid:84498385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635284)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.176.101.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635284/; classtype:trojan-activity;sid:84498384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635283)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.254.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635283/; classtype:trojan-activity;sid:84498383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635282)"; flow:established,from_client; content:"GET"; http_method; content:"/5p1u59vyvv.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2.jo-59.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635282/; classtype:trojan-activity;sid:84498382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635281)"; flow:established,from_client; content:"GET"; http_method; content:"/4ar.check|3f|t=e1aztgkj"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"um.xvqy-8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635281/; classtype:trojan-activity;sid:84498381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635280)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.254.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635280/; classtype:trojan-activity;sid:84498380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635279)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.163.13.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635279/; classtype:trojan-activity;sid:84498379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635278)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.143.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635278/; classtype:trojan-activity;sid:84498378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635277)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.231.101.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635277/; classtype:trojan-activity;sid:84498377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635275)"; flow:established,from_client; content:"GET"; http_method; content:"/8vp.check|3f|t=lo9o07yt"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"uh.xvqy-8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635275/; classtype:trojan-activity;sid:84498375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635276)"; flow:established,from_client; content:"GET"; http_method; content:"/75cr9n324z.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k.jo-59.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635276/; classtype:trojan-activity;sid:84498376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635274)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.188.80.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635274/; classtype:trojan-activity;sid:84498374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635273)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.163.13.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635273/; classtype:trojan-activity;sid:84498373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635272)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.176.244.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635272/; classtype:trojan-activity;sid:84498372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635271)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.166.112.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635271/; classtype:trojan-activity;sid:84498371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635270)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.199.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635270/; classtype:trojan-activity;sid:84498370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635269)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.231.101.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635269/; classtype:trojan-activity;sid:84498369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635268)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.179.233.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635268/; classtype:trojan-activity;sid:84498368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635267)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.5.4.197"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635267/; classtype:trojan-activity;sid:84498367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635266)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.159.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635266/; classtype:trojan-activity;sid:84498366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635265)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.184.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635265/; classtype:trojan-activity;sid:84498365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635264)"; flow:established,from_client; content:"GET"; http_method; content:"/6lg.google|3f|t=gfyzl96r"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ti.xvqy-8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635264/; classtype:trojan-activity;sid:84498364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635263)"; flow:established,from_client; content:"GET"; http_method; content:"/zllhsyziyb.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t1.w-70a.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635263/; classtype:trojan-activity;sid:84498363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635262)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.199.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635262/; classtype:trojan-activity;sid:84498362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635261)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.76.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635261/; classtype:trojan-activity;sid:84498361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635260)"; flow:established,from_client; content:"GET"; http_method; content:"/fgyrv4hpvc.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qz9.w-70a.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635260/; classtype:trojan-activity;sid:84498360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635259)"; flow:established,from_client; content:"GET"; http_method; content:"/5lg.check|3f|t=lnlt7n9i"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ta.wzhy-1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635259/; classtype:trojan-activity;sid:84498359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635258)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.233.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635258/; classtype:trojan-activity;sid:84498358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635257)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.184.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635257/; classtype:trojan-activity;sid:84498357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635255)"; flow:established,from_client; content:"GET"; http_method; content:"/y3h.check|3f|t=werdjh5k"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"so.wzhy-1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635255/; classtype:trojan-activity;sid:84498355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635256)"; flow:established,from_client; content:"GET"; http_method; content:"/0xjepo4fyp.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2.w-70a.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635256/; classtype:trojan-activity;sid:84498356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635254)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.76.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635254/; classtype:trojan-activity;sid:84498354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635253)"; flow:established,from_client; content:"GET"; http_method; content:"/5610zglqsp.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2.w-70a.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635253/; classtype:trojan-activity;sid:84498353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635252)"; flow:established,from_client; content:"GET"; http_method; content:"/wg.check|3f|t=gfibdr2h"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"si.wzhy-1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635252/; classtype:trojan-activity;sid:84498352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635251)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.159.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635251/; classtype:trojan-activity;sid:84498351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635250)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.74.34.75"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635250/; classtype:trojan-activity;sid:84498350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635249)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635249/; classtype:trojan-activity;sid:84498349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635248)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.94.31.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635248/; classtype:trojan-activity;sid:84498348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635238)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/px86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.94.31.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635238/; classtype:trojan-activity;sid:84498338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635239)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.94.31.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635239/; classtype:trojan-activity;sid:84498339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635240)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pspc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.94.31.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635240/; classtype:trojan-activity;sid:84498340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635241)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/psh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.94.31.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635241/; classtype:trojan-activity;sid:84498341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635242)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pm68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.94.31.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635242/; classtype:trojan-activity;sid:84498342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635243)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pmips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.94.31.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635243/; classtype:trojan-activity;sid:84498343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635244)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pmpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.94.31.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635244/; classtype:trojan-activity;sid:84498344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635245)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.135.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635245/; classtype:trojan-activity;sid:84498345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635246)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.94.31.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635246/; classtype:trojan-activity;sid:84498346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635247)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.94.31.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635247/; classtype:trojan-activity;sid:84498347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635237)"; flow:established,from_client; content:"GET"; http_method; content:"/a1tt4twbih.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k.w-70a.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635237/; classtype:trojan-activity;sid:84498337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635236)"; flow:established,from_client; content:"GET"; http_method; content:"/n3.google|3f|t=ufbmugfc"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"re.wzhy-1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635236/; classtype:trojan-activity;sid:84498336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635235)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.243.176.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635235/; classtype:trojan-activity;sid:84498335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635233)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.206.50.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635233/; classtype:trojan-activity;sid:84498333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635234)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.71.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635234/; classtype:trojan-activity;sid:84498334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635229)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"166.88.239.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635229/; classtype:trojan-activity;sid:84498329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635230)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"166.88.239.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635230/; classtype:trojan-activity;sid:84498330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635231)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"166.88.239.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635231/; classtype:trojan-activity;sid:84498331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635232)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.37.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635232/; classtype:trojan-activity;sid:84498332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635228)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.135.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635228/; classtype:trojan-activity;sid:84498328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635227)"; flow:established,from_client; content:"GET"; http_method; content:"/192.google|3f|t=72xkhg15"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"qi.tsqe-2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635227/; classtype:trojan-activity;sid:84498327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635226)"; flow:established,from_client; content:"GET"; http_method; content:"/hf6krwzt8f.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"g4.v-03e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635226/; classtype:trojan-activity;sid:84498326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635225)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.216.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635225/; classtype:trojan-activity;sid:84498325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635224)"; flow:established,from_client; content:"GET"; http_method; content:"/s2rd8n6pfy.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pm7.v-03e.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635224/; classtype:trojan-activity;sid:84498324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635223)"; flow:established,from_client; content:"GET"; http_method; content:"/0a.check|3f|t=xm76a87o"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"pi.tsqe-2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635223/; classtype:trojan-activity;sid:84498323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635222)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.121.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635222/; classtype:trojan-activity;sid:84498322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635221)"; flow:established,from_client; content:"GET"; http_method; content:"/bywla3e8kj.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k4.v-03e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635221/; classtype:trojan-activity;sid:84498321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635220)"; flow:established,from_client; content:"GET"; http_method; content:"/5mz.google|3f|t=di45mgzq"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"pe.tsqe-2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635220/; classtype:trojan-activity;sid:84498320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635219)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.4.186.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635219/; classtype:trojan-activity;sid:84498319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635218)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.4.186.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635218/; classtype:trojan-activity;sid:84498318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635217)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.216.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635217/; classtype:trojan-activity;sid:84498317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635216)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.121.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635216/; classtype:trojan-activity;sid:84498316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635215)"; flow:established,from_client; content:"GET"; http_method; content:"/7w1s3vvnke.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"y.v-03e.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635215/; classtype:trojan-activity;sid:84498315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635214)"; flow:established,from_client; content:"GET"; http_method; content:"/d7k.google|3f|t=pvr6ltk8"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"pa.tsqe-2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635214/; classtype:trojan-activity;sid:84498314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635213)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.96.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635213/; classtype:trojan-activity;sid:84498313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635212)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.202.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635212/; classtype:trojan-activity;sid:84498312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635211)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.24.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635211/; classtype:trojan-activity;sid:84498311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635210)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.141.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635210/; classtype:trojan-activity;sid:84498310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635209)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.202.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635209/; classtype:trojan-activity;sid:84498309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635208)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.176.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635208/; classtype:trojan-activity;sid:84498308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635207)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.84.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635207/; classtype:trojan-activity;sid:84498307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635206)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.126.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635206/; classtype:trojan-activity;sid:84498306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635205)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.164.96.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635205/; classtype:trojan-activity;sid:84498305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635204)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.138.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635204/; classtype:trojan-activity;sid:84498304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635203)"; flow:established,from_client; content:"GET"; http_method; content:"/33o.google|3f|t=6dgx505a"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"os.tfpe-6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635203/; classtype:trojan-activity;sid:84498303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635202)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.176.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635202/; classtype:trojan-activity;sid:84498302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635201)"; flow:established,from_client; content:"GET"; http_method; content:"/3z55njt7ij.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"z3.h-35i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635201/; classtype:trojan-activity;sid:84498301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635200)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.230.250.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635200/; classtype:trojan-activity;sid:84498300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635199)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.214.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635199/; classtype:trojan-activity;sid:84498299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635198)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.233.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635198/; classtype:trojan-activity;sid:84498298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635197)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.138.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635197/; classtype:trojan-activity;sid:84498297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635196)"; flow:established,from_client; content:"GET"; http_method; content:"/b9opoyh8ve.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qm9.h-35i.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635196/; classtype:trojan-activity;sid:84498296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635195)"; flow:established,from_client; content:"GET"; http_method; content:"/yd.check|3f|t=qr58hmds"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"or.tfpe-6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635195/; classtype:trojan-activity;sid:84498295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635194)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.161.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635194/; classtype:trojan-activity;sid:84498294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635193)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.233.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635193/; classtype:trojan-activity;sid:84498293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635192)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.147.243.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635192/; classtype:trojan-activity;sid:84498292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635191)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.166.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635191/; classtype:trojan-activity;sid:84498291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635190)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.138.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635190/; classtype:trojan-activity;sid:84498290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635189)"; flow:established,from_client; content:"GET"; http_method; content:"/gfjcmgxbf7.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"u1.h-35i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635189/; classtype:trojan-activity;sid:84498289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635188)"; flow:established,from_client; content:"GET"; http_method; content:"/zj.google|3f|t=oxxa3707"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"op.tfpe-6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635188/; classtype:trojan-activity;sid:84498288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635187)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.161.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635187/; classtype:trojan-activity;sid:84498287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635186)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"161.97.149.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635186/; classtype:trojan-activity;sid:84498286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635185)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"161.97.149.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635185/; classtype:trojan-activity;sid:84498285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635180)"; flow:established,from_client; content:"GET"; http_method; content:"/iot.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"161.97.149.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635180/; classtype:trojan-activity;sid:84498280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635181)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"161.97.149.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635181/; classtype:trojan-activity;sid:84498281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635182)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"161.97.149.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635182/; classtype:trojan-activity;sid:84498282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635183)"; flow:established,from_client; content:"GET"; http_method; content:"/test.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"161.97.149.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635183/; classtype:trojan-activity;sid:84498283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635184)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"161.97.149.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635184/; classtype:trojan-activity;sid:84498284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635174)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"161.97.149.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635174/; classtype:trojan-activity;sid:84498274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635175)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"161.97.149.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635175/; classtype:trojan-activity;sid:84498275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635176)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"161.97.149.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635176/; classtype:trojan-activity;sid:84498276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635177)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"161.97.149.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635177/; classtype:trojan-activity;sid:84498277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635178)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"161.97.149.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635178/; classtype:trojan-activity;sid:84498278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635179)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"161.97.149.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635179/; classtype:trojan-activity;sid:84498279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635173)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.131.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635173/; classtype:trojan-activity;sid:84498273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635171)"; flow:established,from_client; content:"GET"; http_method; content:"/5f.google|3f|t=2gmrj9rf"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"on.xrxo-2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635171/; classtype:trojan-activity;sid:84498271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635172)"; flow:established,from_client; content:"GET"; http_method; content:"/yvu4mvkr75.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"h.h-35i.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635172/; classtype:trojan-activity;sid:84498272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635170)"; flow:established,from_client; content:"GET"; http_method; content:"/kob.check|3f|t=tecddnn8"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"om.xrxo-2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635170/; classtype:trojan-activity;sid:84498270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635169)"; flow:established,from_client; content:"GET"; http_method; content:"/ty10jf60g5.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r2.l-64a.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635169/; classtype:trojan-activity;sid:84498269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635168)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.106.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635168/; classtype:trojan-activity;sid:84498268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635167)"; flow:established,from_client; content:"GET"; http_method; content:"/or.google|3f|t=7ekqdqfh"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"oi.xrxo-2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635167/; classtype:trojan-activity;sid:84498267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635166)"; flow:established,from_client; content:"GET"; http_method; content:"/iydw1qt69v.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r2.l-64a.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635166/; classtype:trojan-activity;sid:84498266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635165)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.246.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635165/; classtype:trojan-activity;sid:84498265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635164)"; flow:established,from_client; content:"GET"; http_method; content:"/tplink.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.17.183.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635164/; classtype:trojan-activity;sid:84498264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635162)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsshell"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635162/; classtype:trojan-activity;sid:84498262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635163)"; flow:established,from_client; content:"GET"; http_method; content:"/mpslshell"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635163/; classtype:trojan-activity;sid:84498263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635161)"; flow:established,from_client; content:"GET"; http_method; content:"/1"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635161/; classtype:trojan-activity;sid:84498261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635160)"; flow:established,from_client; content:"GET"; http_method; content:"/5vqnagf56z.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"we.qjxo4.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635160/; classtype:trojan-activity;sid:84498260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635159)"; flow:established,from_client; content:"GET"; http_method; content:"/nsq.check|3f|t=7jugb56v"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"oh.xrxo-2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635159/; classtype:trojan-activity;sid:84498259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635158)"; flow:established,from_client; content:"GET"; http_method; content:"/vctb0ye4y5.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"wq9.l-64a.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635158/; classtype:trojan-activity;sid:84498258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635157)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.40.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635157/; classtype:trojan-activity;sid:84498257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635156)"; flow:established,from_client; content:"GET"; http_method; content:"/nsq.check|3f|t=z02ec5bg"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"oh.xrxo-2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635156/; classtype:trojan-activity;sid:84498256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635155)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.24.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635155/; classtype:trojan-activity;sid:84498255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635154)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.116.235.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635154/; classtype:trojan-activity;sid:84498254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635153)"; flow:established,from_client; content:"GET"; http_method; content:"/psep22w/re-1z5390263730.pdf.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"static-obligations-baths-carnival.trycloudflare.com"; http_host; depth:51; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635153/; classtype:trojan-activity;sid:84498253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635152)"; flow:established,from_client; content:"GET"; http_method; content:"/sep12wsf/jkwep.wsf"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"static-obligations-baths-carnival.trycloudflare.com"; http_host; depth:51; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635152/; classtype:trojan-activity;sid:84498252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635150)"; flow:established,from_client; content:"GET"; http_method; content:"/sep22pdf/re-58039435.pdf.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"static-obligations-baths-carnival.trycloudflare.com"; http_host; depth:51; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635150/; classtype:trojan-activity;sid:84498250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635151)"; flow:established,from_client; content:"GET"; http_method; content:"/sep12lnk/re-79304804392.pdf.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"static-obligations-baths-carnival.trycloudflare.com"; http_host; depth:51; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635151/; classtype:trojan-activity;sid:84498251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635149)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.91.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635149/; classtype:trojan-activity;sid:84498249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635148)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.246.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635148/; classtype:trojan-activity;sid:84498248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635147)"; flow:established,from_client; content:"GET"; http_method; content:"/hk463zrnbb.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c7.l-64a.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635147/; classtype:trojan-activity;sid:84498247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635146)"; flow:established,from_client; content:"GET"; http_method; content:"/rpo.google|3f|t=kw9uh2ww"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"of.xrxo-2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635146/; classtype:trojan-activity;sid:84498246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635143)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"175.178.195.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635143/; classtype:trojan-activity;sid:84498243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635144)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"209.97.166.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635144/; classtype:trojan-activity;sid:84498244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635145)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.204.222.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635145/; classtype:trojan-activity;sid:84498245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635140)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"138.197.19.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635140/; classtype:trojan-activity;sid:84498240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635141)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.124.105.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635141/; classtype:trojan-activity;sid:84498241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635142)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.122.119.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635142/; classtype:trojan-activity;sid:84498242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635138)"; flow:established,from_client; content:"GET"; http_method; content:"/rpo.google|3f|t=4kbash5x"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"of.xrxo-2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635138/; classtype:trojan-activity;sid:84498238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635139)"; flow:established,from_client; content:"GET"; http_method; content:"/y43qe5u8qb.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"us.qjxo4.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635139/; classtype:trojan-activity;sid:84498239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635133)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"75.237.252.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635133/; classtype:trojan-activity;sid:84498233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635134)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"92.29.158.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635134/; classtype:trojan-activity;sid:84498234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635135)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.183.99.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635135/; classtype:trojan-activity;sid:84498235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635136)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.98.66.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635136/; classtype:trojan-activity;sid:84498236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635137)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.186.68.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635137/; classtype:trojan-activity;sid:84498237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635131)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.194.248.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635131/; classtype:trojan-activity;sid:84498231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635132)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"62.151.0.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635132/; classtype:trojan-activity;sid:84498232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635130)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.146.66.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635130/; classtype:trojan-activity;sid:84498230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635126)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"77.179.109.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635126/; classtype:trojan-activity;sid:84498226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635127)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.132.64.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635127/; classtype:trojan-activity;sid:84498227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635128)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.184.160.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635128/; classtype:trojan-activity;sid:84498228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635129)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.224.130.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635129/; classtype:trojan-activity;sid:84498229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635123)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"160.119.157.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635123/; classtype:trojan-activity;sid:84498223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635124)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.255.210.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635124/; classtype:trojan-activity;sid:84498224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635125)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.204.80.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635125/; classtype:trojan-activity;sid:84498225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635122)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.146.66.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635122/; classtype:trojan-activity;sid:84498222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635121)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"61.3.107.177"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635121/; classtype:trojan-activity;sid:84498221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635120)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"92.241.140.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635120/; classtype:trojan-activity;sid:84498220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635119)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"159.224.193.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635119/; classtype:trojan-activity;sid:84498219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635118)"; flow:established,from_client; content:"GET"; http_method; content:"/se.bat"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pretty-ebony-feeds-ericsson.trycloudflare.com"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635118/; classtype:trojan-activity;sid:84498218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635117)"; flow:established,from_client; content:"GET"; http_method; content:"/sep01x86_ayoo.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"scholar-medline-vegetarian-neon.trycloudflare.com"; http_host; depth:49; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635117/; classtype:trojan-activity;sid:84498217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635115)"; flow:established,from_client; content:"GET"; http_method; content:"/sep01mainrq.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"scholar-medline-vegetarian-neon.trycloudflare.com"; http_host; depth:49; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635115/; classtype:trojan-activity;sid:84498215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635116)"; flow:established,from_client; content:"GET"; http_method; content:"/sep01starqq.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"scholar-medline-vegetarian-neon.trycloudflare.com"; http_host; depth:49; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635116/; classtype:trojan-activity;sid:84498216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635114)"; flow:established,from_client; content:"GET"; http_method; content:"/sep22.bat"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"pretty-ebony-feeds-ericsson.trycloudflare.com"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635114/; classtype:trojan-activity;sid:84498214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635113)"; flow:established,from_client; content:"GET"; http_method; content:"/sep01sfsa.bat"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"scholar-medline-vegetarian-neon.trycloudflare.com"; http_host; depth:49; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635113/; classtype:trojan-activity;sid:84498213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635112)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.100.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635112/; classtype:trojan-activity;sid:84498212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635111)"; flow:established,from_client; content:"GET"; http_method; content:"/q2.check|3f|t=3n89zo8q"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"oe.xrhu-7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635111/; classtype:trojan-activity;sid:84498211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635110)"; flow:established,from_client; content:"GET"; http_method; content:"/im9x4lutic.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"us.qjxo4.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635110/; classtype:trojan-activity;sid:84498210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635109)"; flow:established,from_client; content:"GET"; http_method; content:"/wircvafve2.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c7.l-64a.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635109/; classtype:trojan-activity;sid:84498209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635108)"; flow:established,from_client; content:"GET"; http_method; content:"/q2.check|3f|t=ylfdomq4"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"oe.xrhu-7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635108/; classtype:trojan-activity;sid:84498208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635107)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.91.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635107/; classtype:trojan-activity;sid:84498207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635106)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/%e8%be%85%e5%8a%a9%e5%b7%a5%e5%85%b7/%e4%b8%80%e9%94%ae%e5%bc%80%e5%85%b3defender/dcontrol.exe"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"49.83.23.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635106/; classtype:trojan-activity;sid:84498206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635105)"; flow:established,from_client; content:"GET"; http_method; content:"/1e8iy4hced.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"n.l-64a.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635105/; classtype:trojan-activity;sid:84498205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635104)"; flow:established,from_client; content:"GET"; http_method; content:"/ny.check|3f|t=dun2a45e"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"od.xrhu-7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635104/; classtype:trojan-activity;sid:84498204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635089)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"196.251.87.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635089/; classtype:trojan-activity;sid:84498189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635090)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"196.251.87.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635090/; classtype:trojan-activity;sid:84498190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635091)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"196.251.87.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635091/; classtype:trojan-activity;sid:84498191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635092)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"196.251.87.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635092/; classtype:trojan-activity;sid:84498192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635093)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"196.251.87.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635093/; classtype:trojan-activity;sid:84498193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635094)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"196.251.87.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635094/; classtype:trojan-activity;sid:84498194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635095)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"196.251.87.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635095/; classtype:trojan-activity;sid:84498195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635096)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"196.251.87.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635096/; classtype:trojan-activity;sid:84498196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635097)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"196.251.87.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635097/; classtype:trojan-activity;sid:84498197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635098)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"196.251.87.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635098/; classtype:trojan-activity;sid:84498198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635099)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"196.251.87.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635099/; classtype:trojan-activity;sid:84498199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635100)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"196.251.87.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635100/; classtype:trojan-activity;sid:84498200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635101)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i468"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"196.251.87.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635101/; classtype:trojan-activity;sid:84498201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635102)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"196.251.87.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635102/; classtype:trojan-activity;sid:84498202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635103)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"196.251.87.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635103/; classtype:trojan-activity;sid:84498203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635088)"; flow:established,from_client; content:"GET"; http_method; content:"/gmottfjpfs.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"to.tgsi9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635088/; classtype:trojan-activity;sid:84498188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635087)"; flow:established,from_client; content:"GET"; http_method; content:"/ny.check|3f|t=68q2t58p"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"od.xrhu-7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635087/; classtype:trojan-activity;sid:84498187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635084)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86_64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"103.77.241.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635084/; classtype:trojan-activity;sid:84498184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635085)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i468"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.77.241.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635085/; classtype:trojan-activity;sid:84498185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635086)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i686"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.77.241.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635086/; classtype:trojan-activity;sid:84498186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635083)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.zantux-plan.duckdns.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635083/; classtype:trojan-activity;sid:84498183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635082)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.zantux-plan.duckdns.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635082/; classtype:trojan-activity;sid:84498182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635079)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.i686"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.zantux-plan.duckdns.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635079/; classtype:trojan-activity;sid:84498179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635080)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.zantux-plan.duckdns.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635080/; classtype:trojan-activity;sid:84498180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635081)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.zantux-plan.duckdns.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635081/; classtype:trojan-activity;sid:84498181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635075)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.zantux-plan.duckdns.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635075/; classtype:trojan-activity;sid:84498175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635076)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.zantux-plan.duckdns.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635076/; classtype:trojan-activity;sid:84498176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635077)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.zantux-plan.duckdns.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635077/; classtype:trojan-activity;sid:84498177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635078)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.zantux-plan.duckdns.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635078/; classtype:trojan-activity;sid:84498178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635072)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.zantux-plan.duckdns.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635072/; classtype:trojan-activity;sid:84498172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635073)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.zantux-plan.duckdns.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635073/; classtype:trojan-activity;sid:84498173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635074)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.zantux-plan.duckdns.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635074/; classtype:trojan-activity;sid:84498174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635071)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.zantux-plan.duckdns.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635071/; classtype:trojan-activity;sid:84498171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635070)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.zantux-plan.duckdns.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635070/; classtype:trojan-activity;sid:84498170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635069)"; flow:established,from_client; content:"GET"; http_method; content:"/yu6exziki7.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"n.l-64a.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635069/; classtype:trojan-activity;sid:84498169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635068)"; flow:established,from_client; content:"GET"; http_method; content:"/d8.check|3f|t=zidulxxx"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"nu.xrhu-7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635068/; classtype:trojan-activity;sid:84498168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635067)"; flow:established,from_client; content:"GET"; http_method; content:"/66/images___picture00934005059060606969696996.hta"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"185.29.9.83"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635067/; classtype:trojan-activity;sid:84498167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635066)"; flow:established,from_client; content:"GET"; http_method; content:"/160/images__picture09880000000000000009988780000.hta"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"107.172.135.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635066/; classtype:trojan-activity;sid:84498166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635064)"; flow:established,from_client; content:"GET"; http_method; content:"/__complex__%5bcrypto%5d__vq79_lp3_xm8_tdyek/chinga.m68k"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"196.251.87.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635064/; classtype:trojan-activity;sid:84498164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635065)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.87.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635065/; classtype:trojan-activity;sid:84498165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635062)"; flow:established,from_client; content:"GET"; http_method; content:"/__complex__%5bcrypto%5d__vq79_lp3_xm8_tdyek/chinga.ppc"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"196.251.87.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635062/; classtype:trojan-activity;sid:84498162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635063)"; flow:established,from_client; content:"GET"; http_method; content:"/__complex__%5bcrypto%5d__vq79_lp3_xm8_tdyek/chinga.i686"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"196.251.87.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635063/; classtype:trojan-activity;sid:84498163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635058)"; flow:established,from_client; content:"GET"; http_method; content:"/__complex__%5bcrypto%5d__vq79_lp3_xm8_tdyek/chinga.x86"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"196.251.87.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635058/; classtype:trojan-activity;sid:84498158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635059)"; flow:established,from_client; content:"GET"; http_method; content:"/__complex__%5bcrypto%5d__vq79_lp3_xm8_tdyek/chinga.arm5"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"196.251.87.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635059/; classtype:trojan-activity;sid:84498159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635060)"; flow:established,from_client; content:"GET"; http_method; content:"/__complex__%5bcrypto%5d__vq79_lp3_xm8_tdyek/chinga.arm7"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"196.251.87.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635060/; classtype:trojan-activity;sid:84498160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635061)"; flow:established,from_client; content:"GET"; http_method; content:"/__complex__%5bcrypto%5d__vq79_lp3_xm8_tdyek/chinga.arc"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"196.251.87.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635061/; classtype:trojan-activity;sid:84498161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635050)"; flow:established,from_client; content:"GET"; http_method; content:"/__complex__%5bcrypto%5d__vq79_lp3_xm8_tdyek/chinga.arm"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"196.251.87.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635050/; classtype:trojan-activity;sid:84498150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635051)"; flow:established,from_client; content:"GET"; http_method; content:"/__complex__%5bcrypto%5d__vq79_lp3_xm8_tdyek/chinga.mpsl"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"196.251.87.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635051/; classtype:trojan-activity;sid:84498151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635052)"; flow:established,from_client; content:"GET"; http_method; content:"/__complex__%5bcrypto%5d__vq79_lp3_xm8_tdyek/chinga.arm6"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"196.251.87.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635052/; classtype:trojan-activity;sid:84498152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635053)"; flow:established,from_client; content:"GET"; http_method; content:"/__complex__%5bcrypto%5d__vq79_lp3_xm8_tdyek/chinga.spc"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"196.251.87.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635053/; classtype:trojan-activity;sid:84498153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635054)"; flow:established,from_client; content:"GET"; http_method; content:"/__complex__%5bcrypto%5d__vq79_lp3_xm8_tdyek/chinga.sh4"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"196.251.87.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635054/; classtype:trojan-activity;sid:84498154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635055)"; flow:established,from_client; content:"GET"; http_method; content:"/__complex__%5bcrypto%5d__vq79_lp3_xm8_tdyek/debug"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"196.251.87.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635055/; classtype:trojan-activity;sid:84498155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635056)"; flow:established,from_client; content:"GET"; http_method; content:"/__complex__%5bcrypto%5d__vq79_lp3_xm8_tdyek/chinga.mips"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"196.251.87.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635056/; classtype:trojan-activity;sid:84498156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635057)"; flow:established,from_client; content:"GET"; http_method; content:"/__complex__%5bcrypto%5d__vq79_lp3_xm8_tdyek/chinga.x86_64"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"196.251.87.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635057/; classtype:trojan-activity;sid:84498157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635049)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.143.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635049/; classtype:trojan-activity;sid:84498149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635048)"; flow:established,from_client; content:"GET"; http_method; content:"/leatherblending"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"paste.c-net.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635048/; classtype:trojan-activity;sid:84498148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635047)"; flow:established,from_client; content:"GET"; http_method; content:"/pasadenadeepest"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"paste.c-net.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635047/; classtype:trojan-activity;sid:84498147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635046)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.100.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635046/; classtype:trojan-activity;sid:84498146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635045)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmyth-aligned-debugsigned.apk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"76.149.145.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635045/; classtype:trojan-activity;sid:84498145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635044)"; flow:established,from_client; content:"GET"; http_method; content:"/e8usfglpcu.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"to.tgsi9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635044/; classtype:trojan-activity;sid:84498144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635043)"; flow:established,from_client; content:"GET"; http_method; content:"/d8.check|3f|t=y7x5sngi"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"nu.xrhu-7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635043/; classtype:trojan-activity;sid:84498143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635042)"; flow:established,from_client; content:"GET"; http_method; content:"/api/file/utsca5kt"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"pixeldrain.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635042/; classtype:trojan-activity;sid:84498142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635041)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.31.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635041/; classtype:trojan-activity;sid:84498141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635040)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1bf48mkzuxudafcst_d_utdit-lu29oiu"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635040/; classtype:trojan-activity;sid:84498140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635039)"; flow:established,from_client; content:"GET"; http_method; content:"/qri3mce9eo.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"to.tgsi9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635039/; classtype:trojan-activity;sid:84498139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635038)"; flow:established,from_client; content:"GET"; http_method; content:"/dyf.google|3f|t=w0ypulz6"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"no.xrhu-7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635038/; classtype:trojan-activity;sid:84498138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635037)"; flow:established,from_client; content:"GET"; http_method; content:"/files/927582114/ogm4pbd.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635037/; classtype:trojan-activity;sid:84498137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635036)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5617994093/eionxae.msi"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635036/; classtype:trojan-activity;sid:84498136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635035)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7666184463/o6rszno.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635035/; classtype:trojan-activity;sid:84498135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635034)"; flow:established,from_client; content:"GET"; http_method; content:"/dyf.google|3f|t=tt8rel1e"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"no.xrhu-7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635034/; classtype:trojan-activity;sid:84498134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635033)"; flow:established,from_client; content:"GET"; http_method; content:"/ogmweb4h8t.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m7.r-54u.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635033/; classtype:trojan-activity;sid:84498133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635032)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.77.241.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635032/; classtype:trojan-activity;sid:84498132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635031)"; flow:established,from_client; content:"GET"; http_method; content:"/mql4s5p2mf.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m7.r-54u.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635031/; classtype:trojan-activity;sid:84498131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635030)"; flow:established,from_client; content:"GET"; http_method; content:"/k4.check|3f|t=1bkht8lz"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ne.xrhu-7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635030/; classtype:trojan-activity;sid:84498130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635029)"; flow:established,from_client; content:"GET"; http_method; content:"/g9e9yans34.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"to.tgsi9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635029/; classtype:trojan-activity;sid:84498129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635028)"; flow:established,from_client; content:"GET"; http_method; content:"/k4.check|3f|t=yn09ydp3"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ne.xrhu-7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635028/; classtype:trojan-activity;sid:84498128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635027)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.111.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635027/; classtype:trojan-activity;sid:84498127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635026)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"116.109.162.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635026/; classtype:trojan-activity;sid:84498126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635025)"; flow:established,from_client; content:"GET"; http_method; content:"/wqd8zktqe1.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"to.tgsi9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635025/; classtype:trojan-activity;sid:84498125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635024)"; flow:established,from_client; content:"GET"; http_method; content:"/8i2ggvcuo0.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"tq1.r-54u.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635024/; classtype:trojan-activity;sid:84498124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635022)"; flow:established,from_client; content:"GET"; http_method; content:"/lkz.check|3f|t=tgm1boe0"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ib.sqfe-6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635022/; classtype:trojan-activity;sid:84498122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635023)"; flow:established,from_client; content:"GET"; http_method; content:"/lkz.check|3f|t=jv8at3kn"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ib.sqfe-6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635023/; classtype:trojan-activity;sid:84498123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635021)"; flow:established,from_client; content:"GET"; http_method; content:"/31znf43dss.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"tq1.r-54u.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635021/; classtype:trojan-activity;sid:84498121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635020)"; flow:established,from_client; content:"GET"; http_method; content:"/lfu.google|3f|t=1asxxu6c"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ez.sqfe-6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635020/; classtype:trojan-activity;sid:84498120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635019)"; flow:established,from_client; content:"GET"; http_method; content:"/9lzaejdx0c.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"tq1.r-54u.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635019/; classtype:trojan-activity;sid:84498119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635018)"; flow:established,from_client; content:"GET"; http_method; content:"/6i.google|3f|t=b5hdc89s"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ev.sqfe-6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635018/; classtype:trojan-activity;sid:84498118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635016)"; flow:established,from_client; content:"GET"; http_method; content:"/6i.google|3f|t=hiomd4k6"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ev.sqfe-6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635016/; classtype:trojan-activity;sid:84498116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635017)"; flow:established,from_client; content:"GET"; http_method; content:"/6y1ylo7hme.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"to.tgsi9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635017/; classtype:trojan-activity;sid:84498117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635014)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=18unyh4fup2ymh231ubtduj5dqzxthmeh"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635014/; classtype:trojan-activity;sid:84498114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635015)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1zawoorwsidetpbf8ic8jb7nwbn801hcv"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635015/; classtype:trojan-activity;sid:84498115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635013)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1uastpsbmgjnswtch036ptulkyb7rxy2i"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635013/; classtype:trojan-activity;sid:84498113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635012)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1n0cf-cuwwks_celuxvboqtlohvelipuh"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635012/; classtype:trojan-activity;sid:84498112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635011)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=16kpa1wgavvqtv3ol_arts3xoggv89s-x"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635011/; classtype:trojan-activity;sid:84498111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635010)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1bayzbvmpeuu_levtpj3h-6w8co6awm6v"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635010/; classtype:trojan-activity;sid:84498110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635009)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1d8w-ghwr_xswigffvntk50k3pih3ng8w"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635009/; classtype:trojan-activity;sid:84498109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635008)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=17ey6yjm16gri23od5bkuvbo_uez3bvsd"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635008/; classtype:trojan-activity;sid:84498108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635007)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1uxhzp065ageouxfqtabxgfbb-ohjifrz"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635007/; classtype:trojan-activity;sid:84498107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635006)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1royltk_nurjtllhy5zrriqxxnsltxlry"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635006/; classtype:trojan-activity;sid:84498106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635005)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1mwayaj0zonguei7_4yqs9i46vvga-zaj"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635005/; classtype:trojan-activity;sid:84498105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635004)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1fckcpsv6hg1wfefgkxwevynpm3haia0n"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635004/; classtype:trojan-activity;sid:84498104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635002)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1btjoqkj8ndboppr7umdg4vhq1flqsvvs"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635002/; classtype:trojan-activity;sid:84498102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635003)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ez5s6vsmvrfpeclahsrxsvo28cgkqbo9"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635003/; classtype:trojan-activity;sid:84498103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635001)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1urqydfp2rbq1qh-c5e5pcpbn4-du-jde"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635001/; classtype:trojan-activity;sid:84498101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635000)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1jm6eeqrafw5m0ibkptrlj2oqd17-qpjx"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635000/; classtype:trojan-activity;sid:84498100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634997)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1xuowdtwj4w8pnsd5gic08nprkb7ffnyg"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634997/; classtype:trojan-activity;sid:84498097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634998)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1kfxrglubru1cmqe0a8ftund4mwehpi3n"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634998/; classtype:trojan-activity;sid:84498098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634999)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1kriwtwkvcrgs2hnhhxnnh-yl9v98xijp"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634999/; classtype:trojan-activity;sid:84498099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634996)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1fjo6zebw9nxcowlnymh6auwzikwu7pkr"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634996/; classtype:trojan-activity;sid:84498096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634995)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1urxyzkogl-9i7xtllfqw7wc7ozzeif3v"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634995/; classtype:trojan-activity;sid:84498095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634994)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ozqwvdmo483a0yyjyjmmyrqqkyzs62xu"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634994/; classtype:trojan-activity;sid:84498094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634993)"; flow:established,from_client; content:"GET"; http_method; content:"/abc/ankedomsto.ttf"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"morganmasterelectrician.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634993/; classtype:trojan-activity;sid:84498093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634990)"; flow:established,from_client; content:"GET"; http_method; content:"/dummet.prx"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"alphahaulnh.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634990/; classtype:trojan-activity;sid:84498090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634991)"; flow:established,from_client; content:"GET"; http_method; content:"/abc/ejoznymwrmi70.bin"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"morganmasterelectrician.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634991/; classtype:trojan-activity;sid:84498091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634992)"; flow:established,from_client; content:"GET"; http_method; content:"/abc/savede.toc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"morganmasterelectrician.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634992/; classtype:trojan-activity;sid:84498092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634989)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1mlrrqzfx8yp60ixlihcdburrsti7gi5j"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634989/; classtype:trojan-activity;sid:84498089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634988)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1s8c-tojgxapeb1pvzcpzx1zusevffpvd"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634988/; classtype:trojan-activity;sid:84498088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634987)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.146.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634987/; classtype:trojan-activity;sid:84498087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634986)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1mkmmi9gf5a5c3gdc9tfqj__b12ukfdzj"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634986/; classtype:trojan-activity;sid:84498086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634985)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ugwmormlr4r5xhlrkt-5_qwfrqex1li1"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634985/; classtype:trojan-activity;sid:84498085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634983)"; flow:established,from_client; content:"GET"; http_method; content:"/e7w.google|3f|t=5rvlgky7"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"eq.sqfe-6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634983/; classtype:trojan-activity;sid:84498083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634984)"; flow:established,from_client; content:"GET"; http_method; content:"/5uj3d2p858.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"to.tgsi9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634984/; classtype:trojan-activity;sid:84498084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634982)"; flow:established,from_client; content:"GET"; http_method; content:"/e7w.google|3f|t=6rf8jz5f"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"eq.sqfe-6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634982/; classtype:trojan-activity;sid:84498082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634981)"; flow:established,from_client; content:"GET"; http_method; content:"/m4ymbtthu8.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"b2.r-54u.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634981/; classtype:trojan-activity;sid:84498081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634980)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.8.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634980/; classtype:trojan-activity;sid:84498080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634979)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.244.203.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634979/; classtype:trojan-activity;sid:84498079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634977)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.129.211.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634977/; classtype:trojan-activity;sid:84498077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634978)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.180.95.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634978/; classtype:trojan-activity;sid:84498078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634975)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.100.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634975/; classtype:trojan-activity;sid:84498075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634976)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.250.202.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634976/; classtype:trojan-activity;sid:84498076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634971)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.86.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634971/; classtype:trojan-activity;sid:84498071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634972)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.79.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634972/; classtype:trojan-activity;sid:84498072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634973)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.176.244.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634973/; classtype:trojan-activity;sid:84498073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634974)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.214.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634974/; classtype:trojan-activity;sid:84498074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634968)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.187.104.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634968/; classtype:trojan-activity;sid:84498068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634969)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.187.104.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634969/; classtype:trojan-activity;sid:84498069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634970)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.129.211.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634970/; classtype:trojan-activity;sid:84498070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634967)"; flow:established,from_client; content:"GET"; http_method; content:"/zb3d6uhwxz.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"so.tgsi9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634967/; classtype:trojan-activity;sid:84498067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634966)"; flow:established,from_client; content:"GET"; http_method; content:"/4a.google|3f|t=yv1weltv"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ab.hwke4.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634966/; classtype:trojan-activity;sid:84498066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634962)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.164.192.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634962/; classtype:trojan-activity;sid:84498062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634963)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.146.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634963/; classtype:trojan-activity;sid:84498063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634964)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.89.145.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634964/; classtype:trojan-activity;sid:84498064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634965)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.100.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634965/; classtype:trojan-activity;sid:84498065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634957)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.12.237.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634957/; classtype:trojan-activity;sid:84498057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634958)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.141.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634958/; classtype:trojan-activity;sid:84498058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634959)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.233.109.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634959/; classtype:trojan-activity;sid:84498059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634960)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.107.19.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634960/; classtype:trojan-activity;sid:84498060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634961)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.45.95.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634961/; classtype:trojan-activity;sid:84498061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634956)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"161.97.149.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634956/; classtype:trojan-activity;sid:84498056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634955)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"161.97.149.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634955/; classtype:trojan-activity;sid:84498055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634954)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"161.97.149.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634954/; classtype:trojan-activity;sid:84498054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634953)"; flow:established,from_client; content:"GET"; http_method; content:"/iiium6t5gg.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"x.r-54u.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634953/; classtype:trojan-activity;sid:84498053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634952)"; flow:established,from_client; content:"GET"; http_method; content:"/4a.google|3f|t=y3kf5h9i"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ab.hwke4.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634952/; classtype:trojan-activity;sid:84498052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634951)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.243.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634951/; classtype:trojan-activity;sid:84498051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634950)"; flow:established,from_client; content:"GET"; http_method; content:"/u9fttz6dn8.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ox.tgsi9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634950/; classtype:trojan-activity;sid:84498050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634949)"; flow:established,from_client; content:"GET"; http_method; content:"/eb.google|3f|t=jndvxom6"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"aa.hwke4.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634949/; classtype:trojan-activity;sid:84498049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634948)"; flow:established,from_client; content:"GET"; http_method; content:"/s9im2dj17l.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"e1.m-57i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634948/; classtype:trojan-activity;sid:84498048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634947)"; flow:established,from_client; content:"GET"; http_method; content:"/eb.google|3f|t=a5yfvqda"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"aa.hwke4.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634947/; classtype:trojan-activity;sid:84498047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634946)"; flow:established,from_client; content:"GET"; http_method; content:"/img/optimized_msi.png"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"198.23.177.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634946/; classtype:trojan-activity;sid:84498046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634945)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/notkk8cktg"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"pasteide.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634945/; classtype:trojan-activity;sid:84498045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634944)"; flow:established,from_client; content:"GET"; http_method; content:"/convertedfile991.txt"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"nextasia.info"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634944/; classtype:trojan-activity;sid:84498044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634943)"; flow:established,from_client; content:"GET"; http_method; content:"/download/optimized_msi_pro_with_b64_202509/optimized_msi_pro_with_b64.png"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"archive.org"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634943/; classtype:trojan-activity;sid:84498043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634942)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"122.189.20.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634942/; classtype:trojan-activity;sid:84498042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634941)"; flow:established,from_client; content:"GET"; http_method; content:"/p4o.google|3f|t=dasgrp73"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"o.hwke4.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634941/; classtype:trojan-activity;sid:84498041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634940)"; flow:established,from_client; content:"GET"; http_method; content:"/psruvcbzin.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qk2.m-57i.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634940/; classtype:trojan-activity;sid:84498040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634939)"; flow:established,from_client; content:"GET"; http_method; content:"/vcuxnjdzsl.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"or.tgsi9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634939/; classtype:trojan-activity;sid:84498039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634938)"; flow:established,from_client; content:"GET"; http_method; content:"/p4o.google|3f|t=h3efm1a9"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"o.hwke4.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634938/; classtype:trojan-activity;sid:84498038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634937)"; flow:established,from_client; content:"GET"; http_method; content:"/img/image.jpg"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"ngfkjfy.icu"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634937/; classtype:trojan-activity;sid:84498037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634936)"; flow:established,from_client; content:"GET"; http_method; content:"/office/b/bosskayupload.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"172.86.90.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634936/; classtype:trojan-activity;sid:84498036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634935)"; flow:established,from_client; content:"GET"; http_method; content:"/qq4lfmbbr5.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qk2.m-57i.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634935/; classtype:trojan-activity;sid:84498035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634934)"; flow:established,from_client; content:"GET"; http_method; content:"/7um.check|3f|t=hkjk5g9x"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"i.hwke4.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634934/; classtype:trojan-activity;sid:84498034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634933)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.237.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634933/; classtype:trojan-activity;sid:84498033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634929)"; flow:established,from_client; content:"GET"; http_method; content:"/home/test.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"196.251.117.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634929/; classtype:trojan-activity;sid:84498029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634930)"; flow:established,from_client; content:"GET"; http_method; content:"/home/origin.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.117.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634930/; classtype:trojan-activity;sid:84498030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634931)"; flow:established,from_client; content:"GET"; http_method; content:"/home/test.ps1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"196.251.117.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634931/; classtype:trojan-activity;sid:84498031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634932)"; flow:established,from_client; content:"GET"; http_method; content:"/home/foreign.ps1"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"196.251.117.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634932/; classtype:trojan-activity;sid:84498032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634928)"; flow:established,from_client; content:"GET"; http_method; content:"/5w5ke8rvlz.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"or.tgsi9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634928/; classtype:trojan-activity;sid:84498028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634926)"; flow:established,from_client; content:"GET"; http_method; content:"/68/iamges___picture009000009909080808000800aaaaaa.hta"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"185.29.9.83"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634926/; classtype:trojan-activity;sid:84498026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634927)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.80.109.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634927/; classtype:trojan-activity;sid:84498027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634924)"; flow:established,from_client; content:"GET"; http_method; content:"/7um.check|3f|t=eo9hxzq9"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"i.hwke4.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634924/; classtype:trojan-activity;sid:84498024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634925)"; flow:established,from_client; content:"GET"; http_method; content:"/202/images__picuters000400030304040040eeeeeee.hta"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"198.23.177.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634925/; classtype:trojan-activity;sid:84498025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634923)"; flow:established,from_client; content:"GET"; http_method; content:"/img/ncc/images___picture0394000300020000304000.hta"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"198.23.177.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634923/; classtype:trojan-activity;sid:84498023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634921)"; flow:established,from_client; content:"GET"; http_method; content:"/home/airforce.ps1"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"196.251.117.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634921/; classtype:trojan-activity;sid:84498021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634922)"; flow:established,from_client; content:"GET"; http_method; content:"/img/kbcc/images__picutreu0002900000003040000ee.hta"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"198.23.177.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634922/; classtype:trojan-activity;sid:84498022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634920)"; flow:established,from_client; content:"GET"; http_method; content:"/5cdyzi9jb3.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"or.tgsi9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634920/; classtype:trojan-activity;sid:84498020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634919)"; flow:established,from_client; content:"GET"; http_method; content:"/d0l.check|3f|t=bz8u0ts7"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"a.hwke4.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634919/; classtype:trojan-activity;sid:84498019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634918)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.233.155.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634918/; classtype:trojan-activity;sid:84498018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634917)"; flow:established,from_client; content:"GET"; http_method; content:"/d0l.check|3f|t=h4jcg6b2"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"a.hwke4.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634917/; classtype:trojan-activity;sid:84498017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634916)"; flow:established,from_client; content:"GET"; http_method; content:"/xm7r36ycwx.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qk2.m-57i.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634916/; classtype:trojan-activity;sid:84498016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634915)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.8.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634915/; classtype:trojan-activity;sid:84498015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634914)"; flow:established,from_client; content:"GET"; http_method; content:"/zy9z1h878o.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634914/; classtype:trojan-activity;sid:84498014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634913)"; flow:established,from_client; content:"GET"; http_method; content:"/qe.check|3f|t=bed1rucr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"he.xrly8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634913/; classtype:trojan-activity;sid:84498013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634912)"; flow:established,from_client; content:"GET"; http_method; content:"/g8w2x4ljic.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qk2.m-57i.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634912/; classtype:trojan-activity;sid:84498012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634911)"; flow:established,from_client; content:"GET"; http_method; content:"/qe.check|3f|t=1d62o805"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"he.xrly8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634911/; classtype:trojan-activity;sid:84498011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634910)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7250925907/cvxuyyw.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634910/; classtype:trojan-activity;sid:84498010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634909)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.189.20.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634909/; classtype:trojan-activity;sid:84498009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634908)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.45.201"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634908/; classtype:trojan-activity;sid:84498008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634907)"; flow:established,from_client; content:"GET"; http_method; content:"/vnjrtx67qj.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"u5.m-57i.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634907/; classtype:trojan-activity;sid:84498007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634906)"; flow:established,from_client; content:"GET"; http_method; content:"/of.google|3f|t=mtaslklu"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ha.xrly8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634906/; classtype:trojan-activity;sid:84498006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634905)"; flow:established,from_client; content:"GET"; http_method; content:"/of.google|3f|t=uj6njy04"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ha.xrly8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634905/; classtype:trojan-activity;sid:84498005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634904)"; flow:established,from_client; content:"GET"; http_method; content:"/jttk7dhla8.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634904/; classtype:trojan-activity;sid:84498004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634903)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.94.31.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634903/; classtype:trojan-activity;sid:84498003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634902)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.94.75.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634902/; classtype:trojan-activity;sid:84498002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634901)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.85.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634901/; classtype:trojan-activity;sid:84498001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634900)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.115.113.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634900/; classtype:trojan-activity;sid:84498000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634899)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.80.109.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634899/; classtype:trojan-activity;sid:84497999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634898)"; flow:established,from_client; content:"GET"; http_method; content:"/updates/memory-upgrade"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"apple.macos.help"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634898/; classtype:trojan-activity;sid:84497998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634897)"; flow:established,from_client; content:"GET"; http_method; content:"/vcz44g5xk9.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634897/; classtype:trojan-activity;sid:84497997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634896)"; flow:established,from_client; content:"GET"; http_method; content:"/io.check|3f|t=7fwm3qs1"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"go.xrly8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634896/; classtype:trojan-activity;sid:84497996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634894)"; flow:established,from_client; content:"GET"; http_method; content:"/io.check|3f|t=yxhe1m5o"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"go.xrly8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634894/; classtype:trojan-activity;sid:84497994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634895)"; flow:established,from_client; content:"GET"; http_method; content:"/4wh10ae8op.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r.m-57i.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634895/; classtype:trojan-activity;sid:84497995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634893)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"157.18.165.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634893/; classtype:trojan-activity;sid:84497993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634892)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.137.143.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634892/; classtype:trojan-activity;sid:84497992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634891)"; flow:established,from_client; content:"GET"; http_method; content:"/mr.google|3f|t=m75ipm53"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"fa.xrly8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634891/; classtype:trojan-activity;sid:84497991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634890)"; flow:established,from_client; content:"GET"; http_method; content:"/0l7fw3x396.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634890/; classtype:trojan-activity;sid:84497990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634889)"; flow:established,from_client; content:"GET"; http_method; content:"/91z5j1nceo.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r.m-57i.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634889/; classtype:trojan-activity;sid:84497989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634888)"; flow:established,from_client; content:"GET"; http_method; content:"/mr.google|3f|t=cj3b3p7k"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"fa.xrly8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634888/; classtype:trojan-activity;sid:84497988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634887)"; flow:established,from_client; content:"GET"; http_method; content:"/2dc065f62ee8774c2517bf4c4d2c1211"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"con1.jiqubey.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634887/; classtype:trojan-activity;sid:84497987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634886)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.113.138.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634886/; classtype:trojan-activity;sid:84497986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634885)"; flow:established,from_client; content:"GET"; http_method; content:"/oogxyglrte.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634885/; classtype:trojan-activity;sid:84497985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634884)"; flow:established,from_client; content:"GET"; http_method; content:"/j74.check|3f|t=8o3cja8p"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ex.xrly8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634884/; classtype:trojan-activity;sid:84497984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634883)"; flow:established,from_client; content:"GET"; http_method; content:"/rjrryr50gq.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r.m-57i.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634883/; classtype:trojan-activity;sid:84497983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634882)"; flow:established,from_client; content:"GET"; http_method; content:"/j74.check|3f|t=n4n0y7pu"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ex.xrly8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634882/; classtype:trojan-activity;sid:84497982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634881)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.40.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634881/; classtype:trojan-activity;sid:84497981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634880)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.115.113.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634880/; classtype:trojan-activity;sid:84497980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634879)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.52.123.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634879/; classtype:trojan-activity;sid:84497979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634878)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.177.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634878/; classtype:trojan-activity;sid:84497978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634876)"; flow:established,from_client; content:"GET"; http_method; content:"/app.bin"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"usfd.twelveedginess.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634876/; classtype:trojan-activity;sid:84497976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634877)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6589084083/qoxowld.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634877/; classtype:trojan-activity;sid:84497977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634875)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634875/; classtype:trojan-activity;sid:84497975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634874)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.64.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634874/; classtype:trojan-activity;sid:84497974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634866)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/camp.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91.235.116.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634866/; classtype:trojan-activity;sid:84497966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634867)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/camp.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"91.235.116.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634867/; classtype:trojan-activity;sid:84497967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634868)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/camp.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"91.235.116.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634868/; classtype:trojan-activity;sid:84497968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634869)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/camp.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"91.235.116.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634869/; classtype:trojan-activity;sid:84497969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634870)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/camp.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"91.235.116.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634870/; classtype:trojan-activity;sid:84497970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634871)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/camp.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"91.235.116.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634871/; classtype:trojan-activity;sid:84497971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634872)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/camp.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91.235.116.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634872/; classtype:trojan-activity;sid:84497972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634873)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/camp.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91.235.116.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634873/; classtype:trojan-activity;sid:84497973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634861)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/camp.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"91.235.116.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634861/; classtype:trojan-activity;sid:84497961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634862)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/camp.arc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91.235.116.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634862/; classtype:trojan-activity;sid:84497962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634863)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/camp.sparc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"91.235.116.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634863/; classtype:trojan-activity;sid:84497963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634864)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/camp.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"91.235.116.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634864/; classtype:trojan-activity;sid:84497964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634865)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/camp.mips64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"91.235.116.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634865/; classtype:trojan-activity;sid:84497965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634859)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/camp.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91.235.116.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634859/; classtype:trojan-activity;sid:84497959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634860)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/camp.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"91.235.116.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634860/; classtype:trojan-activity;sid:84497960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634858)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"157.18.165.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634858/; classtype:trojan-activity;sid:84497958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634856)"; flow:established,from_client; content:"GET"; http_method; content:"/frw8xap2tx.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k7.z-48y.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634856/; classtype:trojan-activity;sid:84497956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634857)"; flow:established,from_client; content:"GET"; http_method; content:"/mf.check|3f|t=simqt021"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"et.xrhu7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634857/; classtype:trojan-activity;sid:84497957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634855)"; flow:established,from_client; content:"GET"; http_method; content:"/3e2u4cxhdk.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634855/; classtype:trojan-activity;sid:84497955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634854)"; flow:established,from_client; content:"GET"; http_method; content:"/mf.check|3f|t=lj9jajkn"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"et.xrhu7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634854/; classtype:trojan-activity;sid:84497954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634853)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.155.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634853/; classtype:trojan-activity;sid:84497953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634852)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634852/; classtype:trojan-activity;sid:84497952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634851)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.79.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634851/; classtype:trojan-activity;sid:84497951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634850)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.212.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634850/; classtype:trojan-activity;sid:84497950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634849)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.64.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634849/; classtype:trojan-activity;sid:84497949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634848)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.113.138.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634848/; classtype:trojan-activity;sid:84497948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634847)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.247.88.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634847/; classtype:trojan-activity;sid:84497947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634846)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.126.240.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634846/; classtype:trojan-activity;sid:84497946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634845)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634845/; classtype:trojan-activity;sid:84497945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634843)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.126.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634843/; classtype:trojan-activity;sid:84497943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634844)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.155.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634844/; classtype:trojan-activity;sid:84497944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634842)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.172.51.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634842/; classtype:trojan-activity;sid:84497942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634841)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.212.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634841/; classtype:trojan-activity;sid:84497941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634840)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.154.190.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634840/; classtype:trojan-activity;sid:84497940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634839)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.224.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634839/; classtype:trojan-activity;sid:84497939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634838)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.247.88.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634838/; classtype:trojan-activity;sid:84497938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634837)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.108.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634837/; classtype:trojan-activity;sid:84497937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634836)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.34.75"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634836/; classtype:trojan-activity;sid:84497936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634835)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.172.51.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634835/; classtype:trojan-activity;sid:84497935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634834)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.190.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634834/; classtype:trojan-activity;sid:84497934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634833)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.176.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634833/; classtype:trojan-activity;sid:84497933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634832)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.134.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634832/; classtype:trojan-activity;sid:84497932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634831)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.175.99.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634831/; classtype:trojan-activity;sid:84497931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634830)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.224.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634830/; classtype:trojan-activity;sid:84497930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.19.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634829/; classtype:trojan-activity;sid:84497929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634828)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.196.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634828/; classtype:trojan-activity;sid:84497928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634827)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.87.111.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634827/; classtype:trojan-activity;sid:84497927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634826)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.218.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634826/; classtype:trojan-activity;sid:84497926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634825)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.41.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634825/; classtype:trojan-activity;sid:84497925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634824)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.183.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634824/; classtype:trojan-activity;sid:84497924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.151.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634823/; classtype:trojan-activity;sid:84497923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634822)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.196.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634822/; classtype:trojan-activity;sid:84497922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634821)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.19.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634821/; classtype:trojan-activity;sid:84497921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634820)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.231.67.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634820/; classtype:trojan-activity;sid:84497920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634819)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.149.119.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634819/; classtype:trojan-activity;sid:84497919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634818)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.176.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634818/; classtype:trojan-activity;sid:84497918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634817)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.151.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634817/; classtype:trojan-activity;sid:84497917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634816)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.24.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634816/; classtype:trojan-activity;sid:84497916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634815)"; flow:established,from_client; content:"GET"; http_method; content:"/6m9.check|3f|t=0shql8eo"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"es.xrhu7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634815/; classtype:trojan-activity;sid:84497915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634814)"; flow:established,from_client; content:"GET"; http_method; content:"/ziiwspqzgv.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"aa9.z-48y.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634814/; classtype:trojan-activity;sid:84497914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634813)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.177.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634813/; classtype:trojan-activity;sid:84497913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634812)"; flow:established,from_client; content:"GET"; http_method; content:"/gvkw6we87x.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634812/; classtype:trojan-activity;sid:84497912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634811)"; flow:established,from_client; content:"GET"; http_method; content:"/6m9.check|3f|t=i1jmi6me"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"es.xrhu7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634811/; classtype:trojan-activity;sid:84497911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634810)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.231.67.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634810/; classtype:trojan-activity;sid:84497910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634809)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.240.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634809/; classtype:trojan-activity;sid:84497909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634808)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.144.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634808/; classtype:trojan-activity;sid:84497908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634807)"; flow:established,from_client; content:"GET"; http_method; content:"/4l.check|3f|t=q9luxgkh"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"er.xrhu7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634807/; classtype:trojan-activity;sid:84497907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634806)"; flow:established,from_client; content:"GET"; http_method; content:"/iiriyeuvof.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634806/; classtype:trojan-activity;sid:84497906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634805)"; flow:established,from_client; content:"GET"; http_method; content:"/0w1ym5bgra.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2.z-48y.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634805/; classtype:trojan-activity;sid:84497905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634804)"; flow:established,from_client; content:"GET"; http_method; content:"/4l.check|3f|t=romg2w1w"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"er.xrhu7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634804/; classtype:trojan-activity;sid:84497904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634803)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.87.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634803/; classtype:trojan-activity;sid:84497903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634802)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.95.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634802/; classtype:trojan-activity;sid:84497902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634801)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.88.49.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634801/; classtype:trojan-activity;sid:84497901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634800)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.240.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634800/; classtype:trojan-activity;sid:84497900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634799)"; flow:established,from_client; content:"GET"; http_method; content:"/update"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"linertarim.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634799/; classtype:trojan-activity;sid:84497899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634798)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.183.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634798/; classtype:trojan-activity;sid:84497898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634797)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.95.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634797/; classtype:trojan-activity;sid:84497897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634796)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.195.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634796/; classtype:trojan-activity;sid:84497896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634795)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.143.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634795/; classtype:trojan-activity;sid:84497895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634794)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.98.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634794/; classtype:trojan-activity;sid:84497894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634793)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.13.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634793/; classtype:trojan-activity;sid:84497893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634792)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.210.30.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634792/; classtype:trojan-activity;sid:84497892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634791)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.156.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634791/; classtype:trojan-activity;sid:84497891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634790)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.41.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634790/; classtype:trojan-activity;sid:84497890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634788)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.105.76.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634788/; classtype:trojan-activity;sid:84497888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634789)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.105.76.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634789/; classtype:trojan-activity;sid:84497889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634785)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634785/; classtype:trojan-activity;sid:84497885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634786)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.178.95.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634786/; classtype:trojan-activity;sid:84497886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634787)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.203.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634787/; classtype:trojan-activity;sid:84497887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634784)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.73.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634784/; classtype:trojan-activity;sid:84497884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634783)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.133.255"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634783/; classtype:trojan-activity;sid:84497883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634782)"; flow:established,from_client; content:"GET"; http_method; content:"/jxpzwlfzsd.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634782/; classtype:trojan-activity;sid:84497882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634781)"; flow:established,from_client; content:"GET"; http_method; content:"/nq7.check|3f|t=329bo13o"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"en.xrhu7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634781/; classtype:trojan-activity;sid:84497881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634779)"; flow:established,from_client; content:"GET"; http_method; content:"/nq7.check|3f|t=gpk3u6jt"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"en.xrhu7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634779/; classtype:trojan-activity;sid:84497879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634780)"; flow:established,from_client; content:"GET"; http_method; content:"/6at29slpw5.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"g.z-48y.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634780/; classtype:trojan-activity;sid:84497880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634778)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.152.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634778/; classtype:trojan-activity;sid:84497878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634777)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.41.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634777/; classtype:trojan-activity;sid:84497877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634776)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.210.30.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634776/; classtype:trojan-activity;sid:84497876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634775)"; flow:established,from_client; content:"GET"; http_method; content:"/zndw7atf9y.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"aa9.d-61o.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634775/; classtype:trojan-activity;sid:84497875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634774)"; flow:established,from_client; content:"GET"; http_method; content:"/tdj.google|3f|t=u51c6xol"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"em.xrhu7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634774/; classtype:trojan-activity;sid:84497874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634773)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.171.177.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634773/; classtype:trojan-activity;sid:84497873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634772)"; flow:established,from_client; content:"GET"; http_method; content:"/cc5kziw7z7.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634772/; classtype:trojan-activity;sid:84497872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634770)"; flow:established,from_client; content:"GET"; http_method; content:"/tdj.google|3f|t=u9xq392g"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"em.xrhu7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634770/; classtype:trojan-activity;sid:84497870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634771)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.57.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634771/; classtype:trojan-activity;sid:84497871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634769)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.152.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634769/; classtype:trojan-activity;sid:84497869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634768)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.126.76.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634768/; classtype:trojan-activity;sid:84497868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634767)"; flow:established,from_client; content:"GET"; http_method; content:"/kza2yayvan.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634767/; classtype:trojan-activity;sid:84497867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634766)"; flow:established,from_client; content:"GET"; http_method; content:"/rbu.google|3f|t=j73z69tx"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"el.wzhy1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634766/; classtype:trojan-activity;sid:84497866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634765)"; flow:established,from_client; content:"GET"; http_method; content:"/og3newoemy.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"aa9.d-61o.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634765/; classtype:trojan-activity;sid:84497865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634764)"; flow:established,from_client; content:"GET"; http_method; content:"/rbu.google|3f|t=2pmlonap"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"el.wzhy1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634764/; classtype:trojan-activity;sid:84497864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634763)"; flow:established,from_client; content:"GET"; http_method; content:"/m-i.p-s.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.132.53.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634763/; classtype:trojan-activity;sid:84497863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634755)"; flow:established,from_client; content:"GET"; http_method; content:"/x-8.6-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.132.53.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634755/; classtype:trojan-activity;sid:84497855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634756)"; flow:established,from_client; content:"GET"; http_method; content:"/x-3.2-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.132.53.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634756/; classtype:trojan-activity;sid:84497856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634757)"; flow:established,from_client; content:"GET"; http_method; content:"/m-6.8-k.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.132.53.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634757/; classtype:trojan-activity;sid:84497857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634758)"; flow:established,from_client; content:"GET"; http_method; content:"/i-5.8-6.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.132.53.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634758/; classtype:trojan-activity;sid:84497858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634759)"; flow:established,from_client; content:"GET"; http_method; content:"/s-h.4-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.132.53.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634759/; classtype:trojan-activity;sid:84497859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634760)"; flow:established,from_client; content:"GET"; http_method; content:"/m-p.s-l.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.132.53.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634760/; classtype:trojan-activity;sid:84497860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634761)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-5.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.132.53.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634761/; classtype:trojan-activity;sid:84497861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634762)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-7.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.132.53.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634762/; classtype:trojan-activity;sid:84497862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634754)"; flow:established,from_client; content:"GET"; http_method; content:"/p-p.c-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.132.53.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634754/; classtype:trojan-activity;sid:84497854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634741)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634741/; classtype:trojan-activity;sid:84497841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634742)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634742/; classtype:trojan-activity;sid:84497842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634743)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634743/; classtype:trojan-activity;sid:84497843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634744)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634744/; classtype:trojan-activity;sid:84497844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634745)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86_64"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634745/; classtype:trojan-activity;sid:84497845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634746)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634746/; classtype:trojan-activity;sid:84497846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634747)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634747/; classtype:trojan-activity;sid:84497847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634748)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634748/; classtype:trojan-activity;sid:84497848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634749)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634749/; classtype:trojan-activity;sid:84497849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634750)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.sh4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634750/; classtype:trojan-activity;sid:84497850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634751)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/debug"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634751/; classtype:trojan-activity;sid:84497851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634752)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-4.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.132.53.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634752/; classtype:trojan-activity;sid:84497852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634753)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-6.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.132.53.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634753/; classtype:trojan-activity;sid:84497853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634739)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634739/; classtype:trojan-activity;sid:84497839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634740)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634740/; classtype:trojan-activity;sid:84497840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634737)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i686"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634737/; classtype:trojan-activity;sid:84497837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634738)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634738/; classtype:trojan-activity;sid:84497838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634736)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.171.177.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634736/; classtype:trojan-activity;sid:84497836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634735)"; flow:established,from_client; content:"GET"; http_method; content:"/eeoutcap77.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"xq0.d-61o.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634735/; classtype:trojan-activity;sid:84497835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634734)"; flow:established,from_client; content:"GET"; http_method; content:"/p0s.google|3f|t=80panpt8"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"eh.wzhy1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634734/; classtype:trojan-activity;sid:84497834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634733)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.29.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634733/; classtype:trojan-activity;sid:84497833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634732)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.57.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634732/; classtype:trojan-activity;sid:84497832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634731)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.76.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634731/; classtype:trojan-activity;sid:84497831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634730)"; flow:established,from_client; content:"GET"; http_method; content:"/w1m6yu1zsu.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634730/; classtype:trojan-activity;sid:84497830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634729)"; flow:established,from_client; content:"GET"; http_method; content:"/p0s.google|3f|t=jcdej3f1"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"eh.wzhy1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634729/; classtype:trojan-activity;sid:84497829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634728)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.87.190.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634728/; classtype:trojan-activity;sid:84497828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634727)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.29.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634727/; classtype:trojan-activity;sid:84497827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634726)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.136.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634726/; classtype:trojan-activity;sid:84497826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634725)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.235.231.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634725/; classtype:trojan-activity;sid:84497825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634723)"; flow:established,from_client; content:"GET"; http_method; content:"/2fp9gfebob.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c5.d-61o.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634723/; classtype:trojan-activity;sid:84497823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634724)"; flow:established,from_client; content:"GET"; http_method; content:"/jhky5hqd8h.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634724/; classtype:trojan-activity;sid:84497824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634721)"; flow:established,from_client; content:"GET"; http_method; content:"/31.check|3f|t=rzixkpr8"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ef.wzhy1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634721/; classtype:trojan-activity;sid:84497821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634722)"; flow:established,from_client; content:"GET"; http_method; content:"/31.check|3f|t=62a09jpn"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ef.wzhy1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634722/; classtype:trojan-activity;sid:84497822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634720)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.6.54"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634720/; classtype:trojan-activity;sid:84497820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634719)"; flow:established,from_client; content:"GET"; http_method; content:"/g7d0rtp59w.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c5.d-61o.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634719/; classtype:trojan-activity;sid:84497819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634718)"; flow:established,from_client; content:"GET"; http_method; content:"/4a.google|3f|t=d2nxbsbw"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ed.wzhy1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634718/; classtype:trojan-activity;sid:84497818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634717)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.76.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634717/; classtype:trojan-activity;sid:84497817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634716)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.109.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634716/; classtype:trojan-activity;sid:84497816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634715)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.87.190.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634715/; classtype:trojan-activity;sid:84497815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634714)"; flow:established,from_client; content:"GET"; http_method; content:"/y5y0zgsu0w.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634714/; classtype:trojan-activity;sid:84497814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634713)"; flow:established,from_client; content:"GET"; http_method; content:"/4a.google|3f|t=45z8hxqv"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ed.wzhy1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634713/; classtype:trojan-activity;sid:84497813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634712)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.166.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634712/; classtype:trojan-activity;sid:84497812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634711)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.237.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634711/; classtype:trojan-activity;sid:84497811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634710)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.142.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634710/; classtype:trojan-activity;sid:84497810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634709)"; flow:established,from_client; content:"GET"; http_method; content:"/9uv6o31jnf.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634709/; classtype:trojan-activity;sid:84497809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634708)"; flow:established,from_client; content:"GET"; http_method; content:"/uf.check|3f|t=02f30e3f"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"do.wzhy1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634708/; classtype:trojan-activity;sid:84497808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634707)"; flow:established,from_client; content:"GET"; http_method; content:"/155/images___picture023003030400405000000000404000040320020204040400.hta"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"107.172.135.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634707/; classtype:trojan-activity;sid:84497807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634706)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.220.87.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634706/; classtype:trojan-activity;sid:84497806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634704)"; flow:established,from_client; content:"GET"; http_method; content:"/uf.check|3f|t=b9guh449"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"do.wzhy1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634704/; classtype:trojan-activity;sid:84497804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634705)"; flow:established,from_client; content:"GET"; http_method; content:"/734bmml159.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"l.d-61o.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634705/; classtype:trojan-activity;sid:84497805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634703)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.127.70.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634703/; classtype:trojan-activity;sid:84497803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634702)"; flow:established,from_client; content:"GET"; http_method; content:"/0wb.google|3f|t=q48otrek"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"de.vwjy7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634702/; classtype:trojan-activity;sid:84497802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634701)"; flow:established,from_client; content:"GET"; http_method; content:"/pa7po3jxfm.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634701/; classtype:trojan-activity;sid:84497801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634699)"; flow:established,from_client; content:"GET"; http_method; content:"/0wb.google|3f|t=cne05yqy"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"de.vwjy7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634699/; classtype:trojan-activity;sid:84497799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634700)"; flow:established,from_client; content:"GET"; http_method; content:"/agglluvjtr.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"h1.w-57e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634700/; classtype:trojan-activity;sid:84497800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634697)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8172919016/zq2rb3t.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634697/; classtype:trojan-activity;sid:84497797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634698)"; flow:established,from_client; content:"GET"; http_method; content:"/all.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634698/; classtype:trojan-activity;sid:84497798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634696)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.235.231.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634696/; classtype:trojan-activity;sid:84497796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634695)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.6.54"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634695/; classtype:trojan-activity;sid:84497795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634694)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|z=35"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"pwstop.icu"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634694/; classtype:trojan-activity;sid:84497794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634693)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"91.235.116.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634693/; classtype:trojan-activity;sid:84497793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634692)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"dowmein.site"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634692/; classtype:trojan-activity;sid:84497792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634691)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|pub_id=92|7c|26|7c|site_id=424"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"disbanded.cloud"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634691/; classtype:trojan-activity;sid:84497791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634688)"; flow:established,from_client; content:"GET"; http_method; content:"/direct88|3f|s=13"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"zipper.pics"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634688/; classtype:trojan-activity;sid:84497788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634689)"; flow:established,from_client; content:"GET"; http_method; content:"/redirect.php|3f|c=28"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"filedownloader.xyz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634689/; classtype:trojan-activity;sid:84497789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634690)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|pub_id=12|7c|26|7c|id_site=22"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"hostingfile.live"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634690/; classtype:trojan-activity;sid:84497790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634684)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|pub_id=12|7c|26|7c|site_id=22"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"reformedas.xyz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634684/; classtype:trojan-activity;sid:84497784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634686)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|e=35"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"downloadsecures.cc"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634686/; classtype:trojan-activity;sid:84497786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634687)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|pub_id=92|7c|26|7c|id_site=424"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"eoprovide.live"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634687/; classtype:trojan-activity;sid:84497787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634682)"; flow:established,from_client; content:"GET"; http_method; content:"/file/x3hkfcwl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mega.nz"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634682/; classtype:trojan-activity;sid:84497782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634683)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"alises2.cfd"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634683/; classtype:trojan-activity;sid:84497783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634681)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.77.241.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634681/; classtype:trojan-activity;sid:84497781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634680)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.i586"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634680/; classtype:trojan-activity;sid:84497780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634678)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/x86.tar"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634678/; classtype:trojan-activity;sid:84497778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634679)"; flow:established,from_client; content:"GET"; http_method; content:"/x86l"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634679/; classtype:trojan-activity;sid:84497779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634675)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/fghe3tj.arm7"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634675/; classtype:trojan-activity;sid:84497775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634676)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/debug.sh4"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634676/; classtype:trojan-activity;sid:84497776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634677)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634677/; classtype:trojan-activity;sid:84497777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634668)"; flow:established,from_client; content:"GET"; http_method; content:"/x86.rar"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634668/; classtype:trojan-activity;sid:84497768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634669)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/debug.spc"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634669/; classtype:trojan-activity;sid:84497769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634670)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32.tar"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634670/; classtype:trojan-activity;sid:84497770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634671)"; flow:established,from_client; content:"GET"; http_method; content:"/i686.7z"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634671/; classtype:trojan-activity;sid:84497771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634672)"; flow:established,from_client; content:"GET"; http_method; content:"/z/morte.mpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634672/; classtype:trojan-activity;sid:84497772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634673)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5.tar.gz"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634673/; classtype:trojan-activity;sid:84497773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634674)"; flow:established,from_client; content:"GET"; http_method; content:"/i586.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634674/; classtype:trojan-activity;sid:84497774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634662)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.x86l"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634662/; classtype:trojan-activity;sid:84497762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634663)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/arm5.7z"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634663/; classtype:trojan-activity;sid:84497763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634664)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634664/; classtype:trojan-activity;sid:84497764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634665)"; flow:established,from_client; content:"GET"; http_method; content:"/p-p.c-.snoopy"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634665/; classtype:trojan-activity;sid:84497765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634666)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.ppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634666/; classtype:trojan-activity;sid:84497766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634667)"; flow:established,from_client; content:"GET"; http_method; content:"/arm.7z"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634667/; classtype:trojan-activity;sid:84497767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634661)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/mpsl.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634661/; classtype:trojan-activity;sid:84497761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634658)"; flow:established,from_client; content:"GET"; http_method; content:"/jsonrpc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634658/; classtype:trojan-activity;sid:84497758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634659)"; flow:established,from_client; content:"GET"; http_method; content:"/i686.rar"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634659/; classtype:trojan-activity;sid:84497759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634660)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7l"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634660/; classtype:trojan-activity;sid:84497760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634649)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.spc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634649/; classtype:trojan-activity;sid:84497749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634650)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.tar.gz"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634650/; classtype:trojan-activity;sid:84497750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634651)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl.tar.gz"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634651/; classtype:trojan-activity;sid:84497751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634652)"; flow:established,from_client; content:"GET"; http_method; content:"/arm.tar"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634652/; classtype:trojan-activity;sid:84497752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634653)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/morte.ppc"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634653/; classtype:trojan-activity;sid:84497753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634654)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/m68k.7z"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634654/; classtype:trojan-activity;sid:84497754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634655)"; flow:established,from_client; content:"GET"; http_method; content:"/z/morte.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634655/; classtype:trojan-activity;sid:84497755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634656)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634656/; classtype:trojan-activity;sid:84497756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634657)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/sh4.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634657/; classtype:trojan-activity;sid:84497757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634642)"; flow:established,from_client; content:"GET"; http_method; content:"/spc.tar"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634642/; classtype:trojan-activity;sid:84497742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634643)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsll"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634643/; classtype:trojan-activity;sid:84497743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634644)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/i586.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634644/; classtype:trojan-activity;sid:84497744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634645)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/i686.7z"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634645/; classtype:trojan-activity;sid:84497745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634646)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.i586l"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634646/; classtype:trojan-activity;sid:84497746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634647)"; flow:established,from_client; content:"GET"; http_method; content:"/spcl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634647/; classtype:trojan-activity;sid:84497747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634648)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.7z"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634648/; classtype:trojan-activity;sid:84497748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634640)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.arm6l"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634640/; classtype:trojan-activity;sid:84497740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634641)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/m68k.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634641/; classtype:trojan-activity;sid:84497741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634639)"; flow:established,from_client; content:"GET"; http_method; content:"/i586.rar"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634639/; classtype:trojan-activity;sid:84497739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634638)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k.rar"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634638/; classtype:trojan-activity;sid:84497738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634637)"; flow:established,from_client; content:"GET"; http_method; content:"/spc.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634637/; classtype:trojan-activity;sid:84497737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634631)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/arm7.7z"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634631/; classtype:trojan-activity;sid:84497731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634632)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/mpsl.tar"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634632/; classtype:trojan-activity;sid:84497732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634633)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/x86_32.tar"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634633/; classtype:trojan-activity;sid:84497733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634634)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k.7z"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634634/; classtype:trojan-activity;sid:84497734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634635)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/fghe3tj.mips"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634635/; classtype:trojan-activity;sid:84497735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634636)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/i586.7z"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634636/; classtype:trojan-activity;sid:84497736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634621)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/arm.tar"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634621/; classtype:trojan-activity;sid:84497721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634622)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.mipsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634622/; classtype:trojan-activity;sid:84497722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634623)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc.7z"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634623/; classtype:trojan-activity;sid:84497723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634624)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5l"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634624/; classtype:trojan-activity;sid:84497724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634625)"; flow:established,from_client; content:"GET"; http_method; content:"/watc3mttzj.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634625/; classtype:trojan-activity;sid:84497725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634626)"; flow:established,from_client; content:"GET"; http_method; content:"/ratatatatatatatatasahurrrrrrrbambam/arm7"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"45.153.34.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634626/; classtype:trojan-activity;sid:84497726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634627)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k.tar"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634627/; classtype:trojan-activity;sid:84497727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634628)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7.tar.gz"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634628/; classtype:trojan-activity;sid:84497728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634629)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634629/; classtype:trojan-activity;sid:84497729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634630)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/m68k.tar"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634630/; classtype:trojan-activity;sid:84497730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634617)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl.rar"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634617/; classtype:trojan-activity;sid:84497717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634618)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64.tar"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634618/; classtype:trojan-activity;sid:84497718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634619)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/spc.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634619/; classtype:trojan-activity;sid:84497719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634620)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5.7z"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634620/; classtype:trojan-activity;sid:84497720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634616)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/x86_32"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634616/; classtype:trojan-activity;sid:84497716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634610)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/arm5.tar"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634610/; classtype:trojan-activity;sid:84497710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634611)"; flow:established,from_client; content:"GET"; http_method; content:"/ratatatatatatatatasahurrrrrrrbambam/ppc"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"45.153.34.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634611/; classtype:trojan-activity;sid:84497711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634612)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/x86.7z"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634612/; classtype:trojan-activity;sid:84497712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634613)"; flow:established,from_client; content:"GET"; http_method; content:"/arm.tar.gz"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634613/; classtype:trojan-activity;sid:84497713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634614)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32l"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634614/; classtype:trojan-activity;sid:84497714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634615)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/debug.arm6"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634615/; classtype:trojan-activity;sid:84497715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634603)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.mpsll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634603/; classtype:trojan-activity;sid:84497703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634604)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/morte.mips"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634604/; classtype:trojan-activity;sid:84497704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634605)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/m68k"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634605/; classtype:trojan-activity;sid:84497705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634606)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634606/; classtype:trojan-activity;sid:84497706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634607)"; flow:established,from_client; content:"GET"; http_method; content:"/ratatatatatatatatasahurrrrrrrbambam/sh4"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"45.153.34.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634607/; classtype:trojan-activity;sid:84497707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634608)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/fghe3tj.i586"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634608/; classtype:trojan-activity;sid:84497708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634609)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4.tar.gz"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634609/; classtype:trojan-activity;sid:84497709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634599)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634599/; classtype:trojan-activity;sid:84497699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634600)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4l"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634600/; classtype:trojan-activity;sid:84497700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634601)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/x86"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634601/; classtype:trojan-activity;sid:84497701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634602)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/joker.mips"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634602/; classtype:trojan-activity;sid:84497702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634598)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/morte.i686"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634598/; classtype:trojan-activity;sid:84497698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634593)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64.rar"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634593/; classtype:trojan-activity;sid:84497693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634594)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/morte.sh4"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634594/; classtype:trojan-activity;sid:84497694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634595)"; flow:established,from_client; content:"GET"; http_method; content:"/m68kl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634595/; classtype:trojan-activity;sid:84497695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634596)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/joker.mpsl"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634596/; classtype:trojan-activity;sid:84497696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634597)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4.7z"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634597/; classtype:trojan-activity;sid:84497697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634592)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634592/; classtype:trojan-activity;sid:84497692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634590)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/x86_64"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634590/; classtype:trojan-activity;sid:84497690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634591)"; flow:established,from_client; content:"GET"; http_method; content:"/z/morte.arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634591/; classtype:trojan-activity;sid:84497691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634589)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634589/; classtype:trojan-activity;sid:84497689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634586)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/joker.arm"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634586/; classtype:trojan-activity;sid:84497686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634587)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/x86_64.tar"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634587/; classtype:trojan-activity;sid:84497687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634588)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/debug.x86_32"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634588/; classtype:trojan-activity;sid:84497688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634584)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/i686"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634584/; classtype:trojan-activity;sid:84497684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634585)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/x86_64.7z"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634585/; classtype:trojan-activity;sid:84497685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634581)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc.tar.gz"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634581/; classtype:trojan-activity;sid:84497681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634582)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4.tar"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634582/; classtype:trojan-activity;sid:84497682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634583)"; flow:established,from_client; content:"GET"; http_method; content:"/z/morte.i586"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634583/; classtype:trojan-activity;sid:84497683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634576)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/debug.mips"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634576/; classtype:trojan-activity;sid:84497676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634577)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64.7z"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634577/; classtype:trojan-activity;sid:84497677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634578)"; flow:established,from_client; content:"GET"; http_method; content:"/spc.rar"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634578/; classtype:trojan-activity;sid:84497678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634579)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/i686.tar"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634579/; classtype:trojan-activity;sid:84497679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634580)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/joker.arm6"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634580/; classtype:trojan-activity;sid:84497680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634573)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6l"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634573/; classtype:trojan-activity;sid:84497673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634574)"; flow:established,from_client; content:"GET"; http_method; content:"/i586.7z"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634574/; classtype:trojan-activity;sid:84497674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634575)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5.rar"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634575/; classtype:trojan-activity;sid:84497675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634572)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634572/; classtype:trojan-activity;sid:84497672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634566)"; flow:established,from_client; content:"GET"; http_method; content:"/z/morte.ppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634566/; classtype:trojan-activity;sid:84497666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634567)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634567/; classtype:trojan-activity;sid:84497667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634568)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc.rar"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634568/; classtype:trojan-activity;sid:84497668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634569)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/debug.i686"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634569/; classtype:trojan-activity;sid:84497669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634570)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/arm6"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634570/; classtype:trojan-activity;sid:84497670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634571)"; flow:established,from_client; content:"GET"; http_method; content:"/i686.tar.gz"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634571/; classtype:trojan-activity;sid:84497671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634562)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.tar.gz"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634562/; classtype:trojan-activity;sid:84497662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634563)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/fghe3tj.ppc"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634563/; classtype:trojan-activity;sid:84497663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634564)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7.rar"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634564/; classtype:trojan-activity;sid:84497664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634565)"; flow:established,from_client; content:"GET"; http_method; content:"/ratatatatatatatatasahurrrrrrrbambam/x86_64"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"45.153.34.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634565/; classtype:trojan-activity;sid:84497665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634558)"; flow:established,from_client; content:"GET"; http_method; content:"/x-8.6-.snoopy"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634558/; classtype:trojan-activity;sid:84497658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634559)"; flow:established,from_client; content:"GET"; http_method; content:"/ratatatatatatatatasahurrrrrrrbambam/x86"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"45.153.34.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634559/; classtype:trojan-activity;sid:84497659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634560)"; flow:established,from_client; content:"GET"; http_method; content:"/x86.tar"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634560/; classtype:trojan-activity;sid:84497660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634561)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/ppc.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634561/; classtype:trojan-activity;sid:84497661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634551)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4.rar"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634551/; classtype:trojan-activity;sid:84497651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634552)"; flow:established,from_client; content:"GET"; http_method; content:"/i586.tar.gz"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634552/; classtype:trojan-activity;sid:84497652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634553)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64l"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634553/; classtype:trojan-activity;sid:84497653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634554)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/i686.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634554/; classtype:trojan-activity;sid:84497654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634555)"; flow:established,from_client; content:"GET"; http_method; content:"/z/morte.m68k"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634555/; classtype:trojan-activity;sid:84497655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634556)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/i586.tar"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634556/; classtype:trojan-activity;sid:84497656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634557)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/x86_64.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634557/; classtype:trojan-activity;sid:84497657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634550)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/arm.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634550/; classtype:trojan-activity;sid:84497650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634549)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/joker.sh4"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634549/; classtype:trojan-activity;sid:84497649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634546)"; flow:established,from_client; content:"GET"; http_method; content:"/x86.tar.gz"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634546/; classtype:trojan-activity;sid:84497646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634547)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/ppc.tar"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634547/; classtype:trojan-activity;sid:84497647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634548)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.sh4l"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634548/; classtype:trojan-activity;sid:84497648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634542)"; flow:established,from_client; content:"GET"; http_method; content:"/ratatatatatatatatasahurrrrrrrbambam/mpsl"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"45.153.34.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634542/; classtype:trojan-activity;sid:84497642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634543)"; flow:established,from_client; content:"GET"; http_method; content:"/i686l"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634543/; classtype:trojan-activity;sid:84497643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634544)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/fghe3tj.mpsl"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634544/; classtype:trojan-activity;sid:84497644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634545)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/fghe3tj.sh4"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634545/; classtype:trojan-activity;sid:84497645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634539)"; flow:established,from_client; content:"GET"; http_method; content:"/ratatatatatatatatasahurrrrrrrbambam/arm4"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"45.153.34.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634539/; classtype:trojan-activity;sid:84497639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634540)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.x86_32l"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634540/; classtype:trojan-activity;sid:84497640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634541)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/spc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634541/; classtype:trojan-activity;sid:84497641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634534)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/sh4.7z"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634534/; classtype:trojan-activity;sid:84497634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634535)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/arm6.tar"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634535/; classtype:trojan-activity;sid:84497635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634536)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.7z"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634536/; classtype:trojan-activity;sid:84497636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634537)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/ppc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634537/; classtype:trojan-activity;sid:84497637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634538)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/morte.x86_32"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634538/; classtype:trojan-activity;sid:84497638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634526)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/debug.ppc"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634526/; classtype:trojan-activity;sid:84497626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634527)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/joker.i686"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634527/; classtype:trojan-activity;sid:84497627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634528)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634528/; classtype:trojan-activity;sid:84497628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634529)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.x86_32"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634529/; classtype:trojan-activity;sid:84497629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634530)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/joker.x86_64"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634530/; classtype:trojan-activity;sid:84497630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634531)"; flow:established,from_client; content:"GET"; http_method; content:"/ratatatatatatatatasahurrrrrrrbambam/arm6"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"45.153.34.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634531/; classtype:trojan-activity;sid:84497631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634532)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/joker.arm7"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634532/; classtype:trojan-activity;sid:84497632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634533)"; flow:established,from_client; content:"GET"; http_method; content:"/i586.tar"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634533/; classtype:trojan-activity;sid:84497633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634523)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/joker.i586"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634523/; classtype:trojan-activity;sid:84497623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634524)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.arm5l"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634524/; classtype:trojan-activity;sid:84497624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634525)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/debug.arm7"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634525/; classtype:trojan-activity;sid:84497625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634522)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634522/; classtype:trojan-activity;sid:84497622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634518)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/fghe3tj.x86_64"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634518/; classtype:trojan-activity;sid:84497618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634519)"; flow:established,from_client; content:"GET"; http_method; content:"/i586l"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634519/; classtype:trojan-activity;sid:84497619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634520)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/ddebug"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634520/; classtype:trojan-activity;sid:84497620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634521)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/x86_32.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634521/; classtype:trojan-activity;sid:84497621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634516)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/morte.arm5"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634516/; classtype:trojan-activity;sid:84497616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634517)"; flow:established,from_client; content:"GET"; http_method; content:"/ratatatatatatatatasahurrrrrrrbambam/spc"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"45.153.34.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634517/; classtype:trojan-activity;sid:84497617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634509)"; flow:established,from_client; content:"GET"; http_method; content:"/ratatatatatatatatasahurrrrrrrbambam/mips"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"45.153.34.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634509/; classtype:trojan-activity;sid:84497609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634510)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/morte.m68k"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634510/; classtype:trojan-activity;sid:84497610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634511)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/morte.arm7"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634511/; classtype:trojan-activity;sid:84497611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634512)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/fghe3tj.i686"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634512/; classtype:trojan-activity;sid:84497612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634513)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.x86_64l"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634513/; classtype:trojan-activity;sid:84497613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634514)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/ppc.7z"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634514/; classtype:trojan-activity;sid:84497614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634515)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/debug.i586"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634515/; classtype:trojan-activity;sid:84497615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634506)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.m68kl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634506/; classtype:trojan-activity;sid:84497606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634507)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/debug.m68k"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634507/; classtype:trojan-activity;sid:84497607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634508)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7.tar"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634508/; classtype:trojan-activity;sid:84497608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634502)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.x86_64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634502/; classtype:trojan-activity;sid:84497602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634503)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634503/; classtype:trojan-activity;sid:84497603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634504)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.i686l"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634504/; classtype:trojan-activity;sid:84497604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634505)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634505/; classtype:trojan-activity;sid:84497605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634501)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/morte.x86"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634501/; classtype:trojan-activity;sid:84497601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634499)"; flow:established,from_client; content:"GET"; http_method; content:"/kljasdfgldfgldkfbjdoigfbjsd"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634499/; classtype:trojan-activity;sid:84497599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634500)"; flow:established,from_client; content:"GET"; http_method; content:"/x86.7z"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634500/; classtype:trojan-activity;sid:84497600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634495)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.rar"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634495/; classtype:trojan-activity;sid:84497595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634496)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/joker.x86_32"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634496/; classtype:trojan-activity;sid:84497596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634497)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.tar"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634497/; classtype:trojan-activity;sid:84497597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634498)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/fghe3tj.arm5"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634498/; classtype:trojan-activity;sid:84497598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634493)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.i686"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634493/; classtype:trojan-activity;sid:84497593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634494)"; flow:established,from_client; content:"GET"; http_method; content:"/ratatatatatatatatasahurrrrrrrbambam/m68k"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"45.153.34.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634494/; classtype:trojan-activity;sid:84497594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634481)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/joker.m68k"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634481/; classtype:trojan-activity;sid:84497581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634482)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/joker.arm5"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634482/; classtype:trojan-activity;sid:84497582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634483)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634483/; classtype:trojan-activity;sid:84497583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634484)"; flow:established,from_client; content:"GET"; http_method; content:"/z/morte.x86_64"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634484/; classtype:trojan-activity;sid:84497584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634485)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/spc.tar"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634485/; classtype:trojan-activity;sid:84497585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634486)"; flow:established,from_client; content:"GET"; http_method; content:"/ratatatatatatatatasahurrrrrrrbambam/arc"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"45.153.34.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634486/; classtype:trojan-activity;sid:84497586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634487)"; flow:established,from_client; content:"GET"; http_method; content:"/ratatatatatatatatasahurrrrrrrbambam/arm5"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"45.153.34.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634487/; classtype:trojan-activity;sid:84497587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634488)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/sh4.tar"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634488/; classtype:trojan-activity;sid:84497588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634489)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/fghe3tj.arm6"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634489/; classtype:trojan-activity;sid:84497589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634490)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/debug.x86_64"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634490/; classtype:trojan-activity;sid:84497590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634491)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/debug.arm5"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634491/; classtype:trojan-activity;sid:84497591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634492)"; flow:established,from_client; content:"GET"; http_method; content:"/x86.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634492/; classtype:trojan-activity;sid:84497592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634478)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/arm7.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634478/; classtype:trojan-activity;sid:84497578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634479)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/arm5"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634479/; classtype:trojan-activity;sid:84497579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634480)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/debug"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634480/; classtype:trojan-activity;sid:84497580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634476)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.arml"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634476/; classtype:trojan-activity;sid:84497576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634477)"; flow:established,from_client; content:"GET"; http_method; content:"/i686.tar"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634477/; classtype:trojan-activity;sid:84497577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634475)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/fghe3tj.x86"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634475/; classtype:trojan-activity;sid:84497575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634473)"; flow:established,from_client; content:"GET"; http_method; content:"/arml"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634473/; classtype:trojan-activity;sid:84497573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634474)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/mips"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634474/; classtype:trojan-activity;sid:84497574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634466)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.arm7l"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634466/; classtype:trojan-activity;sid:84497566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634467)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/morte.spc"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634467/; classtype:trojan-activity;sid:84497567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634468)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/mips.7z"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634468/; classtype:trojan-activity;sid:84497568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634469)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/morte.i586"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634469/; classtype:trojan-activity;sid:84497569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634470)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/debug.arm"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634470/; classtype:trojan-activity;sid:84497570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634471)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/joker.ppc"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634471/; classtype:trojan-activity;sid:84497571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634472)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k.tar.gz"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634472/; classtype:trojan-activity;sid:84497572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634461)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/mpsl.7z"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634461/; classtype:trojan-activity;sid:84497561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634462)"; flow:established,from_client; content:"GET"; http_method; content:"/ihsx"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634462/; classtype:trojan-activity;sid:84497562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634463)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/fghe3tj.m68k"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634463/; classtype:trojan-activity;sid:84497563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634464)"; flow:established,from_client; content:"GET"; http_method; content:"/zx8.check|3f|t=p82op2o2"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"da.vwjy7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634464/; classtype:trojan-activity;sid:84497564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634465)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/arm6.7z"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634465/; classtype:trojan-activity;sid:84497565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634459)"; flow:established,from_client; content:"GET"; http_method; content:"/z/morte.arm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634459/; classtype:trojan-activity;sid:84497559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634460)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/morte.mpsl"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634460/; classtype:trojan-activity;sid:84497560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634458)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5.tar"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634458/; classtype:trojan-activity;sid:84497558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634456)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634456/; classtype:trojan-activity;sid:84497556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634457)"; flow:established,from_client; content:"GET"; http_method; content:"/z/morte.x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634457/; classtype:trojan-activity;sid:84497557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634453)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/fghe3tj.spc"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634453/; classtype:trojan-activity;sid:84497553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634454)"; flow:established,from_client; content:"GET"; http_method; content:"/worldwideaq.xml"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.153.34.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634454/; classtype:trojan-activity;sid:84497554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634455)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/debug.x86"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634455/; classtype:trojan-activity;sid:84497555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634442)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl.7z"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634442/; classtype:trojan-activity;sid:84497542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634443)"; flow:established,from_client; content:"GET"; http_method; content:"/arm.rar"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634443/; classtype:trojan-activity;sid:84497543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634444)"; flow:established,from_client; content:"GET"; http_method; content:"/z/morte.arm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634444/; classtype:trojan-activity;sid:84497544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634445)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc.tar"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634445/; classtype:trojan-activity;sid:84497545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634446)"; flow:established,from_client; content:"GET"; http_method; content:"/spc.7z"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634446/; classtype:trojan-activity;sid:84497546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634447)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64.tar.gz"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634447/; classtype:trojan-activity;sid:84497547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634448)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634448/; classtype:trojan-activity;sid:84497548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634449)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/x86.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634449/; classtype:trojan-activity;sid:84497549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634450)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/sh4"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634450/; classtype:trojan-activity;sid:84497550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634451)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/arm7.tar"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634451/; classtype:trojan-activity;sid:84497551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634452)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634452/; classtype:trojan-activity;sid:84497552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634421)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/i586"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634421/; classtype:trojan-activity;sid:84497521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634422)"; flow:established,from_client; content:"GET"; http_method; content:"/5snngqrpmnsjk6czvrsu-ez_5hs"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634422/; classtype:trojan-activity;sid:84497522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634423)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634423/; classtype:trojan-activity;sid:84497523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634424)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/x86_32.7z"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634424/; classtype:trojan-activity;sid:84497524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634425)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/mpsl"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634425/; classtype:trojan-activity;sid:84497525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634426)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/mips.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634426/; classtype:trojan-activity;sid:84497526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634427)"; flow:established,from_client; content:"GET"; http_method; content:"/ppcl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634427/; classtype:trojan-activity;sid:84497527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634428)"; flow:established,from_client; content:"GET"; http_method; content:"/pool_info"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634428/; classtype:trojan-activity;sid:84497528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634429)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32.tar.gz"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634429/; classtype:trojan-activity;sid:84497529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634430)"; flow:established,from_client; content:"GET"; http_method; content:"/z/morte.sh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634430/; classtype:trojan-activity;sid:84497530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634431)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/debug.mpsl"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634431/; classtype:trojan-activity;sid:84497531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634432)"; flow:established,from_client; content:"GET"; http_method; content:"/i686.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634432/; classtype:trojan-activity;sid:84497532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634433)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/joker.spc"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634433/; classtype:trojan-activity;sid:84497533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634434)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/fghe3tj.x86_32"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634434/; classtype:trojan-activity;sid:84497534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634435)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.ppcl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634435/; classtype:trojan-activity;sid:84497535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634436)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/fghe3tj.arm"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634436/; classtype:trojan-activity;sid:84497536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634437)"; flow:established,from_client; content:"GET"; http_method; content:"/spc.tar.gz"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634437/; classtype:trojan-activity;sid:84497537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634438)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/arm7"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634438/; classtype:trojan-activity;sid:84497538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634439)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl.tar"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634439/; classtype:trojan-activity;sid:84497539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634440)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32.7z"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634440/; classtype:trojan-activity;sid:84497540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634441)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.rar"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634441/; classtype:trojan-activity;sid:84497541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634419)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/arm6.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634419/; classtype:trojan-activity;sid:84497519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634420)"; flow:established,from_client; content:"GET"; http_method; content:"/z/morte.arm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634420/; classtype:trojan-activity;sid:84497520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634417)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/morte.arm"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634417/; classtype:trojan-activity;sid:84497517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634418)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.spcl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634418/; classtype:trojan-activity;sid:84497518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634416)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/morte.x86_64"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634416/; classtype:trojan-activity;sid:84497516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634415)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/spc.7z"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634415/; classtype:trojan-activity;sid:84497515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634413)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/arm.7z"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634413/; classtype:trojan-activity;sid:84497513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634414)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.tar"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634414/; classtype:trojan-activity;sid:84497514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634412)"; flow:established,from_client; content:"GET"; http_method; content:"/z/morte.spc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634412/; classtype:trojan-activity;sid:84497512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634411)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.109.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634411/; classtype:trojan-activity;sid:84497511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634410)"; flow:established,from_client; content:"GET"; http_method; content:"/g15ay99lq7.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"h1.w-57e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634410/; classtype:trojan-activity;sid:84497510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634409)"; flow:established,from_client; content:"GET"; http_method; content:"/zx8.check|3f|t=g9eb08bk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"da.vwjy7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634409/; classtype:trojan-activity;sid:84497509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634408)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.224.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634408/; classtype:trojan-activity;sid:84497508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634407)"; flow:established,from_client; content:"GET"; http_method; content:"/lntzptnvca.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634407/; classtype:trojan-activity;sid:84497507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634406)"; flow:established,from_client; content:"GET"; http_method; content:"/31c.google|3f|t=q3fi4x6g"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"by.vwjy7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634406/; classtype:trojan-activity;sid:84497506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634405)"; flow:established,from_client; content:"GET"; http_method; content:"/veqc930c52.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"h1.w-57e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634405/; classtype:trojan-activity;sid:84497505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634404)"; flow:established,from_client; content:"GET"; http_method; content:"/31c.google|3f|t=anmhsraa"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"by.vwjy7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634404/; classtype:trojan-activity;sid:84497504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634403)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.105.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634403/; classtype:trojan-activity;sid:84497503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634402)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.189.169.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634402/; classtype:trojan-activity;sid:84497502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634401)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.25.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634401/; classtype:trojan-activity;sid:84497501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634400)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.45.201"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634400/; classtype:trojan-activity;sid:84497500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634399)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.0.104"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634399/; classtype:trojan-activity;sid:84497499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634398)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.98.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634398/; classtype:trojan-activity;sid:84497498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634396)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.160.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634396/; classtype:trojan-activity;sid:84497496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634397)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.166.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634397/; classtype:trojan-activity;sid:84497497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634395)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.127.70.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634395/; classtype:trojan-activity;sid:84497495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634394)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.105.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634394/; classtype:trojan-activity;sid:84497494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634393)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.178.45.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634393/; classtype:trojan-activity;sid:84497493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634392)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.79.141.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634392/; classtype:trojan-activity;sid:84497492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634391)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.88.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634391/; classtype:trojan-activity;sid:84497491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634390)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.128.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634390/; classtype:trojan-activity;sid:84497490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634384)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"176.65.132.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634384/; classtype:trojan-activity;sid:84497484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634385)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"176.65.132.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634385/; classtype:trojan-activity;sid:84497485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634386)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"176.65.132.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634386/; classtype:trojan-activity;sid:84497486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634387)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"176.65.132.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634387/; classtype:trojan-activity;sid:84497487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634388)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"176.65.132.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634388/; classtype:trojan-activity;sid:84497488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634389)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"176.65.132.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634389/; classtype:trojan-activity;sid:84497489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634372)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32.rar"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634372/; classtype:trojan-activity;sid:84497472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634373)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/joker.x86"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634373/; classtype:trojan-activity;sid:84497473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634374)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/morte.arm6"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634374/; classtype:trojan-activity;sid:84497474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634375)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/arm5.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634375/; classtype:trojan-activity;sid:84497475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634376)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634376/; classtype:trojan-activity;sid:84497476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634377)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7.7z"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634377/; classtype:trojan-activity;sid:84497477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634378)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"176.65.132.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634378/; classtype:trojan-activity;sid:84497478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634379)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"176.65.132.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634379/; classtype:trojan-activity;sid:84497479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634380)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"176.65.132.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634380/; classtype:trojan-activity;sid:84497480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634381)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"176.65.132.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634381/; classtype:trojan-activity;sid:84497481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634382)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"176.65.132.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634382/; classtype:trojan-activity;sid:84497482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634383)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"176.65.132.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634383/; classtype:trojan-activity;sid:84497483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634371)"; flow:established,from_client; content:"GET"; http_method; content:"/010100110101010/arm"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634371/; classtype:trojan-activity;sid:84497471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634370)"; flow:established,from_client; content:"GET"; http_method; content:"/arm.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634370/; classtype:trojan-activity;sid:84497470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634369)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634369/; classtype:trojan-activity;sid:84497469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634367)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/armv7m-linux-musleabi"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"95.81.124.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634367/; classtype:trojan-activity;sid:84497467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634368)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arc-linux-uclibc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"95.81.124.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634368/; classtype:trojan-activity;sid:84497468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634366)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.228.81.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634366/; classtype:trojan-activity;sid:84497466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634363)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.228.81.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634363/; classtype:trojan-activity;sid:84497463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634364)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.228.81.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634364/; classtype:trojan-activity;sid:84497464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634365)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i686"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.228.81.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634365/; classtype:trojan-activity;sid:84497465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634362)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"23.146.184.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634362/; classtype:trojan-activity;sid:84497462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634352)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.228.81.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634352/; classtype:trojan-activity;sid:84497452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634353)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.228.81.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634353/; classtype:trojan-activity;sid:84497453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634354)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.228.81.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634354/; classtype:trojan-activity;sid:84497454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634355)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.228.81.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634355/; classtype:trojan-activity;sid:84497455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634356)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.228.81.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634356/; classtype:trojan-activity;sid:84497456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634357)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.sh4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.228.81.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634357/; classtype:trojan-activity;sid:84497457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634358)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.228.81.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634358/; classtype:trojan-activity;sid:84497458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634359)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86_64"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"185.228.81.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634359/; classtype:trojan-activity;sid:84497459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634360)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.228.81.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634360/; classtype:trojan-activity;sid:84497460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634361)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i468"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.228.81.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634361/; classtype:trojan-activity;sid:84497461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634351)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.228.81.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634351/; classtype:trojan-activity;sid:84497451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634350)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.27.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634350/; classtype:trojan-activity;sid:84497450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634348)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.232.137.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634348/; classtype:trojan-activity;sid:84497448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634349)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.169.232.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634349/; classtype:trojan-activity;sid:84497449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634347)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.210.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634347/; classtype:trojan-activity;sid:84497447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634346)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.8.128.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634346/; classtype:trojan-activity;sid:84497446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634345)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.202.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634345/; classtype:trojan-activity;sid:84497445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634344)"; flow:established,from_client; content:"GET"; http_method; content:"/bul.google|3f|t=fycg3lry"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"bo.vwjy7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634344/; classtype:trojan-activity;sid:84497444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634343)"; flow:established,from_client; content:"GET"; http_method; content:"/vvu5ssnx3m.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pz8.w-57e.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634343/; classtype:trojan-activity;sid:84497443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634342)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.65.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634342/; classtype:trojan-activity;sid:84497442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634340)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.95.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634340/; classtype:trojan-activity;sid:84497440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634341)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.231.238.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634341/; classtype:trojan-activity;sid:84497441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634339)"; flow:established,from_client; content:"GET"; http_method; content:"/gyg8z3dlk8.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634339/; classtype:trojan-activity;sid:84497439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634338)"; flow:established,from_client; content:"GET"; http_method; content:"/bul.google|3f|t=gmiknow8"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"bo.vwjy7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634338/; classtype:trojan-activity;sid:84497438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634337)"; flow:established,from_client; content:"GET"; http_method; content:"/qlic1cjwwi.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634337/; classtype:trojan-activity;sid:84497437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634336)"; flow:established,from_client; content:"GET"; http_method; content:"/gkb.check|3f|t=5nzpqtcn"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"bi.vwjy7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634336/; classtype:trojan-activity;sid:84497436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634335)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.214.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634335/; classtype:trojan-activity;sid:84497435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634334)"; flow:established,from_client; content:"GET"; http_method; content:"/h7tmszv3zr.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634334/; classtype:trojan-activity;sid:84497434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634333)"; flow:established,from_client; content:"GET"; http_method; content:"/yg.check|3f|t=qicyff3d"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"be.txso1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634333/; classtype:trojan-activity;sid:84497433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634332)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.8.128.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634332/; classtype:trojan-activity;sid:84497432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634331)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.79.141.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634331/; classtype:trojan-activity;sid:84497431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634330)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.65.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634330/; classtype:trojan-activity;sid:84497430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634329)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.169.232.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634329/; classtype:trojan-activity;sid:84497429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634327)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.72.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634327/; classtype:trojan-activity;sid:84497427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634328)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.95.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634328/; classtype:trojan-activity;sid:84497428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634326)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.209.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634326/; classtype:trojan-activity;sid:84497426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634325)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.231.238.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634325/; classtype:trojan-activity;sid:84497425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634324)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.118.241.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634324/; classtype:trojan-activity;sid:84497424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634323)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.22.102.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634323/; classtype:trojan-activity;sid:84497423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634322)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.72.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634322/; classtype:trojan-activity;sid:84497422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634321)"; flow:established,from_client; content:"GET"; http_method; content:"/lpf4ke8mh4.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"w4.w-57e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634321/; classtype:trojan-activity;sid:84497421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634320)"; flow:established,from_client; content:"GET"; http_method; content:"/nfn.google|3f|t=1xa5bw2u"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ba.txso1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634320/; classtype:trojan-activity;sid:84497420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634319)"; flow:established,from_client; content:"GET"; http_method; content:"/dbn2xfjt37.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634319/; classtype:trojan-activity;sid:84497419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634318)"; flow:established,from_client; content:"GET"; http_method; content:"/nfn.google|3f|t=tt97spau"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ba.txso1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634318/; classtype:trojan-activity;sid:84497418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634317)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.73.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634317/; classtype:trojan-activity;sid:84497417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634316)"; flow:established,from_client; content:"GET"; http_method; content:"/2728zkz726.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634316/; classtype:trojan-activity;sid:84497416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634315)"; flow:established,from_client; content:"GET"; http_method; content:"/p7.check|3f|t=kg15t7ed"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ay.txso1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634315/; classtype:trojan-activity;sid:84497415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634314)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.209.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634314/; classtype:trojan-activity;sid:84497414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634313)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.22.102.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634313/; classtype:trojan-activity;sid:84497413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634312)"; flow:established,from_client; content:"GET"; http_method; content:"/9yeveubtem.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"d.w-57e.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634312/; classtype:trojan-activity;sid:84497412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634311)"; flow:established,from_client; content:"GET"; http_method; content:"/p7.check|3f|t=daol3wvw"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ay.txso1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634311/; classtype:trojan-activity;sid:84497411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634310)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5917492177/2f34b5x.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634310/; classtype:trojan-activity;sid:84497410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634309)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.44.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634309/; classtype:trojan-activity;sid:84497409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634308)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8094342132/a0szp4c.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634308/; classtype:trojan-activity;sid:84497408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634307)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.128.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634307/; classtype:trojan-activity;sid:84497407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634306)"; flow:established,from_client; content:"GET"; http_method; content:"/launcher.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"tv-garden.app"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634306/; classtype:trojan-activity;sid:84497406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634305)"; flow:established,from_client; content:"GET"; http_method; content:"/crypted123.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"tv-garden.app"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634305/; classtype:trojan-activity;sid:84497405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634304)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.230.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634304/; classtype:trojan-activity;sid:84497404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634303)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.206.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634303/; classtype:trojan-activity;sid:84497403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634302)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.237.19.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634302/; classtype:trojan-activity;sid:84497402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634301)"; flow:established,from_client; content:"GET"; http_method; content:"/clarrihs/monotone-hwid-spoofer/raw/refs/heads/main/monotone.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634301/; classtype:trojan-activity;sid:84497401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634300)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.160.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634300/; classtype:trojan-activity;sid:84497400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634299)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.92.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634299/; classtype:trojan-activity;sid:84497399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634297)"; flow:established,from_client; content:"GET"; http_method; content:"/d8h.check|3f|t=ycnjgyjc"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ax.txso1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634297/; classtype:trojan-activity;sid:84497397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634298)"; flow:established,from_client; content:"GET"; http_method; content:"/z3qycnt3us.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t1.t-20y.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634298/; classtype:trojan-activity;sid:84497398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634296)"; flow:established,from_client; content:"GET"; http_method; content:"/owifyb2ctr.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634296/; classtype:trojan-activity;sid:84497396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634295)"; flow:established,from_client; content:"GET"; http_method; content:"/d8h.check|3f|t=wkuw3i6t"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ax.txso1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634295/; classtype:trojan-activity;sid:84497395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634294)"; flow:established,from_client; content:"GET"; http_method; content:"/ifw1q8xheq.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t1.t-20y.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634294/; classtype:trojan-activity;sid:84497394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634293)"; flow:established,from_client; content:"GET"; http_method; content:"/vh.google|3f|t=y1hjm9lm"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"aw.txso1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634293/; classtype:trojan-activity;sid:84497393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634292)"; flow:established,from_client; content:"GET"; http_method; content:"/ziobigiu84/site/raw/refs/heads/main/launcher.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634292/; classtype:trojan-activity;sid:84497392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634291)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.230.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634291/; classtype:trojan-activity;sid:84497391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634289)"; flow:established,from_client; content:"GET"; http_method; content:"/9ze5o055fy.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634289/; classtype:trojan-activity;sid:84497389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634290)"; flow:established,from_client; content:"GET"; http_method; content:"/vh.google|3f|t=hfj2l1jm"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"aw.txso1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634290/; classtype:trojan-activity;sid:84497390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634288)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.230.53.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634288/; classtype:trojan-activity;sid:84497388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634287)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.8.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634287/; classtype:trojan-activity;sid:84497387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634286)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.92.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634286/; classtype:trojan-activity;sid:84497386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634284)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.245.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634284/; classtype:trojan-activity;sid:84497384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634285)"; flow:established,from_client; content:"GET"; http_method; content:"/ox34fthesr.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qz9.t-20y.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634285/; classtype:trojan-activity;sid:84497385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634283)"; flow:established,from_client; content:"GET"; http_method; content:"/v7d.google|3f|t=d0616y1q"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"at.tvti0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634283/; classtype:trojan-activity;sid:84497383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634282)"; flow:established,from_client; content:"GET"; http_method; content:"/ur1d9lqw54.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634282/; classtype:trojan-activity;sid:84497382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634281)"; flow:established,from_client; content:"GET"; http_method; content:"/v7d.google|3f|t=8rpme6j2"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"at.tvti0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634281/; classtype:trojan-activity;sid:84497381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634280)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.160.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634280/; classtype:trojan-activity;sid:84497380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634279)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.160.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634279/; classtype:trojan-activity;sid:84497379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634278)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.188.80.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634278/; classtype:trojan-activity;sid:84497378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634277)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.105.76.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634277/; classtype:trojan-activity;sid:84497377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634276)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.224.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634276/; classtype:trojan-activity;sid:84497376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634275)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.215.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634275/; classtype:trojan-activity;sid:84497375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634273)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.69.234.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634273/; classtype:trojan-activity;sid:84497373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634274)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.230.53.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634274/; classtype:trojan-activity;sid:84497374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634272)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.8.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634272/; classtype:trojan-activity;sid:84497372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634271)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.245.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634271/; classtype:trojan-activity;sid:84497371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634270)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.224.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634270/; classtype:trojan-activity;sid:84497370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634269)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.175.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634269/; classtype:trojan-activity;sid:84497369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634268)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.164.229.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634268/; classtype:trojan-activity;sid:84497368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634267)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.215.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634267/; classtype:trojan-activity;sid:84497367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634266)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.8.231"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634266/; classtype:trojan-activity;sid:84497366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634265)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.127.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634265/; classtype:trojan-activity;sid:84497365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634264)"; flow:established,from_client; content:"GET"; http_method; content:"/d7js70tvgu.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634264/; classtype:trojan-activity;sid:84497364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634263)"; flow:established,from_client; content:"GET"; http_method; content:"/89.google|3f|t=p6vxio5j"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"as.tvti0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634263/; classtype:trojan-activity;sid:84497363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634262)"; flow:established,from_client; content:"GET"; http_method; content:"/mk5kfn14l4.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2.t-20y.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634262/; classtype:trojan-activity;sid:84497362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634261)"; flow:established,from_client; content:"GET"; http_method; content:"/89.google|3f|t=eji5uq31"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"as.tvti0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634261/; classtype:trojan-activity;sid:84497361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634260)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.135.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634260/; classtype:trojan-activity;sid:84497360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634259)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.127.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634259/; classtype:trojan-activity;sid:84497359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634258)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.194.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634258/; classtype:trojan-activity;sid:84497358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634257)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.210.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634257/; classtype:trojan-activity;sid:84497357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634256)"; flow:established,from_client; content:"GET"; http_method; content:"/7oixrlqcsc.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634256/; classtype:trojan-activity;sid:84497356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634255)"; flow:established,from_client; content:"GET"; http_method; content:"/5zuc250o5i.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k.t-20y.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634255/; classtype:trojan-activity;sid:84497355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634253)"; flow:established,from_client; content:"GET"; http_method; content:"/53.check|3f|t=76d3n3l2"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"an.tvti0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634253/; classtype:trojan-activity;sid:84497353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634254)"; flow:established,from_client; content:"GET"; http_method; content:"/53.check|3f|t=fclclaye"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"an.tvti0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634254/; classtype:trojan-activity;sid:84497354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634252)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.243.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634252/; classtype:trojan-activity;sid:84497352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634251)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.243.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634251/; classtype:trojan-activity;sid:84497351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634250)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.237.52.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634250/; classtype:trojan-activity;sid:84497350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634249)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.237.77.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634249/; classtype:trojan-activity;sid:84497349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634248)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.237.52.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634248/; classtype:trojan-activity;sid:84497348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634247)"; flow:established,from_client; content:"GET"; http_method; content:"/lflnq8kbba.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t1.e-35w.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634247/; classtype:trojan-activity;sid:84497347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634246)"; flow:established,from_client; content:"GET"; http_method; content:"/z2p.check|3f|t=363roln7"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"am.tvti0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634246/; classtype:trojan-activity;sid:84497346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634245)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.105.78.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634245/; classtype:trojan-activity;sid:84497345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634244)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.94.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634244/; classtype:trojan-activity;sid:84497344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634243)"; flow:established,from_client; content:"GET"; http_method; content:"/zljl7ditwl.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634243/; classtype:trojan-activity;sid:84497343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634242)"; flow:established,from_client; content:"GET"; http_method; content:"/z2p.check|3f|t=0j9dl7vc"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"am.tvti0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634242/; classtype:trojan-activity;sid:84497342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634241)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.105.78.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634241/; classtype:trojan-activity;sid:84497341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634240)"; flow:established,from_client; content:"GET"; http_method; content:"/xd.check|3f|t=rpffdm9e"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"al.tsqe2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634240/; classtype:trojan-activity;sid:84497340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634239)"; flow:established,from_client; content:"GET"; http_method; content:"/bl4li2q1ci.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634239/; classtype:trojan-activity;sid:84497339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634237)"; flow:established,from_client; content:"GET"; http_method; content:"/xd.check|3f|t=g5ymk8xp"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"al.tsqe2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634237/; classtype:trojan-activity;sid:84497337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634238)"; flow:established,from_client; content:"GET"; http_method; content:"/kvog3udshe.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qz9.e-35w.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634238/; classtype:trojan-activity;sid:84497338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634236)"; flow:established,from_client; content:"GET"; http_method; content:"/lx3.google|3f|t=1aly81z3"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ai.tsqe2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634236/; classtype:trojan-activity;sid:84497336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634235)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.94.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634235/; classtype:trojan-activity;sid:84497335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634234)"; flow:established,from_client; content:"GET"; http_method; content:"/eoq7udxkn0.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qz9.e-35w.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634234/; classtype:trojan-activity;sid:84497334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634233)"; flow:established,from_client; content:"GET"; http_method; content:"/0th2mcc1ng.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2.e-35w.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634233/; classtype:trojan-activity;sid:84497333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634232)"; flow:established,from_client; content:"GET"; http_method; content:"/y7.check|3f|t=lmsae9jv"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ah.tsqe2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634232/; classtype:trojan-activity;sid:84497332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634231)"; flow:established,from_client; content:"GET"; http_method; content:"/z6uzbqupth.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634231/; classtype:trojan-activity;sid:84497331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634230)"; flow:established,from_client; content:"GET"; http_method; content:"/y7.check|3f|t=fjjpb2os"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ah.tsqe2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634230/; classtype:trojan-activity;sid:84497330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634229)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.53.247.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634229/; classtype:trojan-activity;sid:84497329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634228)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.193.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634228/; classtype:trojan-activity;sid:84497328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634227)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.64.250.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634227/; classtype:trojan-activity;sid:84497327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634226)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.94.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634226/; classtype:trojan-activity;sid:84497326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634225)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.155.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634225/; classtype:trojan-activity;sid:84497325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634224)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.31.170.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634224/; classtype:trojan-activity;sid:84497324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634223)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.53.247.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634223/; classtype:trojan-activity;sid:84497323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634222)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.110.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634222/; classtype:trojan-activity;sid:84497322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634221)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.155.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634221/; classtype:trojan-activity;sid:84497321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634220)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.114.108.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634220/; classtype:trojan-activity;sid:84497320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634219)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.232.61.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634219/; classtype:trojan-activity;sid:84497319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634218)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.179.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634218/; classtype:trojan-activity;sid:84497318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634217)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.110.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634217/; classtype:trojan-activity;sid:84497317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634216)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.10.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634216/; classtype:trojan-activity;sid:84497316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634215)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.112.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634215/; classtype:trojan-activity;sid:84497315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634214)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.235.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634214/; classtype:trojan-activity;sid:84497314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634213)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.232.61.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634213/; classtype:trojan-activity;sid:84497313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634212)"; flow:established,from_client; content:"GET"; http_method; content:"/555ghebhap.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k.e-35w.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634212/; classtype:trojan-activity;sid:84497312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634211)"; flow:established,from_client; content:"GET"; http_method; content:"/gy.google|3f|t=20qi845b"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ag.tsqe2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634211/; classtype:trojan-activity;sid:84497311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634210)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.192.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634210/; classtype:trojan-activity;sid:84497310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634209)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.219.172.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634209/; classtype:trojan-activity;sid:84497309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634208)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.0.103.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634208/; classtype:trojan-activity;sid:84497308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634207)"; flow:established,from_client; content:"GET"; http_method; content:"/etiojkpwis.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634207/; classtype:trojan-activity;sid:84497307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634206)"; flow:established,from_client; content:"GET"; http_method; content:"/gy.google|3f|t=mmkg3enk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ag.tsqe2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634206/; classtype:trojan-activity;sid:84497306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634205)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.112.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634205/; classtype:trojan-activity;sid:84497305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634204)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.62.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634204/; classtype:trojan-activity;sid:84497304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634203)"; flow:established,from_client; content:"GET"; http_method; content:"/mnkvykuh1p.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634203/; classtype:trojan-activity;sid:84497303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634202)"; flow:established,from_client; content:"GET"; http_method; content:"/l0app0aeze.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"g4.e-09q.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634202/; classtype:trojan-activity;sid:84497302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634200)"; flow:established,from_client; content:"GET"; http_method; content:"/m8.google|3f|t=v6x0javv"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ae.tsqe2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634200/; classtype:trojan-activity;sid:84497300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634201)"; flow:established,from_client; content:"GET"; http_method; content:"/m8.google|3f|t=ybkoy9he"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ae.tsqe2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634201/; classtype:trojan-activity;sid:84497301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634199)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.87.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634199/; classtype:trojan-activity;sid:84497299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634198)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.0.103.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634198/; classtype:trojan-activity;sid:84497298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634197)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.83.143"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634197/; classtype:trojan-activity;sid:84497297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634196)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.207.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634196/; classtype:trojan-activity;sid:84497296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634195)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.97.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634195/; classtype:trojan-activity;sid:84497295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634194)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.232.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634194/; classtype:trojan-activity;sid:84497294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634193)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.83.143"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634193/; classtype:trojan-activity;sid:84497293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634192)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.41.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634192/; classtype:trojan-activity;sid:84497292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634191)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.127.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634191/; classtype:trojan-activity;sid:84497291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634190)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.245.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634190/; classtype:trojan-activity;sid:84497290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634189)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.106.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634189/; classtype:trojan-activity;sid:84497289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634188)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.41.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634188/; classtype:trojan-activity;sid:84497288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634187)"; flow:established,from_client; content:"GET"; http_method; content:"/tifzznd3qj.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pm7.e-09q.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634187/; classtype:trojan-activity;sid:84497287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634186)"; flow:established,from_client; content:"GET"; http_method; content:"/bo0.google|3f|t=u991843h"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ab.tfpe6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634186/; classtype:trojan-activity;sid:84497286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634185)"; flow:established,from_client; content:"GET"; http_method; content:"/6lsi4x3383.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634185/; classtype:trojan-activity;sid:84497285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634184)"; flow:established,from_client; content:"GET"; http_method; content:"/bo0.google|3f|t=zj3oqwp0"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ab.tfpe6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634184/; classtype:trojan-activity;sid:84497284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634183)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.187.254.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634183/; classtype:trojan-activity;sid:84497283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634181)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.i686"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634181/; classtype:trojan-activity;sid:84497281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634182)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.179.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634182/; classtype:trojan-activity;sid:84497282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634165)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634165/; classtype:trojan-activity;sid:84497265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634166)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.i486"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634166/; classtype:trojan-activity;sid:84497266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634167)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634167/; classtype:trojan-activity;sid:84497267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634168)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.ppc440"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634168/; classtype:trojan-activity;sid:84497268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634169)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm7"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634169/; classtype:trojan-activity;sid:84497269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634170)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634170/; classtype:trojan-activity;sid:84497270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634171)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm6"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634171/; classtype:trojan-activity;sid:84497271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634172)"; flow:established,from_client; content:"GET"; http_method; content:"/gmips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634172/; classtype:trojan-activity;sid:84497272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634173)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634173/; classtype:trojan-activity;sid:84497273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634174)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.ppc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634174/; classtype:trojan-activity;sid:84497274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634175)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm5"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634175/; classtype:trojan-activity;sid:84497275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634176)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.mipsl"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634176/; classtype:trojan-activity;sid:84497276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634177)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634177/; classtype:trojan-activity;sid:84497277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634178)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.x86_64"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634178/; classtype:trojan-activity;sid:84497278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634179)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634179/; classtype:trojan-activity;sid:84497279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634180)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.x86_32"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"196.251.70.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634180/; classtype:trojan-activity;sid:84497280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634164)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.102.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634164/; classtype:trojan-activity;sid:84497264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634163)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.237.104.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634163/; classtype:trojan-activity;sid:84497263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634162)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.83.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634162/; classtype:trojan-activity;sid:84497262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634161)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.187.254.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634161/; classtype:trojan-activity;sid:84497261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634160)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.231.218.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634160/; classtype:trojan-activity;sid:84497260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634159)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.102.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634159/; classtype:trojan-activity;sid:84497259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634158)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.83.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634158/; classtype:trojan-activity;sid:84497258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634157)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.246.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634157/; classtype:trojan-activity;sid:84497257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634156)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.194.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634156/; classtype:trojan-activity;sid:84497256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634155)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.237.104.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634155/; classtype:trojan-activity;sid:84497255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634154)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.146.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634154/; classtype:trojan-activity;sid:84497254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634153)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.175.62.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634153/; classtype:trojan-activity;sid:84497253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634152)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.189.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634152/; classtype:trojan-activity;sid:84497252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634151)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.150.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634151/; classtype:trojan-activity;sid:84497251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634150)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.252.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634150/; classtype:trojan-activity;sid:84497250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634149)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.117.252.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634149/; classtype:trojan-activity;sid:84497249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634148)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.8.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634148/; classtype:trojan-activity;sid:84497248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634147)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.189.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634147/; classtype:trojan-activity;sid:84497247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634146)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"130.45.95.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634146/; classtype:trojan-activity;sid:84497246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634145)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.29.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634145/; classtype:trojan-activity;sid:84497245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634144)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.98.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634144/; classtype:trojan-activity;sid:84497244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634143)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.252.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634143/; classtype:trojan-activity;sid:84497243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634142)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.53.62.235"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634142/; classtype:trojan-activity;sid:84497242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634141)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.225.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634141/; classtype:trojan-activity;sid:84497241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634140)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.185.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634140/; classtype:trojan-activity;sid:84497240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634139)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.51.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634139/; classtype:trojan-activity;sid:84497239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634138)"; flow:established,from_client; content:"GET"; http_method; content:"/80c2nhw33h.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k4.e-09q.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634138/; classtype:trojan-activity;sid:84497238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634137)"; flow:established,from_client; content:"GET"; http_method; content:"/c4.check|3f|t=371l99f6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"aa.tfpe6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634137/; classtype:trojan-activity;sid:84497237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634136)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.213.162.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634136/; classtype:trojan-activity;sid:84497236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634135)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.126.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634135/; classtype:trojan-activity;sid:84497235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634134)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.185.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634134/; classtype:trojan-activity;sid:84497234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634133)"; flow:established,from_client; content:"GET"; http_method; content:"/c4.check|3f|t=bjx4by1b"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"aa.tfpe6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634133/; classtype:trojan-activity;sid:84497233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634132)"; flow:established,from_client; content:"GET"; http_method; content:"/v5vmau9rxx.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634132/; classtype:trojan-activity;sid:84497232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634131)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"114.228.236.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634131/; classtype:trojan-activity;sid:84497231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634130)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.236.91.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634130/; classtype:trojan-activity;sid:84497230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634129)"; flow:established,from_client; content:"GET"; http_method; content:"/1394bvcei9.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"y.e-09q.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634129/; classtype:trojan-activity;sid:84497229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634128)"; flow:established,from_client; content:"GET"; http_method; content:"/xc1.check|3f|t=73r2xjon"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"i.tfpe6.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634128/; classtype:trojan-activity;sid:84497228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634127)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.85.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634127/; classtype:trojan-activity;sid:84497227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634126)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.225.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634126/; classtype:trojan-activity;sid:84497226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634125)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.213.162.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634125/; classtype:trojan-activity;sid:84497225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634124)"; flow:established,from_client; content:"GET"; http_method; content:"/opy7qdv8bg.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634124/; classtype:trojan-activity;sid:84497224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634123)"; flow:established,from_client; content:"GET"; http_method; content:"/xc1.check|3f|t=5wau1kw1"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"i.tfpe6.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634123/; classtype:trojan-activity;sid:84497223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634122)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.207.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634122/; classtype:trojan-activity;sid:84497222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634121)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.51.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634121/; classtype:trojan-activity;sid:84497221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634120)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.126.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634120/; classtype:trojan-activity;sid:84497220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634119)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.85.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634119/; classtype:trojan-activity;sid:84497219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634118)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.255.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634118/; classtype:trojan-activity;sid:84497218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634117)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.233.155.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634117/; classtype:trojan-activity;sid:84497217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634116)"; flow:established,from_client; content:"GET"; http_method; content:"/981jszutkc.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634116/; classtype:trojan-activity;sid:84497216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634115)"; flow:established,from_client; content:"GET"; http_method; content:"/xl7.google|3f|t=o3nusyek"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"a.tfpe6.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634115/; classtype:trojan-activity;sid:84497215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634113)"; flow:established,from_client; content:"GET"; http_method; content:"/xl7.google|3f|t=6s44v7ik"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"a.tfpe6.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634113/; classtype:trojan-activity;sid:84497213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634114)"; flow:established,from_client; content:"GET"; http_method; content:"/sc7g53n1jn.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"z3.e-91m.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634114/; classtype:trojan-activity;sid:84497214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634112)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.85.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634112/; classtype:trojan-activity;sid:84497212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634111)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.125.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634111/; classtype:trojan-activity;sid:84497211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634110)"; flow:established,from_client; content:"GET"; http_method; content:"/fk91.google|3f|t=suaaqtpd"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"cm.bvqu-7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634110/; classtype:trojan-activity;sid:84497210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634109)"; flow:established,from_client; content:"GET"; http_method; content:"/h0m26g2h6q.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qm9.e-91m.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634109/; classtype:trojan-activity;sid:84497209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634108)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.138.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634108/; classtype:trojan-activity;sid:84497208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634107)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.246.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634107/; classtype:trojan-activity;sid:84497207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634106)"; flow:established,from_client; content:"GET"; http_method; content:"/dhzbgw6zc8.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634106/; classtype:trojan-activity;sid:84497206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634105)"; flow:established,from_client; content:"GET"; http_method; content:"/fk91.google|3f|t=n9djph6u"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"cm.bvqu-7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634105/; classtype:trojan-activity;sid:84497205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634104)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.250.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634104/; classtype:trojan-activity;sid:84497204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634103)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.85.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634103/; classtype:trojan-activity;sid:84497203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634102)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.200.180.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634102/; classtype:trojan-activity;sid:84497202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634101)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.228.81.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634101/; classtype:trojan-activity;sid:84497201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634100)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.183.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634100/; classtype:trojan-activity;sid:84497200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634099)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"uraniumc2.ddns.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634099/; classtype:trojan-activity;sid:84497199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634098)"; flow:established,from_client; content:"GET"; http_method; content:"/doc/document_green.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"usa08.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634098/; classtype:trojan-activity;sid:84497198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634097)"; flow:established,from_client; content:"GET"; http_method; content:"/serv/setup1.msi"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"usa08.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634097/; classtype:trojan-activity;sid:84497197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634095)"; flow:established,from_client; content:"GET"; http_method; content:"/doc/document_green.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"46.28.71.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634095/; classtype:trojan-activity;sid:84497195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634096)"; flow:established,from_client; content:"GET"; http_method; content:"/serv/setup1.msi"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"46.28.71.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634096/; classtype:trojan-activity;sid:84497196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634094)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.183.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634094/; classtype:trojan-activity;sid:84497194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634093)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/24125153536252525.ocx"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"65.20.104.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634093/; classtype:trojan-activity;sid:84497193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634091)"; flow:established,from_client; content:"GET"; http_method; content:"/az4.check|3f|t=k9gji9oo"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"y7.bvqu-7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634091/; classtype:trojan-activity;sid:84497191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634092)"; flow:established,from_client; content:"GET"; http_method; content:"/lu2o74vet6.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"u1.e-91m.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634092/; classtype:trojan-activity;sid:84497192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634090)"; flow:established,from_client; content:"GET"; http_method; content:"/3z3mouvp4t.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634090/; classtype:trojan-activity;sid:84497190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634089)"; flow:established,from_client; content:"GET"; http_method; content:"/az4.check|3f|t=gqz1flwi"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"y7.bvqu-7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634089/; classtype:trojan-activity;sid:84497189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634088)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.227.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634088/; classtype:trojan-activity;sid:84497188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634087)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mynode.i586"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"196.251.72.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634087/; classtype:trojan-activity;sid:84497187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634086)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mynode.i686"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"196.251.72.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634086/; classtype:trojan-activity;sid:84497186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634085)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.54.159.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634085/; classtype:trojan-activity;sid:84497185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634083)"; flow:established,from_client; content:"GET"; http_method; content:"/penis.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.72.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634083/; classtype:trojan-activity;sid:84497183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634084)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mynode.armv4l"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"196.251.72.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634084/; classtype:trojan-activity;sid:84497184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634077)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mynode.arc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.72.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634077/; classtype:trojan-activity;sid:84497177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634078)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mynode.armv7l"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"196.251.72.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634078/; classtype:trojan-activity;sid:84497178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634079)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mynode.m68k"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"196.251.72.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634079/; classtype:trojan-activity;sid:84497179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634080)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mynode.armv6l"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"196.251.72.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634080/; classtype:trojan-activity;sid:84497180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634081)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mynode.armv5l"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"196.251.72.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634081/; classtype:trojan-activity;sid:84497181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634082)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mynode.powerpc-440fp"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"196.251.72.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634082/; classtype:trojan-activity;sid:84497182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634072)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mynode.sh4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.72.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634072/; classtype:trojan-activity;sid:84497172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634073)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mynode.powerpc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"196.251.72.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634073/; classtype:trojan-activity;sid:84497173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634074)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mynode.x86_64"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"196.251.72.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634074/; classtype:trojan-activity;sid:84497174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634075)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mynode.mipsel"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"196.251.72.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634075/; classtype:trojan-activity;sid:84497175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634076)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mynode.mips"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"196.251.72.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634076/; classtype:trojan-activity;sid:84497176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634071)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"123.60.214.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634071/; classtype:trojan-activity;sid:84497171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634070)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.166.246.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634070/; classtype:trojan-activity;sid:84497170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634069)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.242.59.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634069/; classtype:trojan-activity;sid:84497169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634068)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"121.4.21.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634068/; classtype:trojan-activity;sid:84497168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634066)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"209.38.214.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634066/; classtype:trojan-activity;sid:84497166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634067)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.220.164.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634067/; classtype:trojan-activity;sid:84497167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634065)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"1.15.134.238"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634065/; classtype:trojan-activity;sid:84497165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634044)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.132.64.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634044/; classtype:trojan-activity;sid:84497144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634045)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.152.145.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634045/; classtype:trojan-activity;sid:84497145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634046)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.80.140.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634046/; classtype:trojan-activity;sid:84497146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634047)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.40.119.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634047/; classtype:trojan-activity;sid:84497147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634048)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.173.190.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634048/; classtype:trojan-activity;sid:84497148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634049)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.80.163.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634049/; classtype:trojan-activity;sid:84497149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634050)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"149.210.13.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634050/; classtype:trojan-activity;sid:84497150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634051)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.208.62.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634051/; classtype:trojan-activity;sid:84497151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634052)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.173.197.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634052/; classtype:trojan-activity;sid:84497152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634053)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.55.196.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634053/; classtype:trojan-activity;sid:84497153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634054)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.173.118.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634054/; classtype:trojan-activity;sid:84497154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634055)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"151.235.39.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634055/; classtype:trojan-activity;sid:84497155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634056)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"151.235.214.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634056/; classtype:trojan-activity;sid:84497156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634057)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.110.169.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634057/; classtype:trojan-activity;sid:84497157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634058)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"189.150.254.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634058/; classtype:trojan-activity;sid:84497158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634059)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"171.235.206.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634059/; classtype:trojan-activity;sid:84497159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634060)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"222.255.223.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634060/; classtype:trojan-activity;sid:84497160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634061)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.245.83.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634061/; classtype:trojan-activity;sid:84497161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634062)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.31.87.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634062/; classtype:trojan-activity;sid:84497162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634063)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.81.45.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634063/; classtype:trojan-activity;sid:84497163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634064)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.249.159.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634064/; classtype:trojan-activity;sid:84497164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634040)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.132.95.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634040/; classtype:trojan-activity;sid:84497140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634041)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.146.66.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634041/; classtype:trojan-activity;sid:84497141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634042)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.212.146.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634042/; classtype:trojan-activity;sid:84497142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634043)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"77.189.177.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634043/; classtype:trojan-activity;sid:84497143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634039)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.54.159.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634039/; classtype:trojan-activity;sid:84497139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634038)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.50.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634038/; classtype:trojan-activity;sid:84497138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634037)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.227.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634037/; classtype:trojan-activity;sid:84497137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634036)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.173.120.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634036/; classtype:trojan-activity;sid:84497136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634035)"; flow:established,from_client; content:"GET"; http_method; content:"/eduhq3p43p.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"h.e-91m.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634035/; classtype:trojan-activity;sid:84497135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634034)"; flow:established,from_client; content:"GET"; http_method; content:"/0nq.google|3f|t=m4k9njtk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"u.bvqu-7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634034/; classtype:trojan-activity;sid:84497134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634033)"; flow:established,from_client; content:"GET"; http_method; content:"/w6gxq3r5hf.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634033/; classtype:trojan-activity;sid:84497133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634032)"; flow:established,from_client; content:"GET"; http_method; content:"/0nq.google|3f|t=gj7fdz38"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"u.bvqu-7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634032/; classtype:trojan-activity;sid:84497132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634031)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.242.59.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634031/; classtype:trojan-activity;sid:84497131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634030)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.108.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634030/; classtype:trojan-activity;sid:84497130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634029)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.20.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634029/; classtype:trojan-activity;sid:84497129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634028)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.193.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634028/; classtype:trojan-activity;sid:84497128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634027)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.27.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634027/; classtype:trojan-activity;sid:84497127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634026)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.106.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634026/; classtype:trojan-activity;sid:84497126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634025)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.180.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634025/; classtype:trojan-activity;sid:84497125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634024)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.120.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634024/; classtype:trojan-activity;sid:84497124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634023)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.117.128.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634023/; classtype:trojan-activity;sid:84497123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634022)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.180.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634022/; classtype:trojan-activity;sid:84497122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634021)"; flow:established,from_client; content:"GET"; http_method; content:"/tb0.check|3f|t=4z3m16np"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"r3.bvqu-7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634021/; classtype:trojan-activity;sid:84497121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634020)"; flow:established,from_client; content:"GET"; http_method; content:"/eniu1ysube.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r2.a-91n.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634020/; classtype:trojan-activity;sid:84497120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634019)"; flow:established,from_client; content:"GET"; http_method; content:"/d642g3v9x7.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634019/; classtype:trojan-activity;sid:84497119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634018)"; flow:established,from_client; content:"GET"; http_method; content:"/tb0.check|3f|t=korm0j7g"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"r3.bvqu-7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634018/; classtype:trojan-activity;sid:84497118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634017)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.193.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634017/; classtype:trojan-activity;sid:84497117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634016)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.143.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634016/; classtype:trojan-activity;sid:84497116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634015)"; flow:established,from_client; content:"GET"; http_method; content:"/hn1dayvjpb.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634015/; classtype:trojan-activity;sid:84497115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634014)"; flow:established,from_client; content:"GET"; http_method; content:"/m2.google|3f|t=c4vv94cd"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ve.bvqu-7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634014/; classtype:trojan-activity;sid:84497114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634013)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.180.15.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634013/; classtype:trojan-activity;sid:84497113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634012)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.196.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634012/; classtype:trojan-activity;sid:84497112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634010)"; flow:established,from_client; content:"GET"; http_method; content:"/1v3.check|3f|t=apni688k"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"k8.bvqu-7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634010/; classtype:trojan-activity;sid:84497110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634011)"; flow:established,from_client; content:"GET"; http_method; content:"/b8kebyffme.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634011/; classtype:trojan-activity;sid:84497111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634009)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.183.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634009/; classtype:trojan-activity;sid:84497109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634008)"; flow:established,from_client; content:"GET"; http_method; content:"/j8j5g4lqpx.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"wq9.a-91n.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634008/; classtype:trojan-activity;sid:84497108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634007)"; flow:established,from_client; content:"GET"; http_method; content:"/1v3.check|3f|t=mk8eeesb"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"k8.bvqu-7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634007/; classtype:trojan-activity;sid:84497107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634006)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.196.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634006/; classtype:trojan-activity;sid:84497106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634005)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.180.15.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634005/; classtype:trojan-activity;sid:84497105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634004)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.5.212"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634004/; classtype:trojan-activity;sid:84497104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634001)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.114.108.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634001/; classtype:trojan-activity;sid:84497101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634002)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.43.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634002/; classtype:trojan-activity;sid:84497102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634003)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.85.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634003/; classtype:trojan-activity;sid:84497103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633998)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.37.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633998/; classtype:trojan-activity;sid:84497098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633999)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.191.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633999/; classtype:trojan-activity;sid:84497099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634000)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.137.185.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634000/; classtype:trojan-activity;sid:84497100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633997)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.143.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633997/; classtype:trojan-activity;sid:84497097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633996)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.40.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633996/; classtype:trojan-activity;sid:84497096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633995)"; flow:established,from_client; content:"GET"; http_method; content:"/2m11i1tpoy.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"wq9.a-91n.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633995/; classtype:trojan-activity;sid:84497095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633994)"; flow:established,from_client; content:"GET"; http_method; content:"/d4.google|3f|t=k670zzau"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"p.bvqu-7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633994/; classtype:trojan-activity;sid:84497094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633993)"; flow:established,from_client; content:"GET"; http_method; content:"/4hyd9amyot.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633993/; classtype:trojan-activity;sid:84497093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633992)"; flow:established,from_client; content:"GET"; http_method; content:"/d4.google|3f|t=fkk05n10"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"p.bvqu-7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633992/; classtype:trojan-activity;sid:84497092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633991)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.148.72.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633991/; classtype:trojan-activity;sid:84497091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633989)"; flow:established,from_client; content:"GET"; http_method; content:"/pq04.google|3f|t=pl5ue9wy"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"c1m.bpva-0.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633989/; classtype:trojan-activity;sid:84497089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633990)"; flow:established,from_client; content:"GET"; http_method; content:"/t573tt6067.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"wq9.a-91n.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633990/; classtype:trojan-activity;sid:84497090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633988)"; flow:established,from_client; content:"GET"; http_method; content:"/pq04.google|3f|t=325ndewf"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"c1m.bpva-0.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633988/; classtype:trojan-activity;sid:84497088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633987)"; flow:established,from_client; content:"GET"; http_method; content:"/zawon7rycq.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633987/; classtype:trojan-activity;sid:84497087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"139.213.32.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633986/; classtype:trojan-activity;sid:84497086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633985)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.230.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633985/; classtype:trojan-activity;sid:84497085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633984)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.211.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633984/; classtype:trojan-activity;sid:84497084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633983)"; flow:established,from_client; content:"GET"; http_method; content:"/1rm.check|3f|t=ut9ldl3j"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"wz.bpva-0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633983/; classtype:trojan-activity;sid:84497083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633982)"; flow:established,from_client; content:"GET"; http_method; content:"/mvr5dgb0uo.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"wq9.a-91n.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633982/; classtype:trojan-activity;sid:84497082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633981)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mipsel_softfloat"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"202.61.139.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633981/; classtype:trojan-activity;sid:84497081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633978)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"202.61.139.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633978/; classtype:trojan-activity;sid:84497078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633979)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips64_softfloat"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"202.61.139.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633979/; classtype:trojan-activity;sid:84497079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633980)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"202.61.139.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633980/; classtype:trojan-activity;sid:84497080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633976)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips_softfloat"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"202.61.139.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633976/; classtype:trojan-activity;sid:84497076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633977)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips64el_softfloat"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"202.61.139.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633977/; classtype:trojan-activity;sid:84497077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633975)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips64el"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"202.61.139.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633975/; classtype:trojan-activity;sid:84497075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633974)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mipsel"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"202.61.139.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633974/; classtype:trojan-activity;sid:84497074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633972)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"202.61.139.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633972/; classtype:trojan-activity;sid:84497072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633973)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_amd64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"202.61.139.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633973/; classtype:trojan-activity;sid:84497073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633971)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"202.61.139.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633971/; classtype:trojan-activity;sid:84497071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633969)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"202.61.139.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633969/; classtype:trojan-activity;sid:84497069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633970)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"202.61.139.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633970/; classtype:trojan-activity;sid:84497070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633968)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_386"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"202.61.139.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633968/; classtype:trojan-activity;sid:84497068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633967)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_ppc64el"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"202.61.139.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633967/; classtype:trojan-activity;sid:84497067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633966)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.88.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633966/; classtype:trojan-activity;sid:84497066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633965)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_ppc64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"202.61.139.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633965/; classtype:trojan-activity;sid:84497065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633964)"; flow:established,from_client; content:"GET"; http_method; content:"/win.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"202.61.139.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633964/; classtype:trojan-activity;sid:84497064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633963)"; flow:established,from_client; content:"GET"; http_method; content:"/download.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"202.61.139.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633963/; classtype:trojan-activity;sid:84497063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633962)"; flow:established,from_client; content:"GET"; http_method; content:"/6bs4r1x4h5.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633962/; classtype:trojan-activity;sid:84497062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633961)"; flow:established,from_client; content:"GET"; http_method; content:"/1rm.check|3f|t=y76oylmo"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"wz.bpva-0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633961/; classtype:trojan-activity;sid:84497061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633960)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.173.72.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633960/; classtype:trojan-activity;sid:84497060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633959)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.72.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633959/; classtype:trojan-activity;sid:84497059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633958)"; flow:established,from_client; content:"GET"; http_method; content:"/zz9.google|3f|t=o72a0ati"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"h2.bpva-0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633958/; classtype:trojan-activity;sid:84497058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633957)"; flow:established,from_client; content:"GET"; http_method; content:"/2zs6m5kppl.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"wq9.a-91n.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633957/; classtype:trojan-activity;sid:84497057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633956)"; flow:established,from_client; content:"GET"; http_method; content:"/aa.check|3f|t=311qbkch"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"q.bpva-0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633956/; classtype:trojan-activity;sid:84497056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633955)"; flow:established,from_client; content:"GET"; http_method; content:"/aa.check|3f|t=nfi4q3bw"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"q.bpva-0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633955/; classtype:trojan-activity;sid:84497055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633954)"; flow:established,from_client; content:"GET"; http_method; content:"/otd6yg8njp.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633954/; classtype:trojan-activity;sid:84497054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633953)"; flow:established,from_client; content:"GET"; http_method; content:"/jngtiso90n.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"wq9.a-91n.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633953/; classtype:trojan-activity;sid:84497053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633952)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.115.164.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633952/; classtype:trojan-activity;sid:84497052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633951)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.233.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633951/; classtype:trojan-activity;sid:84497051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633950)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.245.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633950/; classtype:trojan-activity;sid:84497050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633949)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.230.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633949/; classtype:trojan-activity;sid:84497049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633948)"; flow:established,from_client; content:"GET"; http_method; content:"/z/z/unhanaaw.arm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633948/; classtype:trojan-activity;sid:84497048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633946)"; flow:established,from_client; content:"GET"; http_method; content:"/z/unhanaaw.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633946/; classtype:trojan-activity;sid:84497046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633947)"; flow:established,from_client; content:"GET"; http_method; content:"/z/z/mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633947/; classtype:trojan-activity;sid:84497047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633945)"; flow:established,from_client; content:"GET"; http_method; content:"/z/bins/unhanaaw.spc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633945/; classtype:trojan-activity;sid:84497045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633940)"; flow:established,from_client; content:"GET"; http_method; content:"/z/mips"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633940/; classtype:trojan-activity;sid:84497040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633941)"; flow:established,from_client; content:"GET"; http_method; content:"/z/unhanaaw.x86_64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633941/; classtype:trojan-activity;sid:84497041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633942)"; flow:established,from_client; content:"GET"; http_method; content:"/z/unhanaaw.i586"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633942/; classtype:trojan-activity;sid:84497042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633943)"; flow:established,from_client; content:"GET"; http_method; content:"/z/bins/unhanaaw.arm"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633943/; classtype:trojan-activity;sid:84497043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633944)"; flow:established,from_client; content:"GET"; http_method; content:"/z/bins/unhanaaw.ppc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633944/; classtype:trojan-activity;sid:84497044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633935)"; flow:established,from_client; content:"GET"; http_method; content:"/z/sh4"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633935/; classtype:trojan-activity;sid:84497035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633936)"; flow:established,from_client; content:"GET"; http_method; content:"/z/unhanaaw.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633936/; classtype:trojan-activity;sid:84497036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633937)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633937/; classtype:trojan-activity;sid:84497037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633938)"; flow:established,from_client; content:"GET"; http_method; content:"/z/unhanaaw.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633938/; classtype:trojan-activity;sid:84497038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633939)"; flow:established,from_client; content:"GET"; http_method; content:"/z/z/arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633939/; classtype:trojan-activity;sid:84497039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633912)"; flow:established,from_client; content:"GET"; http_method; content:"/z/bins/unhanaaw.mpsl"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633912/; classtype:trojan-activity;sid:84497012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633913)"; flow:established,from_client; content:"GET"; http_method; content:"/z/arm"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633913/; classtype:trojan-activity;sid:84497013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633914)"; flow:established,from_client; content:"GET"; http_method; content:"/z/z/arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633914/; classtype:trojan-activity;sid:84497014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633915)"; flow:established,from_client; content:"GET"; http_method; content:"/z/z/unhanaaw.x86_64"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633915/; classtype:trojan-activity;sid:84497015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633916)"; flow:established,from_client; content:"GET"; http_method; content:"/z/unhanaaw.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633916/; classtype:trojan-activity;sid:84497016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633917)"; flow:established,from_client; content:"GET"; http_method; content:"/z/z/m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633917/; classtype:trojan-activity;sid:84497017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633918)"; flow:established,from_client; content:"GET"; http_method; content:"/z/z/unhanaaw.x86"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633918/; classtype:trojan-activity;sid:84497018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633919)"; flow:established,from_client; content:"GET"; http_method; content:"/z/z/arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633919/; classtype:trojan-activity;sid:84497019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633920)"; flow:established,from_client; content:"GET"; http_method; content:"/z/x86"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633920/; classtype:trojan-activity;sid:84497020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633921)"; flow:established,from_client; content:"GET"; http_method; content:"/z/z/sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633921/; classtype:trojan-activity;sid:84497021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633922)"; flow:established,from_client; content:"GET"; http_method; content:"/z/bins/unhanaaw.arm7"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633922/; classtype:trojan-activity;sid:84497022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633923)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.x86_32"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633923/; classtype:trojan-activity;sid:84497023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633924)"; flow:established,from_client; content:"GET"; http_method; content:"/z/unhanaaw.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633924/; classtype:trojan-activity;sid:84497024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633925)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633925/; classtype:trojan-activity;sid:84497025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633926)"; flow:established,from_client; content:"GET"; http_method; content:"/z/bins/unhanaaw.arm5"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633926/; classtype:trojan-activity;sid:84497026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633927)"; flow:established,from_client; content:"GET"; http_method; content:"/z/bins/unhanaaw.sh4"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633927/; classtype:trojan-activity;sid:84497027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633928)"; flow:established,from_client; content:"GET"; http_method; content:"/z/z/x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633928/; classtype:trojan-activity;sid:84497028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633929)"; flow:established,from_client; content:"GET"; http_method; content:"/z/massload"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633929/; classtype:trojan-activity;sid:84497029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633930)"; flow:established,from_client; content:"GET"; http_method; content:"/z/z/w.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633930/; classtype:trojan-activity;sid:84497030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633931)"; flow:established,from_client; content:"GET"; http_method; content:"/z/unhanaaw.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633931/; classtype:trojan-activity;sid:84497031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633932)"; flow:established,from_client; content:"GET"; http_method; content:"/z/z/massload"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633932/; classtype:trojan-activity;sid:84497032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633933)"; flow:established,from_client; content:"GET"; http_method; content:"/z/z/spc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633933/; classtype:trojan-activity;sid:84497033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633934)"; flow:established,from_client; content:"GET"; http_method; content:"/z/z/unhanaaw.i586"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633934/; classtype:trojan-activity;sid:84497034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633911)"; flow:established,from_client; content:"GET"; http_method; content:"/z/unhanaaw.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633911/; classtype:trojan-activity;sid:84497011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633909)"; flow:established,from_client; content:"GET"; http_method; content:"/z/z/unhanaaw.arm6"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633909/; classtype:trojan-activity;sid:84497009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633910)"; flow:established,from_client; content:"GET"; http_method; content:"/z/z/unhanaaw.arm5"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633910/; classtype:trojan-activity;sid:84497010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633907)"; flow:established,from_client; content:"GET"; http_method; content:"/z/z/x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633907/; classtype:trojan-activity;sid:84497007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633908)"; flow:established,from_client; content:"GET"; http_method; content:"/z/unhanaaw.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633908/; classtype:trojan-activity;sid:84497008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633906)"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633906/; classtype:trojan-activity;sid:84497006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633901)"; flow:established,from_client; content:"GET"; http_method; content:"/z/o.xml"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633901/; classtype:trojan-activity;sid:84497001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633902)"; flow:established,from_client; content:"GET"; http_method; content:"/z/z/unhanaaw.arm7"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633902/; classtype:trojan-activity;sid:84497002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633903)"; flow:established,from_client; content:"GET"; http_method; content:"/z/ppc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633903/; classtype:trojan-activity;sid:84497003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633904)"; flow:established,from_client; content:"GET"; http_method; content:"/z/z/arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633904/; classtype:trojan-activity;sid:84497004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633905)"; flow:established,from_client; content:"GET"; http_method; content:"/z/arm6"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633905/; classtype:trojan-activity;sid:84497005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633899)"; flow:established,from_client; content:"GET"; http_method; content:"/z/c.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633899/; classtype:trojan-activity;sid:84496999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633900)"; flow:established,from_client; content:"GET"; http_method; content:"/z/wget.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633900/; classtype:trojan-activity;sid:84497000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633898)"; flow:established,from_client; content:"GET"; http_method; content:"/z/z/o.xml"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633898/; classtype:trojan-activity;sid:84496998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633895)"; flow:established,from_client; content:"GET"; http_method; content:"/z/z/i586"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633895/; classtype:trojan-activity;sid:84496995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633896)"; flow:established,from_client; content:"GET"; http_method; content:"/z/spc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633896/; classtype:trojan-activity;sid:84496996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633897)"; flow:established,from_client; content:"GET"; http_method; content:"/z/z/mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633897/; classtype:trojan-activity;sid:84496997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633894)"; flow:established,from_client; content:"GET"; http_method; content:"/win.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"202.61.139.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633894/; classtype:trojan-activity;sid:84496994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633893)"; flow:established,from_client; content:"GET"; http_method; content:"/z/bins/unhanaaw.x86"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633893/; classtype:trojan-activity;sid:84496993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633892)"; flow:established,from_client; content:"GET"; http_method; content:"/z/unhanaaw.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633892/; classtype:trojan-activity;sid:84496992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633891)"; flow:established,from_client; content:"GET"; http_method; content:"/z/unhanaaw.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633891/; classtype:trojan-activity;sid:84496991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633873)"; flow:established,from_client; content:"GET"; http_method; content:"/z/z/unhanaaw.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633873/; classtype:trojan-activity;sid:84496973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633874)"; flow:established,from_client; content:"GET"; http_method; content:"/z/arm5"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633874/; classtype:trojan-activity;sid:84496974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633875)"; flow:established,from_client; content:"GET"; http_method; content:"/z/x86_64"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633875/; classtype:trojan-activity;sid:84496975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633876)"; flow:established,from_client; content:"GET"; http_method; content:"/z/z/ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633876/; classtype:trojan-activity;sid:84496976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633877)"; flow:established,from_client; content:"GET"; http_method; content:"/z/z/unhanaaw.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633877/; classtype:trojan-activity;sid:84496977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633878)"; flow:established,from_client; content:"GET"; http_method; content:"/z/z/unhanaaw.ppc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633878/; classtype:trojan-activity;sid:84496978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633879)"; flow:established,from_client; content:"GET"; http_method; content:"/z/bins/unhanaaw.arm6"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633879/; classtype:trojan-activity;sid:84496979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633880)"; flow:established,from_client; content:"GET"; http_method; content:"/z/mpsl"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633880/; classtype:trojan-activity;sid:84496980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633881)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633881/; classtype:trojan-activity;sid:84496981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633882)"; flow:established,from_client; content:"GET"; http_method; content:"/z/bins/unhanaaw.m68k"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633882/; classtype:trojan-activity;sid:84496982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633883)"; flow:established,from_client; content:"GET"; http_method; content:"/z/arm7"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633883/; classtype:trojan-activity;sid:84496983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633884)"; flow:established,from_client; content:"GET"; http_method; content:"/z/z/unhanaaw.mpsl"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633884/; classtype:trojan-activity;sid:84496984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633885)"; flow:established,from_client; content:"GET"; http_method; content:"/z/z/unhanaaw.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633885/; classtype:trojan-activity;sid:84496985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633886)"; flow:established,from_client; content:"GET"; http_method; content:"/z/z/x86_32"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633886/; classtype:trojan-activity;sid:84496986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633887)"; flow:established,from_client; content:"GET"; http_method; content:"/z/bins/unhanaaw.mips"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633887/; classtype:trojan-activity;sid:84496987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633888)"; flow:established,from_client; content:"GET"; http_method; content:"/z/x86_32"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633888/; classtype:trojan-activity;sid:84496988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633889)"; flow:established,from_client; content:"GET"; http_method; content:"/z/unhanaaw.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633889/; classtype:trojan-activity;sid:84496989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633890)"; flow:established,from_client; content:"GET"; http_method; content:"/z/z/unhanaaw.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633890/; classtype:trojan-activity;sid:84496990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633872)"; flow:established,from_client; content:"GET"; http_method; content:"/download.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"202.61.139.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633872/; classtype:trojan-activity;sid:84496972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633871)"; flow:established,from_client; content:"GET"; http_method; content:"/z/i586"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633871/; classtype:trojan-activity;sid:84496971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633866)"; flow:established,from_client; content:"GET"; http_method; content:"/z/w.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633866/; classtype:trojan-activity;sid:84496966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633867)"; flow:established,from_client; content:"GET"; http_method; content:"/z/z/wget.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633867/; classtype:trojan-activity;sid:84496967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633868)"; flow:established,from_client; content:"GET"; http_method; content:"/z/z/c.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633868/; classtype:trojan-activity;sid:84496968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633869)"; flow:established,from_client; content:"GET"; http_method; content:"/z/zyxel.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633869/; classtype:trojan-activity;sid:84496969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633870)"; flow:established,from_client; content:"GET"; http_method; content:"/zyxel.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633870/; classtype:trojan-activity;sid:84496970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633864)"; flow:established,from_client; content:"GET"; http_method; content:"/z/z/zyxel.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633864/; classtype:trojan-activity;sid:84496964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633865)"; flow:established,from_client; content:"GET"; http_method; content:"/z/m68k"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633865/; classtype:trojan-activity;sid:84496965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633857)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"202.61.139.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633857/; classtype:trojan-activity;sid:84496957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633858)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"202.61.139.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633858/; classtype:trojan-activity;sid:84496958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633859)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mipsel"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"202.61.139.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633859/; classtype:trojan-activity;sid:84496959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633860)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_ppc64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"202.61.139.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633860/; classtype:trojan-activity;sid:84496960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633861)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mipsel_softfloat"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"202.61.139.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633861/; classtype:trojan-activity;sid:84496961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633862)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips64_softfloat"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"202.61.139.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633862/; classtype:trojan-activity;sid:84496962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633863)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"202.61.139.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633863/; classtype:trojan-activity;sid:84496963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633848)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips64el"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"202.61.139.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633848/; classtype:trojan-activity;sid:84496948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633849)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips64el_softfloat"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"202.61.139.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633849/; classtype:trojan-activity;sid:84496949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633850)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_amd64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"202.61.139.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633850/; classtype:trojan-activity;sid:84496950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633851)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_386"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"202.61.139.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633851/; classtype:trojan-activity;sid:84496951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633852)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"202.61.139.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633852/; classtype:trojan-activity;sid:84496952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633853)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"202.61.139.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633853/; classtype:trojan-activity;sid:84496953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633854)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips_softfloat"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"202.61.139.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633854/; classtype:trojan-activity;sid:84496954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633855)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_ppc64el"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"202.61.139.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633855/; classtype:trojan-activity;sid:84496955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633856)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"202.61.139.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633856/; classtype:trojan-activity;sid:84496956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633847)"; flow:established,from_client; content:"GET"; http_method; content:"/3vekl9o6he.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"wq9.a-91n.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633847/; classtype:trojan-activity;sid:84496947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633846)"; flow:established,from_client; content:"GET"; http_method; content:"/0y3.google|3f|t=gvnwgbdw"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"xt.bpva-0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633846/; classtype:trojan-activity;sid:84496946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633845)"; flow:established,from_client; content:"GET"; http_method; content:"/saf5pdt8ax.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633845/; classtype:trojan-activity;sid:84496945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633844)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.196.29.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633844/; classtype:trojan-activity;sid:84496944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633843)"; flow:established,from_client; content:"GET"; http_method; content:"/0y3.google|3f|t=3hpmzv0k"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"xt.bpva-0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633843/; classtype:trojan-activity;sid:84496943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633842)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.72.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633842/; classtype:trojan-activity;sid:84496942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633841)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.173.120.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633841/; classtype:trojan-activity;sid:84496941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633840)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6641235990/rocfqpd.bat"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633840/; classtype:trojan-activity;sid:84496940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633839)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/stardust.sh"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"84.200.81.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633839/; classtype:trojan-activity;sid:84496939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633838)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.1.222"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633838/; classtype:trojan-activity;sid:84496938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633836)"; flow:established,from_client; content:"GET"; http_method; content:"/1.txt"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.141.216.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633836/; classtype:trojan-activity;sid:84496936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633837)"; flow:established,from_client; content:"GET"; http_method; content:"/octavian.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.141.216.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633837/; classtype:trojan-activity;sid:84496937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633835)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.89.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633835/; classtype:trojan-activity;sid:84496935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633834)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.4.195.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633834/; classtype:trojan-activity;sid:84496934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633833)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.233.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633833/; classtype:trojan-activity;sid:84496933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633832)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.179.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633832/; classtype:trojan-activity;sid:84496932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633831)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.112.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633831/; classtype:trojan-activity;sid:84496931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633830)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.173.120.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633830/; classtype:trojan-activity;sid:84496930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.141.137.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633829/; classtype:trojan-activity;sid:84496929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633828)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.89.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633828/; classtype:trojan-activity;sid:84496928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633827)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.196.29.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633827/; classtype:trojan-activity;sid:84496927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633826)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.1.222"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633826/; classtype:trojan-activity;sid:84496926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633824)"; flow:established,from_client; content:"GET"; http_method; content:"/izojsvclr9.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633824/; classtype:trojan-activity;sid:84496924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633825)"; flow:established,from_client; content:"GET"; http_method; content:"/q2.google|3f|t=7llcy3zv"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"b.bpva-0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633825/; classtype:trojan-activity;sid:84496925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633822)"; flow:established,from_client; content:"GET"; http_method; content:"/q2.google|3f|t=coa0nos2"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"b.bpva-0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633822/; classtype:trojan-activity;sid:84496922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633823)"; flow:established,from_client; content:"GET"; http_method; content:"/8xwewpyh93.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c7.a-91n.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633823/; classtype:trojan-activity;sid:84496923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633821)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.98.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633821/; classtype:trojan-activity;sid:84496921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633820)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.184.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633820/; classtype:trojan-activity;sid:84496920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633819)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.40.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633819/; classtype:trojan-activity;sid:84496919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633818)"; flow:established,from_client; content:"GET"; http_method; content:"/7225f9883fc64073995f51b690b52405_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633818/; classtype:trojan-activity;sid:84496918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633817)"; flow:established,from_client; content:"GET"; http_method; content:"/dadaasads_new.ps1"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633817/; classtype:trojan-activity;sid:84496917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633815)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.4.195.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633815/; classtype:trojan-activity;sid:84496915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633816)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.112.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633816/; classtype:trojan-activity;sid:84496916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633814)"; flow:established,from_client; content:"GET"; http_method; content:"/e79da345977745cda131abcb29a7c9c7_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633814/; classtype:trojan-activity;sid:84496914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633813)"; flow:established,from_client; content:"GET"; http_method; content:"/fc2e7a9930c9496c9df103b2bff5e372_miner.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633813/; classtype:trojan-activity;sid:84496913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633807)"; flow:established,from_client; content:"GET"; http_method; content:"/60e36e6b2727419892cfbb9f5b559a36_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633807/; classtype:trojan-activity;sid:84496907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633808)"; flow:established,from_client; content:"GET"; http_method; content:"/801b0b4d118a4c0a8c4523e7805f5227_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633808/; classtype:trojan-activity;sid:84496908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633809)"; flow:established,from_client; content:"GET"; http_method; content:"/nahui.bin"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633809/; classtype:trojan-activity;sid:84496909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633810)"; flow:established,from_client; content:"GET"; http_method; content:"/2ddf2ed413fc4398a385d2358175d594_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633810/; classtype:trojan-activity;sid:84496910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633811)"; flow:established,from_client; content:"GET"; http_method; content:"/5adc506dc0ca4f15a5b295d8a6e5b8ba_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633811/; classtype:trojan-activity;sid:84496911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633812)"; flow:established,from_client; content:"GET"; http_method; content:"/7afe95200e5c4eb5ba891393388dc7f6_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633812/; classtype:trojan-activity;sid:84496912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633806)"; flow:established,from_client; content:"GET"; http_method; content:"/eef8bc6ec9b1470a913d1e72cb368c4c_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633806/; classtype:trojan-activity;sid:84496906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633805)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.255.66.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633805/; classtype:trojan-activity;sid:84496905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633804)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.137.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633804/; classtype:trojan-activity;sid:84496904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633802)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.184.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633802/; classtype:trojan-activity;sid:84496902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633803)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.179.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633803/; classtype:trojan-activity;sid:84496903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633801)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"170.233.57.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633801/; classtype:trojan-activity;sid:84496901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633800)"; flow:established,from_client; content:"GET"; http_method; content:"/68o1pz5x8v.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"n.a-91n.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633800/; classtype:trojan-activity;sid:84496900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633799)"; flow:established,from_client; content:"GET"; http_method; content:"/wb08.google|3f|t=oyx3z88q"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"c2n.hlgy7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633799/; classtype:trojan-activity;sid:84496899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633798)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.87.111.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633798/; classtype:trojan-activity;sid:84496898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633797)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.2.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633797/; classtype:trojan-activity;sid:84496897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633796)"; flow:established,from_client; content:"GET"; http_method; content:"/n7xalu1i26.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633796/; classtype:trojan-activity;sid:84496896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633795)"; flow:established,from_client; content:"GET"; http_method; content:"/wb08.google|3f|t=h2bv8rk5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"c2n.hlgy7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633795/; classtype:trojan-activity;sid:84496895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633794)"; flow:established,from_client; content:"GET"; http_method; content:"/2m.check|3f|t=9fhcqm3v"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"hv.hlgy7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633794/; classtype:trojan-activity;sid:84496894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633793)"; flow:established,from_client; content:"GET"; http_method; content:"/7v9zvj1qaw.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633793/; classtype:trojan-activity;sid:84496893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633792)"; flow:established,from_client; content:"GET"; http_method; content:"/2m.check|3f|t=5e9jy56y"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"hv.hlgy7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633792/; classtype:trojan-activity;sid:84496892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633791)"; flow:established,from_client; content:"GET"; http_method; content:"/o2rsttkbcg.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m7.o-61x.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633791/; classtype:trojan-activity;sid:84496891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633790)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"170.233.57.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633790/; classtype:trojan-activity;sid:84496890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633789)"; flow:established,from_client; content:"GET"; http_method; content:"/cmv9uh055u.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633789/; classtype:trojan-activity;sid:84496889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633788)"; flow:established,from_client; content:"GET"; http_method; content:"/r41.google|3f|t=9p3ao13c"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"x9.hlgy7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633788/; classtype:trojan-activity;sid:84496888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633787)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.142.187.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633787/; classtype:trojan-activity;sid:84496887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633786)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.2.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633786/; classtype:trojan-activity;sid:84496886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633785)"; flow:established,from_client; content:"GET"; http_method; content:"/4fc08ug6e9.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633785/; classtype:trojan-activity;sid:84496885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633784)"; flow:established,from_client; content:"GET"; http_method; content:"/n0.check|3f|t=t2w2vv4s"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"t.hlgy7.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633784/; classtype:trojan-activity;sid:84496884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633783)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.255.66.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633783/; classtype:trojan-activity;sid:84496883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633782)"; flow:established,from_client; content:"GET"; http_method; content:"/1gb12khkga.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"tq1.o-61x.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633782/; classtype:trojan-activity;sid:84496882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633781)"; flow:established,from_client; content:"GET"; http_method; content:"/n0.check|3f|t=haq8weuh"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"t.hlgy7.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633781/; classtype:trojan-activity;sid:84496881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633780)"; flow:established,from_client; content:"GET"; http_method; content:"/yd1.google|3f|t=1cqy7gdu"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"pz.hlgy7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633780/; classtype:trojan-activity;sid:84496880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633779)"; flow:established,from_client; content:"GET"; http_method; content:"/yd1.google|3f|t=e7fttzk2"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"pz.hlgy7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633779/; classtype:trojan-activity;sid:84496879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633777)"; flow:established,from_client; content:"GET"; http_method; content:"/5mbk3p6uvn.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"tq1.o-61x.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633777/; classtype:trojan-activity;sid:84496877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633778)"; flow:established,from_client; content:"GET"; http_method; content:"/4cn74qihje.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633778/; classtype:trojan-activity;sid:84496878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633776)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.121.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633776/; classtype:trojan-activity;sid:84496876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633775)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.239.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633775/; classtype:trojan-activity;sid:84496875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633773)"; flow:established,from_client; content:"GET"; http_method; content:"/hd8h3m5u6d.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633773/; classtype:trojan-activity;sid:84496873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633774)"; flow:established,from_client; content:"GET"; http_method; content:"/3xq.check|3f|t=z7bdhade"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"m7.hlgy7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633774/; classtype:trojan-activity;sid:84496874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633772)"; flow:established,from_client; content:"GET"; http_method; content:"/3xq.check|3f|t=md0i7rro"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"m7.hlgy7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633772/; classtype:trojan-activity;sid:84496872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633771)"; flow:established,from_client; content:"GET"; http_method; content:"/x5b8iknnjq.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"b2.o-61x.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633771/; classtype:trojan-activity;sid:84496871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633770)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.84.214.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633770/; classtype:trojan-activity;sid:84496870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633769)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.142.187.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633769/; classtype:trojan-activity;sid:84496869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633768)"; flow:established,from_client; content:"GET"; http_method; content:"/ni4ezowigx.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"x.o-61x.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633768/; classtype:trojan-activity;sid:84496868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633767)"; flow:established,from_client; content:"GET"; http_method; content:"/nknrvnpk8g.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633767/; classtype:trojan-activity;sid:84496867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633765)"; flow:established,from_client; content:"GET"; http_method; content:"/0k.google|3f|t=kh0gq3k9"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"a.hlgy7.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633765/; classtype:trojan-activity;sid:84496865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633766)"; flow:established,from_client; content:"GET"; http_method; content:"/0k.google|3f|t=yv01xkhn"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"a.hlgy7.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633766/; classtype:trojan-activity;sid:84496866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633764)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1704139695/tldmitf.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633764/; classtype:trojan-activity;sid:84496864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633763)"; flow:established,from_client; content:"GET"; http_method; content:"/h0qae7gziv.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633763/; classtype:trojan-activity;sid:84496863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633762)"; flow:established,from_client; content:"GET"; http_method; content:"/ya04.google|3f|t=10s3veei"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"z9m.gzva1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633762/; classtype:trojan-activity;sid:84496862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633761)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.177.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633761/; classtype:trojan-activity;sid:84496861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633760)"; flow:established,from_client; content:"GET"; http_method; content:"/qyy1igz2pt.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"e1.a-67x.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633760/; classtype:trojan-activity;sid:84496860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633759)"; flow:established,from_client; content:"GET"; http_method; content:"/ya04.google|3f|t=nw7sktue"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"z9m.gzva1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633759/; classtype:trojan-activity;sid:84496859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633754)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"92.38.49.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633754/; classtype:trojan-activity;sid:84496854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633755)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/loader.sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"92.38.49.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633755/; classtype:trojan-activity;sid:84496855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633756)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"92.38.49.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633756/; classtype:trojan-activity;sid:84496856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633757)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.x86"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"92.38.49.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633757/; classtype:trojan-activity;sid:84496857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633758)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"92.38.49.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633758/; classtype:trojan-activity;sid:84496858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633753)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.mpsl"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"92.38.49.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633753/; classtype:trojan-activity;sid:84496853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633748)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"92.38.49.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633748/; classtype:trojan-activity;sid:84496848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633749)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"92.38.49.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633749/; classtype:trojan-activity;sid:84496849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633750)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.arm5n"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"92.38.49.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633750/; classtype:trojan-activity;sid:84496850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633751)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.ppc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"92.38.49.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633751/; classtype:trojan-activity;sid:84496851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633752)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.arm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"92.38.49.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633752/; classtype:trojan-activity;sid:84496852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633741)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"92.38.49.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633741/; classtype:trojan-activity;sid:84496841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633742)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"92.38.49.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633742/; classtype:trojan-activity;sid:84496842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633743)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"92.38.49.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633743/; classtype:trojan-activity;sid:84496843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633744)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.arm7"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"92.38.49.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633744/; classtype:trojan-activity;sid:84496844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633745)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"92.38.49.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633745/; classtype:trojan-activity;sid:84496845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633746)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"92.38.49.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633746/; classtype:trojan-activity;sid:84496846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633747)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"92.38.49.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633747/; classtype:trojan-activity;sid:84496847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633739)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"92.38.49.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633739/; classtype:trojan-activity;sid:84496839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633740)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"92.38.49.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633740/; classtype:trojan-activity;sid:84496840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633738)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.183.27.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633738/; classtype:trojan-activity;sid:84496838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633737)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.arm5n"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"92.38.49.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633737/; classtype:trojan-activity;sid:84496837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633735)"; flow:established,from_client; content:"GET"; http_method; content:"/home/south.ps1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"196.251.117.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633735/; classtype:trojan-activity;sid:84496835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633736)"; flow:established,from_client; content:"GET"; http_method; content:"/home/server_unencrypted.ps2"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"196.251.117.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633736/; classtype:trojan-activity;sid:84496836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633733)"; flow:established,from_client; content:"GET"; http_method; content:"/home/testted.ps1"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"196.251.117.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633733/; classtype:trojan-activity;sid:84496833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633734)"; flow:established,from_client; content:"GET"; http_method; content:"/home/neww2.ps1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"196.251.117.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633734/; classtype:trojan-activity;sid:84496834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633732)"; flow:established,from_client; content:"GET"; http_method; content:"/home/new.ps1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"196.251.117.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633732/; classtype:trojan-activity;sid:84496832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633729)"; flow:established,from_client; content:"GET"; http_method; content:"/home/obfuscatedscript.vbe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"196.251.117.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633729/; classtype:trojan-activity;sid:84496829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633730)"; flow:established,from_client; content:"GET"; http_method; content:"/home/server_plain.ps1"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"196.251.117.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633730/; classtype:trojan-activity;sid:84496830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633731)"; flow:established,from_client; content:"GET"; http_method; content:"/home/h20remcos.ps1"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"196.251.117.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633731/; classtype:trojan-activity;sid:84496831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633728)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"138.255.176.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633728/; classtype:trojan-activity;sid:84496828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633727)"; flow:established,from_client; content:"GET"; http_method; content:"/24uhm26wcx.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qk2.a-67x.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633727/; classtype:trojan-activity;sid:84496827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633725)"; flow:established,from_client; content:"GET"; http_method; content:"/1n.check|3f|t=oet3usff"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"qb.gzva1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633725/; classtype:trojan-activity;sid:84496825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633726)"; flow:established,from_client; content:"GET"; http_method; content:"/drpbdgkqsp.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633726/; classtype:trojan-activity;sid:84496826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633724)"; flow:established,from_client; content:"GET"; http_method; content:"/1n.check|3f|t=c2lj670q"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"qb.gzva1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633724/; classtype:trojan-activity;sid:84496824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633723)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.116.107.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633723/; classtype:trojan-activity;sid:84496823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633722)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.200.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633722/; classtype:trojan-activity;sid:84496822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633721)"; flow:established,from_client; content:"GET"; http_method; content:"/tideav-go5-2025-09-25-20-34-06-029933_img.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"47.122.66.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633721/; classtype:trojan-activity;sid:84496821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633720)"; flow:established,from_client; content:"GET"; http_method; content:"/pryut9ggg7vybdlt_encoded.txt"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"212.11.64.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633720/; classtype:trojan-activity;sid:84496820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633716)"; flow:established,from_client; content:"GET"; http_method; content:"/tv.check|3f|t=wdj1cq9i"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"x.gzva1.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633716/; classtype:trojan-activity;sid:84496816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633717)"; flow:established,from_client; content:"GET"; http_method; content:"/tv.check|3f|t=8kjasrq7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"x.gzva1.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633717/; classtype:trojan-activity;sid:84496817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633718)"; flow:established,from_client; content:"GET"; http_method; content:"/client_encoded.txt"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"212.11.64.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633718/; classtype:trojan-activity;sid:84496818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633719)"; flow:established,from_client; content:"GET"; http_method; content:"/xcb0exft0y.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qk2.a-67x.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633719/; classtype:trojan-activity;sid:84496819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633715)"; flow:established,from_client; content:"GET"; http_method; content:"/wzjppjimu9.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633715/; classtype:trojan-activity;sid:84496815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633714)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.189.205.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633714/; classtype:trojan-activity;sid:84496814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633713)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.96.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633713/; classtype:trojan-activity;sid:84496813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633712)"; flow:established,from_client; content:"GET"; http_method; content:"/001/items.dll"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"110.40.199.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633712/; classtype:trojan-activity;sid:84496812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633711)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.6.249.3"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633711/; classtype:trojan-activity;sid:84496811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633710)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.32.144"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633710/; classtype:trojan-activity;sid:84496810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633709)"; flow:established,from_client; content:"GET"; http_method; content:"/html/dl/document.js"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"46.28.71.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633709/; classtype:trojan-activity;sid:84496809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633708)"; flow:established,from_client; content:"GET"; http_method; content:"/serv/setup1.msi"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"46.28.71.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633708/; classtype:trojan-activity;sid:84496808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633707)"; flow:established,from_client; content:"GET"; http_method; content:"/doc/document_green.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"46.28.71.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633707/; classtype:trojan-activity;sid:84496807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633706)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.125.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633706/; classtype:trojan-activity;sid:84496806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633705)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.6.249.3"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633705/; classtype:trojan-activity;sid:84496805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633704)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.189.205.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633704/; classtype:trojan-activity;sid:84496804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633703)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.151.120.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633703/; classtype:trojan-activity;sid:84496803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633702)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.120.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633702/; classtype:trojan-activity;sid:84496802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633701)"; flow:established,from_client; content:"GET"; http_method; content:"/0hvgz8tmci.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"u5.a-67x.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633701/; classtype:trojan-activity;sid:84496801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633700)"; flow:established,from_client; content:"GET"; http_method; content:"/0a7.google|3f|t=xidxbc35"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"pn.gzva1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633700/; classtype:trojan-activity;sid:84496800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633699)"; flow:established,from_client; content:"GET"; http_method; content:"/ifozdt4zey.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633699/; classtype:trojan-activity;sid:84496799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633698)"; flow:established,from_client; content:"GET"; http_method; content:"/0a7.google|3f|t=omtni6w9"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"pn.gzva1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633698/; classtype:trojan-activity;sid:84496798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633697)"; flow:established,from_client; content:"GET"; http_method; content:"/9q2.check|3f|t=uocnj2pd"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"h3.gzva1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633697/; classtype:trojan-activity;sid:84496797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633696)"; flow:established,from_client; content:"GET"; http_method; content:"/tz986b36zo.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r.a-67x.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633696/; classtype:trojan-activity;sid:84496796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633695)"; flow:established,from_client; content:"GET"; http_method; content:"/zpnwqvj1q7.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633695/; classtype:trojan-activity;sid:84496795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633694)"; flow:established,from_client; content:"GET"; http_method; content:"/9q2.check|3f|t=8jnt4d58"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"h3.gzva1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633694/; classtype:trojan-activity;sid:84496794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633693)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.178.95.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633693/; classtype:trojan-activity;sid:84496793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633692)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.131.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633692/; classtype:trojan-activity;sid:84496792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633690)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.114.193.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633690/; classtype:trojan-activity;sid:84496790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633691)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.10.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633691/; classtype:trojan-activity;sid:84496791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633687)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.178.95.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633687/; classtype:trojan-activity;sid:84496787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633688)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.125.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633688/; classtype:trojan-activity;sid:84496788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633689)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.191.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633689/; classtype:trojan-activity;sid:84496789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633686)"; flow:established,from_client; content:"GET"; http_method; content:"/plus/d/|3f|download=apk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"xgame.pics"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633686/; classtype:trojan-activity;sid:84496786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633685)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"207.65.186.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633685/; classtype:trojan-activity;sid:84496785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633684)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.151.120.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633684/; classtype:trojan-activity;sid:84496784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633683)"; flow:established,from_client; content:"GET"; http_method; content:"/cluster"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"106.15.48.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633683/; classtype:trojan-activity;sid:84496783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633682)"; flow:established,from_client; content:"GET"; http_method; content:"/ew"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"106.15.48.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633682/; classtype:trojan-activity;sid:84496782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633681)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.253.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633681/; classtype:trojan-activity;sid:84496781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633680)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.96.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633680/; classtype:trojan-activity;sid:84496780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633679)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.43.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633679/; classtype:trojan-activity;sid:84496779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633678)"; flow:established,from_client; content:"GET"; http_method; content:"/2.zip"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"8.134.195.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633678/; classtype:trojan-activity;sid:84496778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633677)"; flow:established,from_client; content:"GET"; http_method; content:"/1.zip"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"8.134.195.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633677/; classtype:trojan-activity;sid:84496777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633676)"; flow:established,from_client; content:"GET"; http_method; content:"/wechatappex.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"8.134.195.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633676/; classtype:trojan-activity;sid:84496776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633674)"; flow:established,from_client; content:"GET"; http_method; content:"/telegram.dll"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"8.134.195.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633674/; classtype:trojan-activity;sid:84496774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633675)"; flow:established,from_client; content:"GET"; http_method; content:"/%e4%b8%93%e4%b8%ba%e6%89%93%e5%87%bb%e7%8a%af%e7%bd%aa%e6%89%93%e9%80%a0~%e5%b9%bf%e8%a5%bf%e7%9c%81%e5%8e%85%e6%8e%88%e6%9d%83-%e4%bd%a0%e7%9a%84%e8%ae%bf%e9%97%aeip%e5%b7%b2%e8%a2%ab%e6%97%a5%e5%bf%97%e8%ae%b0%e5%bd%95.txt"; http_uri; depth:225; isdataat:!1,relative; nocase; content:"8.134.195.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633675/; classtype:trojan-activity;sid:84496775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633673)"; flow:established,from_client; content:"GET"; http_method; content:"/deeplink.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"8.134.195.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633673/; classtype:trojan-activity;sid:84496773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633672)"; flow:established,from_client; content:"GET"; http_method; content:"/wechat.dat"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"8.134.195.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633672/; classtype:trojan-activity;sid:84496772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633671)"; flow:established,from_client; content:"GET"; http_method; content:"/encrypted_shellcode.txt"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"8.134.195.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633671/; classtype:trojan-activity;sid:84496771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633670)"; flow:established,from_client; content:"GET"; http_method; content:"/deeplink.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"8.134.195.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633670/; classtype:trojan-activity;sid:84496770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633669)"; flow:established,from_client; content:"GET"; http_method; content:"/xweb_elf.dll"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"8.134.195.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633669/; classtype:trojan-activity;sid:84496769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633667)"; flow:established,from_client; content:"GET"; http_method; content:"/shellcode.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"8.134.195.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633667/; classtype:trojan-activity;sid:84496767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633668)"; flow:established,from_client; content:"GET"; http_method; content:"/everything.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.134.195.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633668/; classtype:trojan-activity;sid:84496768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633664)"; flow:established,from_client; content:"GET"; http_method; content:"/test.xml"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"8.134.195.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633664/; classtype:trojan-activity;sid:84496764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633665)"; flow:established,from_client; content:"GET"; http_method; content:"/test.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"8.134.195.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633665/; classtype:trojan-activity;sid:84496765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633666)"; flow:established,from_client; content:"GET"; http_method; content:"/client.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"8.134.195.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633666/; classtype:trojan-activity;sid:84496766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633663)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"c.loyaltyservices.lol"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633663/; classtype:trojan-activity;sid:84496763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633661)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"c.loyaltyservices.lol"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633661/; classtype:trojan-activity;sid:84496761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633662)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.195.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633662/; classtype:trojan-activity;sid:84496762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633654)"; flow:established,from_client; content:"GET"; http_method; content:"/dbg"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"c.loyaltyservices.lol"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633654/; classtype:trojan-activity;sid:84496754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633655)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"c.loyaltyservices.lol"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633655/; classtype:trojan-activity;sid:84496755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633656)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"c.loyaltyservices.lol"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633656/; classtype:trojan-activity;sid:84496756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633657)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"c.loyaltyservices.lol"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633657/; classtype:trojan-activity;sid:84496757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633658)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"c.loyaltyservices.lol"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633658/; classtype:trojan-activity;sid:84496758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633659)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"c.loyaltyservices.lol"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633659/; classtype:trojan-activity;sid:84496759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633660)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"c.loyaltyservices.lol"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633660/; classtype:trojan-activity;sid:84496760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633649)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.81.252.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633649/; classtype:trojan-activity;sid:84496749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633650)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.81.252.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633650/; classtype:trojan-activity;sid:84496750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633651)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.81.252.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633651/; classtype:trojan-activity;sid:84496751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633652)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.81.252.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633652/; classtype:trojan-activity;sid:84496752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633653)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.81.252.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633653/; classtype:trojan-activity;sid:84496753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633648)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.81.252.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633648/; classtype:trojan-activity;sid:84496748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633647)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.81.252.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633647/; classtype:trojan-activity;sid:84496747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633646)"; flow:established,from_client; content:"GET"; http_method; content:"/dbg"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.81.252.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633646/; classtype:trojan-activity;sid:84496746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633645)"; flow:established,from_client; content:"GET"; http_method; content:"/du%20lieu/dl%20a%20tuyen/tai%20lieu%20chung/client/expllorer.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"14.184.40.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633645/; classtype:trojan-activity;sid:84496745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633644)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.245.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633644/; classtype:trojan-activity;sid:84496744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633643)"; flow:established,from_client; content:"GET"; http_method; content:"/wget"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"vmi2528812.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633643/; classtype:trojan-activity;sid:84496743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633642)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.elf"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"vmi2528812.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633642/; classtype:trojan-activity;sid:84496742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633641)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.43.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633641/; classtype:trojan-activity;sid:84496741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633640)"; flow:established,from_client; content:"GET"; http_method; content:"/run.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ggg.galaxias.cc"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633640/; classtype:trojan-activity;sid:84496740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633639)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.96.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633639/; classtype:trojan-activity;sid:84496739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633632)"; flow:established,from_client; content:"GET"; http_method; content:"/xnxnxnxnxnxnxnxnaarch64xnxn"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"ggg.galaxias.cc"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633632/; classtype:trojan-activity;sid:84496732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633633)"; flow:established,from_client; content:"GET"; http_method; content:"/xnxnxnxnxnxnxnxnpowerpc64xnxn"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"ggg.galaxias.cc"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633633/; classtype:trojan-activity;sid:84496733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633634)"; flow:established,from_client; content:"GET"; http_method; content:"/xnxnxnxnxnxnxnxni686xnxn"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ggg.galaxias.cc"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633634/; classtype:trojan-activity;sid:84496734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633635)"; flow:established,from_client; content:"GET"; http_method; content:"/xnxnxnxnxnxnxnxnx86_64xnxn"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"ggg.galaxias.cc"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633635/; classtype:trojan-activity;sid:84496735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633636)"; flow:established,from_client; content:"GET"; http_method; content:"/xnxnxnxnxnxnxnxnm68kxnxn"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ggg.galaxias.cc"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633636/; classtype:trojan-activity;sid:84496736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633637)"; flow:established,from_client; content:"GET"; http_method; content:"/xnxnxnxnxnxnxnxnmipselxnxn"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"ggg.galaxias.cc"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633637/; classtype:trojan-activity;sid:84496737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633638)"; flow:established,from_client; content:"GET"; http_method; content:"/xnxnxnxnxnxnxnxnsh4xnxn"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ggg.galaxias.cc"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633638/; classtype:trojan-activity;sid:84496738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633630)"; flow:established,from_client; content:"GET"; http_method; content:"/xnxnxnxnxnxnxnxnmipsxnxn"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ggg.galaxias.cc"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633630/; classtype:trojan-activity;sid:84496730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633631)"; flow:established,from_client; content:"GET"; http_method; content:"/xnxnxnxnxnxnxnxnarm7lxnxn"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"ggg.galaxias.cc"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633631/; classtype:trojan-activity;sid:84496731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633629)"; flow:established,from_client; content:"GET"; http_method; content:"/data/soft.php/|3f|adguardpremiump0"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"good.indianbober.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633629/; classtype:trojan-activity;sid:84496729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633628)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/ares.x86"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"hikylover.st"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633628/; classtype:trojan-activity;sid:84496728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633627)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"hikylover.st"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633627/; classtype:trojan-activity;sid:84496727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633626)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/ares.ppc"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"hikylover.st"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633626/; classtype:trojan-activity;sid:84496726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633623)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"www.hikylover.st"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633623/; classtype:trojan-activity;sid:84496723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633624)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/ares.arm6"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"www.hikylover.st"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633624/; classtype:trojan-activity;sid:84496724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633625)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/ares.mips"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"www.hikylover.st"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633625/; classtype:trojan-activity;sid:84496725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633619)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/ares.arm5"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"hikylover.st"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633619/; classtype:trojan-activity;sid:84496719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633620)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/ares.arm5"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"www.hikylover.st"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633620/; classtype:trojan-activity;sid:84496720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633621)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/ares.arm"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"hikylover.st"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633621/; classtype:trojan-activity;sid:84496721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633622)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/ares.arm6"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"hikylover.st"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633622/; classtype:trojan-activity;sid:84496722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633618)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/ares.spc"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"www.hikylover.st"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633618/; classtype:trojan-activity;sid:84496718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633617)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/ares.arm"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"www.hikylover.st"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633617/; classtype:trojan-activity;sid:84496717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633614)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/ares.mips"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"hikylover.st"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633614/; classtype:trojan-activity;sid:84496714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633615)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/ares.arm7"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"www.hikylover.st"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633615/; classtype:trojan-activity;sid:84496715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633616)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/ares.ppc"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"www.hikylover.st"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633616/; classtype:trojan-activity;sid:84496716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633605)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/ares.sh4"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"hikylover.st"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633605/; classtype:trojan-activity;sid:84496705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633606)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/ares.arm7"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"hikylover.st"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633606/; classtype:trojan-activity;sid:84496706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633607)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/ares.m68k"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"www.hikylover.st"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633607/; classtype:trojan-activity;sid:84496707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633608)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/ares.m68k"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"hikylover.st"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633608/; classtype:trojan-activity;sid:84496708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633609)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/ares.mpsl"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"hikylover.st"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633609/; classtype:trojan-activity;sid:84496709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633610)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/ares.mpsl"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"www.hikylover.st"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633610/; classtype:trojan-activity;sid:84496710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633611)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/ares.x86"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"www.hikylover.st"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633611/; classtype:trojan-activity;sid:84496711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633612)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/ares.sh4"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"www.hikylover.st"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633612/; classtype:trojan-activity;sid:84496712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633613)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/ares.spc"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"hikylover.st"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633613/; classtype:trojan-activity;sid:84496713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633604)"; flow:established,from_client; content:"GET"; http_method; content:"/caidao-20160622.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"43.138.22.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633604/; classtype:trojan-activity;sid:84496704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633603)"; flow:established,from_client; content:"GET"; http_method; content:"/havoc/payloads/shellcode.x86.bin"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"216.144.233.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633603/; classtype:trojan-activity;sid:84496703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633602)"; flow:established,from_client; content:"GET"; http_method; content:"/havoc/payloads/dllldr.x64.bin"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"216.144.233.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633602/; classtype:trojan-activity;sid:84496702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633601)"; flow:established,from_client; content:"GET"; http_method; content:"/havoc/payloads/shellcode.x64.bin"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"216.144.233.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633601/; classtype:trojan-activity;sid:84496701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633600)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.219.172.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633600/; classtype:trojan-activity;sid:84496700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633599)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.155.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633599/; classtype:trojan-activity;sid:84496699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633598)"; flow:established,from_client; content:"GET"; http_method; content:"/f1.google|3f|t=zwi25rem"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"s.gzva1.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633598/; classtype:trojan-activity;sid:84496698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633597)"; flow:established,from_client; content:"GET"; http_method; content:"/jzgazm64ax.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633597/; classtype:trojan-activity;sid:84496697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633596)"; flow:established,from_client; content:"GET"; http_method; content:"/nr5sfdzo6e.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k7.a-91p.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633596/; classtype:trojan-activity;sid:84496696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633595)"; flow:established,from_client; content:"GET"; http_method; content:"/f1.google|3f|t=cawx2xnm"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"s.gzva1.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633595/; classtype:trojan-activity;sid:84496695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633594)"; flow:established,from_client; content:"GET"; http_method; content:"/34523jk45bnnb34bn45b/gfh5ryh43y/win17.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"adobecodec.snreader.live"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633594/; classtype:trojan-activity;sid:84496694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633593)"; flow:established,from_client; content:"GET"; http_method; content:"/34523jk45bnnb34bn45b/gfh5ryh43y/reader_x1pdfclear.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"adobecodec.snreader.live"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633593/; classtype:trojan-activity;sid:84496693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633592)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.253.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633592/; classtype:trojan-activity;sid:84496692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633591)"; flow:established,from_client; content:"GET"; http_method; content:"/c5m8.check|3f|t=lhvt2mzx"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"z.gbta9.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633591/; classtype:trojan-activity;sid:84496691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633589)"; flow:established,from_client; content:"GET"; http_method; content:"/jpv11v4c7v.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k7.a-91p.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633589/; classtype:trojan-activity;sid:84496689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633590)"; flow:established,from_client; content:"GET"; http_method; content:"/1g48ms78ne.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633590/; classtype:trojan-activity;sid:84496690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633588)"; flow:established,from_client; content:"GET"; http_method; content:"/c5m8.check|3f|t=4sx4q2lp"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"z.gbta9.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633588/; classtype:trojan-activity;sid:84496688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633587)"; flow:established,from_client; content:"GET"; http_method; content:"/proceso.vbs"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"193.23.3.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633587/; classtype:trojan-activity;sid:84496687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633586)"; flow:established,from_client; content:"GET"; http_method; content:"/loader.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"156.238.242.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633586/; classtype:trojan-activity;sid:84496686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633585)"; flow:established,from_client; content:"GET"; http_method; content:"/donut/donut.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"156.238.242.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633585/; classtype:trojan-activity;sid:84496685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633582)"; flow:established,from_client; content:"GET"; http_method; content:"/loader_%e6%ba%90%e8%af%ad%e8%a8%80.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"156.238.242.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633582/; classtype:trojan-activity;sid:84496682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633583)"; flow:established,from_client; content:"GET"; http_method; content:"/test.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"156.238.242.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633583/; classtype:trojan-activity;sid:84496683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633584)"; flow:established,from_client; content:"GET"; http_method; content:"/loader.bin"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"156.238.242.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633584/; classtype:trojan-activity;sid:84496684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633581)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.253.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633581/; classtype:trojan-activity;sid:84496681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633580)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.192.193.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633580/; classtype:trojan-activity;sid:84496680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633579)"; flow:established,from_client; content:"GET"; http_method; content:"/bts5.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"38.60.199.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633579/; classtype:trojan-activity;sid:84496679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633578)"; flow:established,from_client; content:"GET"; http_method; content:"/xnxnxnxnxnxnxnxnpowerpc64xnxn"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"103.214.8.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633578/; classtype:trojan-activity;sid:84496678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633569)"; flow:established,from_client; content:"GET"; http_method; content:"/xnxnxnxnxnxnxnxnmipselxnxn"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"103.214.8.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633569/; classtype:trojan-activity;sid:84496669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633570)"; flow:established,from_client; content:"GET"; http_method; content:"/xnxnxnxnxnxnxnxni686xnxn"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"103.214.8.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633570/; classtype:trojan-activity;sid:84496670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633571)"; flow:established,from_client; content:"GET"; http_method; content:"/xnxnxnxnxnxnxnxnsh4xnxn"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"103.214.8.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633571/; classtype:trojan-activity;sid:84496671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633572)"; flow:established,from_client; content:"GET"; http_method; content:"/xnxnxnxnxnxnxnxnarm7lxnxn"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"103.214.8.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633572/; classtype:trojan-activity;sid:84496672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633573)"; flow:established,from_client; content:"GET"; http_method; content:"/run.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.214.8.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633573/; classtype:trojan-activity;sid:84496673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633574)"; flow:established,from_client; content:"GET"; http_method; content:"/xnxnxnxnxnxnxnxnmipsxnxn"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"103.214.8.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633574/; classtype:trojan-activity;sid:84496674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633575)"; flow:established,from_client; content:"GET"; http_method; content:"/xnxnxnxnxnxnxnxnaarch64xnxn"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"103.214.8.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633575/; classtype:trojan-activity;sid:84496675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633576)"; flow:established,from_client; content:"GET"; http_method; content:"/xnxnxnxnxnxnxnxnm68kxnxn"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"103.214.8.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633576/; classtype:trojan-activity;sid:84496676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633577)"; flow:established,from_client; content:"GET"; http_method; content:"/xnxnxnxnxnxnxnxnx86_64xnxn"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"103.214.8.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633577/; classtype:trojan-activity;sid:84496677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633568)"; flow:established,from_client; content:"GET"; http_method; content:"/7b0.google|3f|t=l8yy3afx"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"t1v.gbta9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633568/; classtype:trojan-activity;sid:84496668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633567)"; flow:established,from_client; content:"GET"; http_method; content:"/2hpesxgj5n.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633567/; classtype:trojan-activity;sid:84496667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633566)"; flow:established,from_client; content:"GET"; http_method; content:"/client-built.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"91.151.88.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633566/; classtype:trojan-activity;sid:84496666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633565)"; flow:established,from_client; content:"GET"; http_method; content:"/sostener.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"186.169.60.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633565/; classtype:trojan-activity;sid:84496665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633562)"; flow:established,from_client; content:"GET"; http_method; content:"/sostener1.vbs"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"158.94.209.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633562/; classtype:trojan-activity;sid:84496662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633563)"; flow:established,from_client; content:"GET"; http_method; content:"/sostener.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"158.94.209.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633563/; classtype:trojan-activity;sid:84496663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633564)"; flow:established,from_client; content:"GET"; http_method; content:"/sostener2.vbs"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"46.246.86.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633564/; classtype:trojan-activity;sid:84496664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633559)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.77.241.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633559/; classtype:trojan-activity;sid:84496659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633560)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.77.241.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633560/; classtype:trojan-activity;sid:84496660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633561)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.77.241.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633561/; classtype:trojan-activity;sid:84496661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633558)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.77.241.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633558/; classtype:trojan-activity;sid:84496658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633557)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.77.241.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633557/; classtype:trojan-activity;sid:84496657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633551)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.77.241.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633551/; classtype:trojan-activity;sid:84496651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633552)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.77.241.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633552/; classtype:trojan-activity;sid:84496652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633553)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.77.241.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633553/; classtype:trojan-activity;sid:84496653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633554)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.77.241.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633554/; classtype:trojan-activity;sid:84496654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633555)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.77.241.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633555/; classtype:trojan-activity;sid:84496655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633556)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.77.241.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633556/; classtype:trojan-activity;sid:84496656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633550)"; flow:established,from_client; content:"GET"; http_method; content:"/mr9ppwuisv.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"aa9.a-91p.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633550/; classtype:trojan-activity;sid:84496650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633549)"; flow:established,from_client; content:"GET"; http_method; content:"/7b0.google|3f|t=pyjcnnbs"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"t1v.gbta9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633549/; classtype:trojan-activity;sid:84496649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633548)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.81.252.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633548/; classtype:trojan-activity;sid:84496648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633547)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"94.154.35.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633547/; classtype:trojan-activity;sid:84496647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633546)"; flow:established,from_client; content:"GET"; http_method; content:"/2674wxtxkn.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"of.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633546/; classtype:trojan-activity;sid:84496646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633545)"; flow:established,from_client; content:"GET"; http_method; content:"/7b0.google|3f|t=aslw4h48"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"t1v.gbta9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633545/; classtype:trojan-activity;sid:84496645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633544)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.91.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633544/; classtype:trojan-activity;sid:84496644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633543)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.192.193.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633543/; classtype:trojan-activity;sid:84496643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633542)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.92.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633542/; classtype:trojan-activity;sid:84496642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633541)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.91.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633541/; classtype:trojan-activity;sid:84496641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633540)"; flow:established,from_client; content:"GET"; http_method; content:"/956sux02j4.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"no.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633540/; classtype:trojan-activity;sid:84496640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633539)"; flow:established,from_client; content:"GET"; http_method; content:"/k8.check|3f|t=yrxvxl8f"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"m2.gbta9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633539/; classtype:trojan-activity;sid:84496639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633538)"; flow:established,from_client; content:"GET"; http_method; content:"/k8.check|3f|t=9phc3r4d"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"m2.gbta9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633538/; classtype:trojan-activity;sid:84496638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633537)"; flow:established,from_client; content:"GET"; http_method; content:"/yrs57cb4cy.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2.a-91p.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633537/; classtype:trojan-activity;sid:84496637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633536)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.191.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633536/; classtype:trojan-activity;sid:84496636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633535)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.92.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633535/; classtype:trojan-activity;sid:84496635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633534)"; flow:established,from_client; content:"GET"; http_method; content:"/cnbzy0elz7.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2.a-91p.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633534/; classtype:trojan-activity;sid:84496634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633533)"; flow:established,from_client; content:"GET"; http_method; content:"/tn3.google|3f|t=g6siift2"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"q.gbta9.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633533/; classtype:trojan-activity;sid:84496633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633532)"; flow:established,from_client; content:"GET"; http_method; content:"/1drhm4vraz.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"no.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633532/; classtype:trojan-activity;sid:84496632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633531)"; flow:established,from_client; content:"GET"; http_method; content:"/tn3.google|3f|t=bmqwlhkh"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"q.gbta9.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633531/; classtype:trojan-activity;sid:84496631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633528)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/aarch64-linux-musl"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"95.81.124.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633528/; classtype:trojan-activity;sid:84496628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633529)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sparc-linux-gnu"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"95.81.124.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633529/; classtype:trojan-activity;sid:84496629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633530)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mipsel-linux-musl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"95.81.124.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633530/; classtype:trojan-activity;sid:84496630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633525)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/armeb-linux-musleabihf"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"95.81.124.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633525/; classtype:trojan-activity;sid:84496625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633526)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/powerpc-linux-musl"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"95.81.124.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633526/; classtype:trojan-activity;sid:84496626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633527)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/armv6l-linux-gnueabi"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"95.81.124.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633527/; classtype:trojan-activity;sid:84496627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633523)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/armv6-linux-musleabi"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"95.81.124.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633523/; classtype:trojan-activity;sid:84496623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633524)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips-linux-musl"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"95.81.124.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633524/; classtype:trojan-activity;sid:84496624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633522)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/armv7l-linux-musleabihf"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"95.81.124.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633522/; classtype:trojan-activity;sid:84496622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633513)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/armv7r-linux-musleabihf"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"95.81.124.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633513/; classtype:trojan-activity;sid:84496613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633514)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86_64-linux-musl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"95.81.124.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633514/; classtype:trojan-activity;sid:84496614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633515)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/armv5l-linux-musleabihf"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"95.81.124.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633515/; classtype:trojan-activity;sid:84496615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633516)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k-linux-musl"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"95.81.124.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633516/; classtype:trojan-activity;sid:84496616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633517)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/armv4tl-linux-gnueabi"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"95.81.124.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633517/; classtype:trojan-activity;sid:84496617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633518)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/armel-linux-musleabihf"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"95.81.124.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633518/; classtype:trojan-activity;sid:84496618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633519)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/armv4l-linux-gnueabi"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"95.81.124.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633519/; classtype:trojan-activity;sid:84496619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633520)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/i486-linux-musl"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"95.81.124.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633520/; classtype:trojan-activity;sid:84496620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633521)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/i686-linux-musl"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"95.81.124.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633521/; classtype:trojan-activity;sid:84496621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633512)"; flow:established,from_client; content:"GET"; http_method; content:"/nein"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"95.81.124.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633512/; classtype:trojan-activity;sid:84496612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633511)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4-linux-gnu"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"95.81.124.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633511/; classtype:trojan-activity;sid:84496611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633508)"; flow:established,from_client; content:"GET"; http_method; content:"/goahead"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"95.81.124.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633508/; classtype:trojan-activity;sid:84496608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633509)"; flow:established,from_client; content:"GET"; http_method; content:"/hikvision"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"95.81.124.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633509/; classtype:trojan-activity;sid:84496609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633510)"; flow:established,from_client; content:"GET"; http_method; content:"/o.xml"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"213.209.143.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633510/; classtype:trojan-activity;sid:84496610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633505)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/armv4eb-linux-gnueabi"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"95.81.124.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633505/; classtype:trojan-activity;sid:84496605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633506)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/armv6-linux-musleabihf"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"95.81.124.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633506/; classtype:trojan-activity;sid:84496606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633507)"; flow:established,from_client; content:"GET"; http_method; content:"/aws"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"95.81.124.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633507/; classtype:trojan-activity;sid:84496607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633504)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7044575709/i8buipu.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633504/; classtype:trojan-activity;sid:84496604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633503)"; flow:established,from_client; content:"GET"; http_method; content:"/download.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"202.61.139.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633503/; classtype:trojan-activity;sid:84496603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633502)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"45.125.66.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633502/; classtype:trojan-activity;sid:84496602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633501)"; flow:established,from_client; content:"GET"; http_method; content:"/win.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"202.61.139.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633501/; classtype:trojan-activity;sid:84496601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633500)"; flow:established,from_client; content:"GET"; http_method; content:"/sex"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"95.81.124.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633500/; classtype:trojan-activity;sid:84496600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633485)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips64el"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"202.61.139.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633485/; classtype:trojan-activity;sid:84496585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633486)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"202.61.139.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633486/; classtype:trojan-activity;sid:84496586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633487)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"23.146.184.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633487/; classtype:trojan-activity;sid:84496587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633488)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_amd64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"202.61.139.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633488/; classtype:trojan-activity;sid:84496588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633489)"; flow:established,from_client; content:"GET"; http_method; content:"/download.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"202.61.139.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633489/; classtype:trojan-activity;sid:84496589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633490)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"202.61.139.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633490/; classtype:trojan-activity;sid:84496590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633491)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_ppc64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"202.61.139.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633491/; classtype:trojan-activity;sid:84496591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633492)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"202.61.139.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633492/; classtype:trojan-activity;sid:84496592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633493)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_386"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"202.61.139.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633493/; classtype:trojan-activity;sid:84496593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633494)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips64_softfloat"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"202.61.139.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633494/; classtype:trojan-activity;sid:84496594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633495)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips64el_softfloat"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"202.61.139.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633495/; classtype:trojan-activity;sid:84496595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633496)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mipsel_softfloat"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"202.61.139.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633496/; classtype:trojan-activity;sid:84496596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633497)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"202.61.139.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633497/; classtype:trojan-activity;sid:84496597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633498)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_ppc64el"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"202.61.139.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633498/; classtype:trojan-activity;sid:84496598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633499)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mipsel"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"202.61.139.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633499/; classtype:trojan-activity;sid:84496599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633481)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips_softfloat"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"202.61.139.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633481/; classtype:trojan-activity;sid:84496581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633482)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"23.146.184.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633482/; classtype:trojan-activity;sid:84496582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633483)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"202.61.139.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633483/; classtype:trojan-activity;sid:84496583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633484)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"202.61.139.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633484/; classtype:trojan-activity;sid:84496584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633480)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"160.250.134.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633480/; classtype:trojan-activity;sid:84496580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633479)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1013240947/afw3zuy.bat"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633479/; classtype:trojan-activity;sid:84496579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633478)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.70.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633478/; classtype:trojan-activity;sid:84496578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633477)"; flow:established,from_client; content:"GET"; http_method; content:"/prod_[hardened]__phase-iii__xv7qw9_tdyek_42/chinga.arm7"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"196.251.116.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633477/; classtype:trojan-activity;sid:84496577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633476)"; flow:established,from_client; content:"GET"; http_method; content:"/2cgb4iilxy.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2.a-91p.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633476/; classtype:trojan-activity;sid:84496576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633475)"; flow:established,from_client; content:"GET"; http_method; content:"/0c1.check|3f|t=4cb76nvk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"hx.gbta9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633475/; classtype:trojan-activity;sid:84496575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633474)"; flow:established,from_client; content:"GET"; http_method; content:"/udz78cvnj2.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"no.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633474/; classtype:trojan-activity;sid:84496574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633473)"; flow:established,from_client; content:"GET"; http_method; content:"/0c1.check|3f|t=0zaatpn7"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"hx.gbta9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633473/; classtype:trojan-activity;sid:84496573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633472)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.202.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633472/; classtype:trojan-activity;sid:84496572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633471)"; flow:established,from_client; content:"GET"; http_method; content:"/2eybk6g81y.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"no.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633471/; classtype:trojan-activity;sid:84496571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633470)"; flow:established,from_client; content:"GET"; http_method; content:"/qk7.check|3f|t=xp80wveq"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"d4.gbta9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633470/; classtype:trojan-activity;sid:84496570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633469)"; flow:established,from_client; content:"GET"; http_method; content:"/ogaab1h0yl.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2.a-91p.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633469/; classtype:trojan-activity;sid:84496569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633468)"; flow:established,from_client; content:"GET"; http_method; content:"/qk7.check|3f|t=n74x0lec"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"d4.gbta9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633468/; classtype:trojan-activity;sid:84496568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633467)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.42.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633467/; classtype:trojan-activity;sid:84496567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633466)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.198.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633466/; classtype:trojan-activity;sid:84496566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633465)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"172.95.161.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633465/; classtype:trojan-activity;sid:84496565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633464)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.5.208"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633464/; classtype:trojan-activity;sid:84496564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633463)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.42.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633463/; classtype:trojan-activity;sid:84496563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633462)"; flow:established,from_client; content:"GET"; http_method; content:"/0htrhosbh2.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2.a-91p.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633462/; classtype:trojan-activity;sid:84496562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633461)"; flow:established,from_client; content:"GET"; http_method; content:"/2x.google|3f|t=25v0c2sg"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"n.gbta9.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633461/; classtype:trojan-activity;sid:84496561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633460)"; flow:established,from_client; content:"GET"; http_method; content:"/lvhy9as9eq.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"no.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633460/; classtype:trojan-activity;sid:84496560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633459)"; flow:established,from_client; content:"GET"; http_method; content:"/2x.google|3f|t=a273561n"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"n.gbta9.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633459/; classtype:trojan-activity;sid:84496559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633458)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.198.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633458/; classtype:trojan-activity;sid:84496558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633457)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.202.91.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633457/; classtype:trojan-activity;sid:84496557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633456)"; flow:established,from_client; content:"GET"; http_method; content:"/w401.google|3f|t=fxy59btc"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"cm9.fttu6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633456/; classtype:trojan-activity;sid:84496556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633455)"; flow:established,from_client; content:"GET"; http_method; content:"/1ewh2ixs3n.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"no.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633455/; classtype:trojan-activity;sid:84496555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633454)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.21.25.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633454/; classtype:trojan-activity;sid:84496554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633453)"; flow:established,from_client; content:"GET"; http_method; content:"/w401.google|3f|t=ud48gla2"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"cm9.fttu6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633453/; classtype:trojan-activity;sid:84496553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633452)"; flow:established,from_client; content:"GET"; http_method; content:"/0eaw2lzxte.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"g.a-91p.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633452/; classtype:trojan-activity;sid:84496552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633451)"; flow:established,from_client; content:"GET"; http_method; content:"/b3.check|3f|t=xphjitfb"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"y.fttu6.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633451/; classtype:trojan-activity;sid:84496551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633450)"; flow:established,from_client; content:"GET"; http_method; content:"/4ghaoe4ysk.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"g.a-91p.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633450/; classtype:trojan-activity;sid:84496550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633449)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.202.91.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633449/; classtype:trojan-activity;sid:84496549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633448)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.36.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633448/; classtype:trojan-activity;sid:84496548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633447)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.190.238.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633447/; classtype:trojan-activity;sid:84496547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633446)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.21.25.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633446/; classtype:trojan-activity;sid:84496546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633445)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.36.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633445/; classtype:trojan-activity;sid:84496545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633444)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.83.163.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633444/; classtype:trojan-activity;sid:84496544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633443)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.252.204.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633443/; classtype:trojan-activity;sid:84496543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633442)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.160.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633442/; classtype:trojan-activity;sid:84496542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633441)"; flow:established,from_client; content:"GET"; http_method; content:"/uuja89i7h3.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"g.a-91p.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633441/; classtype:trojan-activity;sid:84496541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633440)"; flow:established,from_client; content:"GET"; http_method; content:"/7kq.google|3f|t=hdr0913a"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"u1.fttu6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633440/; classtype:trojan-activity;sid:84496540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633439)"; flow:established,from_client; content:"GET"; http_method; content:"/278p0i40rm.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"my.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633439/; classtype:trojan-activity;sid:84496539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633438)"; flow:established,from_client; content:"GET"; http_method; content:"/7kq.google|3f|t=wu0jg0v3"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"u1.fttu6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633438/; classtype:trojan-activity;sid:84496538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633437)"; flow:established,from_client; content:"GET"; http_method; content:"/8e9i08dgx4.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"g.a-91p.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633437/; classtype:trojan-activity;sid:84496537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633436)"; flow:established,from_client; content:"GET"; http_method; content:"/qa.check|3f|t=9ekm0z1q"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"r.fttu6.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633436/; classtype:trojan-activity;sid:84496536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633435)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.79.147.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633435/; classtype:trojan-activity;sid:84496535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633434)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.133.255"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633434/; classtype:trojan-activity;sid:84496534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633433)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.92.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633433/; classtype:trojan-activity;sid:84496533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633432)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.72.206.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633432/; classtype:trojan-activity;sid:84496532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633431)"; flow:established,from_client; content:"GET"; http_method; content:"/69mn2mf7ym.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"my.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633431/; classtype:trojan-activity;sid:84496531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633430)"; flow:established,from_client; content:"GET"; http_method; content:"/qa.check|3f|t=j1s2td1v"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"r.fttu6.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633430/; classtype:trojan-activity;sid:84496530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633429)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.90.238.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633429/; classtype:trojan-activity;sid:84496529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633428)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.80.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633428/; classtype:trojan-activity;sid:84496528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633427)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.183.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633427/; classtype:trojan-activity;sid:84496527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633426)"; flow:established,from_client; content:"GET"; http_method; content:"/0d2.google|3f|t=y63rqz6q"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ve.fttu6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633426/; classtype:trojan-activity;sid:84496526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633425)"; flow:established,from_client; content:"GET"; http_method; content:"/3ppm3e59o8.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"g.a-91p.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633425/; classtype:trojan-activity;sid:84496525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633424)"; flow:established,from_client; content:"GET"; http_method; content:"/kkqdjinzzs.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"my.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633424/; classtype:trojan-activity;sid:84496524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633423)"; flow:established,from_client; content:"GET"; http_method; content:"/0d2.google|3f|t=qghd8iuw"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ve.fttu6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633423/; classtype:trojan-activity;sid:84496523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633422)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.90.238.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633422/; classtype:trojan-activity;sid:84496522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633421)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.154.16.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633421/; classtype:trojan-activity;sid:84496521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633420)"; flow:established,from_client; content:"GET"; http_method; content:"/36m.check|3f|t=eaqgrov8"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"k8.fttu6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633420/; classtype:trojan-activity;sid:84496520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633419)"; flow:established,from_client; content:"GET"; http_method; content:"/36m.check|3f|t=6naige3t"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"k8.fttu6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633419/; classtype:trojan-activity;sid:84496519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633417)"; flow:established,from_client; content:"GET"; http_method; content:"/m8cbcqmyso.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"g.a-91p.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633417/; classtype:trojan-activity;sid:84496517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633418)"; flow:established,from_client; content:"GET"; http_method; content:"/jng9qv9cuq.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"my.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633418/; classtype:trojan-activity;sid:84496518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633416)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.80.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633416/; classtype:trojan-activity;sid:84496516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633415)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.196.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633415/; classtype:trojan-activity;sid:84496515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633414)"; flow:established,from_client; content:"GET"; http_method; content:"/srb29v8lsc.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"me.xkqi8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633414/; classtype:trojan-activity;sid:84496514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633413)"; flow:established,from_client; content:"GET"; http_method; content:"/tn.google|3f|t=60bwvjss"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"p.fttu6.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633413/; classtype:trojan-activity;sid:84496513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633412)"; flow:established,from_client; content:"GET"; http_method; content:"/ob7g9i2m9x.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"aa9.e-99n.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633412/; classtype:trojan-activity;sid:84496512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633411)"; flow:established,from_client; content:"GET"; http_method; content:"/tn.google|3f|t=7n1fgd2r"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"p.fttu6.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633411/; classtype:trojan-activity;sid:84496511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633410)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.156.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633410/; classtype:trojan-activity;sid:84496510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633409)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.196.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633409/; classtype:trojan-activity;sid:84496509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633408)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.252.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633408/; classtype:trojan-activity;sid:84496508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633407)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.84.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633407/; classtype:trojan-activity;sid:84496507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633405)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.226.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633405/; classtype:trojan-activity;sid:84496505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633406)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.223.175.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633406/; classtype:trojan-activity;sid:84496506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633404)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.77.241.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633404/; classtype:trojan-activity;sid:84496504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633401)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.97.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633401/; classtype:trojan-activity;sid:84496501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633402)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.140.129.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633402/; classtype:trojan-activity;sid:84496502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633403)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.140.200.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633403/; classtype:trojan-activity;sid:84496503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633400)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.117.101.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633400/; classtype:trojan-activity;sid:84496500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633399)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.247.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633399/; classtype:trojan-activity;sid:84496499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633398)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.75.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633398/; classtype:trojan-activity;sid:84496498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633397)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.229.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633397/; classtype:trojan-activity;sid:84496497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633396)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.22.214.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633396/; classtype:trojan-activity;sid:84496496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633395)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.75.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633395/; classtype:trojan-activity;sid:84496495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633394)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.183.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633394/; classtype:trojan-activity;sid:84496494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633393)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.87.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633393/; classtype:trojan-activity;sid:84496493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633392)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.80.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633392/; classtype:trojan-activity;sid:84496492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633391)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.193.98.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633391/; classtype:trojan-activity;sid:84496491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633390)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.87.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633390/; classtype:trojan-activity;sid:84496490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633389)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.117.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633389/; classtype:trojan-activity;sid:84496489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633388)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.58.185.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633388/; classtype:trojan-activity;sid:84496488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633387)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.72.206.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633387/; classtype:trojan-activity;sid:84496487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633386)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.80.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633386/; classtype:trojan-activity;sid:84496486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633385)"; flow:established,from_client; content:"GET"; http_method; content:"/y904.check|3f|t=seqc9mvk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"x2m.ctze0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633385/; classtype:trojan-activity;sid:84496485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633384)"; flow:established,from_client; content:"GET"; http_method; content:"/uegy8lvqtk.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"xq0.e-99n.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633384/; classtype:trojan-activity;sid:84496484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633382)"; flow:established,from_client; content:"GET"; http_method; content:"/y904.check|3f|t=40trljcb"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"x2m.ctze0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633382/; classtype:trojan-activity;sid:84496482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633383)"; flow:established,from_client; content:"GET"; http_method; content:"/bsaz1iso2z.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"it.xmho3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633383/; classtype:trojan-activity;sid:84496483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633381)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.208.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633381/; classtype:trojan-activity;sid:84496481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633380)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.81.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633380/; classtype:trojan-activity;sid:84496480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633379)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.105.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633379/; classtype:trojan-activity;sid:84496479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633378)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.138.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633378/; classtype:trojan-activity;sid:84496478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633377)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.179.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633377/; classtype:trojan-activity;sid:84496477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633376)"; flow:established,from_client; content:"GET"; http_method; content:"/blxorjmsky.md5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"it.xmho3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633376/; classtype:trojan-activity;sid:84496476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633375)"; flow:established,from_client; content:"GET"; http_method; content:"/ra2.google|3f|t=bkwax6ky"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"h.ctze0.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633375/; classtype:trojan-activity;sid:84496475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633374)"; flow:established,from_client; content:"GET"; http_method; content:"/ndwvrndpnv.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c5.e-99n.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633374/; classtype:trojan-activity;sid:84496474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633373)"; flow:established,from_client; content:"GET"; http_method; content:"/ra2.google|3f|t=ruttt9ws"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"h.ctze0.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633373/; classtype:trojan-activity;sid:84496473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633353)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.6.250.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3633353/; classtype:trojan-activity;sid:84496453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633332)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.6.250.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3633332/; classtype:trojan-activity;sid:84496432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633328)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3633328/; classtype:trojan-activity;sid:84496428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633319)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3633319/; classtype:trojan-activity;sid:84496419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633181)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"109.205.213.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3633181/; classtype:trojan-activity;sid:84496281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633174)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.112.126.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3633174/; classtype:trojan-activity;sid:84496274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633175)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"180.49.217.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3633175/; classtype:trojan-activity;sid:84496275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633158)"; flow:established,from_client; content:"GET"; http_method; content:"/powercat.ps1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"117.72.214.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3633158/; classtype:trojan-activity;sid:84496258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633151)"; flow:established,from_client; content:"GET"; http_method; content:"/tuzo690lxztymz8w_encoded.txt"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"212.11.64.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3633151/; classtype:trojan-activity;sid:84496251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633150)"; flow:established,from_client; content:"GET"; http_method; content:"/system.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"212.11.64.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3633150/; classtype:trojan-activity;sid:84496250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633149)"; flow:established,from_client; content:"GET"; http_method; content:"/2_encoded.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"212.11.64.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3633149/; classtype:trojan-activity;sid:84496249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633148)"; flow:established,from_client; content:"GET"; http_method; content:"/system.bat"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"212.11.64.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3633148/; classtype:trojan-activity;sid:84496248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633144)"; flow:established,from_client; content:"GET"; http_method; content:"/irs_audit_requirements.bat"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"212.11.64.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3633144/; classtype:trojan-activity;sid:84496244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633145)"; flow:established,from_client; content:"GET"; http_method; content:"/system.vbs"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"212.11.64.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3633145/; classtype:trojan-activity;sid:84496245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633146)"; flow:established,from_client; content:"GET"; http_method; content:"/opymoqhl2s5q9dru_encoded.txt"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"212.11.64.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3633146/; classtype:trojan-activity;sid:84496246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633147)"; flow:established,from_client; content:"GET"; http_method; content:"/cyanidation.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"212.11.64.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3633147/; classtype:trojan-activity;sid:84496247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633123)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.127.239.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3633123/; classtype:trojan-activity;sid:84496223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633121)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.127.239.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3633121/; classtype:trojan-activity;sid:84496221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633081)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"191.241.143.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3633081/; classtype:trojan-activity;sid:84496181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633034)"; flow:established,from_client; content:"GET"; http_method; content:"/ac4601204d87420b972a82e811cfc373_bound_build.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3633034/; classtype:trojan-activity;sid:84496134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633033)"; flow:established,from_client; content:"GET"; http_method; content:"/6b7ad8800ae6412dae598c36721bbf7e_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3633033/; classtype:trojan-activity;sid:84496133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633032)"; flow:established,from_client; content:"GET"; http_method; content:"/bip.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3633032/; classtype:trojan-activity;sid:84496132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633031)"; flow:established,from_client; content:"GET"; http_method; content:"/02fc1b2d05b84ca5bf2fdfdd848dbe80_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3633031/; classtype:trojan-activity;sid:84496131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633023)"; flow:established,from_client; content:"GET"; http_method; content:"/sadd.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3633023/; classtype:trojan-activity;sid:84496123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633024)"; flow:established,from_client; content:"GET"; http_method; content:"/b14d81cea548432f94a3b88811ab9493_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3633024/; classtype:trojan-activity;sid:84496124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633025)"; flow:established,from_client; content:"GET"; http_method; content:"/dcc1897f1f3d4db59c631f87330304ce_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3633025/; classtype:trojan-activity;sid:84496125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633026)"; flow:established,from_client; content:"GET"; http_method; content:"/4a62222a041e463ba4e6ef79df8f1d55_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3633026/; classtype:trojan-activity;sid:84496126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633027)"; flow:established,from_client; content:"GET"; http_method; content:"/63c7147f4e954226ae1dfdbb35eea44d_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3633027/; classtype:trojan-activity;sid:84496127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633028)"; flow:established,from_client; content:"GET"; http_method; content:"/f442f2229aa44a31959716dc100dd99d_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3633028/; classtype:trojan-activity;sid:84496128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633029)"; flow:established,from_client; content:"GET"; http_method; content:"/21dd7038a1a34c159308849c1dea9071_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3633029/; classtype:trojan-activity;sid:84496129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633030)"; flow:established,from_client; content:"GET"; http_method; content:"/config.json"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.204.214.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3633030/; classtype:trojan-activity;sid:84496130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632935)"; flow:established,from_client; content:"GET"; http_method; content:"/pedrofachin/badboycheats-fivem-ragemp-gtav-hack-cheat-legit-mod-menu/raw/refs/heads/main/nosographic/badboycheats-fivem-ragemp-gtav-hack-cheat-legit-mod-menu.zip"; http_uri; depth:162; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3632935/; classtype:trojan-activity;sid:84496035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632934)"; flow:established,from_client; content:"GET"; http_method; content:"/evonpredictor/evon-excuter/releases/download/v1.0.1/evonexcuter.exe"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3632934/; classtype:trojan-activity;sid:84496034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632926)"; flow:established,from_client; content:"GET"; http_method; content:"/lusstepx/fivem-spoofer/raw/refs/heads/main/cfxbypass.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3632926/; classtype:trojan-activity;sid:84496026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632924)"; flow:established,from_client; content:"GET"; http_method; content:"/sacha2022ksksks/mod-gta5/raw/refs/heads/main/soulfulness/mod-gta5.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3632924/; classtype:trojan-activity;sid:84496024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632923)"; flow:established,from_client; content:"GET"; http_method; content:"/243/uccrdd/images___picture00880080770000090909078786533eeaaeaea0900.doc"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"198.23.177.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3632923/; classtype:trojan-activity;sid:84496023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632922)"; flow:established,from_client; content:"GET"; http_method; content:"/243/vncce.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"198.23.177.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3632922/; classtype:trojan-activity;sid:84496022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632903)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/bocavenue.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"versaclean.com.br"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3632903/; classtype:trojan-activity;sid:84496003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632883)"; flow:established,from_client; content:"GET"; http_method; content:"/minki166/vente-spoofer-and-cheats-base/raw/refs/heads/main/anubing/vente-spoofer-and-cheats-base.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3632883/; classtype:trojan-activity;sid:84495983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632845)"; flow:established,from_client; content:"GET"; http_method; content:"/am_def/random.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3632845/; classtype:trojan-activity;sid:84495945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632821)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.149.206.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3632821/; classtype:trojan-activity;sid:84495921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632814)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.252.95.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3632814/; classtype:trojan-activity;sid:84495914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632804)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.112.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3632804/; classtype:trojan-activity;sid:84495904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632802)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.149.206.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3632802/; classtype:trojan-activity;sid:84495902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632703)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.147.40.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_26; reference:url, urlhaus.abuse.ch/url/3632703/; classtype:trojan-activity;sid:84495803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632675)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.122.119.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_26; reference:url, urlhaus.abuse.ch/url/3632675/; classtype:trojan-activity;sid:84495775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632674)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"68.183.36.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_26; reference:url, urlhaus.abuse.ch/url/3632674/; classtype:trojan-activity;sid:84495774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632657)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.137.171.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_26; reference:url, urlhaus.abuse.ch/url/3632657/; classtype:trojan-activity;sid:84495757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632535)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.174.196.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_26; reference:url, urlhaus.abuse.ch/url/3632535/; classtype:trojan-activity;sid:84495635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632478)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7639673951/cia6qqu.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_26; reference:url, urlhaus.abuse.ch/url/3632478/; classtype:trojan-activity;sid:84495578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632441)"; flow:established,from_client; content:"GET"; http_method; content:"/abis.bin"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_26; reference:url, urlhaus.abuse.ch/url/3632441/; classtype:trojan-activity;sid:84495541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632326)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_26; reference:url, urlhaus.abuse.ch/url/3632326/; classtype:trojan-activity;sid:84495426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632322)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_26; reference:url, urlhaus.abuse.ch/url/3632322/; classtype:trojan-activity;sid:84495422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632319)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_26; reference:url, urlhaus.abuse.ch/url/3632319/; classtype:trojan-activity;sid:84495419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632320)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_26; reference:url, urlhaus.abuse.ch/url/3632320/; classtype:trojan-activity;sid:84495420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632321)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_26; reference:url, urlhaus.abuse.ch/url/3632321/; classtype:trojan-activity;sid:84495421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632317)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_26; reference:url, urlhaus.abuse.ch/url/3632317/; classtype:trojan-activity;sid:84495417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632309)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.213.174.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_26; reference:url, urlhaus.abuse.ch/url/3632309/; classtype:trojan-activity;sid:84495409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632299)"; flow:established,from_client; content:"GET"; http_method; content:"/ske1et2/telegrams-best-scrapper/raw/refs/heads/main/slouchy/telegrams-best-scrapper.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_26; reference:url, urlhaus.abuse.ch/url/3632299/; classtype:trojan-activity;sid:84495399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632295)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6357156118/v9aq0oo.msi"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_26; reference:url, urlhaus.abuse.ch/url/3632295/; classtype:trojan-activity;sid:84495395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632236)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5968325780/84hgint.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_26; reference:url, urlhaus.abuse.ch/url/3632236/; classtype:trojan-activity;sid:84495336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632233)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7453936223/qs3d6fk.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_26; reference:url, urlhaus.abuse.ch/url/3632233/; classtype:trojan-activity;sid:84495333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632195)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"187.45.95.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_26; reference:url, urlhaus.abuse.ch/url/3632195/; classtype:trojan-activity;sid:84495295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632189)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.45.95.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_26; reference:url, urlhaus.abuse.ch/url/3632189/; classtype:trojan-activity;sid:84495289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632095)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.6.185.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3632095/; classtype:trojan-activity;sid:84495195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632081)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.6.185.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3632081/; classtype:trojan-activity;sid:84495181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632065)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"zantux-plan.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3632065/; classtype:trojan-activity;sid:84495165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632066)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"157.20.32.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3632066/; classtype:trojan-activity;sid:84495166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632064)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"157.20.32.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3632064/; classtype:trojan-activity;sid:84495164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632051)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"157.20.32.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3632051/; classtype:trojan-activity;sid:84495151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632052)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"157.20.32.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3632052/; classtype:trojan-activity;sid:84495152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632053)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.i686"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"157.20.32.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3632053/; classtype:trojan-activity;sid:84495153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632054)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"zantux-plan.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3632054/; classtype:trojan-activity;sid:84495154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632055)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"zantux-plan.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3632055/; classtype:trojan-activity;sid:84495155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632056)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"157.20.32.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3632056/; classtype:trojan-activity;sid:84495156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632060)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"157.20.32.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3632060/; classtype:trojan-activity;sid:84495160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632061)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"zantux-plan.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3632061/; classtype:trojan-activity;sid:84495161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632062)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"157.20.32.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3632062/; classtype:trojan-activity;sid:84495162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632063)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"zantux-plan.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3632063/; classtype:trojan-activity;sid:84495163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632039)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"157.20.32.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3632039/; classtype:trojan-activity;sid:84495139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632042)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"157.20.32.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3632042/; classtype:trojan-activity;sid:84495142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632043)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"157.20.32.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3632043/; classtype:trojan-activity;sid:84495143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632044)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"zantux-plan.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3632044/; classtype:trojan-activity;sid:84495144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632046)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"zantux-plan.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3632046/; classtype:trojan-activity;sid:84495146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632036)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"zantux-plan.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3632036/; classtype:trojan-activity;sid:84495136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632037)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"157.20.32.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3632037/; classtype:trojan-activity;sid:84495137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632025)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"157.20.32.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3632025/; classtype:trojan-activity;sid:84495125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632027)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"157.20.32.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3632027/; classtype:trojan-activity;sid:84495127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632028)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"157.20.32.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3632028/; classtype:trojan-activity;sid:84495128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632029)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"zantux-plan.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3632029/; classtype:trojan-activity;sid:84495129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632030)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"157.20.32.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3632030/; classtype:trojan-activity;sid:84495130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632031)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"157.20.32.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3632031/; classtype:trojan-activity;sid:84495131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632032)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.x86_64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"157.20.32.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3632032/; classtype:trojan-activity;sid:84495132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632024)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"157.20.32.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3632024/; classtype:trojan-activity;sid:84495124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632017)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/muncerian.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"213.165.60.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3632017/; classtype:trojan-activity;sid:84495117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632019)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"zantux-plan.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3632019/; classtype:trojan-activity;sid:84495119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632020)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"zantux-plan.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3632020/; classtype:trojan-activity;sid:84495120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632022)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.x86_64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"zantux-plan.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3632022/; classtype:trojan-activity;sid:84495122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631994)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"157.20.32.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631994/; classtype:trojan-activity;sid:84495094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631995)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"157.20.32.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631995/; classtype:trojan-activity;sid:84495095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631997)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"157.20.32.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631997/; classtype:trojan-activity;sid:84495097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631999)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.i686"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"157.20.32.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631999/; classtype:trojan-activity;sid:84495099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632000)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.i686"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"zantux-plan.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3632000/; classtype:trojan-activity;sid:84495100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632001)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"157.20.32.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3632001/; classtype:trojan-activity;sid:84495101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632002)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"157.20.32.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3632002/; classtype:trojan-activity;sid:84495102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632003)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"157.20.32.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3632003/; classtype:trojan-activity;sid:84495103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632004)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"zantux-plan.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3632004/; classtype:trojan-activity;sid:84495104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632006)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.x86_64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"157.20.32.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3632006/; classtype:trojan-activity;sid:84495106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632007)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"157.20.32.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3632007/; classtype:trojan-activity;sid:84495107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632008)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"157.20.32.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3632008/; classtype:trojan-activity;sid:84495108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632009)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"zantux-plan.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3632009/; classtype:trojan-activity;sid:84495109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632011)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"157.20.32.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3632011/; classtype:trojan-activity;sid:84495111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632012)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"157.20.32.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3632012/; classtype:trojan-activity;sid:84495112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631976)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"107.173.2.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631976/; classtype:trojan-activity;sid:84495076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631972)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"173.44.62.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631972/; classtype:trojan-activity;sid:84495072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631969)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.72.209.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631969/; classtype:trojan-activity;sid:84495069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631959)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.81.223.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631959/; classtype:trojan-activity;sid:84495059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631856)"; flow:established,from_client; content:"GET"; http_method; content:"/d88nzn5yhehmocs.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.92.240.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631856/; classtype:trojan-activity;sid:84494956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631855)"; flow:established,from_client; content:"GET"; http_method; content:"/xpqeeqububaya8g.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.92.240.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631855/; classtype:trojan-activity;sid:84494955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631854)"; flow:established,from_client; content:"GET"; http_method; content:"/cakq8mkaahzyegl.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.92.240.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631854/; classtype:trojan-activity;sid:84494954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631849)"; flow:established,from_client; content:"GET"; http_method; content:"/ieykxpnuh9r9m17.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.92.240.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631849/; classtype:trojan-activity;sid:84494949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631832)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631832/; classtype:trojan-activity;sid:84494932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631825)"; flow:established,from_client; content:"GET"; http_method; content:"/renewable.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"86.54.24.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631825/; classtype:trojan-activity;sid:84494925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631737)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"93.152.230.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631737/; classtype:trojan-activity;sid:84494837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631724)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.230.83.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631724/; classtype:trojan-activity;sid:84494824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631699)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/images/crystal/wp.vbs"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"arhitectpitesti.ro"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631699/; classtype:trojan-activity;sid:84494799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631646)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/n0t5lax.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631646/; classtype:trojan-activity;sid:84494746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631642)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/manifestbillionswealths.txt"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"katyache.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631642/; classtype:trojan-activity;sid:84494742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631593)"; flow:established,from_client; content:"GET"; http_method; content:"/hkakkkaa/gdsssdggsg/releases/download/fsdfsd/installer.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631593/; classtype:trojan-activity;sid:84494693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631583)"; flow:established,from_client; content:"GET"; http_method; content:"/hkakkkaa/gdsssdggsg/releases/download/fsdfsd/tlp.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631583/; classtype:trojan-activity;sid:84494683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631573)"; flow:established,from_client; content:"GET"; http_method; content:"/hkakkkaa/gdsssdggsg/releases/download/fsdfsd/lol11.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631573/; classtype:trojan-activity;sid:84494673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631574)"; flow:established,from_client; content:"GET"; http_method; content:"/hkakkkaa/gdsssdggsg/releases/download/fsdfsd/1488.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631574/; classtype:trojan-activity;sid:84494674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631575)"; flow:established,from_client; content:"GET"; http_method; content:"/hkakkkaa/gdsssdggsg/releases/download/fsdfsd/1210.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631575/; classtype:trojan-activity;sid:84494675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631555)"; flow:established,from_client; content:"GET"; http_method; content:"/hkakkkaa/gdsssdggsg/releases/download/fsdfsd/lol.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631555/; classtype:trojan-activity;sid:84494655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631554)"; flow:established,from_client; content:"GET"; http_method; content:"/hkakkkaa/gdsssdggsg/releases/download/fsdfsd/bsg.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631554/; classtype:trojan-activity;sid:84494654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631545)"; flow:established,from_client; content:"GET"; http_method; content:"/down/run.bat"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.94.31.128"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631545/; classtype:trojan-activity;sid:84494645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631541)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.133.175.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631541/; classtype:trojan-activity;sid:84494641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631511)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7782139129/jeiriap.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631511/; classtype:trojan-activity;sid:84494611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631507)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.253.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631507/; classtype:trojan-activity;sid:84494607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631495)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.253.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631495/; classtype:trojan-activity;sid:84494595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631493)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.252.95.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631493/; classtype:trojan-activity;sid:84494593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631397)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.83.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3631397/; classtype:trojan-activity;sid:84494497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631358)"; flow:established,from_client; content:"GET"; http_method; content:"/mot"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.208.158.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3631358/; classtype:trojan-activity;sid:84494458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631260)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"115.190.127.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3631260/; classtype:trojan-activity;sid:84494360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631245)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.166.160.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3631245/; classtype:trojan-activity;sid:84494345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631249)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.139.110.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3631249/; classtype:trojan-activity;sid:84494349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631250)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.48.13.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3631250/; classtype:trojan-activity;sid:84494350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631233)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.95.148.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3631233/; classtype:trojan-activity;sid:84494333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631237)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"113.176.209.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3631237/; classtype:trojan-activity;sid:84494337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631210)"; flow:established,from_client; content:"GET"; http_method; content:"/img/kbnc/images____09494000000034004050066070707070.hta"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"172.245.209.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3631210/; classtype:trojan-activity;sid:84494310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631128)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"178.16.54.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3631128/; classtype:trojan-activity;sid:84494228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631109)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"boat.1339team.vc"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3631109/; classtype:trojan-activity;sid:84494209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631110)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"boat.1339team.vc"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3631110/; classtype:trojan-activity;sid:84494210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631111)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86_64"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"boat.1339team.vc"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3631111/; classtype:trojan-activity;sid:84494211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631112)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mips"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"boat.1339team.vc"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3631112/; classtype:trojan-activity;sid:84494212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631105)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mpsl"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"boat.1339team.vc"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3631105/; classtype:trojan-activity;sid:84494205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631106)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"boat.1339team.vc"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3631106/; classtype:trojan-activity;sid:84494206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631107)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm6"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"boat.1339team.vc"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3631107/; classtype:trojan-activity;sid:84494207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631108)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.m68k"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"boat.1339team.vc"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3631108/; classtype:trojan-activity;sid:84494208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631101)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"boat.1339team.vc"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3631101/; classtype:trojan-activity;sid:84494201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631102)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm5"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"boat.1339team.vc"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3631102/; classtype:trojan-activity;sid:84494202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631103)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.sh4"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"boat.1339team.vc"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3631103/; classtype:trojan-activity;sid:84494203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631098)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.ppc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"boat.1339team.vc"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3631098/; classtype:trojan-activity;sid:84494198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631099)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"boat.1339team.vc"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3631099/; classtype:trojan-activity;sid:84494199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631100)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.i686"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"boat.1339team.vc"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3631100/; classtype:trojan-activity;sid:84494200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631097)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.spc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"boat.1339team.vc"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3631097/; classtype:trojan-activity;sid:84494197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631096)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm7"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"boat.1339team.vc"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3631096/; classtype:trojan-activity;sid:84494196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631095)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.163.184.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3631095/; classtype:trojan-activity;sid:84494195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631057)"; flow:established,from_client; content:"GET"; http_method; content:"/files/sailor/random.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3631057/; classtype:trojan-activity;sid:84494157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631056)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7782139129/nnm31rq.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3631056/; classtype:trojan-activity;sid:84494156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631018)"; flow:established,from_client; content:"GET"; http_method; content:"/89f8085471984c84baafa725056af4b5_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3631018/; classtype:trojan-activity;sid:84494118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631019)"; flow:established,from_client; content:"GET"; http_method; content:"/ac69535812ba45b5a1e6e058852d125f_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3631019/; classtype:trojan-activity;sid:84494119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631012)"; flow:established,from_client; content:"GET"; http_method; content:"/bfd43a6f3a1a4b748ef2d52e64a9d734_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3631012/; classtype:trojan-activity;sid:84494112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631013)"; flow:established,from_client; content:"GET"; http_method; content:"/1553fbb2b1f945438f2744a16750122c_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3631013/; classtype:trojan-activity;sid:84494113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631014)"; flow:established,from_client; content:"GET"; http_method; content:"/455a242b9aff43e7bedf7a55309ff8d0_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3631014/; classtype:trojan-activity;sid:84494114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630986)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2024/05/sd4.ps1"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"wellbeingdr.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3630986/; classtype:trojan-activity;sid:84494086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630988)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2024/05/sd2.ps1"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"wellbeingdr.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3630988/; classtype:trojan-activity;sid:84494088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630984)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2024/05/strayedkl.ps1"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"wellbeingdr.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3630984/; classtype:trojan-activity;sid:84494084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630985)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2024/05/idiotropicek4.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"wellbeingdr.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3630985/; classtype:trojan-activity;sid:84494085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630975)"; flow:established,from_client; content:"GET"; http_method; content:"/debugview++.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"1.15.230.7"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3630975/; classtype:trojan-activity;sid:84494075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630970)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5296057416/njtiemv.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3630970/; classtype:trojan-activity;sid:84494070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630972)"; flow:established,from_client; content:"GET"; http_method; content:"/vidar/random.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3630972/; classtype:trojan-activity;sid:84494072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630967)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8292810163/hjfvgvb.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3630967/; classtype:trojan-activity;sid:84494067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630879)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.168.2.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3630879/; classtype:trojan-activity;sid:84493979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630804)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.212.63.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3630804/; classtype:trojan-activity;sid:84493904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630800)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3630800/; classtype:trojan-activity;sid:84493900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630798)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.212.63.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3630798/; classtype:trojan-activity;sid:84493898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630793)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8292810163/hjfvgvb.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3630793/; classtype:trojan-activity;sid:84493893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630791)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8070726592/a9x2how.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3630791/; classtype:trojan-activity;sid:84493891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630790)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7461826239/kffvoaa.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3630790/; classtype:trojan-activity;sid:84493890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630788)"; flow:established,from_client; content:"GET"; http_method; content:"/zrs.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.46.152.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3630788/; classtype:trojan-activity;sid:84493888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630769)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.112.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3630769/; classtype:trojan-activity;sid:84493869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630546)"; flow:established,from_client; content:"GET"; http_method; content:"/shaerrlys/fivem-spoofer/raw/refs/heads/main/cfxbypass.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630546/; classtype:trojan-activity;sid:84493646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630505)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"170.106.110.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630505/; classtype:trojan-activity;sid:84493605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630507)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.84.55.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630507/; classtype:trojan-activity;sid:84493607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630503)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"122.51.46.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630503/; classtype:trojan-activity;sid:84493603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630504)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.156.101.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630504/; classtype:trojan-activity;sid:84493604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630498)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.134.212.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630498/; classtype:trojan-activity;sid:84493598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630479)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.49.65.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630479/; classtype:trojan-activity;sid:84493579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630427)"; flow:established,from_client; content:"GET"; http_method; content:"/files/rdx/random.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"94.154.35.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630427/; classtype:trojan-activity;sid:84493527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630421)"; flow:established,from_client; content:"GET"; http_method; content:"/vidar/random.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"94.154.35.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630421/; classtype:trojan-activity;sid:84493521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630420)"; flow:established,from_client; content:"GET"; http_method; content:"/files/fate/random.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"94.154.35.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630420/; classtype:trojan-activity;sid:84493520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630414)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.128.178.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630414/; classtype:trojan-activity;sid:84493514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630398)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630398/; classtype:trojan-activity;sid:84493498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630396)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630396/; classtype:trojan-activity;sid:84493496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630393)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.200.87.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630393/; classtype:trojan-activity;sid:84493493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630384)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.150.91.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630384/; classtype:trojan-activity;sid:84493484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630368)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.204.214.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630368/; classtype:trojan-activity;sid:84493468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630367)"; flow:established,from_client; content:"GET"; http_method; content:"/2.bat"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.204.214.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630367/; classtype:trojan-activity;sid:84493467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630366)"; flow:established,from_client; content:"GET"; http_method; content:"/server.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.204.214.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630366/; classtype:trojan-activity;sid:84493466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630339)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.230.83.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630339/; classtype:trojan-activity;sid:84493439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630333)"; flow:established,from_client; content:"GET"; http_method; content:"/1.apk"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"94.124.179.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630333/; classtype:trojan-activity;sid:84493433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630334)"; flow:established,from_client; content:"GET"; http_method; content:"/2.apk"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"94.124.179.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630334/; classtype:trojan-activity;sid:84493434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630311)"; flow:established,from_client; content:"GET"; http_method; content:"/gamebeta.dll"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"119.29.162.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630311/; classtype:trojan-activity;sid:84493411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630309)"; flow:established,from_client; content:"GET"; http_method; content:"/dbghelp.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"119.29.162.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630309/; classtype:trojan-activity;sid:84493409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630307)"; flow:established,from_client; content:"GET"; http_method; content:"/%e6%96%b0%e5%bb%ba%e6%96%87%e4%bb%b6%e5%a4%b9/buding501/dbghelp.dll"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"103.40.13.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630307/; classtype:trojan-activity;sid:84493407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630263)"; flow:established,from_client; content:"GET"; http_method; content:"/buding/139assicc.dll"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.205.253.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630263/; classtype:trojan-activity;sid:84493363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630235)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.sh4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"uraniumc2.ddns.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630235/; classtype:trojan-activity;sid:84493335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630236)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"uraniumc2.ddns.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630236/; classtype:trojan-activity;sid:84493336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630232)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"uraniumc2.ddns.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630232/; classtype:trojan-activity;sid:84493332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630233)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"uraniumc2.ddns.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630233/; classtype:trojan-activity;sid:84493333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630234)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"uraniumc2.ddns.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630234/; classtype:trojan-activity;sid:84493334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630230)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"uraniumc2.ddns.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630230/; classtype:trojan-activity;sid:84493330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630231)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/debug"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"uraniumc2.ddns.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630231/; classtype:trojan-activity;sid:84493331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630227)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"uraniumc2.ddns.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630227/; classtype:trojan-activity;sid:84493327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630228)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"uraniumc2.ddns.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630228/; classtype:trojan-activity;sid:84493328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630223)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"uraniumc2.ddns.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630223/; classtype:trojan-activity;sid:84493323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630224)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"uraniumc2.ddns.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630224/; classtype:trojan-activity;sid:84493324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630226)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i686"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"uraniumc2.ddns.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630226/; classtype:trojan-activity;sid:84493326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630114)"; flow:established,from_client; content:"GET"; http_method; content:"/tplink.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630114/; classtype:trojan-activity;sid:84493214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629997)"; flow:established,from_client; content:"GET"; http_method; content:"/ff"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.16.54.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629997/; classtype:trojan-activity;sid:84493097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629863)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629863/; classtype:trojan-activity;sid:84492963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629864)"; flow:established,from_client; content:"GET"; http_method; content:"/asd"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629864/; classtype:trojan-activity;sid:84492964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629842)"; flow:established,from_client; content:"GET"; http_method; content:"/weed"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629842/; classtype:trojan-activity;sid:84492942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629843)"; flow:established,from_client; content:"GET"; http_method; content:"/li"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629843/; classtype:trojan-activity;sid:84492943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629844)"; flow:established,from_client; content:"GET"; http_method; content:"/irz"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629844/; classtype:trojan-activity;sid:84492944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629845)"; flow:established,from_client; content:"GET"; http_method; content:"/test.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629845/; classtype:trojan-activity;sid:84492945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629846)"; flow:established,from_client; content:"GET"; http_method; content:"/fb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629846/; classtype:trojan-activity;sid:84492946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629847)"; flow:established,from_client; content:"GET"; http_method; content:"/xaxa"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629847/; classtype:trojan-activity;sid:84492947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629848)"; flow:established,from_client; content:"GET"; http_method; content:"/bx"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629848/; classtype:trojan-activity;sid:84492948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629849)"; flow:established,from_client; content:"GET"; http_method; content:"/dvr"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629849/; classtype:trojan-activity;sid:84492949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629850)"; flow:established,from_client; content:"GET"; http_method; content:"/linksys"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629850/; classtype:trojan-activity;sid:84492950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629851)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629851/; classtype:trojan-activity;sid:84492951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629852)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629852/; classtype:trojan-activity;sid:84492952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629853)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629853/; classtype:trojan-activity;sid:84492953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629854)"; flow:established,from_client; content:"GET"; http_method; content:"/adb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629854/; classtype:trojan-activity;sid:84492954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629855)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629855/; classtype:trojan-activity;sid:84492955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629856)"; flow:established,from_client; content:"GET"; http_method; content:"/f5"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629856/; classtype:trojan-activity;sid:84492956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629857)"; flow:established,from_client; content:"GET"; http_method; content:"/create.py"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629857/; classtype:trojan-activity;sid:84492957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629858)"; flow:established,from_client; content:"GET"; http_method; content:"/toto"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629858/; classtype:trojan-activity;sid:84492958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629859)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629859/; classtype:trojan-activity;sid:84492959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629860)"; flow:established,from_client; content:"GET"; http_method; content:"/cn"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629860/; classtype:trojan-activity;sid:84492960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629861)"; flow:established,from_client; content:"GET"; http_method; content:"/fdgsfg"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629861/; classtype:trojan-activity;sid:84492961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629862)"; flow:established,from_client; content:"GET"; http_method; content:"/zz"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629862/; classtype:trojan-activity;sid:84492962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629837)"; flow:established,from_client; content:"GET"; http_method; content:"/z.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629837/; classtype:trojan-activity;sid:84492937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629838)"; flow:established,from_client; content:"GET"; http_method; content:"/multi"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629838/; classtype:trojan-activity;sid:84492938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629839)"; flow:established,from_client; content:"GET"; http_method; content:"/sdt"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629839/; classtype:trojan-activity;sid:84492939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629840)"; flow:established,from_client; content:"GET"; http_method; content:"/ipc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629840/; classtype:trojan-activity;sid:84492940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629841)"; flow:established,from_client; content:"GET"; http_method; content:"/k.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629841/; classtype:trojan-activity;sid:84492941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629833)"; flow:established,from_client; content:"GET"; http_method; content:"/mag"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629833/; classtype:trojan-activity;sid:84492933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629834)"; flow:established,from_client; content:"GET"; http_method; content:"/ruck"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629834/; classtype:trojan-activity;sid:84492934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629835)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629835/; classtype:trojan-activity;sid:84492935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629836)"; flow:established,from_client; content:"GET"; http_method; content:"/gp"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629836/; classtype:trojan-activity;sid:84492936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629832)"; flow:established,from_client; content:"GET"; http_method; content:"/gocl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629832/; classtype:trojan-activity;sid:84492932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629831)"; flow:established,from_client; content:"GET"; http_method; content:"/g"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629831/; classtype:trojan-activity;sid:84492931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629829)"; flow:established,from_client; content:"GET"; http_method; content:"/rtz"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629829/; classtype:trojan-activity;sid:84492929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629830)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629830/; classtype:trojan-activity;sid:84492930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629790)"; flow:established,from_client; content:"GET"; http_method; content:"/shit"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"109.205.213.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629790/; classtype:trojan-activity;sid:84492890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629791)"; flow:established,from_client; content:"GET"; http_method; content:"/lte"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"109.205.213.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629791/; classtype:trojan-activity;sid:84492891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629695)"; flow:established,from_client; content:"GET"; http_method; content:"/vidar/random.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629695/; classtype:trojan-activity;sid:84492795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629698)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5917492177/epc3vmt.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629698/; classtype:trojan-activity;sid:84492798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629607)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.93.44.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629607/; classtype:trojan-activity;sid:84492707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629603)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.93.44.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629603/; classtype:trojan-activity;sid:84492703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629388)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.128.178.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_22; reference:url, urlhaus.abuse.ch/url/3629388/; classtype:trojan-activity;sid:84492488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629281)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_22; reference:url, urlhaus.abuse.ch/url/3629281/; classtype:trojan-activity;sid:84492381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629197)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.spc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"103.118.28.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_22; reference:url, urlhaus.abuse.ch/url/3629197/; classtype:trojan-activity;sid:84492297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629170)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86_64"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.118.28.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_22; reference:url, urlhaus.abuse.ch/url/3629170/; classtype:trojan-activity;sid:84492270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629169)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mpsl"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.118.28.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_22; reference:url, urlhaus.abuse.ch/url/3629169/; classtype:trojan-activity;sid:84492269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629163)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm6"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.118.28.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_22; reference:url, urlhaus.abuse.ch/url/3629163/; classtype:trojan-activity;sid:84492263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629164)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mips"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.118.28.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_22; reference:url, urlhaus.abuse.ch/url/3629164/; classtype:trojan-activity;sid:84492264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629165)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"103.118.28.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_22; reference:url, urlhaus.abuse.ch/url/3629165/; classtype:trojan-activity;sid:84492265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629166)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm5"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.118.28.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_22; reference:url, urlhaus.abuse.ch/url/3629166/; classtype:trojan-activity;sid:84492266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629167)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.sh4"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"103.118.28.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_22; reference:url, urlhaus.abuse.ch/url/3629167/; classtype:trojan-activity;sid:84492267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629168)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"103.118.28.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_22; reference:url, urlhaus.abuse.ch/url/3629168/; classtype:trojan-activity;sid:84492268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629156)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"103.118.28.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_22; reference:url, urlhaus.abuse.ch/url/3629156/; classtype:trojan-activity;sid:84492256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629157)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm7"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.118.28.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_22; reference:url, urlhaus.abuse.ch/url/3629157/; classtype:trojan-activity;sid:84492257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629159)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.ppc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"103.118.28.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_22; reference:url, urlhaus.abuse.ch/url/3629159/; classtype:trojan-activity;sid:84492259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629160)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.m68k"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.118.28.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_22; reference:url, urlhaus.abuse.ch/url/3629160/; classtype:trojan-activity;sid:84492260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629161)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.i686"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.118.28.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_22; reference:url, urlhaus.abuse.ch/url/3629161/; classtype:trojan-activity;sid:84492261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629116)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_22; reference:url, urlhaus.abuse.ch/url/3629116/; classtype:trojan-activity;sid:84492216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629109)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.163.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_22; reference:url, urlhaus.abuse.ch/url/3629109/; classtype:trojan-activity;sid:84492209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3628626)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/test.jpg|3f|12711313"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"62.60.226.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_21; reference:url, urlhaus.abuse.ch/url/3628626/; classtype:trojan-activity;sid:84491726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3628622)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/wjxpugv.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_21; reference:url, urlhaus.abuse.ch/url/3628622/; classtype:trojan-activity;sid:84491722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3628619)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"120.48.50.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_21; reference:url, urlhaus.abuse.ch/url/3628619/; classtype:trojan-activity;sid:84491719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3628584)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.164.117.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_21; reference:url, urlhaus.abuse.ch/url/3628584/; classtype:trojan-activity;sid:84491684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3628538)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.68.110.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_21; reference:url, urlhaus.abuse.ch/url/3628538/; classtype:trojan-activity;sid:84491638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3628539)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.68.110.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_21; reference:url, urlhaus.abuse.ch/url/3628539/; classtype:trojan-activity;sid:84491639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3628503)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"191.241.143.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_21; reference:url, urlhaus.abuse.ch/url/3628503/; classtype:trojan-activity;sid:84491603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3628359)"; flow:established,from_client; content:"GET"; http_method; content:"/verifi.txt"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"85.208.84.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_21; reference:url, urlhaus.abuse.ch/url/3628359/; classtype:trojan-activity;sid:84491459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3628266)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.127.239.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_21; reference:url, urlhaus.abuse.ch/url/3628266/; classtype:trojan-activity;sid:84491366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3628259)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.127.239.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_21; reference:url, urlhaus.abuse.ch/url/3628259/; classtype:trojan-activity;sid:84491359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3628235)"; flow:established,from_client; content:"GET"; http_method; content:"/files/hello/random.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_21; reference:url, urlhaus.abuse.ch/url/3628235/; classtype:trojan-activity;sid:84491335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3628233)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7639673951/lwwiinc.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_21; reference:url, urlhaus.abuse.ch/url/3628233/; classtype:trojan-activity;sid:84491333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3628228)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.143.174.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_21; reference:url, urlhaus.abuse.ch/url/3628228/; classtype:trojan-activity;sid:84491328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3628221)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.143.174.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_21; reference:url, urlhaus.abuse.ch/url/3628221/; classtype:trojan-activity;sid:84491321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627972)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm6"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"158.94.209.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627972/; classtype:trojan-activity;sid:84491072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627941)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"116.110.178.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627941/; classtype:trojan-activity;sid:84491041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627935)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"36.154.188.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627935/; classtype:trojan-activity;sid:84491035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627934)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.121.198.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627934/; classtype:trojan-activity;sid:84491034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627876)"; flow:established,from_client; content:"GET"; http_method; content:"/build.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"158.94.208.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627876/; classtype:trojan-activity;sid:84490976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627865)"; flow:established,from_client; content:"GET"; http_method; content:"/artifact.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"113.45.225.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627865/; classtype:trojan-activity;sid:84490965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627848)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627848/; classtype:trojan-activity;sid:84490948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627849)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627849/; classtype:trojan-activity;sid:84490949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627850)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627850/; classtype:trojan-activity;sid:84490950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627851)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627851/; classtype:trojan-activity;sid:84490951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627852)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627852/; classtype:trojan-activity;sid:84490952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627853)"; flow:established,from_client; content:"GET"; http_method; content:"/update.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"158.94.208.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627853/; classtype:trojan-activity;sid:84490953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627854)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627854/; classtype:trojan-activity;sid:84490954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627855)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627855/; classtype:trojan-activity;sid:84490955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627856)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627856/; classtype:trojan-activity;sid:84490956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627844)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627844/; classtype:trojan-activity;sid:84490944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627845)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627845/; classtype:trojan-activity;sid:84490945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627846)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627846/; classtype:trojan-activity;sid:84490946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627847)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627847/; classtype:trojan-activity;sid:84490947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627814)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.ppc"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"158.94.209.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627814/; classtype:trojan-activity;sid:84490914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627797)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"158.94.209.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627797/; classtype:trojan-activity;sid:84490897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627789)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.i686"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"158.94.209.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627789/; classtype:trojan-activity;sid:84490889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627790)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.sh4"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"158.94.209.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627790/; classtype:trojan-activity;sid:84490890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627791)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.mips"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"158.94.209.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627791/; classtype:trojan-activity;sid:84490891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627793)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.x86"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"158.94.209.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627793/; classtype:trojan-activity;sid:84490893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627794)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.spc"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"158.94.209.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627794/; classtype:trojan-activity;sid:84490894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627796)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm7"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"158.94.209.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627796/; classtype:trojan-activity;sid:84490896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627772)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm5"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"158.94.209.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627772/; classtype:trojan-activity;sid:84490872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627773)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arc"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"158.94.209.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627773/; classtype:trojan-activity;sid:84490873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627771)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.mpsl"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"158.94.209.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627771/; classtype:trojan-activity;sid:84490871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627766)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.m68k"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"158.94.209.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627766/; classtype:trojan-activity;sid:84490866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627762)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"162.221.222.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627762/; classtype:trojan-activity;sid:84490862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627744)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.83.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627744/; classtype:trojan-activity;sid:84490844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627746)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627746/; classtype:trojan-activity;sid:84490846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627697)"; flow:established,from_client; content:"GET"; http_method; content:"/rad/random.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627697/; classtype:trojan-activity;sid:84490797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627674)"; flow:established,from_client; content:"GET"; http_method; content:"/krsu1apiygkyet9.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.92.240.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627674/; classtype:trojan-activity;sid:84490774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627675)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/solick.sh"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.92.240.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627675/; classtype:trojan-activity;sid:84490775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627676)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/solick.sh"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"pensive-brown.91-92-240-220.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627676/; classtype:trojan-activity;sid:84490776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627677)"; flow:established,from_client; content:"GET"; http_method; content:"/download.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627677/; classtype:trojan-activity;sid:84490777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627678)"; flow:established,from_client; content:"GET"; http_method; content:"/nlxhm2qlwg0rmot.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.92.240.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627678/; classtype:trojan-activity;sid:84490778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627673)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"158.94.209.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627673/; classtype:trojan-activity;sid:84490773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627672)"; flow:established,from_client; content:"GET"; http_method; content:"//update.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"158.94.208.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627672/; classtype:trojan-activity;sid:84490772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627556)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.46.152.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627556/; classtype:trojan-activity;sid:84490656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627497)"; flow:established,from_client; content:"GET"; http_method; content:"/release/hanoi.x86"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.201.0.239"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627497/; classtype:trojan-activity;sid:84490597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627484)"; flow:established,from_client; content:"GET"; http_method; content:"/vioc.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"158.94.208.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627484/; classtype:trojan-activity;sid:84490584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627485)"; flow:established,from_client; content:"GET"; http_method; content:"/fiovj.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"158.94.208.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627485/; classtype:trojan-activity;sid:84490585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627483)"; flow:established,from_client; content:"GET"; http_method; content:"/c.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"158.94.208.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627483/; classtype:trojan-activity;sid:84490583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627482)"; flow:established,from_client; content:"GET"; http_method; content:"/zuico.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"158.94.208.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627482/; classtype:trojan-activity;sid:84490582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627481)"; flow:established,from_client; content:"GET"; http_method; content:"/files/hello/stub.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627481/; classtype:trojan-activity;sid:84490581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627322)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.200.87.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627322/; classtype:trojan-activity;sid:84490422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627284)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.244.36.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627284/; classtype:trojan-activity;sid:84490384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627279)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"176.46.152.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627279/; classtype:trojan-activity;sid:84490379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627273)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm5"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"176.46.152.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627273/; classtype:trojan-activity;sid:84490373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627239)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"176.46.152.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627239/; classtype:trojan-activity;sid:84490339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627240)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm6"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"176.46.152.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627240/; classtype:trojan-activity;sid:84490340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627241)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mips"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"176.46.152.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627241/; classtype:trojan-activity;sid:84490341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627242)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.i686"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"176.46.152.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627242/; classtype:trojan-activity;sid:84490342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627243)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mpsl"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"176.46.152.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627243/; classtype:trojan-activity;sid:84490343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627244)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"176.46.152.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627244/; classtype:trojan-activity;sid:84490344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627245)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.sh4"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"176.46.152.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627245/; classtype:trojan-activity;sid:84490345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627246)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.ppc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"176.46.152.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627246/; classtype:trojan-activity;sid:84490346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627250)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.m68k"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"176.46.152.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627250/; classtype:trojan-activity;sid:84490350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627253)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86_64"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"176.46.152.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627253/; classtype:trojan-activity;sid:84490353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627254)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.spc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"176.46.152.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627254/; classtype:trojan-activity;sid:84490354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627257)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm7"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"176.46.152.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627257/; classtype:trojan-activity;sid:84490357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627266)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.46.152.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627266/; classtype:trojan-activity;sid:84490366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627228)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/audit_requirements.pdf.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"213.165.60.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627228/; classtype:trojan-activity;sid:84490328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627224)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/audit_info.pdf.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"213.165.60.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627224/; classtype:trojan-activity;sid:84490324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627225)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/00.pdf.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"213.165.60.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627225/; classtype:trojan-activity;sid:84490325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627226)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/test01.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"193.233.84.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627226/; classtype:trojan-activity;sid:84490326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627227)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/irs_audit.pdf.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"213.165.60.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627227/; classtype:trojan-activity;sid:84490327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627223)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.223.47.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627223/; classtype:trojan-activity;sid:84490323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627217)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.109.145.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627217/; classtype:trojan-activity;sid:84490317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627213)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.139.110.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627213/; classtype:trojan-activity;sid:84490313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627210)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"36.154.188.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627210/; classtype:trojan-activity;sid:84490310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627206)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.203.86.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627206/; classtype:trojan-activity;sid:84490306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627187)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.244.36.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627187/; classtype:trojan-activity;sid:84490287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627167)"; flow:established,from_client; content:"GET"; http_method; content:"/%e6%98%9f%e7%a9%ba%e9%ad%94%e5%9f%9f.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"120.24.60.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627167/; classtype:trojan-activity;sid:84490267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627140)"; flow:established,from_client; content:"GET"; http_method; content:"/shi"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"109.205.213.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627140/; classtype:trojan-activity;sid:84490240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627141)"; flow:established,from_client; content:"GET"; http_method; content:"/l"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.205.213.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627141/; classtype:trojan-activity;sid:84490241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627133)"; flow:established,from_client; content:"GET"; http_method; content:"/privatecardserver/privateserver.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.189.4.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627133/; classtype:trojan-activity;sid:84490233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627132)"; flow:established,from_client; content:"GET"; http_method; content:"/commongatewayserverultimate(3).exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"202.189.4.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627132/; classtype:trojan-activity;sid:84490232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627131)"; flow:established,from_client; content:"GET"; http_method; content:"/cgs_updater.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"202.189.4.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627131/; classtype:trojan-activity;sid:84490231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627117)"; flow:established,from_client; content:"GET"; http_method; content:"/f"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.16.54.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627117/; classtype:trojan-activity;sid:84490217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627116)"; flow:established,from_client; content:"GET"; http_method; content:"/dvr"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"178.16.54.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627116/; classtype:trojan-activity;sid:84490216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627115)"; flow:established,from_client; content:"GET"; http_method; content:"/cn"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.16.54.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627115/; classtype:trojan-activity;sid:84490215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627114)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.16.54.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627114/; classtype:trojan-activity;sid:84490214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627109)"; flow:established,from_client; content:"GET"; http_method; content:"/o.xml"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"89.144.20.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627109/; classtype:trojan-activity;sid:84490209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627106)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.sh4"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"89.144.20.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627106/; classtype:trojan-activity;sid:84490206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627107)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm7"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"89.144.20.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627107/; classtype:trojan-activity;sid:84490207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627103)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"89.144.20.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627103/; classtype:trojan-activity;sid:84490203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627104)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.ppc"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"89.144.20.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627104/; classtype:trojan-activity;sid:84490204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627105)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm5"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"89.144.20.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627105/; classtype:trojan-activity;sid:84490205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627097)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.m68k"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"89.144.20.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627097/; classtype:trojan-activity;sid:84490197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627100)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.spc"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"89.144.20.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627100/; classtype:trojan-activity;sid:84490200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627101)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.mips"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"89.144.20.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627101/; classtype:trojan-activity;sid:84490201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627102)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.mpsl"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"89.144.20.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627102/; classtype:trojan-activity;sid:84490202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626999)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"89.144.20.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3626999/; classtype:trojan-activity;sid:84490099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627000)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.144.20.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627000/; classtype:trojan-activity;sid:84490100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627001)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.144.20.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627001/; classtype:trojan-activity;sid:84490101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627002)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"89.144.20.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627002/; classtype:trojan-activity;sid:84490102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627003)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"89.144.20.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627003/; classtype:trojan-activity;sid:84490103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627004)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.144.20.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627004/; classtype:trojan-activity;sid:84490104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627005)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.144.20.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627005/; classtype:trojan-activity;sid:84490105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627006)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"89.144.20.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627006/; classtype:trojan-activity;sid:84490106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627007)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.144.20.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627007/; classtype:trojan-activity;sid:84490107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626997)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"89.144.20.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3626997/; classtype:trojan-activity;sid:84490097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626998)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.144.20.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3626998/; classtype:trojan-activity;sid:84490098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626893)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3626893/; classtype:trojan-activity;sid:84489993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626887)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3626887/; classtype:trojan-activity;sid:84489987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626883)"; flow:established,from_client; content:"GET"; http_method; content:"/jammx4im1btscsq.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.92.240.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3626883/; classtype:trojan-activity;sid:84489983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626814)"; flow:established,from_client; content:"GET"; http_method; content:"/lumma.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"158.94.208.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3626814/; classtype:trojan-activity;sid:84489914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626813)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"158.94.208.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3626813/; classtype:trojan-activity;sid:84489913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626811)"; flow:established,from_client; content:"GET"; http_method; content:"/zx.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"158.94.208.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3626811/; classtype:trojan-activity;sid:84489911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626810)"; flow:established,from_client; content:"GET"; http_method; content:"/rhadamanthys.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"158.94.208.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3626810/; classtype:trojan-activity;sid:84489910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626806)"; flow:established,from_client; content:"GET"; http_method; content:"/p.txt"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"23.160.56.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3626806/; classtype:trojan-activity;sid:84489906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626740)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3626740/; classtype:trojan-activity;sid:84489840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626732)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3626732/; classtype:trojan-activity;sid:84489832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626679)"; flow:established,from_client; content:"GET"; http_method; content:"/payload"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"23.132.28.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626679/; classtype:trojan-activity;sid:84489779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626621)"; flow:established,from_client; content:"GET"; http_method; content:"/%d0%9f%d0%b8%d0%bb%d0%be%d1%82/video.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"188.122.242.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626621/; classtype:trojan-activity;sid:84489721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626613)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"23.132.28.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626613/; classtype:trojan-activity;sid:84489713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626599)"; flow:established,from_client; content:"GET"; http_method; content:"/%d0%9f%d0%b8%d0%bb%d0%be%d1%82/photo.scr"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"188.122.242.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626599/; classtype:trojan-activity;sid:84489699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626601)"; flow:established,from_client; content:"GET"; http_method; content:"/%d0%9f%d0%b8%d0%bb%d0%be%d1%82/av.scr"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"188.122.242.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626601/; classtype:trojan-activity;sid:84489701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626598)"; flow:established,from_client; content:"GET"; http_method; content:"/%d0%9f%d0%b8%d0%bb%d0%be%d1%82/video.scr"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"188.122.242.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626598/; classtype:trojan-activity;sid:84489698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626596)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"113.57.8.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626596/; classtype:trojan-activity;sid:84489696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626592)"; flow:established,from_client; content:"GET"; http_method; content:"/%d0%9f%d0%b8%d0%bb%d0%be%d1%82/av.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"188.122.242.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626592/; classtype:trojan-activity;sid:84489692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626593)"; flow:established,from_client; content:"GET"; http_method; content:"/%d0%9f%d0%b8%d0%bb%d0%be%d1%82/photo.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"188.122.242.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626593/; classtype:trojan-activity;sid:84489693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626595)"; flow:established,from_client; content:"GET"; http_method; content:"/drilldata/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"113.57.8.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626595/; classtype:trojan-activity;sid:84489695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626378)"; flow:established,from_client; content:"GET"; http_method; content:"/nu"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.205.213.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626378/; classtype:trojan-activity;sid:84489478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626381)"; flow:established,from_client; content:"GET"; http_method; content:"/dvr"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"109.205.213.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626381/; classtype:trojan-activity;sid:84489481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626382)"; flow:established,from_client; content:"GET"; http_method; content:"/wifi"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"109.205.213.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626382/; classtype:trojan-activity;sid:84489482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626383)"; flow:established,from_client; content:"GET"; http_method; content:"/cms"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"109.205.213.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626383/; classtype:trojan-activity;sid:84489483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626332)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.72.222.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626332/; classtype:trojan-activity;sid:84489432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626324)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.139.146.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626324/; classtype:trojan-activity;sid:84489424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626312)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"42.51.34.56"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626312/; classtype:trojan-activity;sid:84489412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626314)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.13.137.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626314/; classtype:trojan-activity;sid:84489414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626320)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.138.139.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626320/; classtype:trojan-activity;sid:84489420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626310)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/aaa.lnk"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"193.233.84.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626310/; classtype:trojan-activity;sid:84489410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626300)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.115.254.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626300/; classtype:trojan-activity;sid:84489400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626301)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.70.152.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626301/; classtype:trojan-activity;sid:84489401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626302)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"24.160.145.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626302/; classtype:trojan-activity;sid:84489402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626308)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"189.106.98.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626308/; classtype:trojan-activity;sid:84489408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626279)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.19.39.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626279/; classtype:trojan-activity;sid:84489379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626268)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.151.49.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626268/; classtype:trojan-activity;sid:84489368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626275)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"74.62.255.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626275/; classtype:trojan-activity;sid:84489375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626264)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.151.49.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626264/; classtype:trojan-activity;sid:84489364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626262)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.243.186.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626262/; classtype:trojan-activity;sid:84489362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626263)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.31.30.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626263/; classtype:trojan-activity;sid:84489363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626251)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.151.49.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626251/; classtype:trojan-activity;sid:84489351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626246)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.40.121.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626246/; classtype:trojan-activity;sid:84489346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626248)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.125.49.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626248/; classtype:trojan-activity;sid:84489348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626249)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.31.30.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626249/; classtype:trojan-activity;sid:84489349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626250)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.132.118.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626250/; classtype:trojan-activity;sid:84489350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626245)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.151.49.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626245/; classtype:trojan-activity;sid:84489345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626166)"; flow:established,from_client; content:"GET"; http_method; content:"/tillids.msi"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"machprint.ro"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626166/; classtype:trojan-activity;sid:84489266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626165)"; flow:established,from_client; content:"GET"; http_method; content:"/ozmqnsvdpyerwfu52.bin"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"machprint.ro"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626165/; classtype:trojan-activity;sid:84489265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626164)"; flow:established,from_client; content:"GET"; http_method; content:"/sukkulente.prx"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"machprint.ro"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626164/; classtype:trojan-activity;sid:84489264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626148)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"171.22.16.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626148/; classtype:trojan-activity;sid:84489248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626102)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626102/; classtype:trojan-activity;sid:84489202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626101)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626101/; classtype:trojan-activity;sid:84489201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626099)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626099/; classtype:trojan-activity;sid:84489199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626100)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626100/; classtype:trojan-activity;sid:84489200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626095)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626095/; classtype:trojan-activity;sid:84489195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626096)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626096/; classtype:trojan-activity;sid:84489196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626097)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626097/; classtype:trojan-activity;sid:84489197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626039)"; flow:established,from_client; content:"GET"; http_method; content:"/vq7qnspptll2njm.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.92.240.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626039/; classtype:trojan-activity;sid:84489139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626036)"; flow:established,from_client; content:"GET"; http_method; content:"/carrierpacket/fullcarrierpacket.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"loadstopdocs.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626036/; classtype:trojan-activity;sid:84489136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626012)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"150.255.248.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626012/; classtype:trojan-activity;sid:84489112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625979)"; flow:established,from_client; content:"GET"; http_method; content:"/586"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"205.185.121.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3625979/; classtype:trojan-activity;sid:84489079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625980)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"205.185.121.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3625980/; classtype:trojan-activity;sid:84489080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625981)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"205.185.121.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3625981/; classtype:trojan-activity;sid:84489081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625982)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"205.185.121.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3625982/; classtype:trojan-activity;sid:84489082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625984)"; flow:established,from_client; content:"GET"; http_method; content:"/arm61"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"205.185.121.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3625984/; classtype:trojan-activity;sid:84489084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625985)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"205.185.121.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3625985/; classtype:trojan-activity;sid:84489085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625986)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"205.185.121.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3625986/; classtype:trojan-activity;sid:84489086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625987)"; flow:established,from_client; content:"GET"; http_method; content:"/dss"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"205.185.121.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3625987/; classtype:trojan-activity;sid:84489087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625988)"; flow:established,from_client; content:"GET"; http_method; content:"/co"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"205.185.121.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3625988/; classtype:trojan-activity;sid:84489088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625989)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"205.185.121.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3625989/; classtype:trojan-activity;sid:84489089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625967)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"150.255.248.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3625967/; classtype:trojan-activity;sid:84489067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625963)"; flow:established,from_client; content:"GET"; http_method; content:"/sex.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"205.185.121.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3625963/; classtype:trojan-activity;sid:84489063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625949)"; flow:established,from_client; content:"GET"; http_method; content:"/z.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"158.94.208.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3625949/; classtype:trojan-activity;sid:84489049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625911)"; flow:established,from_client; content:"GET"; http_method; content:"/493d0dfa7e0a46fe89bdfab48f9ce98f_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3625911/; classtype:trojan-activity;sid:84489011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625836)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.34.144.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625836/; classtype:trojan-activity;sid:84488936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625830)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.34.144.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625830/; classtype:trojan-activity;sid:84488930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625809)"; flow:established,from_client; content:"GET"; http_method; content:"/miport.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625809/; classtype:trojan-activity;sid:84488909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625752)"; flow:established,from_client; content:"GET"; http_method; content:"/vi1433.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.61.149.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625752/; classtype:trojan-activity;sid:84488852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625750)"; flow:established,from_client; content:"GET"; http_method; content:"/tmp53.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.61.149.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625750/; classtype:trojan-activity;sid:84488850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625751)"; flow:established,from_client; content:"GET"; http_method; content:"/vs8080.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.61.149.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625751/; classtype:trojan-activity;sid:84488851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625749)"; flow:established,from_client; content:"GET"; http_method; content:"/8.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.61.149.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625749/; classtype:trojan-activity;sid:84488849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625748)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.61.149.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625748/; classtype:trojan-activity;sid:84488848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625744)"; flow:established,from_client; content:"GET"; http_method; content:"/game.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"110.42.139.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625744/; classtype:trojan-activity;sid:84488844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625731)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.118.28.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625731/; classtype:trojan-activity;sid:84488831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625674)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.127.154.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625674/; classtype:trojan-activity;sid:84488774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625643)"; flow:established,from_client; content:"GET"; http_method; content:"/lol.arc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625643/; classtype:trojan-activity;sid:84488743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625642)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.aarch64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625642/; classtype:trojan-activity;sid:84488742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625639)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mynode.mips_32"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"suspicious-northcutt.91-92-240-220.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625639/; classtype:trojan-activity;sid:84488739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625633)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.70.15.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625633/; classtype:trojan-activity;sid:84488733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625631)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mynode.x86_32"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"suspicious-northcutt.91-92-240-220.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625631/; classtype:trojan-activity;sid:84488731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625629)"; flow:established,from_client; content:"GET"; http_method; content:"/agent_linux_x64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"39.100.71.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625629/; classtype:trojan-activity;sid:84488729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625630)"; flow:established,from_client; content:"GET"; http_method; content:"/1sc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"39.100.71.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625630/; classtype:trojan-activity;sid:84488730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625627)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mynode.x86_32"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"inspiring-jepsen.91-92-240-220.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625627/; classtype:trojan-activity;sid:84488727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625604)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mynode.armv4_32"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"pensive-brown.91-92-240-220.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625604/; classtype:trojan-activity;sid:84488704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625605)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mynode.ppc_32"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"pensive-brown.91-92-240-220.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625605/; classtype:trojan-activity;sid:84488705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625606)"; flow:established,from_client; content:"GET"; http_method; content:"/mynode.mips_32"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"pensive-brown.91-92-240-220.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625606/; classtype:trojan-activity;sid:84488706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625607)"; flow:established,from_client; content:"GET"; http_method; content:"/mynode.mips_32"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"inspiring-jepsen.91-92-240-220.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625607/; classtype:trojan-activity;sid:84488707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625608)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mynode.arm5_32"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"suspicious-northcutt.91-92-240-220.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625608/; classtype:trojan-activity;sid:84488708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625609)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mynode.arm5_32"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"pensive-brown.91-92-240-220.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625609/; classtype:trojan-activity;sid:84488709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625610)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mynode.sh4"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"pensive-brown.91-92-240-220.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625610/; classtype:trojan-activity;sid:84488710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625611)"; flow:established,from_client; content:"GET"; http_method; content:"/mynode.mips_32"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"suspicious-northcutt.91-92-240-220.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625611/; classtype:trojan-activity;sid:84488711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625612)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mynode.m68k"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"suspicious-northcutt.91-92-240-220.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625612/; classtype:trojan-activity;sid:84488712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625613)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mynode.arm5_32"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"inspiring-jepsen.91-92-240-220.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625613/; classtype:trojan-activity;sid:84488713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625614)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mynode.x86_32"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"pensive-brown.91-92-240-220.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625614/; classtype:trojan-activity;sid:84488714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625615)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mynode.mips_32"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"pensive-brown.91-92-240-220.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625615/; classtype:trojan-activity;sid:84488715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625616)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mynode.arm6_32"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"suspicious-northcutt.91-92-240-220.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625616/; classtype:trojan-activity;sid:84488716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625617)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mynode.mpsl_32"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"suspicious-northcutt.91-92-240-220.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625617/; classtype:trojan-activity;sid:84488717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625618)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mynode.sh4"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"suspicious-northcutt.91-92-240-220.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625618/; classtype:trojan-activity;sid:84488718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625619)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mynode.m68k"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"inspiring-jepsen.91-92-240-220.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625619/; classtype:trojan-activity;sid:84488719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625620)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mynode.arm6_32"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"inspiring-jepsen.91-92-240-220.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625620/; classtype:trojan-activity;sid:84488720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625621)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mynode.m68k"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"pensive-brown.91-92-240-220.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625621/; classtype:trojan-activity;sid:84488721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625622)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mynode.arm7_32"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"inspiring-jepsen.91-92-240-220.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625622/; classtype:trojan-activity;sid:84488722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625623)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mynode.mpsl_32"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"pensive-brown.91-92-240-220.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625623/; classtype:trojan-activity;sid:84488723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625624)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mynode.arm6_32"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"pensive-brown.91-92-240-220.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625624/; classtype:trojan-activity;sid:84488724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625625)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mynode.mips_32"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"inspiring-jepsen.91-92-240-220.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625625/; classtype:trojan-activity;sid:84488725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625626)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mynode.armv4_32"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"suspicious-northcutt.91-92-240-220.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625626/; classtype:trojan-activity;sid:84488726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625602)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mynode.arm7_32"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"pensive-brown.91-92-240-220.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625602/; classtype:trojan-activity;sid:84488702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625603)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mynode.ppc_32"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"suspicious-northcutt.91-92-240-220.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625603/; classtype:trojan-activity;sid:84488703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625598)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mynode.armv4_32"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"inspiring-jepsen.91-92-240-220.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625598/; classtype:trojan-activity;sid:84488698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625599)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mynode.sh4"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"inspiring-jepsen.91-92-240-220.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625599/; classtype:trojan-activity;sid:84488699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625600)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mynode.ppc_32"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"inspiring-jepsen.91-92-240-220.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625600/; classtype:trojan-activity;sid:84488700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625601)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mynode.mpsl_32"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"inspiring-jepsen.91-92-240-220.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625601/; classtype:trojan-activity;sid:84488701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625597)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mynode.arm7_32"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"suspicious-northcutt.91-92-240-220.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625597/; classtype:trojan-activity;sid:84488697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625596)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mynode.arm6_32"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.92.240.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625596/; classtype:trojan-activity;sid:84488696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625587)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mynode.sh4"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"91.92.240.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625587/; classtype:trojan-activity;sid:84488687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625588)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mynode.ppc_32"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"91.92.240.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625588/; classtype:trojan-activity;sid:84488688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625589)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mynode.m68k"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"91.92.240.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625589/; classtype:trojan-activity;sid:84488689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625590)"; flow:established,from_client; content:"GET"; http_method; content:"/mynode.mips_32"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"91.92.240.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625590/; classtype:trojan-activity;sid:84488690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625591)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mynode.mpsl_32"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.92.240.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625591/; classtype:trojan-activity;sid:84488691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625592)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mynode.x86_32"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"91.92.240.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625592/; classtype:trojan-activity;sid:84488692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625593)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mynode.arm5_32"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.92.240.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625593/; classtype:trojan-activity;sid:84488693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625594)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mynode.mips_32"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.92.240.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625594/; classtype:trojan-activity;sid:84488694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625595)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mynode.arm7_32"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.92.240.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625595/; classtype:trojan-activity;sid:84488695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625586)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mynode.armv4_32"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.92.240.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625586/; classtype:trojan-activity;sid:84488686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625570)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.228.239.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625570/; classtype:trojan-activity;sid:84488670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625503)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.203.86.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625503/; classtype:trojan-activity;sid:84488603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625434)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"84.117.61.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625434/; classtype:trojan-activity;sid:84488534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625375)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8434554557/yfura3l.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625375/; classtype:trojan-activity;sid:84488475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625275)"; flow:established,from_client; content:"GET"; http_method; content:"/pedrofachin/badboycheats-fivem-ragemp-gtav-hack-cheat-legit-mod-menu/main/nosographic/badboycheats-fivem-ragemp-gtav-hack-cheat-legit-mod-menu.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_16; reference:url, urlhaus.abuse.ch/url/3625275/; classtype:trojan-activity;sid:84488375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625218)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.135.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_16; reference:url, urlhaus.abuse.ch/url/3625218/; classtype:trojan-activity;sid:84488318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625054)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.127.154.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_16; reference:url, urlhaus.abuse.ch/url/3625054/; classtype:trojan-activity;sid:84488154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625027)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1uf6kjqbjuad4ye5gfeapfazdchlhezms"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_16; reference:url, urlhaus.abuse.ch/url/3625027/; classtype:trojan-activity;sid:84488127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625026)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=111gopmwgiuau5pdfixhlyyhlbqtwcxmz"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_16; reference:url, urlhaus.abuse.ch/url/3625026/; classtype:trojan-activity;sid:84488126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624994)"; flow:established,from_client; content:"GET"; http_method; content:"/gbim8juazfgeaph.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.92.240.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_16; reference:url, urlhaus.abuse.ch/url/3624994/; classtype:trojan-activity;sid:84488094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624992)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|filename=monday.txt"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"bafybeiauitp4pzmay6325ntndspcuprjskz76h4vzrwvptedwt3rwdvjq4.ipfs.dweb.link"; http_host; depth:74; isdataat:!1,relative; metadata:created_at 2025_09_16; reference:url, urlhaus.abuse.ch/url/3624992/; classtype:trojan-activity;sid:84488092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624971)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1zjttdcwckqvb_b1iyqr_qifpolf7fyox"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_16; reference:url, urlhaus.abuse.ch/url/3624971/; classtype:trojan-activity;sid:84488071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624967)"; flow:established,from_client; content:"GET"; http_method; content:"/zx.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"158.94.208.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_16; reference:url, urlhaus.abuse.ch/url/3624967/; classtype:trojan-activity;sid:84488067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624941)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"110.42.139.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_16; reference:url, urlhaus.abuse.ch/url/3624941/; classtype:trojan-activity;sid:84488041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624924)"; flow:established,from_client; content:"GET"; http_method; content:"/z/89/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_16; reference:url, urlhaus.abuse.ch/url/3624924/; classtype:trojan-activity;sid:84488024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624926)"; flow:established,from_client; content:"GET"; http_method; content:"/z/89/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_16; reference:url, urlhaus.abuse.ch/url/3624926/; classtype:trojan-activity;sid:84488026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624927)"; flow:established,from_client; content:"GET"; http_method; content:"/z/89/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_16; reference:url, urlhaus.abuse.ch/url/3624927/; classtype:trojan-activity;sid:84488027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624928)"; flow:established,from_client; content:"GET"; http_method; content:"/z/89/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_16; reference:url, urlhaus.abuse.ch/url/3624928/; classtype:trojan-activity;sid:84488028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624930)"; flow:established,from_client; content:"GET"; http_method; content:"/z/89/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_16; reference:url, urlhaus.abuse.ch/url/3624930/; classtype:trojan-activity;sid:84488030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624934)"; flow:established,from_client; content:"GET"; http_method; content:"/z/89/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_16; reference:url, urlhaus.abuse.ch/url/3624934/; classtype:trojan-activity;sid:84488034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624846)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.70.15.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_16; reference:url, urlhaus.abuse.ch/url/3624846/; classtype:trojan-activity;sid:84487946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624725)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"153.37.142.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_15; reference:url, urlhaus.abuse.ch/url/3624725/; classtype:trojan-activity;sid:84487825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624720)"; flow:established,from_client; content:"GET"; http_method; content:"/z/89/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_15; reference:url, urlhaus.abuse.ch/url/3624720/; classtype:trojan-activity;sid:84487820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624706)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"153.37.142.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_15; reference:url, urlhaus.abuse.ch/url/3624706/; classtype:trojan-activity;sid:84487806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624484)"; flow:established,from_client; content:"GET"; http_method; content:"/d2a3db0fe2ac476e8ca876f8c23ba92f_miner.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_15; reference:url, urlhaus.abuse.ch/url/3624484/; classtype:trojan-activity;sid:84487584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624482)"; flow:established,from_client; content:"GET"; http_method; content:"/f18d391b478540a2a03ff0663c0f10e8_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_15; reference:url, urlhaus.abuse.ch/url/3624482/; classtype:trojan-activity;sid:84487582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624479)"; flow:established,from_client; content:"GET"; http_method; content:"/06d07b4da8cd4662af7ec26eb98bea7e_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_15; reference:url, urlhaus.abuse.ch/url/3624479/; classtype:trojan-activity;sid:84487579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624480)"; flow:established,from_client; content:"GET"; http_method; content:"/291594921b82442f8c10853291a896ac_bound_build.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_15; reference:url, urlhaus.abuse.ch/url/3624480/; classtype:trojan-activity;sid:84487580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624439)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/gmqcoiflq.pdf"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"stacysublett.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_15; reference:url, urlhaus.abuse.ch/url/3624439/; classtype:trojan-activity;sid:84487539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624438)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/vegnxqxevr.mp4"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"changemyseat.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_15; reference:url, urlhaus.abuse.ch/url/3624438/; classtype:trojan-activity;sid:84487538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624361)"; flow:established,from_client; content:"GET"; http_method; content:"/frpc.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"117.72.105.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_15; reference:url, urlhaus.abuse.ch/url/3624361/; classtype:trojan-activity;sid:84487461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624360)"; flow:established,from_client; content:"GET"; http_method; content:"/fscan.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"117.72.105.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_15; reference:url, urlhaus.abuse.ch/url/3624360/; classtype:trojan-activity;sid:84487460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624359)"; flow:established,from_client; content:"GET"; http_method; content:"/artifact_x64.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"117.72.105.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_15; reference:url, urlhaus.abuse.ch/url/3624359/; classtype:trojan-activity;sid:84487459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624351)"; flow:established,from_client; content:"GET"; http_method; content:"/renji/renji.mpsl"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.wrxcnc.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_15; reference:url, urlhaus.abuse.ch/url/3624351/; classtype:trojan-activity;sid:84487451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624352)"; flow:established,from_client; content:"GET"; http_method; content:"/renji/renji.m68k"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.wrxcnc.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_15; reference:url, urlhaus.abuse.ch/url/3624352/; classtype:trojan-activity;sid:84487452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624347)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"www.wrxcnc.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_15; reference:url, urlhaus.abuse.ch/url/3624347/; classtype:trojan-activity;sid:84487447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624346)"; flow:established,from_client; content:"GET"; http_method; content:"/renji/renji.mpsl"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"wrxcnc.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_15; reference:url, urlhaus.abuse.ch/url/3624346/; classtype:trojan-activity;sid:84487446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624339)"; flow:established,from_client; content:"GET"; http_method; content:"/renji/renji.m68k"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"wrxcnc.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_15; reference:url, urlhaus.abuse.ch/url/3624339/; classtype:trojan-activity;sid:84487439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624341)"; flow:established,from_client; content:"GET"; http_method; content:"/renji/renji.x86"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.wrxcnc.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_15; reference:url, urlhaus.abuse.ch/url/3624341/; classtype:trojan-activity;sid:84487441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624342)"; flow:established,from_client; content:"GET"; http_method; content:"/renji/renji.arm6"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.wrxcnc.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_15; reference:url, urlhaus.abuse.ch/url/3624342/; classtype:trojan-activity;sid:84487442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624343)"; flow:established,from_client; content:"GET"; http_method; content:"/renji/renji.ppc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.wrxcnc.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_15; reference:url, urlhaus.abuse.ch/url/3624343/; classtype:trojan-activity;sid:84487443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624345)"; flow:established,from_client; content:"GET"; http_method; content:"/renji/renji.spc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"wrxcnc.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_15; reference:url, urlhaus.abuse.ch/url/3624345/; classtype:trojan-activity;sid:84487445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624329)"; flow:established,from_client; content:"GET"; http_method; content:"/renji/renji.sh4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"wrxcnc.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_15; reference:url, urlhaus.abuse.ch/url/3624329/; classtype:trojan-activity;sid:84487429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624323)"; flow:established,from_client; content:"GET"; http_method; content:"/renji/renji.arm"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.wrxcnc.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_15; reference:url, urlhaus.abuse.ch/url/3624323/; classtype:trojan-activity;sid:84487423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624324)"; flow:established,from_client; content:"GET"; http_method; content:"/renji/renji.mips"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"wrxcnc.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_15; reference:url, urlhaus.abuse.ch/url/3624324/; classtype:trojan-activity;sid:84487424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624325)"; flow:established,from_client; content:"GET"; http_method; content:"/renji/renji.x86_64"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"www.wrxcnc.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_15; reference:url, urlhaus.abuse.ch/url/3624325/; classtype:trojan-activity;sid:84487425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624326)"; flow:established,from_client; content:"GET"; http_method; content:"/renji/renji.arm5"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.wrxcnc.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_15; reference:url, urlhaus.abuse.ch/url/3624326/; classtype:trojan-activity;sid:84487426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624327)"; flow:established,from_client; content:"GET"; http_method; content:"/renji/renji.mips"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.wrxcnc.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_15; reference:url, urlhaus.abuse.ch/url/3624327/; classtype:trojan-activity;sid:84487427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624322)"; flow:established,from_client; content:"GET"; http_method; content:"/renji/renji.arc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"wrxcnc.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_15; reference:url, urlhaus.abuse.ch/url/3624322/; classtype:trojan-activity;sid:84487422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624309)"; flow:established,from_client; content:"GET"; http_method; content:"/renji/renji.i686"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.wrxcnc.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_15; reference:url, urlhaus.abuse.ch/url/3624309/; classtype:trojan-activity;sid:84487409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624311)"; flow:established,from_client; content:"GET"; http_method; content:"/renji/renji.arm7"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.wrxcnc.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_15; reference:url, urlhaus.abuse.ch/url/3624311/; classtype:trojan-activity;sid:84487411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624312)"; flow:established,from_client; content:"GET"; http_method; content:"/renji/renji.arm6"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"wrxcnc.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_15; reference:url, urlhaus.abuse.ch/url/3624312/; classtype:trojan-activity;sid:84487412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624313)"; flow:established,from_client; content:"GET"; http_method; content:"/renji/renji.i686"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"wrxcnc.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_15; reference:url, urlhaus.abuse.ch/url/3624313/; classtype:trojan-activity;sid:84487413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624314)"; flow:established,from_client; content:"GET"; http_method; content:"/renji/renji.x86"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"wrxcnc.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_15; reference:url, urlhaus.abuse.ch/url/3624314/; classtype:trojan-activity;sid:84487414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624315)"; flow:established,from_client; content:"GET"; http_method; content:"/renji/renji.arm7"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"wrxcnc.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_15; reference:url, urlhaus.abuse.ch/url/3624315/; classtype:trojan-activity;sid:84487415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624317)"; flow:established,from_client; content:"GET"; http_method; content:"/renji/renji.arm"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"wrxcnc.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_15; reference:url, urlhaus.abuse.ch/url/3624317/; classtype:trojan-activity;sid:84487417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624318)"; flow:established,from_client; content:"GET"; http_method; content:"/renji/renji.sh4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.wrxcnc.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_15; reference:url, urlhaus.abuse.ch/url/3624318/; classtype:trojan-activity;sid:84487418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624319)"; flow:established,from_client; content:"GET"; http_method; content:"/renji/renji.ppc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"wrxcnc.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_15; reference:url, urlhaus.abuse.ch/url/3624319/; classtype:trojan-activity;sid:84487419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624320)"; flow:established,from_client; content:"GET"; http_method; content:"/renji/renji.arc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.wrxcnc.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_15; reference:url, urlhaus.abuse.ch/url/3624320/; classtype:trojan-activity;sid:84487420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624304)"; flow:established,from_client; content:"GET"; http_method; content:"/renji/renji.spc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.wrxcnc.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_15; reference:url, urlhaus.abuse.ch/url/3624304/; classtype:trojan-activity;sid:84487404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624305)"; flow:established,from_client; content:"GET"; http_method; content:"/renji/renji.arm5"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"wrxcnc.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_15; reference:url, urlhaus.abuse.ch/url/3624305/; classtype:trojan-activity;sid:84487405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624306)"; flow:established,from_client; content:"GET"; http_method; content:"/renji/renji.x86_64"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"wrxcnc.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_15; reference:url, urlhaus.abuse.ch/url/3624306/; classtype:trojan-activity;sid:84487406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624291)"; flow:established,from_client; content:"GET"; http_method; content:"/uppc"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_15; reference:url, urlhaus.abuse.ch/url/3624291/; classtype:trojan-activity;sid:84487391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624280)"; flow:established,from_client; content:"GET"; http_method; content:"/ui686"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_15; reference:url, urlhaus.abuse.ch/url/3624280/; classtype:trojan-activity;sid:84487380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624271)"; flow:established,from_client; content:"GET"; http_method; content:"/test/amnew.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_15; reference:url, urlhaus.abuse.ch/url/3624271/; classtype:trojan-activity;sid:84487371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624185)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.80.121.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3624185/; classtype:trojan-activity;sid:84487285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624027)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"71.207.64.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3624027/; classtype:trojan-activity;sid:84487127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623860)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/2025_audit.pdf.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"213.165.60.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623860/; classtype:trojan-activity;sid:84486960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623786)"; flow:established,from_client; content:"GET"; http_method; content:"/mise.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"210.16.163.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623786/; classtype:trojan-activity;sid:84486886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623781)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.130.74.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623781/; classtype:trojan-activity;sid:84486881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623775)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"121.41.167.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623775/; classtype:trojan-activity;sid:84486875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623778)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"36.137.134.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623778/; classtype:trojan-activity;sid:84486878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623760)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"69.165.68.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623760/; classtype:trojan-activity;sid:84486860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623763)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"82.156.147.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623763/; classtype:trojan-activity;sid:84486863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623758)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.230.158.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623758/; classtype:trojan-activity;sid:84486858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.23.205.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623754/; classtype:trojan-activity;sid:84486854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623738)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.63.68.207"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623738/; classtype:trojan-activity;sid:84486838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623728)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"180.40.204.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623728/; classtype:trojan-activity;sid:84486828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623716)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.227.10.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623716/; classtype:trojan-activity;sid:84486816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623718)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"125.175.72.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623718/; classtype:trojan-activity;sid:84486818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623705)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.39.215.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623705/; classtype:trojan-activity;sid:84486805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623704)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"125.175.66.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623704/; classtype:trojan-activity;sid:84486804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623701)"; flow:established,from_client; content:"GET"; http_method; content:"/fc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623701/; classtype:trojan-activity;sid:84486801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623700)"; flow:established,from_client; content:"GET"; http_method; content:"/poc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623700/; classtype:trojan-activity;sid:84486800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623698)"; flow:established,from_client; content:"GET"; http_method; content:"/curl.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623698/; classtype:trojan-activity;sid:84486798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623697)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623697/; classtype:trojan-activity;sid:84486797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623695)"; flow:established,from_client; content:"GET"; http_method; content:"/ftpget.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623695/; classtype:trojan-activity;sid:84486795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623686)"; flow:established,from_client; content:"GET"; http_method; content:"/lmips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623686/; classtype:trojan-activity;sid:84486786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623687)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623687/; classtype:trojan-activity;sid:84486787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623688)"; flow:established,from_client; content:"GET"; http_method; content:"/umpsl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623688/; classtype:trojan-activity;sid:84486788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623689)"; flow:established,from_client; content:"GET"; http_method; content:"/lmpsl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623689/; classtype:trojan-activity;sid:84486789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623690)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623690/; classtype:trojan-activity;sid:84486790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623691)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623691/; classtype:trojan-activity;sid:84486791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623692)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623692/; classtype:trojan-activity;sid:84486792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623693)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623693/; classtype:trojan-activity;sid:84486793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623694)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623694/; classtype:trojan-activity;sid:84486794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623683)"; flow:established,from_client; content:"GET"; http_method; content:"/emips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623683/; classtype:trojan-activity;sid:84486783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623684)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623684/; classtype:trojan-activity;sid:84486784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623679)"; flow:established,from_client; content:"GET"; http_method; content:"/umips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623679/; classtype:trojan-activity;sid:84486779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623680)"; flow:established,from_client; content:"GET"; http_method; content:"/nmips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623680/; classtype:trojan-activity;sid:84486780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623681)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623681/; classtype:trojan-activity;sid:84486781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623682)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623682/; classtype:trojan-activity;sid:84486782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623624)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623624/; classtype:trojan-activity;sid:84486724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623625)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623625/; classtype:trojan-activity;sid:84486725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623451)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"71.207.64.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623451/; classtype:trojan-activity;sid:84486551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623411)"; flow:established,from_client; content:"GET"; http_method; content:"/atera/nodustrunm.msi"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"securedocusharex.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623411/; classtype:trojan-activity;sid:84486511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623405)"; flow:established,from_client; content:"GET"; http_method; content:"/atera/snowhiteout.msi"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"securedocusharex.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623405/; classtype:trojan-activity;sid:84486505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623406)"; flow:established,from_client; content:"GET"; http_method; content:"/atera/wisemenchat.msi"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"securedocusharex.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623406/; classtype:trojan-activity;sid:84486506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623407)"; flow:established,from_client; content:"GET"; http_method; content:"/atera/jingle.msi"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"securedocusharex.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623407/; classtype:trojan-activity;sid:84486507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623408)"; flow:established,from_client; content:"GET"; http_method; content:"/hkakkkaa/gdsssdggsg/releases/download/fsdfsd/lol1.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623408/; classtype:trojan-activity;sid:84486508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623409)"; flow:established,from_client; content:"GET"; http_method; content:"/atera/ajewarrior.msi"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"securedocusharex.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623409/; classtype:trojan-activity;sid:84486509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623410)"; flow:established,from_client; content:"GET"; http_method; content:"/atera/yaegerrob4325.msi"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"securedocusharex.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623410/; classtype:trojan-activity;sid:84486510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623401)"; flow:established,from_client; content:"GET"; http_method; content:"/atera/sadfewego.msi"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"securedocusharex.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623401/; classtype:trojan-activity;sid:84486501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623400)"; flow:established,from_client; content:"GET"; http_method; content:"/atera/2poasdoc.msi"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"securedocusharex.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623400/; classtype:trojan-activity;sid:84486500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623397)"; flow:established,from_client; content:"GET"; http_method; content:"/atera/whitepower.msi"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"securedocusharex.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623397/; classtype:trojan-activity;sid:84486497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623398)"; flow:established,from_client; content:"GET"; http_method; content:"/atera/intruder3000.msi"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"securedocusharex.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623398/; classtype:trojan-activity;sid:84486498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623399)"; flow:established,from_client; content:"GET"; http_method; content:"/atera/future.msi"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"securedocusharex.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623399/; classtype:trojan-activity;sid:84486499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623395)"; flow:established,from_client; content:"GET"; http_method; content:"/atera/bunkerjoe.msi"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"securedocusharex.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623395/; classtype:trojan-activity;sid:84486495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623396)"; flow:established,from_client; content:"GET"; http_method; content:"/atera/tron67.msi"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"securedocusharex.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623396/; classtype:trojan-activity;sid:84486496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623390)"; flow:established,from_client; content:"GET"; http_method; content:"/123.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"210.16.163.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623390/; classtype:trojan-activity;sid:84486490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623392)"; flow:established,from_client; content:"GET"; http_method; content:"/atera/powergod.msi"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"securedocusharex.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623392/; classtype:trojan-activity;sid:84486492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623387)"; flow:established,from_client; content:"GET"; http_method; content:"/atera/nightking.msi"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"securedocusharex.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623387/; classtype:trojan-activity;sid:84486487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623388)"; flow:established,from_client; content:"GET"; http_method; content:"/atera/cartman.msi"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"securedocusharex.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623388/; classtype:trojan-activity;sid:84486488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623386)"; flow:established,from_client; content:"GET"; http_method; content:"/atera/hardly.msi"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"securedocusharex.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623386/; classtype:trojan-activity;sid:84486486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623233)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"69.178.31.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623233/; classtype:trojan-activity;sid:84486333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623227)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"69.178.31.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623227/; classtype:trojan-activity;sid:84486327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623136)"; flow:established,from_client; content:"GET"; http_method; content:"/buding/3dexplor.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"202.189.5.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623136/; classtype:trojan-activity;sid:84486236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623135)"; flow:established,from_client; content:"GET"; http_method; content:"/30frxxbd/139assicc.dll"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"192.140.182.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623135/; classtype:trojan-activity;sid:84486235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623131)"; flow:established,from_client; content:"GET"; http_method; content:"/rasadhlp.dll"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"118.25.68.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623131/; classtype:trojan-activity;sid:84486231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623130)"; flow:established,from_client; content:"GET"; http_method; content:"/rasadhlp.dll"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"124.221.29.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623130/; classtype:trojan-activity;sid:84486230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623126)"; flow:established,from_client; content:"GET"; http_method; content:"/ziobigiu84/site/refs/heads/main/launcher.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623126/; classtype:trojan-activity;sid:84486226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623123)"; flow:established,from_client; content:"GET"; http_method; content:"/midkourtbbe/network/refs/heads/main/software.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623123/; classtype:trojan-activity;sid:84486223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623122)"; flow:established,from_client; content:"GET"; http_method; content:"/anno29/web/refs/heads/main/software.zip"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623122/; classtype:trojan-activity;sid:84486222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623121)"; flow:established,from_client; content:"GET"; http_method; content:"/ilpigna03/site/refs/heads/main/launcher.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623121/; classtype:trojan-activity;sid:84486221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623120)"; flow:established,from_client; content:"GET"; http_method; content:"/nullarchive/request/refs/heads/main/software.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623120/; classtype:trojan-activity;sid:84486220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623114)"; flow:established,from_client; content:"GET"; http_method; content:"/cxx.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"alpinreisan1.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623114/; classtype:trojan-activity;sid:84486214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623055)"; flow:established,from_client; content:"GET"; http_method; content:"/rasadhlp.dll"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"124.222.151.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623055/; classtype:trojan-activity;sid:84486155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623027)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.135.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623027/; classtype:trojan-activity;sid:84486127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623011)"; flow:established,from_client; content:"GET"; http_method; content:"/9.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623011/; classtype:trojan-activity;sid:84486111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622855)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.72.139"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622855/; classtype:trojan-activity;sid:84485955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622845)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.72.139"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622845/; classtype:trojan-activity;sid:84485945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622798)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.178.47.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622798/; classtype:trojan-activity;sid:84485898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622759)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/v1/object/public/hold/image.jpg"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"ihmmkvkaiwnilneauhfn.supabase.co"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622759/; classtype:trojan-activity;sid:84485859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622727)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"162.221.222.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622727/; classtype:trojan-activity;sid:84485827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622643)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/v1/object/public/nano_duso/image.jpg|3f|12711343p"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"frygzjyhtiunvhvnacif.supabase.co"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622643/; classtype:trojan-activity;sid:84485743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622639)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/v1/object/public/nano_duso/image.jpg|3f|12711343"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"frygzjyhtiunvhvnacif.supabase.co"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622639/; classtype:trojan-activity;sid:84485739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622638)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/v1/object/public/hold/image.jpg|3f|12711343"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"ihmmkvkaiwnilneauhfn.supabase.co"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622638/; classtype:trojan-activity;sid:84485738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622625)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"www.hcsnet.com.br"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622625/; classtype:trojan-activity;sid:84485725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622623)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_amd64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.hcsnet.com.br"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622623/; classtype:trojan-activity;sid:84485723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622624)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.hcsnet.com.br"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622624/; classtype:trojan-activity;sid:84485724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622541)"; flow:established,from_client; content:"GET"; http_method; content:"/125.bin"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"39.105.223.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622541/; classtype:trojan-activity;sid:84485641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622545)"; flow:established,from_client; content:"GET"; http_method; content:"/shellcode.bin"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"39.105.223.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622545/; classtype:trojan-activity;sid:84485645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622547)"; flow:established,from_client; content:"GET"; http_method; content:"/er/45.bin"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"39.105.223.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622547/; classtype:trojan-activity;sid:84485647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622548)"; flow:established,from_client; content:"GET"; http_method; content:"/er/326.bin"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"39.105.223.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622548/; classtype:trojan-activity;sid:84485648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622549)"; flow:established,from_client; content:"GET"; http_method; content:"/er/46.bin"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"39.105.223.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622549/; classtype:trojan-activity;sid:84485649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622539)"; flow:established,from_client; content:"GET"; http_method; content:"/er/1212.bin"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"39.105.223.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622539/; classtype:trojan-activity;sid:84485639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622517)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm7"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"160.187.229.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622517/; classtype:trojan-activity;sid:84485617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622515)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"160.187.229.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622515/; classtype:trojan-activity;sid:84485615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622512)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.sh4"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"160.187.229.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622512/; classtype:trojan-activity;sid:84485612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622514)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.m68k"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"160.187.229.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622514/; classtype:trojan-activity;sid:84485614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622508)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"160.187.229.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622508/; classtype:trojan-activity;sid:84485608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622465)"; flow:established,from_client; content:"GET"; http_method; content:"/m/moobs"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622465/; classtype:trojan-activity;sid:84485565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622466)"; flow:established,from_client; content:"GET"; http_method; content:"/m/mpsl"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622466/; classtype:trojan-activity;sid:84485566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622468)"; flow:established,from_client; content:"GET"; http_method; content:"/m/arm5"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622468/; classtype:trojan-activity;sid:84485568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622469)"; flow:established,from_client; content:"GET"; http_method; content:"/m/arm4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622469/; classtype:trojan-activity;sid:84485569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622470)"; flow:established,from_client; content:"GET"; http_method; content:"/m/arm7"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622470/; classtype:trojan-activity;sid:84485570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622268)"; flow:established,from_client; content:"GET"; http_method; content:"/mass"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.154.35.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622268/; classtype:trojan-activity;sid:84485368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622262)"; flow:established,from_client; content:"GET"; http_method; content:"/m/i.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622262/; classtype:trojan-activity;sid:84485362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622234)"; flow:established,from_client; content:"GET"; http_method; content:"/well/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622234/; classtype:trojan-activity;sid:84485334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622172)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"90.228.239.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622172/; classtype:trojan-activity;sid:84485272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622070)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i686"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"89.213.174.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622070/; classtype:trojan-activity;sid:84485170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622061)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"89.213.174.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622061/; classtype:trojan-activity;sid:84485161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622062)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"89.213.174.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622062/; classtype:trojan-activity;sid:84485162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622063)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.sh4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"89.213.174.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622063/; classtype:trojan-activity;sid:84485163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622065)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"89.213.174.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622065/; classtype:trojan-activity;sid:84485165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622066)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"89.213.174.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622066/; classtype:trojan-activity;sid:84485166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622067)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"89.213.174.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622067/; classtype:trojan-activity;sid:84485167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622068)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"89.213.174.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622068/; classtype:trojan-activity;sid:84485168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622069)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"89.213.174.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622069/; classtype:trojan-activity;sid:84485169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622060)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"89.213.174.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622060/; classtype:trojan-activity;sid:84485160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622058)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"89.213.174.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622058/; classtype:trojan-activity;sid:84485158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622059)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86_64"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"89.213.174.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622059/; classtype:trojan-activity;sid:84485159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622057)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/debug"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"89.213.174.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3622057/; classtype:trojan-activity;sid:84485157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621937)"; flow:established,from_client; content:"GET"; http_method; content:"/7b50107d852f42df8b20aef2f2854add_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621937/; classtype:trojan-activity;sid:84485037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621936)"; flow:established,from_client; content:"GET"; http_method; content:"/d131ceb3b559401490aca6464a4986ef_bound_build.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621936/; classtype:trojan-activity;sid:84485036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621935)"; flow:established,from_client; content:"GET"; http_method; content:"/90129a48641c4917b0bb758f24ee45ba_miner.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621935/; classtype:trojan-activity;sid:84485035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621920)"; flow:established,from_client; content:"GET"; http_method; content:"/dd4517d760bb43ffaf57b426808fc91d_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621920/; classtype:trojan-activity;sid:84485020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621921)"; flow:established,from_client; content:"GET"; http_method; content:"/dda45bc6697f47ef9866999b08f1bc37_miner.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621921/; classtype:trojan-activity;sid:84485021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621783)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/breakingforth.txt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"katyache.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621783/; classtype:trojan-activity;sid:84484883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621757)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1xisuc6psmmj5jzq7jgoffba7avfhzga_"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621757/; classtype:trojan-activity;sid:84484857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621756)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1mwb9mee-jrnauhajip70indlgqzxiyem"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621756/; classtype:trojan-activity;sid:84484856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621753)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1okqdyr_kghanl7h_i1mwmlmzfesw_gx0"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621753/; classtype:trojan-activity;sid:84484853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621526)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"160.187.229.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621526/; classtype:trojan-activity;sid:84484626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621518)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.i686"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"160.187.229.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621518/; classtype:trojan-activity;sid:84484618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621519)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.ppc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"160.187.229.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621519/; classtype:trojan-activity;sid:84484619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621520)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"160.187.229.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621520/; classtype:trojan-activity;sid:84484620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621521)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86_64"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"160.187.229.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621521/; classtype:trojan-activity;sid:84484621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621522)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm6"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"160.187.229.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621522/; classtype:trojan-activity;sid:84484622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621523)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm5"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"160.187.229.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621523/; classtype:trojan-activity;sid:84484623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621524)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mpsl"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"160.187.229.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621524/; classtype:trojan-activity;sid:84484624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621525)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mips"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"160.187.229.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621525/; classtype:trojan-activity;sid:84484625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621476)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"34.19.22.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621476/; classtype:trojan-activity;sid:84484576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621461)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"121.40.18.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621461/; classtype:trojan-activity;sid:84484561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621466)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"221.132.29.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621466/; classtype:trojan-activity;sid:84484566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621448)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"24.152.172.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621448/; classtype:trojan-activity;sid:84484548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621442)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.214.227.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621442/; classtype:trojan-activity;sid:84484542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621440)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"120.157.159.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621440/; classtype:trojan-activity;sid:84484540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621426)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"120.157.159.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621426/; classtype:trojan-activity;sid:84484526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621292)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.249.142.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621292/; classtype:trojan-activity;sid:84484392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621283)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.249.142.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621283/; classtype:trojan-activity;sid:84484383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621087)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/numaneo.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621087/; classtype:trojan-activity;sid:84484187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621086)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/test.jpg"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"62.60.226.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621086/; classtype:trojan-activity;sid:84484186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621032)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.83.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621032/; classtype:trojan-activity;sid:84484132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620984)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"184.70.122.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3620984/; classtype:trojan-activity;sid:84484084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620979)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"184.70.122.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3620979/; classtype:trojan-activity;sid:84484079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620835)"; flow:established,from_client; content:"GET"; http_method; content:"/client-built.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"5.133.102.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620835/; classtype:trojan-activity;sid:84483935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620619)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.arc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620619/; classtype:trojan-activity;sid:84483719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620592)"; flow:established,from_client; content:"GET"; http_method; content:"/q213fd.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"178.16.55.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620592/; classtype:trojan-activity;sid:84483692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620593)"; flow:established,from_client; content:"GET"; http_method; content:"/x1234.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.16.55.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620593/; classtype:trojan-activity;sid:84483693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620574)"; flow:established,from_client; content:"GET"; http_method; content:"/s244.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"178.16.55.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620574/; classtype:trojan-activity;sid:84483674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620555)"; flow:established,from_client; content:"GET"; http_method; content:"/mk2k20ajw7kairt1mg88vt1at9vwu5azn9akyys2qbnbnxv3ph/yer2kp0jebhsddvcs9cwnhbkugdxcem9kqxlwfadhgmkyw7fzq.exe"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"178.16.53.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620555/; classtype:trojan-activity;sid:84483655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620553)"; flow:established,from_client; content:"GET"; http_method; content:"/mk2k20ajw7kairt1mg88vt1at9vwu5azn9akyys2qbnbnxv3ph/mr5jffcvzvzar7ivtoqbfoizsmpezngqoxaypg38ox6k48cqpt.exe"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"178.16.53.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620553/; classtype:trojan-activity;sid:84483653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620554)"; flow:established,from_client; content:"GET"; http_method; content:"/l843.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"178.16.55.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620554/; classtype:trojan-activity;sid:84483654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620552)"; flow:established,from_client; content:"GET"; http_method; content:"/n8388.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.16.55.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620552/; classtype:trojan-activity;sid:84483652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620500)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"109.205.213.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620500/; classtype:trojan-activity;sid:84483600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620499)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"109.205.213.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620499/; classtype:trojan-activity;sid:84483599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620491)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"109.205.213.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620491/; classtype:trojan-activity;sid:84483591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620492)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"109.205.213.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620492/; classtype:trojan-activity;sid:84483592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620493)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"109.205.213.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620493/; classtype:trojan-activity;sid:84483593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620494)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"109.205.213.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620494/; classtype:trojan-activity;sid:84483594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620495)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"109.205.213.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620495/; classtype:trojan-activity;sid:84483595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620496)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"109.205.213.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620496/; classtype:trojan-activity;sid:84483596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620497)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"109.205.213.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620497/; classtype:trojan-activity;sid:84483597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620498)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"109.205.213.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620498/; classtype:trojan-activity;sid:84483598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620489)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"109.205.213.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620489/; classtype:trojan-activity;sid:84483589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620490)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"109.205.213.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620490/; classtype:trojan-activity;sid:84483590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620261)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"p1611192-mobac01.tokyo.ocn.ne.jp"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620261/; classtype:trojan-activity;sid:84483361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620246)"; flow:established,from_client; content:"GET"; http_method; content:"/shk"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"109.205.213.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620246/; classtype:trojan-activity;sid:84483346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620249)"; flow:established,from_client; content:"GET"; http_method; content:"/d"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.205.213.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620249/; classtype:trojan-activity;sid:84483349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620255)"; flow:established,from_client; content:"GET"; http_method; content:"/tbk"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"109.205.213.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620255/; classtype:trojan-activity;sid:84483355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620256)"; flow:established,from_client; content:"GET"; http_method; content:"/ssh"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"109.205.213.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620256/; classtype:trojan-activity;sid:84483356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620243)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"wrxcnc.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620243/; classtype:trojan-activity;sid:84483343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620145)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"49.235.177.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620145/; classtype:trojan-activity;sid:84483245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.81.156.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620132/; classtype:trojan-activity;sid:84483232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620124)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.221.116.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620124/; classtype:trojan-activity;sid:84483224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620129)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.16.177.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620129/; classtype:trojan-activity;sid:84483229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620109)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"120.157.159.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620109/; classtype:trojan-activity;sid:84483209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620073)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.86.2.149"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620073/; classtype:trojan-activity;sid:84483173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619986)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_amd64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"hcsnet.com.br"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619986/; classtype:trojan-activity;sid:84483086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619984)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"hcsnet.com.br"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619984/; classtype:trojan-activity;sid:84483084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619985)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"hcsnet.com.br"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619985/; classtype:trojan-activity;sid:84483085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619895)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5296057416/njtiemv.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619895/; classtype:trojan-activity;sid:84482995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619887)"; flow:established,from_client; content:"GET"; http_method; content:"/dvr.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619887/; classtype:trojan-activity;sid:84482987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619888)"; flow:established,from_client; content:"GET"; http_method; content:"/lol.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619888/; classtype:trojan-activity;sid:84482988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619886)"; flow:established,from_client; content:"GET"; http_method; content:"/lol.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619886/; classtype:trojan-activity;sid:84482986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619874)"; flow:established,from_client; content:"GET"; http_method; content:"/t/arm5"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619874/; classtype:trojan-activity;sid:84482974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619875)"; flow:established,from_client; content:"GET"; http_method; content:"/lol.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619875/; classtype:trojan-activity;sid:84482975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619876)"; flow:established,from_client; content:"GET"; http_method; content:"/t/arm"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619876/; classtype:trojan-activity;sid:84482976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619877)"; flow:established,from_client; content:"GET"; http_method; content:"/lol.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619877/; classtype:trojan-activity;sid:84482977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619878)"; flow:established,from_client; content:"GET"; http_method; content:"/t/aarch64"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619878/; classtype:trojan-activity;sid:84482978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619879)"; flow:established,from_client; content:"GET"; http_method; content:"/t/mpsl"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619879/; classtype:trojan-activity;sid:84482979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619880)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619880/; classtype:trojan-activity;sid:84482980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619881)"; flow:established,from_client; content:"GET"; http_method; content:"/t/arm7"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619881/; classtype:trojan-activity;sid:84482981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619882)"; flow:established,from_client; content:"GET"; http_method; content:"/t/mips"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619882/; classtype:trojan-activity;sid:84482982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619883)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619883/; classtype:trojan-activity;sid:84482983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619884)"; flow:established,from_client; content:"GET"; http_method; content:"/lol.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619884/; classtype:trojan-activity;sid:84482984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619783)"; flow:established,from_client; content:"GET"; http_method; content:"/t/skid.arc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619783/; classtype:trojan-activity;sid:84482883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619784)"; flow:established,from_client; content:"GET"; http_method; content:"/t/skid.aarch64"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619784/; classtype:trojan-activity;sid:84482884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619497)"; flow:established,from_client; content:"GET"; http_method; content:"/t/skid.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619497/; classtype:trojan-activity;sid:84482597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619493)"; flow:established,from_client; content:"GET"; http_method; content:"/t/skid.arm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619493/; classtype:trojan-activity;sid:84482593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619491)"; flow:established,from_client; content:"GET"; http_method; content:"/t/skid.mpsl"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619491/; classtype:trojan-activity;sid:84482591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619487)"; flow:established,from_client; content:"GET"; http_method; content:"/t/skid.arm5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619487/; classtype:trojan-activity;sid:84482587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619384)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619384/; classtype:trojan-activity;sid:84482484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619381)"; flow:established,from_client; content:"GET"; http_method; content:"/goahead.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619381/; classtype:trojan-activity;sid:84482481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619382)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619382/; classtype:trojan-activity;sid:84482482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619272)"; flow:established,from_client; content:"GET"; http_method; content:"/testmine/random.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619272/; classtype:trojan-activity;sid:84482372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619256)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"207.65.186.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619256/; classtype:trojan-activity;sid:84482356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619114)"; flow:established,from_client; content:"GET"; http_method; content:"/app_win/random.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619114/; classtype:trojan-activity;sid:84482214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619109)"; flow:established,from_client; content:"GET"; http_method; content:"/newdef/random.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619109/; classtype:trojan-activity;sid:84482209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618534)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.83.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618534/; classtype:trojan-activity;sid:84481634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618533)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.7.11.184"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618533/; classtype:trojan-activity;sid:84481633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618526)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.7.11.184"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618526/; classtype:trojan-activity;sid:84481626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618520)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.173.21.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618520/; classtype:trojan-activity;sid:84481620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618511)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.173.21.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618511/; classtype:trojan-activity;sid:84481611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618510)"; flow:established,from_client; content:"GET"; http_method; content:"/download.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618510/; classtype:trojan-activity;sid:84481610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618252)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel.urbotnetisass"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"94.154.35.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618252/; classtype:trojan-activity;sid:84481352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618253)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4.urbotnetisass"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"94.154.35.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618253/; classtype:trojan-activity;sid:84481353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618255)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32.urbotnetisass"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"94.154.35.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618255/; classtype:trojan-activity;sid:84481355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618256)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc.urbotnetisass"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"94.154.35.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618256/; classtype:trojan-activity;sid:84481356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618257)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.urbotnetisass"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"94.154.35.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618257/; classtype:trojan-activity;sid:84481357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618219)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7.urbotnetisass"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"94.154.35.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618219/; classtype:trojan-activity;sid:84481319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618221)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.urbotnetisass"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"94.154.35.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618221/; classtype:trojan-activity;sid:84481321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618222)"; flow:established,from_client; content:"GET"; http_method; content:"/arm.urbotnetisass"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"94.154.35.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618222/; classtype:trojan-activity;sid:84481322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618122)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7453936223/rent7wg.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618122/; classtype:trojan-activity;sid:84481222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617975)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.221.201.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617975/; classtype:trojan-activity;sid:84481075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617921)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.223.199.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617921/; classtype:trojan-activity;sid:84481021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617904)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.236.65.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617904/; classtype:trojan-activity;sid:84481004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617806)"; flow:established,from_client; content:"GET"; http_method; content:"/files/rdx/random.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617806/; classtype:trojan-activity;sid:84480906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617799)"; flow:established,from_client; content:"GET"; http_method; content:"/files/unique2/random.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617799/; classtype:trojan-activity;sid:84480899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617790)"; flow:established,from_client; content:"GET"; http_method; content:"/files/fate/random.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617790/; classtype:trojan-activity;sid:84480890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617792)"; flow:established,from_client; content:"GET"; http_method; content:"/files/740061926/ojjvpn1.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617792/; classtype:trojan-activity;sid:84480892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617764)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"144.172.93.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617764/; classtype:trojan-activity;sid:84480864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617765)"; flow:established,from_client; content:"GET"; http_method; content:"/stub.dll"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"144.172.93.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617765/; classtype:trojan-activity;sid:84480865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617625)"; flow:established,from_client; content:"GET"; http_method; content:"/ccce41b9-e358-4972-b52d-dd1cdbe5f636.msi"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"193.24.123.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617625/; classtype:trojan-activity;sid:84480725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617624)"; flow:established,from_client; content:"GET"; http_method; content:"/installer.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.125.50.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617624/; classtype:trojan-activity;sid:84480724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617613)"; flow:established,from_client; content:"GET"; http_method; content:"/terms.pdf"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.125.50.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617613/; classtype:trojan-activity;sid:84480713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617615)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/terms.pdf.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"85.192.48.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617615/; classtype:trojan-activity;sid:84480715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617566)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.166.248.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617566/; classtype:trojan-activity;sid:84480666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617562)"; flow:established,from_client; content:"GET"; http_method; content:"/6.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617562/; classtype:trojan-activity;sid:84480662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617563)"; flow:established,from_client; content:"GET"; http_method; content:"/5.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617563/; classtype:trojan-activity;sid:84480663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617560)"; flow:established,from_client; content:"GET"; http_method; content:"/4.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617560/; classtype:trojan-activity;sid:84480660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617545)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.166.248.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617545/; classtype:trojan-activity;sid:84480645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617527)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.70.238.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617527/; classtype:trojan-activity;sid:84480627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617474)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.83.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617474/; classtype:trojan-activity;sid:84480574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617437)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"110.40.176.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617437/; classtype:trojan-activity;sid:84480537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617439)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.120.45.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617439/; classtype:trojan-activity;sid:84480539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617442)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.141.15.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617442/; classtype:trojan-activity;sid:84480542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617443)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.117.1.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617443/; classtype:trojan-activity;sid:84480543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617433)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.112.49.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617433/; classtype:trojan-activity;sid:84480533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617428)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.129.100.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617428/; classtype:trojan-activity;sid:84480528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617425)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.128.220.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617425/; classtype:trojan-activity;sid:84480525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617422)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.119.134.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617422/; classtype:trojan-activity;sid:84480522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617418)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.128.239.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617418/; classtype:trojan-activity;sid:84480518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617403)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.209.200.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617403/; classtype:trojan-activity;sid:84480503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617223)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.83.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617223/; classtype:trojan-activity;sid:84480323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617201)"; flow:established,from_client; content:"GET"; http_method; content:"/19000101/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617201/; classtype:trojan-activity;sid:84480301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617196)"; flow:established,from_client; content:"GET"; http_method; content:"/19000101/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617196/; classtype:trojan-activity;sid:84480296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617193)"; flow:established,from_client; content:"GET"; http_method; content:"/19000101/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617193/; classtype:trojan-activity;sid:84480293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617189)"; flow:established,from_client; content:"GET"; http_method; content:"/19000101/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617189/; classtype:trojan-activity;sid:84480289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617190)"; flow:established,from_client; content:"GET"; http_method; content:"/19000101/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617190/; classtype:trojan-activity;sid:84480290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617164)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"lakhrl.sweatscissors.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617164/; classtype:trojan-activity;sid:84480264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617157)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"mx2.sweatscissors.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617157/; classtype:trojan-activity;sid:84480257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617158)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/debug"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"mx1.sweatscissors.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617158/; classtype:trojan-activity;sid:84480258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617156)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"mx1.sweatscissors.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617156/; classtype:trojan-activity;sid:84480256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617151)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"mx1.sweatscissors.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617151/; classtype:trojan-activity;sid:84480251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617152)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"mx2.sweatscissors.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617152/; classtype:trojan-activity;sid:84480252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617153)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"mx1.sweatscissors.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617153/; classtype:trojan-activity;sid:84480253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617154)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86_64"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"clks.sweatscissors.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617154/; classtype:trojan-activity;sid:84480254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617144)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"lakhrl.sweatscissors.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617144/; classtype:trojan-activity;sid:84480244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617145)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"lakhrl.sweatscissors.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617145/; classtype:trojan-activity;sid:84480245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617147)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i686"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"mx1.sweatscissors.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617147/; classtype:trojan-activity;sid:84480247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617148)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"mx1.sweatscissors.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617148/; classtype:trojan-activity;sid:84480248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617149)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i686"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"mx2.sweatscissors.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617149/; classtype:trojan-activity;sid:84480249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617132)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"clks.sweatscissors.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617132/; classtype:trojan-activity;sid:84480232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617133)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"mx1.sweatscissors.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617133/; classtype:trojan-activity;sid:84480233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617134)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.sh4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"mx2.sweatscissors.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617134/; classtype:trojan-activity;sid:84480234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617135)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"clks.sweatscissors.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617135/; classtype:trojan-activity;sid:84480235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617136)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"clks.sweatscissors.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617136/; classtype:trojan-activity;sid:84480236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617138)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"lakhrl.sweatscissors.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617138/; classtype:trojan-activity;sid:84480238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617139)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.sh4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"clks.sweatscissors.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617139/; classtype:trojan-activity;sid:84480239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617140)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i686"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"lakhrl.sweatscissors.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617140/; classtype:trojan-activity;sid:84480240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617141)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"lakhrl.sweatscissors.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617141/; classtype:trojan-activity;sid:84480241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617142)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"lakhrl.sweatscissors.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617142/; classtype:trojan-activity;sid:84480242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617143)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"mx1.sweatscissors.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617143/; classtype:trojan-activity;sid:84480243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617130)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"mx2.sweatscissors.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617130/; classtype:trojan-activity;sid:84480230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617131)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"clks.sweatscissors.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617131/; classtype:trojan-activity;sid:84480231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617120)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"mx2.sweatscissors.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617120/; classtype:trojan-activity;sid:84480220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617122)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"lakhrl.sweatscissors.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617122/; classtype:trojan-activity;sid:84480222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617123)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"mx2.sweatscissors.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617123/; classtype:trojan-activity;sid:84480223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617124)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/debug"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"clks.sweatscissors.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617124/; classtype:trojan-activity;sid:84480224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617125)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"lakhrl.sweatscissors.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617125/; classtype:trojan-activity;sid:84480225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617126)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86_64"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"mx2.sweatscissors.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617126/; classtype:trojan-activity;sid:84480226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617127)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86_64"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"lakhrl.sweatscissors.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617127/; classtype:trojan-activity;sid:84480227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617129)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/debug"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"lakhrl.sweatscissors.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617129/; classtype:trojan-activity;sid:84480229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617104)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"mx2.sweatscissors.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617104/; classtype:trojan-activity;sid:84480204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617105)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"mx2.sweatscissors.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617105/; classtype:trojan-activity;sid:84480205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617106)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"lakhrl.sweatscissors.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617106/; classtype:trojan-activity;sid:84480206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617107)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"clks.sweatscissors.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617107/; classtype:trojan-activity;sid:84480207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617109)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"clks.sweatscissors.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617109/; classtype:trojan-activity;sid:84480209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617110)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.sh4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"mx1.sweatscissors.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617110/; classtype:trojan-activity;sid:84480210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617114)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"clks.sweatscissors.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617114/; classtype:trojan-activity;sid:84480214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617116)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"clks.sweatscissors.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617116/; classtype:trojan-activity;sid:84480216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617117)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"clks.sweatscissors.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617117/; classtype:trojan-activity;sid:84480217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617118)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86_64"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"mx1.sweatscissors.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617118/; classtype:trojan-activity;sid:84480218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617096)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"mx1.sweatscissors.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617096/; classtype:trojan-activity;sid:84480196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617097)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"mx2.sweatscissors.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617097/; classtype:trojan-activity;sid:84480197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617098)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"mx2.sweatscissors.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617098/; classtype:trojan-activity;sid:84480198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617100)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i686"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"clks.sweatscissors.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617100/; classtype:trojan-activity;sid:84480200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617101)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"mx1.sweatscissors.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617101/; classtype:trojan-activity;sid:84480201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617102)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"lakhrl.sweatscissors.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617102/; classtype:trojan-activity;sid:84480202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617103)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"lakhrl.sweatscissors.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617103/; classtype:trojan-activity;sid:84480203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617095)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"mx1.sweatscissors.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617095/; classtype:trojan-activity;sid:84480195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617092)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"mx1.sweatscissors.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617092/; classtype:trojan-activity;sid:84480192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617093)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/debug"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"mx2.sweatscissors.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617093/; classtype:trojan-activity;sid:84480193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617091)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"clks.sweatscissors.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617091/; classtype:trojan-activity;sid:84480191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617090)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"clks.sweatscissors.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617090/; classtype:trojan-activity;sid:84480190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616843)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.83.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616843/; classtype:trojan-activity;sid:84479943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616174)"; flow:established,from_client; content:"GET"; http_method; content:"/files/unique1/random.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616174/; classtype:trojan-activity;sid:84479274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616153)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"46.100.5.56"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616153/; classtype:trojan-activity;sid:84479253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616152)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"207.65.186.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616152/; classtype:trojan-activity;sid:84479252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616062)"; flow:established,from_client; content:"GET"; http_method; content:"/24/items/realomadrido2025/tragira.jpg"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"ia801003.us.archive.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616062/; classtype:trojan-activity;sid:84479162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616001)"; flow:established,from_client; content:"GET"; http_method; content:"/buding/139assicc.dll"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"114.66.52.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616001/; classtype:trojan-activity;sid:84479101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616000)"; flow:established,from_client; content:"GET"; http_method; content:"/35buding/139assicc.dll"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"58.87.92.169"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616000/; classtype:trojan-activity;sid:84479100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615992)"; flow:established,from_client; content:"GET"; http_method; content:"/buding/3dexplor.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"43.248.118.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615992/; classtype:trojan-activity;sid:84479092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615991)"; flow:established,from_client; content:"GET"; http_method; content:"/buding/3dexplor.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"103.40.13.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615991/; classtype:trojan-activity;sid:84479091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615933)"; flow:established,from_client; content:"GET"; http_method; content:"/files/rdx/random.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615933/; classtype:trojan-activity;sid:84479033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615703)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.97.162.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_02; reference:url, urlhaus.abuse.ch/url/3615703/; classtype:trojan-activity;sid:84478803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615696)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.55.126.179"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_02; reference:url, urlhaus.abuse.ch/url/3615696/; classtype:trojan-activity;sid:84478796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615611)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/xdbcvdei"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_02; reference:url, urlhaus.abuse.ch/url/3615611/; classtype:trojan-activity;sid:84478711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615550)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.113.82.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_02; reference:url, urlhaus.abuse.ch/url/3615550/; classtype:trojan-activity;sid:84478650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615455)"; flow:established,from_client; content:"GET"; http_method; content:"/v19239.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"178.16.55.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_02; reference:url, urlhaus.abuse.ch/url/3615455/; classtype:trojan-activity;sid:84478555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615435)"; flow:established,from_client; content:"GET"; http_method; content:"/v3434.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.16.55.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_02; reference:url, urlhaus.abuse.ch/url/3615435/; classtype:trojan-activity;sid:84478535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615324)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"20.2.220.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3615324/; classtype:trojan-activity;sid:84478424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615306)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.109.44.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3615306/; classtype:trojan-activity;sid:84478406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615095)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.83.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3615095/; classtype:trojan-activity;sid:84478195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615073)"; flow:established,from_client; content:"GET"; http_method; content:"/3.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3615073/; classtype:trojan-activity;sid:84478173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615074)"; flow:established,from_client; content:"GET"; http_method; content:"/8.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3615074/; classtype:trojan-activity;sid:84478174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615070)"; flow:established,from_client; content:"GET"; http_method; content:"/bcl.pfx"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3615070/; classtype:trojan-activity;sid:84478170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615068)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3615068/; classtype:trojan-activity;sid:84478168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615069)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3615069/; classtype:trojan-activity;sid:84478169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614931)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.156.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_31; reference:url, urlhaus.abuse.ch/url/3614931/; classtype:trojan-activity;sid:84478031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.213.81.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_31; reference:url, urlhaus.abuse.ch/url/3614869/; classtype:trojan-activity;sid:84477969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614701)"; flow:established,from_client; content:"GET"; http_method; content:"/files/unique4/random.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_31; reference:url, urlhaus.abuse.ch/url/3614701/; classtype:trojan-activity;sid:84477801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614697)"; flow:established,from_client; content:"GET"; http_method; content:"/windowsupdate.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"129.152.20.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_31; reference:url, urlhaus.abuse.ch/url/3614697/; classtype:trojan-activity;sid:84477797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614696)"; flow:established,from_client; content:"GET"; http_method; content:"/windows.x64.silent.cpu.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"129.152.20.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_31; reference:url, urlhaus.abuse.ch/url/3614696/; classtype:trojan-activity;sid:84477796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614637)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"122.156.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_31; reference:url, urlhaus.abuse.ch/url/3614637/; classtype:trojan-activity;sid:84477737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614582)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.216.189.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_31; reference:url, urlhaus.abuse.ch/url/3614582/; classtype:trojan-activity;sid:84477682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614460)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.221.201.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614460/; classtype:trojan-activity;sid:84477560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614419)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"41.216.189.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614419/; classtype:trojan-activity;sid:84477519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614418)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.sh4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"41.216.189.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614418/; classtype:trojan-activity;sid:84477518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614408)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"41.216.189.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614408/; classtype:trojan-activity;sid:84477508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614398)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"41.216.189.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614398/; classtype:trojan-activity;sid:84477498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614399)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/debug"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"41.216.189.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614399/; classtype:trojan-activity;sid:84477499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614400)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"41.216.189.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614400/; classtype:trojan-activity;sid:84477500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614401)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i686"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"41.216.189.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614401/; classtype:trojan-activity;sid:84477501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614393)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86_64"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"41.216.189.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614393/; classtype:trojan-activity;sid:84477493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614385)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"152.136.139.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614385/; classtype:trojan-activity;sid:84477485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614380)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.53.43.55"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614380/; classtype:trojan-activity;sid:84477480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614347)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.7.149.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614347/; classtype:trojan-activity;sid:84477447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614345)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.110.149.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614345/; classtype:trojan-activity;sid:84477445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614280)"; flow:established,from_client; content:"GET"; http_method; content:"/d/mzjfndu3ndewnzjf/dvgihou177.bin"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"od.lk"; http_host; depth:5; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614280/; classtype:trojan-activity;sid:84477380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614199)"; flow:established,from_client; content:"GET"; http_method; content:"/827-mh1-3t/827/main/t1.png"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614199/; classtype:trojan-activity;sid:84477299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614081)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.16.55.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614081/; classtype:trojan-activity;sid:84477181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614077)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.16.55.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614077/; classtype:trojan-activity;sid:84477177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614078)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"178.16.55.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614078/; classtype:trojan-activity;sid:84477178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614057)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.16.55.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614057/; classtype:trojan-activity;sid:84477157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614054)"; flow:established,from_client; content:"GET"; http_method; content:"/clean"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.16.55.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614054/; classtype:trojan-activity;sid:84477154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613954)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.148.195.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3613954/; classtype:trojan-activity;sid:84477054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613950)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.148.195.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3613950/; classtype:trojan-activity;sid:84477050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613687)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"196.251.70.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_29; reference:url, urlhaus.abuse.ch/url/3613687/; classtype:trojan-activity;sid:84476787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613664)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"211.231.61.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_29; reference:url, urlhaus.abuse.ch/url/3613664/; classtype:trojan-activity;sid:84476764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613494)"; flow:established,from_client; content:"GET"; http_method; content:"/peterson643eu/projecttop/refs/heads/main/zjqppajn.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_29; reference:url, urlhaus.abuse.ch/url/3613494/; classtype:trojan-activity;sid:84476594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613396)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.219.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_29; reference:url, urlhaus.abuse.ch/url/3613396/; classtype:trojan-activity;sid:84476496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613384)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.219.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_29; reference:url, urlhaus.abuse.ch/url/3613384/; classtype:trojan-activity;sid:84476484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613214)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.43.76.100"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_28; reference:url, urlhaus.abuse.ch/url/3613214/; classtype:trojan-activity;sid:84476314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613011)"; flow:established,from_client; content:"GET"; http_method; content:"/msupdteer.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mailweb.otzo.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_28; reference:url, urlhaus.abuse.ch/url/3613011/; classtype:trojan-activity;sid:84476111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612605)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.4.102.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612605/; classtype:trojan-activity;sid:84475705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612593)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.7.149.228"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612593/; classtype:trojan-activity;sid:84475693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612531)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"211.231.61.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612531/; classtype:trojan-activity;sid:84475631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612304)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.43.76.100"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612304/; classtype:trojan-activity;sid:84475404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612276)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"159.224.193.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612276/; classtype:trojan-activity;sid:84475376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612274)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"74.214.56.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612274/; classtype:trojan-activity;sid:84475374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612268)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"74.214.56.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612268/; classtype:trojan-activity;sid:84475368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611504)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/usbmmidd_v2.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"www.amyuni.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_25; reference:url, urlhaus.abuse.ch/url/3611504/; classtype:trojan-activity;sid:84474604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611466)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"118.31.173.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_25; reference:url, urlhaus.abuse.ch/url/3611466/; classtype:trojan-activity;sid:84474566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611446)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.234.174.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_25; reference:url, urlhaus.abuse.ch/url/3611446/; classtype:trojan-activity;sid:84474546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611290)"; flow:established,from_client; content:"GET"; http_method; content:"/debugview++.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"119.91.238.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_25; reference:url, urlhaus.abuse.ch/url/3611290/; classtype:trojan-activity;sid:84474390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611288)"; flow:established,from_client; content:"GET"; http_method; content:"/debugview++.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"101.33.244.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_25; reference:url, urlhaus.abuse.ch/url/3611288/; classtype:trojan-activity;sid:84474388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611287)"; flow:established,from_client; content:"GET"; http_method; content:"/debugview++.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"119.29.147.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_25; reference:url, urlhaus.abuse.ch/url/3611287/; classtype:trojan-activity;sid:84474387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611119)"; flow:established,from_client; content:"GET"; http_method; content:"/testmine/random.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_25; reference:url, urlhaus.abuse.ch/url/3611119/; classtype:trojan-activity;sid:84474219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610764)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610764/; classtype:trojan-activity;sid:84473864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610729)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"173.254.201.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610729/; classtype:trojan-activity;sid:84473829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610725)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.162.61.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610725/; classtype:trojan-activity;sid:84473825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610697)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.114.103.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610697/; classtype:trojan-activity;sid:84473797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610701)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.112.150.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610701/; classtype:trojan-activity;sid:84473801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610704)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.251.236.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610704/; classtype:trojan-activity;sid:84473804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610643)"; flow:established,from_client; content:"GET"; http_method; content:"/buding/soul.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"114.66.52.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610643/; classtype:trojan-activity;sid:84473743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610638)"; flow:established,from_client; content:"GET"; http_method; content:"/soul.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"114.66.52.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610638/; classtype:trojan-activity;sid:84473738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610613)"; flow:established,from_client; content:"GET"; http_method; content:"/tfsoft/xftd/v2/ctf/"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"tengfeidn.cn"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610613/; classtype:trojan-activity;sid:84473713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610612)"; flow:established,from_client; content:"GET"; http_method; content:"/tfsoft/xftd/v2/ctf/"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"pcupd.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610612/; classtype:trojan-activity;sid:84473712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610608)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/optimized_msi.png"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"katyache.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610608/; classtype:trojan-activity;sid:84473708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610604)"; flow:established,from_client; content:"GET"; http_method; content:"/api/upgrade/jd"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"rdm.91yunma.cn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610604/; classtype:trojan-activity;sid:84473704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610602)"; flow:established,from_client; content:"GET"; http_method; content:"/api/upgrade/qcoin"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"rdm.91yunma.cn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610602/; classtype:trojan-activity;sid:84473702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610601)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"178.16.55.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610601/; classtype:trojan-activity;sid:84473701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610495)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.205.213.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610495/; classtype:trojan-activity;sid:84473595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610401)"; flow:established,from_client; content:"GET"; http_method; content:"/temp/mely.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"areyouready.co.za"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610401/; classtype:trojan-activity;sid:84473501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610381)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/loic/raw/refs/heads/master/loic.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610381/; classtype:trojan-activity;sid:84473481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610380)"; flow:established,from_client; content:"GET"; http_method; content:"/raizydaizy/steamcmd/raw/refs/heads/main/steamcmd.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610380/; classtype:trojan-activity;sid:84473480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610143)"; flow:established,from_client; content:"GET"; http_method; content:"/dr.html"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"101.33.235.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3610143/; classtype:trojan-activity;sid:84473243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610135)"; flow:established,from_client; content:"GET"; http_method; content:"/sealsuite_update"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"107.174.133.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3610135/; classtype:trojan-activity;sid:84473235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610133)"; flow:established,from_client; content:"GET"; http_method; content:"/%e7%ae%80%e5%8e%86-%e9%83%91%e5%ae%8f%e6%b6%9b-%e6%b8%85%e5%8d%8e%e5%a4%a7%e5%ad%a6.dotm"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"60.204.169.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3610133/; classtype:trojan-activity;sid:84473233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610039)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"181.223.9.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3610039/; classtype:trojan-activity;sid:84473139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610038)"; flow:established,from_client; content:"GET"; http_method; content:"/file.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"181.223.9.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3610038/; classtype:trojan-activity;sid:84473138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610037)"; flow:established,from_client; content:"GET"; http_method; content:"/script2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"181.223.9.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3610037/; classtype:trojan-activity;sid:84473137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609762)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xans.arm4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.232.114.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609762/; classtype:trojan-activity;sid:84472862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609761)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.232.114.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609761/; classtype:trojan-activity;sid:84472861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609760)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xans.x86"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.232.114.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609760/; classtype:trojan-activity;sid:84472860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609758)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xans.arm5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.232.114.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609758/; classtype:trojan-activity;sid:84472858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609757)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xans.arm6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.232.114.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609757/; classtype:trojan-activity;sid:84472857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609752)"; flow:established,from_client; content:"GET"; http_method; content:"/csky"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.232.114.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609752/; classtype:trojan-activity;sid:84472852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609753)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xans.spc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.232.114.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609753/; classtype:trojan-activity;sid:84472853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609754)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"213.232.114.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609754/; classtype:trojan-activity;sid:84472854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609755)"; flow:established,from_client; content:"GET"; http_method; content:"/d.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.232.114.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609755/; classtype:trojan-activity;sid:84472855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609756)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xans.m68k"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.232.114.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609756/; classtype:trojan-activity;sid:84472856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609750)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xans.ppc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.232.114.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609750/; classtype:trojan-activity;sid:84472850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609751)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xans.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.232.114.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609751/; classtype:trojan-activity;sid:84472851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609749)"; flow:established,from_client; content:"GET"; http_method; content:"/cat.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.232.114.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609749/; classtype:trojan-activity;sid:84472849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609748)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xans.mpsl"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.232.114.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609748/; classtype:trojan-activity;sid:84472848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609741)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.186.28.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609741/; classtype:trojan-activity;sid:84472841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609700)"; flow:established,from_client; content:"GET"; http_method; content:"/setup.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"blackhatusa.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609700/; classtype:trojan-activity;sid:84472800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609561)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.184.229.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609561/; classtype:trojan-activity;sid:84472661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609549)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.184.229.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609549/; classtype:trojan-activity;sid:84472649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609394)"; flow:established,from_client; content:"GET"; http_method; content:"/%e6%81%92%e5%a4%a9%e7%91%9e%e8%ae%af3.4.2.52.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"118.244.192.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3609394/; classtype:trojan-activity;sid:84472494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609388)"; flow:established,from_client; content:"GET"; http_method; content:"/files/data/cef/client-webengine.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"51.178.30.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3609388/; classtype:trojan-activity;sid:84472488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609318)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"160.250.128.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3609318/; classtype:trojan-activity;sid:84472418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609297)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.29.137.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3609297/; classtype:trojan-activity;sid:84472397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609204)"; flow:established,from_client; content:"GET"; http_method; content:"/beacon_x64.ps1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.134.189.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3609204/; classtype:trojan-activity;sid:84472304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609203)"; flow:established,from_client; content:"GET"; http_method; content:"/beacon_x64.tar"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.134.189.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3609203/; classtype:trojan-activity;sid:84472303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609150)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.197.231.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3609150/; classtype:trojan-activity;sid:84472250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609043)"; flow:established,from_client; content:"GET"; http_method; content:"/cvdfnafjbmc0/plugins/cred64.dll"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"microsoft-telemetry.cc"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3609043/; classtype:trojan-activity;sid:84472143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609042)"; flow:established,from_client; content:"GET"; http_method; content:"/cvdfnafjbmc0/plugins/clip.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"microsoft-telemetry.cc"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3609042/; classtype:trojan-activity;sid:84472142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609041)"; flow:established,from_client; content:"GET"; http_method; content:"/cvdfnafjbmc0/plugins/cred.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"microsoft-telemetry.cc"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3609041/; classtype:trojan-activity;sid:84472141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609040)"; flow:established,from_client; content:"GET"; http_method; content:"/cvdfnafjbmc0/plugins/clip64.dll"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"microsoft-telemetry.cc"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3609040/; classtype:trojan-activity;sid:84472140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609039)"; flow:established,from_client; content:"GET"; http_method; content:"/cvdfnafjbmc0/plugins/vnc.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"microsoft-telemetry.cc"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3609039/; classtype:trojan-activity;sid:84472139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608802)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"119.45.105.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3608802/; classtype:trojan-activity;sid:84471902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608773)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"119.45.105.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3608773/; classtype:trojan-activity;sid:84471873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608522)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/22072024080730/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608522/; classtype:trojan-activity;sid:84471622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608521)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/17062024123023/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608521/; classtype:trojan-activity;sid:84471621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608520)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/14082024082341/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608520/; classtype:trojan-activity;sid:84471620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608519)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/09072024080408/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608519/; classtype:trojan-activity;sid:84471619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608518)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/11072024072520/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608518/; classtype:trojan-activity;sid:84471618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608517)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608517/; classtype:trojan-activity;sid:84471617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608511)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/10092024072747/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608511/; classtype:trojan-activity;sid:84471611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608513)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/23092024080311/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608513/; classtype:trojan-activity;sid:84471613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608505)"; flow:established,from_client; content:"GET"; http_method; content:"/steelames/windowsinstaller4_5/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"203.232.37.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608505/; classtype:trojan-activity;sid:84471605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608506)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/02082024071413/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608506/; classtype:trojan-activity;sid:84471606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608503)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/23092024103542/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608503/; classtype:trojan-activity;sid:84471603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608500)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/15072024075523/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608500/; classtype:trojan-activity;sid:84471600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608501)"; flow:established,from_client; content:"GET"; http_method; content:"/212925334128/2021-11/av.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608501/; classtype:trojan-activity;sid:84471601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608487)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/13082024070204/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608487/; classtype:trojan-activity;sid:84471587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608488)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/14062024075221/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608488/; classtype:trojan-activity;sid:84471588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608489)"; flow:established,from_client; content:"GET"; http_method; content:"/212925334128/2021-11/photo.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608489/; classtype:trojan-activity;sid:84471589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608490)"; flow:established,from_client; content:"GET"; http_method; content:"/212925334128/2021-11/video.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608490/; classtype:trojan-activity;sid:84471590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608491)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/12082024075637/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608491/; classtype:trojan-activity;sid:84471591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608492)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/16082024071234/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608492/; classtype:trojan-activity;sid:84471592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608493)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/13072024070443/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608493/; classtype:trojan-activity;sid:84471593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608494)"; flow:established,from_client; content:"GET"; http_method; content:"/212925334128/2021-11/3c7dd4259d7141c1859d3a845d92c3c8/photo.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608494/; classtype:trojan-activity;sid:84471594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608495)"; flow:established,from_client; content:"GET"; http_method; content:"/212925334128/2021-11/3c7dd4259d7141c1859d3a845d92c3c8/av.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608495/; classtype:trojan-activity;sid:84471595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608496)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/18062024074945/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608496/; classtype:trojan-activity;sid:84471596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608497)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/22082024110801/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608497/; classtype:trojan-activity;sid:84471597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608482)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/12092024121832/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608482/; classtype:trojan-activity;sid:84471582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608483)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8461/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608483/; classtype:trojan-activity;sid:84471583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608478)"; flow:established,from_client; content:"GET"; http_method; content:"/212925334128/2021-11/3c7dd4259d7141c1859d3a845d92c3c8/video.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608478/; classtype:trojan-activity;sid:84471578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608479)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/10092024080037/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608479/; classtype:trojan-activity;sid:84471579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608471)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/28082024112055/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608471/; classtype:trojan-activity;sid:84471571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608474)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/11062024140819/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608474/; classtype:trojan-activity;sid:84471574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608470)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/25072024071607/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608470/; classtype:trojan-activity;sid:84471570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608466)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/17082024070657/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608466/; classtype:trojan-activity;sid:84471566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608467)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/11072024122345/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608467/; classtype:trojan-activity;sid:84471567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608217)"; flow:established,from_client; content:"GET"; http_method; content:"/bookvita.txt"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"171.22.16.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608217/; classtype:trojan-activity;sid:84471317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608100)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.231.176.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608100/; classtype:trojan-activity;sid:84471200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608094)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"207.113.230.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608094/; classtype:trojan-activity;sid:84471194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608082)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.55.82.160"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608082/; classtype:trojan-activity;sid:84471182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608047)"; flow:established,from_client; content:"GET"; http_method; content:"/dropper.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"91.212.166.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608047/; classtype:trojan-activity;sid:84471147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608040)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"84.200.81.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608040/; classtype:trojan-activity;sid:84471140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608041)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"84.200.81.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608041/; classtype:trojan-activity;sid:84471141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608042)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"84.200.81.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608042/; classtype:trojan-activity;sid:84471142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608043)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"84.200.81.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608043/; classtype:trojan-activity;sid:84471143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608039)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"84.200.81.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608039/; classtype:trojan-activity;sid:84471139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608038)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"84.200.81.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608038/; classtype:trojan-activity;sid:84471138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608036)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"84.200.81.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608036/; classtype:trojan-activity;sid:84471136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608037)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"84.200.81.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608037/; classtype:trojan-activity;sid:84471137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608001)"; flow:established,from_client; content:"GET"; http_method; content:"/~topmedsolutionco/wp-includes/images/media/resultats-damadeus-benefit-2025.scr"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"topmedsolution.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608001/; classtype:trojan-activity;sid:84471101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607967)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"84.200.81.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3607967/; classtype:trojan-activity;sid:84471067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607961)"; flow:established,from_client; content:"GET"; http_method; content:"/ntchuy/hack/refs/heads/main/client.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3607961/; classtype:trojan-activity;sid:84471061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607962)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"84.200.81.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3607962/; classtype:trojan-activity;sid:84471062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607963)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"84.200.81.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3607963/; classtype:trojan-activity;sid:84471063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607915)"; flow:established,from_client; content:"GET"; http_method; content:"/linpeas.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"34.70.102.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3607915/; classtype:trojan-activity;sid:84471015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607644)"; flow:established,from_client; content:"GET"; http_method; content:"/d/vipx27099"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.93.89.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3607644/; classtype:trojan-activity;sid:84470744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607614)"; flow:established,from_client; content:"GET"; http_method; content:"/d/leopold60656"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.93.89.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3607614/; classtype:trojan-activity;sid:84470714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607615)"; flow:established,from_client; content:"GET"; http_method; content:"/otherassets/ledger.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.93.89.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3607615/; classtype:trojan-activity;sid:84470715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607426)"; flow:established,from_client; content:"GET"; http_method; content:"/download.php|3f|file=999.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607426/; classtype:trojan-activity;sid:84470526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607394)"; flow:established,from_client; content:"GET"; http_method; content:"/files/unique2/random.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607394/; classtype:trojan-activity;sid:84470494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607358)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.72.105.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607358/; classtype:trojan-activity;sid:84470458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607344)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.158.206.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607344/; classtype:trojan-activity;sid:84470444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607246)"; flow:established,from_client; content:"GET"; http_method; content:"/gabeeeeeesd/solaraexecutor/raw/refs/heads/main/solara%20v3.exe"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607246/; classtype:trojan-activity;sid:84470346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607037)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.219.105.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607037/; classtype:trojan-activity;sid:84470137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606904)"; flow:established,from_client; content:"GET"; http_method; content:"/win.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"visualwikicloud.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606904/; classtype:trojan-activity;sid:84470004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606817)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.169.228.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606817/; classtype:trojan-activity;sid:84469917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606808)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"221.113.193.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606808/; classtype:trojan-activity;sid:84469908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606770)"; flow:established,from_client; content:"GET"; http_method; content:"/d1ovu/pon/refs/heads/main/rustmedebyg.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606770/; classtype:trojan-activity;sid:84469870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606767)"; flow:established,from_client; content:"GET"; http_method; content:"/d1ovu/pon/refs/heads/main/rustme.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606767/; classtype:trojan-activity;sid:84469867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606766)"; flow:established,from_client; content:"GET"; http_method; content:"/d1ovu/pon/refs/heads/main/debugconfig.bat"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606766/; classtype:trojan-activity;sid:84469866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606681)"; flow:established,from_client; content:"GET"; http_method; content:"/d/kin54042"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.93.89.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606681/; classtype:trojan-activity;sid:84469781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606680)"; flow:established,from_client; content:"GET"; http_method; content:"/atu.lim"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"electri.billregulator.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606680/; classtype:trojan-activity;sid:84469780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606577)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/9e3363f017c60726bf610a2a472040144t."; http_uri; depth:41; isdataat:!1,relative; nocase; content:"file.uhsea.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606577/; classtype:trojan-activity;sid:84469677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606414)"; flow:established,from_client; content:"GET"; http_method; content:"/debug"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"213.209.143.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606414/; classtype:trojan-activity;sid:84469514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606412)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"213.209.143.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606412/; classtype:trojan-activity;sid:84469512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606413)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"213.209.143.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606413/; classtype:trojan-activity;sid:84469513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606411)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.209.143.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606411/; classtype:trojan-activity;sid:84469511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606407)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"213.209.143.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606407/; classtype:trojan-activity;sid:84469507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606408)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"213.209.143.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606408/; classtype:trojan-activity;sid:84469508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606409)"; flow:established,from_client; content:"GET"; http_method; content:"/re.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"213.209.143.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606409/; classtype:trojan-activity;sid:84469509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606410)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"213.209.143.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606410/; classtype:trojan-activity;sid:84469510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606406)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.arc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606406/; classtype:trojan-activity;sid:84469506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606405)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"213.209.143.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606405/; classtype:trojan-activity;sid:84469505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606397)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"213.209.143.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606397/; classtype:trojan-activity;sid:84469497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606398)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"213.209.143.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606398/; classtype:trojan-activity;sid:84469498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606399)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86_64"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"213.209.143.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606399/; classtype:trojan-activity;sid:84469499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606400)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.sh4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"213.209.143.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606400/; classtype:trojan-activity;sid:84469500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606401)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"213.209.143.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606401/; classtype:trojan-activity;sid:84469501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606402)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i686"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"213.209.143.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606402/; classtype:trojan-activity;sid:84469502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606403)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"213.209.143.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606403/; classtype:trojan-activity;sid:84469503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606404)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"213.209.143.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606404/; classtype:trojan-activity;sid:84469504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606396)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606396/; classtype:trojan-activity;sid:84469496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606216)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606216/; classtype:trojan-activity;sid:84469316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606215)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.x86_64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.209.143.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606215/; classtype:trojan-activity;sid:84469315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606213)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.209.143.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606213/; classtype:trojan-activity;sid:84469313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606214)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.143.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606214/; classtype:trojan-activity;sid:84469314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606212)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606212/; classtype:trojan-activity;sid:84469312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606203)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606203/; classtype:trojan-activity;sid:84469303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606204)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606204/; classtype:trojan-activity;sid:84469304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606206)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606206/; classtype:trojan-activity;sid:84469306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606208)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606208/; classtype:trojan-activity;sid:84469308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606209)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.spc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606209/; classtype:trojan-activity;sid:84469309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606211)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.i686"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606211/; classtype:trojan-activity;sid:84469311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605990)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.52.208.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605990/; classtype:trojan-activity;sid:84469090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605992)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.72.102.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605992/; classtype:trojan-activity;sid:84469092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605993)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"150.187.25.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605993/; classtype:trojan-activity;sid:84469093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605981)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"81.69.98.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605981/; classtype:trojan-activity;sid:84469081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605958)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.4.1.150"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605958/; classtype:trojan-activity;sid:84469058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605936)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.227.132.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605936/; classtype:trojan-activity;sid:84469036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605934)"; flow:established,from_client; content:"GET"; http_method; content:"/milkrun/work_approval_pdf3.clientsetup.msi"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"scanwellhaulage.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605934/; classtype:trojan-activity;sid:84469034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605929)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.227.132.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605929/; classtype:trojan-activity;sid:84469029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605878)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"130.61.147.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605878/; classtype:trojan-activity;sid:84468978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605815)"; flow:established,from_client; content:"GET"; http_method; content:"/t8rku9ms/plugins/vnc.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.196.11.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605815/; classtype:trojan-activity;sid:84468915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605814)"; flow:established,from_client; content:"GET"; http_method; content:"/g8jejfc38/plugins/cred64.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.227.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605814/; classtype:trojan-activity;sid:84468914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605813)"; flow:established,from_client; content:"GET"; http_method; content:"/g8jejfc38/plugins/clip64.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.227.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605813/; classtype:trojan-activity;sid:84468913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605812)"; flow:established,from_client; content:"GET"; http_method; content:"/g8jejfc38/plugins/vnc.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"62.60.227.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605812/; classtype:trojan-activity;sid:84468912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605801)"; flow:established,from_client; content:"GET"; http_method; content:"/t8rku9ms/plugins/clip64.dll"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"185.196.11.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605801/; classtype:trojan-activity;sid:84468901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605803)"; flow:established,from_client; content:"GET"; http_method; content:"/t8rku9ms/plugins/cred.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.196.11.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605803/; classtype:trojan-activity;sid:84468903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605804)"; flow:established,from_client; content:"GET"; http_method; content:"/g8jejfc38/plugins/cred.dll"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"62.60.227.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605804/; classtype:trojan-activity;sid:84468904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605806)"; flow:established,from_client; content:"GET"; http_method; content:"/t8rku9ms/plugins/cred64.dll"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"185.196.11.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605806/; classtype:trojan-activity;sid:84468906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605807)"; flow:established,from_client; content:"GET"; http_method; content:"/g8jejfc38/plugins/clip.dll"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"62.60.227.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605807/; classtype:trojan-activity;sid:84468907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605797)"; flow:established,from_client; content:"GET"; http_method; content:"/t8rku9ms/plugins/clip.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.196.11.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605797/; classtype:trojan-activity;sid:84468897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605788)"; flow:established,from_client; content:"GET"; http_method; content:"/di9ku38f/plugins/clip.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"94.154.35.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605788/; classtype:trojan-activity;sid:84468888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605787)"; flow:established,from_client; content:"GET"; http_method; content:"/di9ku38f/plugins/cred.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"94.154.35.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605787/; classtype:trojan-activity;sid:84468887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605786)"; flow:established,from_client; content:"GET"; http_method; content:"/di9ku38f/plugins/clip64.dll"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"94.154.35.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605786/; classtype:trojan-activity;sid:84468886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605783)"; flow:established,from_client; content:"GET"; http_method; content:"/di9ku38f/plugins/cred64.dll"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"94.154.35.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605783/; classtype:trojan-activity;sid:84468883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605776)"; flow:established,from_client; content:"GET"; http_method; content:"/di9ku38f/plugins/vnc.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"94.154.35.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605776/; classtype:trojan-activity;sid:84468876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605692)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.219.105.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605692/; classtype:trojan-activity;sid:84468792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605364)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.166.218.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605364/; classtype:trojan-activity;sid:84468464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605346)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.39.183.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605346/; classtype:trojan-activity;sid:84468446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605083)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"70.40.48.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605083/; classtype:trojan-activity;sid:84468183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605078)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"70.40.48.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605078/; classtype:trojan-activity;sid:84468178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604879)"; flow:established,from_client; content:"GET"; http_method; content:"/keepon.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"209.145.51.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604879/; classtype:trojan-activity;sid:84467979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604878)"; flow:established,from_client; content:"GET"; http_method; content:"/iceland.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"uploadtree.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604878/; classtype:trojan-activity;sid:84467978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604743)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.2.227.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604743/; classtype:trojan-activity;sid:84467843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604727)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.59.132.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604727/; classtype:trojan-activity;sid:84467827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604591)"; flow:established,from_client; content:"GET"; http_method; content:"/networke.ps1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"cat.xiaoshabi.nl"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604591/; classtype:trojan-activity;sid:84467691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604271)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/adobeupdate.msi"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"94.159.99.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604271/; classtype:trojan-activity;sid:84467371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604270)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/l8825.msi"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"94.159.99.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604270/; classtype:trojan-activity;sid:84467370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604264)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.72.184.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604264/; classtype:trojan-activity;sid:84467364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604243)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.202.196.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604243/; classtype:trojan-activity;sid:84467343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604242)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.217.165.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604242/; classtype:trojan-activity;sid:84467342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604233)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"164.126.150.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604233/; classtype:trojan-activity;sid:84467333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604177)"; flow:established,from_client; content:"GET"; http_method; content:"/ajax/pixi.min.js"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"domainweel.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604177/; classtype:trojan-activity;sid:84467277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604091)"; flow:established,from_client; content:"GET"; http_method; content:"/64/64th%20service%20v20.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"64-agd.pages.dev"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604091/; classtype:trojan-activity;sid:84467191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603900)"; flow:established,from_client; content:"GET"; http_method; content:"/5.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.46.152.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603900/; classtype:trojan-activity;sid:84467000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603815)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"autoconfig.mestierecolombia.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603815/; classtype:trojan-activity;sid:84466915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603821)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"turkishzenci.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603821/; classtype:trojan-activity;sid:84466921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603828)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mail.mestierecolombia.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603828/; classtype:trojan-activity;sid:84466928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603808)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"autodiscover.mestierecolombia.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603808/; classtype:trojan-activity;sid:84466908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603797)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"autoconfig.mestierecolombia.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603797/; classtype:trojan-activity;sid:84466897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603788)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"turkishzenci.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603788/; classtype:trojan-activity;sid:84466888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603768)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"autodiscover.mestierecolombia.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603768/; classtype:trojan-activity;sid:84466868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603775)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"autoconfig.mestierecolombia.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603775/; classtype:trojan-activity;sid:84466875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603784)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"autodiscover.mestierecolombia.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603784/; classtype:trojan-activity;sid:84466884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603749)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mail.mestierecolombia.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603749/; classtype:trojan-activity;sid:84466849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603746)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"turkishzenci.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603746/; classtype:trojan-activity;sid:84466846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603697)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.213.174.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603697/; classtype:trojan-activity;sid:84466797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603693)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.213.174.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603693/; classtype:trojan-activity;sid:84466793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603049)"; flow:established,from_client; content:"GET"; http_method; content:"/testaccouynt/wrqerq121r/raw/refs/heads/main/var/www/html/hiddenbin/boatnet.arm"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603049/; classtype:trojan-activity;sid:84466149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603044)"; flow:established,from_client; content:"GET"; http_method; content:"/testaccouynt/wrqerq121r/raw/refs/heads/main/var/www/html/hiddenbin/boatnet.arm5"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603044/; classtype:trojan-activity;sid:84466144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603045)"; flow:established,from_client; content:"GET"; http_method; content:"/testaccouynt/wrqerq121r/raw/refs/heads/main/var/www/html/hiddenbin/boatnet.mips"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603045/; classtype:trojan-activity;sid:84466145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603046)"; flow:established,from_client; content:"GET"; http_method; content:"/testaccouynt/wrqerq121r/raw/refs/heads/main/var/www/html/hiddenbin/boatnet.arc"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603046/; classtype:trojan-activity;sid:84466146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603042)"; flow:established,from_client; content:"GET"; http_method; content:"/testaccouynt/wrqerq121r/raw/refs/heads/main/var/www/html/hiddenbin/boatnet.m68k"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603042/; classtype:trojan-activity;sid:84466142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603043)"; flow:established,from_client; content:"GET"; http_method; content:"/testaccouynt/wrqerq121r/raw/refs/heads/main/var/www/html/hiddenbin/boatnet.spc"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603043/; classtype:trojan-activity;sid:84466143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603038)"; flow:established,from_client; content:"GET"; http_method; content:"/testaccouynt/wrqerq121r/raw/refs/heads/main/var/www/html/hiddenbin/boatnet.arm6"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603038/; classtype:trojan-activity;sid:84466138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603040)"; flow:established,from_client; content:"GET"; http_method; content:"/testaccouynt/wrqerq121r/raw/refs/heads/main/var/www/html/hiddenbin/boatnet.x86"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603040/; classtype:trojan-activity;sid:84466140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603041)"; flow:established,from_client; content:"GET"; http_method; content:"/testaccouynt/wrqerq121r/raw/refs/heads/main/var/www/html/hiddenbin/boatnet.sh4"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603041/; classtype:trojan-activity;sid:84466141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603033)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.191.254.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603033/; classtype:trojan-activity;sid:84466133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602898)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.46.152.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602898/; classtype:trojan-activity;sid:84465998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602897)"; flow:established,from_client; content:"GET"; http_method; content:"/5.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.46.152.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602897/; classtype:trojan-activity;sid:84465997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602487)"; flow:established,from_client; content:"GET"; http_method; content:"/scanubs9420625fpdf.7z"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"access.skaparade.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602487/; classtype:trojan-activity;sid:84465587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601854)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"wp.grovespras.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601854/; classtype:trojan-activity;sid:84464954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601445)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"164.126.150.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601445/; classtype:trojan-activity;sid:84464545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601212)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"192.159.99.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601212/; classtype:trojan-activity;sid:84464312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600911)"; flow:established,from_client; content:"GET"; http_method; content:"/av.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"blaiz.me"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600911/; classtype:trojan-activity;sid:84464011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600845)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.217.16.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600845/; classtype:trojan-activity;sid:84463945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600842)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.197.252.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600842/; classtype:trojan-activity;sid:84463942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600786)"; flow:established,from_client; content:"GET"; http_method; content:"/js/timer.jquery.js"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"googletagamnager.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600786/; classtype:trojan-activity;sid:84463886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600254)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.165.113.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600254/; classtype:trojan-activity;sid:84463354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600163)"; flow:established,from_client; content:"GET"; http_method; content:"/3.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.46.152.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600163/; classtype:trojan-activity;sid:84463263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600162)"; flow:established,from_client; content:"GET"; http_method; content:"/2.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.46.152.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600162/; classtype:trojan-activity;sid:84463262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600127)"; flow:established,from_client; content:"GET"; http_method; content:"/s/ssa-236-5263-89.msi"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"jayexecutive.co.ke"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600127/; classtype:trojan-activity;sid:84463227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599838)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.54.239.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599838/; classtype:trojan-activity;sid:84462938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599826)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.50.5.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599826/; classtype:trojan-activity;sid:84462926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599816)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.147.91.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599816/; classtype:trojan-activity;sid:84462916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599812)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.92.94.145"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599812/; classtype:trojan-activity;sid:84462912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599450)"; flow:established,from_client; content:"GET"; http_method; content:"/loader.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"78.29.45.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599450/; classtype:trojan-activity;sid:84462550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599149)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"14.103.234.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599149/; classtype:trojan-activity;sid:84462249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599093)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.235.87.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599093/; classtype:trojan-activity;sid:84462193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598811)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.43.18.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598811/; classtype:trojan-activity;sid:84461911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.73.82.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598806/; classtype:trojan-activity;sid:84461906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597699)"; flow:established,from_client; content:"GET"; http_method; content:"/user_profiles_photo/shellcode.bin"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"94.154.35.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597699/; classtype:trojan-activity;sid:84460799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597698)"; flow:established,from_client; content:"GET"; http_method; content:"/user_profiles_photo/cptch.bin"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"94.154.35.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597698/; classtype:trojan-activity;sid:84460798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597689)"; flow:established,from_client; content:"GET"; http_method; content:"/user_profiles_photo/stlc.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"94.154.35.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597689/; classtype:trojan-activity;sid:84460789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597685)"; flow:established,from_client; content:"GET"; http_method; content:"/wmieventlogs.js"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"181.206.158.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597685/; classtype:trojan-activity;sid:84460785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597686)"; flow:established,from_client; content:"GET"; http_method; content:"/copilotdrivers.js"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"181.206.158.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597686/; classtype:trojan-activity;sid:84460786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597670)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.98.136.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597670/; classtype:trojan-activity;sid:84460770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597664)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.97.118.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597664/; classtype:trojan-activity;sid:84460764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597662)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"120.157.159.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597662/; classtype:trojan-activity;sid:84460762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597645)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.125.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597645/; classtype:trojan-activity;sid:84460745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597379)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"117.72.183.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597379/; classtype:trojan-activity;sid:84460479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597374)"; flow:established,from_client; content:"GET"; http_method; content:"/updserc.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"emprotel.net.bo"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597374/; classtype:trojan-activity;sid:84460474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597183)"; flow:established,from_client; content:"GET"; http_method; content:"/212925334128/photo.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597183/; classtype:trojan-activity;sid:84460283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597181)"; flow:established,from_client; content:"GET"; http_method; content:"/212925334128/video.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597181/; classtype:trojan-activity;sid:84460281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597179)"; flow:established,from_client; content:"GET"; http_method; content:"/212925334128/av.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597179/; classtype:trojan-activity;sid:84460279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597168)"; flow:established,from_client; content:"GET"; http_method; content:"/thumbnails/av.lnk"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597168/; classtype:trojan-activity;sid:84460268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597162)"; flow:established,from_client; content:"GET"; http_method; content:"/thumbnails/photo.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597162/; classtype:trojan-activity;sid:84460262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597164)"; flow:established,from_client; content:"GET"; http_method; content:"/thumbnails/video.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597164/; classtype:trojan-activity;sid:84460264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597150)"; flow:established,from_client; content:"GET"; http_method; content:"/zmyjungmin/img001.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597150/; classtype:trojan-activity;sid:84460250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597049)"; flow:established,from_client; content:"GET"; http_method; content:"/js/rem2.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.stakloram.rs"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597049/; classtype:trojan-activity;sid:84460149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596573)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.218.189.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596573/; classtype:trojan-activity;sid:84459673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596568)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.91.236"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596568/; classtype:trojan-activity;sid:84459668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596562)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.125.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596562/; classtype:trojan-activity;sid:84459662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596563)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.125.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596563/; classtype:trojan-activity;sid:84459663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596564)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.125.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596564/; classtype:trojan-activity;sid:84459664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596545)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.255.232.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596545/; classtype:trojan-activity;sid:84459645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596145)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"39.106.144.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596145/; classtype:trojan-activity;sid:84459245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596143)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.97.118.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596143/; classtype:trojan-activity;sid:84459243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596137)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"42.51.34.56"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596137/; classtype:trojan-activity;sid:84459237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595852)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"111.231.23.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595852/; classtype:trojan-activity;sid:84458952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595832)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.159.0.251"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595832/; classtype:trojan-activity;sid:84458932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595824)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.47.103.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595824/; classtype:trojan-activity;sid:84458924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595313)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.255.232.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595313/; classtype:trojan-activity;sid:84458413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595240)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.122.30.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595240/; classtype:trojan-activity;sid:84458340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595236)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.208.181.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595236/; classtype:trojan-activity;sid:84458336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595225)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.143.31.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595225/; classtype:trojan-activity;sid:84458325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595215)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"171.247.205.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595215/; classtype:trojan-activity;sid:84458315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595203)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.241.78.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595203/; classtype:trojan-activity;sid:84458303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594962)"; flow:established,from_client; content:"GET"; http_method; content:"/.ssa/t1.png"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"isiore.com.co"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594962/; classtype:trojan-activity;sid:84458062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594942)"; flow:established,from_client; content:"GET"; http_method; content:"/r00tnik8/zianr35524869492586/raw/refs/heads/main/plugin3.plg"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594942/; classtype:trojan-activity;sid:84458042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594538)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.25.107.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594538/; classtype:trojan-activity;sid:84457638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594359)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/v1/object/public/auths0//booking13763.rar"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"fnvimoyvwkbxbmczlqus.supabase.co"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594359/; classtype:trojan-activity;sid:84457459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594328)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594328/; classtype:trojan-activity;sid:84457428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594090)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.136.193.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594090/; classtype:trojan-activity;sid:84457190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3593777)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"65.99.193.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_31; reference:url, urlhaus.abuse.ch/url/3593777/; classtype:trojan-activity;sid:84456877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3593771)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.112.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_31; reference:url, urlhaus.abuse.ch/url/3593771/; classtype:trojan-activity;sid:84456871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3593674)"; flow:established,from_client; content:"GET"; http_method; content:"/zx.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.46.152.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_31; reference:url, urlhaus.abuse.ch/url/3593674/; classtype:trojan-activity;sid:84456774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3593673)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.46.152.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_31; reference:url, urlhaus.abuse.ch/url/3593673/; classtype:trojan-activity;sid:84456773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3593488)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.46.152.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_31; reference:url, urlhaus.abuse.ch/url/3593488/; classtype:trojan-activity;sid:84456588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3593487)"; flow:established,from_client; content:"GET"; http_method; content:"/zx.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.46.152.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_31; reference:url, urlhaus.abuse.ch/url/3593487/; classtype:trojan-activity;sid:84456587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3593486)"; flow:established,from_client; content:"GET"; http_method; content:"/3.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.46.152.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_31; reference:url, urlhaus.abuse.ch/url/3593486/; classtype:trojan-activity;sid:84456586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3593287)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"39.105.165.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_30; reference:url, urlhaus.abuse.ch/url/3593287/; classtype:trojan-activity;sid:84456387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3593254)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"171.247.205.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_30; reference:url, urlhaus.abuse.ch/url/3593254/; classtype:trojan-activity;sid:84456354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592552)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.247.208.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592552/; classtype:trojan-activity;sid:84455652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592078)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.247.208.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592078/; classtype:trojan-activity;sid:84455178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592038)"; flow:established,from_client; content:"GET"; http_method; content:"/image/cache/data/aksesuarlar/patch-yama-arma/skid-row-500x500.jpg"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"xshop.com.tr"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592038/; classtype:trojan-activity;sid:84455138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3591632)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.113.145.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_28; reference:url, urlhaus.abuse.ch/url/3591632/; classtype:trojan-activity;sid:84454732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3591244)"; flow:established,from_client; content:"GET"; http_method; content:"/cat.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"23.95.247.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3591244/; classtype:trojan-activity;sid:84454344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590875)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"86.102.60.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590875/; classtype:trojan-activity;sid:84453975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590852)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.59.42.54"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590852/; classtype:trojan-activity;sid:84453952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590749)"; flow:established,from_client; content:"GET"; http_method; content:"/amineamine284/d3dx11_45/refs/heads/main/d3dx11_45.dll"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590749/; classtype:trojan-activity;sid:84453849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590748)"; flow:established,from_client; content:"GET"; http_method; content:"/amineamine284/rssdgxgr/refs/heads/main/garo%20x.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590748/; classtype:trojan-activity;sid:84453848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590746)"; flow:established,from_client; content:"GET"; http_method; content:"/amineamine284/edggqdsg/refs/heads/main/garo%20v1.dll"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590746/; classtype:trojan-activity;sid:84453846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590552)"; flow:established,from_client; content:"GET"; http_method; content:"/hafiz12cyber/request/raw/refs/heads/main/launcher.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590552/; classtype:trojan-activity;sid:84453652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590550)"; flow:established,from_client; content:"GET"; http_method; content:"/midkourtbbe/network/raw/refs/heads/main/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590550/; classtype:trojan-activity;sid:84453650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590549)"; flow:established,from_client; content:"GET"; http_method; content:"/anno29/web/raw/refs/heads/main/software.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590549/; classtype:trojan-activity;sid:84453649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590548)"; flow:established,from_client; content:"GET"; http_method; content:"/notcat999/sys/raw/refs/heads/main/software.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590548/; classtype:trojan-activity;sid:84453648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590547)"; flow:established,from_client; content:"GET"; http_method; content:"/gethalal-007/request/raw/refs/heads/main/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590547/; classtype:trojan-activity;sid:84453647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590546)"; flow:established,from_client; content:"GET"; http_method; content:"/nullarchive/request/raw/refs/heads/main/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590546/; classtype:trojan-activity;sid:84453646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590396)"; flow:established,from_client; content:"GET"; http_method; content:"/gitok.mp4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85.208.84.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_26; reference:url, urlhaus.abuse.ch/url/3590396/; classtype:trojan-activity;sid:84453496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590323)"; flow:established,from_client; content:"GET"; http_method; content:"/2.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.46.152.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_26; reference:url, urlhaus.abuse.ch/url/3590323/; classtype:trojan-activity;sid:84453423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590322)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.46.152.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_26; reference:url, urlhaus.abuse.ch/url/3590322/; classtype:trojan-activity;sid:84453422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590111)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.59.42.54"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_25; reference:url, urlhaus.abuse.ch/url/3590111/; classtype:trojan-activity;sid:84453211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590104)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.59.42.54"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_25; reference:url, urlhaus.abuse.ch/url/3590104/; classtype:trojan-activity;sid:84453204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590105)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.59.42.54"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_25; reference:url, urlhaus.abuse.ch/url/3590105/; classtype:trojan-activity;sid:84453205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590102)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.59.42.54"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_25; reference:url, urlhaus.abuse.ch/url/3590102/; classtype:trojan-activity;sid:84453202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590103)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.59.42.54"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_25; reference:url, urlhaus.abuse.ch/url/3590103/; classtype:trojan-activity;sid:84453203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3589469)"; flow:established,from_client; content:"GET"; http_method; content:"/1.txt"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"107.173.101.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_25; reference:url, urlhaus.abuse.ch/url/3589469/; classtype:trojan-activity;sid:84452569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3589338)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.25.190.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_25; reference:url, urlhaus.abuse.ch/url/3589338/; classtype:trojan-activity;sid:84452438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3589324)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.239.108.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_25; reference:url, urlhaus.abuse.ch/url/3589324/; classtype:trojan-activity;sid:84452424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3589312)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.24.52.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_25; reference:url, urlhaus.abuse.ch/url/3589312/; classtype:trojan-activity;sid:84452412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3589309)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.192.69.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_25; reference:url, urlhaus.abuse.ch/url/3589309/; classtype:trojan-activity;sid:84452409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3589307)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.24.52.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_25; reference:url, urlhaus.abuse.ch/url/3589307/; classtype:trojan-activity;sid:84452407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3589032)"; flow:established,from_client; content:"GET"; http_method; content:"/infect.ps1"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.141.87.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_24; reference:url, urlhaus.abuse.ch/url/3589032/; classtype:trojan-activity;sid:84452132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3588880)"; flow:established,from_client; content:"GET"; http_method; content:"/f4112442-c6fd-4d1f-99b7-ec0005ba3e4f/mqhwlv.sys"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"ucarecdn.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_24; reference:url, urlhaus.abuse.ch/url/3588880/; classtype:trojan-activity;sid:84451980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3588884)"; flow:established,from_client; content:"GET"; http_method; content:"/c4aa6390-ef31-4b3e-a191-67c1a5d20d7b/j5s1uy.bin"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"ucarecdn.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_24; reference:url, urlhaus.abuse.ch/url/3588884/; classtype:trojan-activity;sid:84451984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3588192)"; flow:established,from_client; content:"GET"; http_method; content:"/j/a5le0w"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_23; reference:url, urlhaus.abuse.ch/url/3588192/; classtype:trojan-activity;sid:84451292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3588193)"; flow:established,from_client; content:"GET"; http_method; content:"/j/mbe0w"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_23; reference:url, urlhaus.abuse.ch/url/3588193/; classtype:trojan-activity;sid:84451293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3588194)"; flow:established,from_client; content:"GET"; http_method; content:"/x/adb"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_23; reference:url, urlhaus.abuse.ch/url/3588194/; classtype:trojan-activity;sid:84451294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3588195)"; flow:established,from_client; content:"GET"; http_method; content:"/x/asus"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_23; reference:url, urlhaus.abuse.ch/url/3588195/; classtype:trojan-activity;sid:84451295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3588196)"; flow:established,from_client; content:"GET"; http_method; content:"/x/e"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_23; reference:url, urlhaus.abuse.ch/url/3588196/; classtype:trojan-activity;sid:84451296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3588197)"; flow:established,from_client; content:"GET"; http_method; content:"/x/vni"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_23; reference:url, urlhaus.abuse.ch/url/3588197/; classtype:trojan-activity;sid:84451297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3588198)"; flow:established,from_client; content:"GET"; http_method; content:"/x/b"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_23; reference:url, urlhaus.abuse.ch/url/3588198/; classtype:trojan-activity;sid:84451298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3588199)"; flow:established,from_client; content:"GET"; http_method; content:"/x/faraday"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_23; reference:url, urlhaus.abuse.ch/url/3588199/; classtype:trojan-activity;sid:84451299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3588200)"; flow:established,from_client; content:"GET"; http_method; content:"/x/raisecom"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_23; reference:url, urlhaus.abuse.ch/url/3588200/; classtype:trojan-activity;sid:84451300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3588201)"; flow:established,from_client; content:"GET"; http_method; content:"/x/c"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_23; reference:url, urlhaus.abuse.ch/url/3588201/; classtype:trojan-activity;sid:84451301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3588202)"; flow:established,from_client; content:"GET"; http_method; content:"/x/newsletter"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_23; reference:url, urlhaus.abuse.ch/url/3588202/; classtype:trojan-activity;sid:84451302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3588191)"; flow:established,from_client; content:"GET"; http_method; content:"/j/a4le1"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_23; reference:url, urlhaus.abuse.ch/url/3588191/; classtype:trojan-activity;sid:84451291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3588188)"; flow:established,from_client; content:"GET"; http_method; content:"/j/mle0w"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3588188/; classtype:trojan-activity;sid:84451288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3588189)"; flow:established,from_client; content:"GET"; http_method; content:"/j/a5le1w"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3588189/; classtype:trojan-activity;sid:84451289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3588190)"; flow:established,from_client; content:"GET"; http_method; content:"/j/a4le0"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3588190/; classtype:trojan-activity;sid:84451290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3588187)"; flow:established,from_client; content:"GET"; http_method; content:"/j/ppc1"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3588187/; classtype:trojan-activity;sid:84451287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3588081)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.173.138.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3588081/; classtype:trojan-activity;sid:84451181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3588071)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.28.227.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3588071/; classtype:trojan-activity;sid:84451171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3588061)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.141.135.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3588061/; classtype:trojan-activity;sid:84451161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587961)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.239.253.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3587961/; classtype:trojan-activity;sid:84451061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587866)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"85.175.7.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3587866/; classtype:trojan-activity;sid:84450966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587860)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.175.7.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3587860/; classtype:trojan-activity;sid:84450960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587861)"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.175.7.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3587861/; classtype:trojan-activity;sid:84450961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587862)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"85.175.7.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3587862/; classtype:trojan-activity;sid:84450962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587863)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.175.7.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3587863/; classtype:trojan-activity;sid:84450963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587864)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.175.7.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3587864/; classtype:trojan-activity;sid:84450964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587852)"; flow:established,from_client; content:"GET"; http_method; content:"/i486"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.175.7.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3587852/; classtype:trojan-activity;sid:84450952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587853)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"85.175.7.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3587853/; classtype:trojan-activity;sid:84450953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587854)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.175.7.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3587854/; classtype:trojan-activity;sid:84450954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587855)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"85.175.7.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3587855/; classtype:trojan-activity;sid:84450955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587856)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.175.7.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3587856/; classtype:trojan-activity;sid:84450956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587857)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.175.7.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3587857/; classtype:trojan-activity;sid:84450957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587858)"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.175.7.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3587858/; classtype:trojan-activity;sid:84450958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587859)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"85.175.7.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3587859/; classtype:trojan-activity;sid:84450959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587780)"; flow:established,from_client; content:"GET"; http_method; content:"/cat.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.175.7.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3587780/; classtype:trojan-activity;sid:84450880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587585)"; flow:established,from_client; content:"GET"; http_method; content:"/sid2983/-1aa-valoranta/releases/download/d0wn10ad/valcheat.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_21; reference:url, urlhaus.abuse.ch/url/3587585/; classtype:trojan-activity;sid:84450685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587551)"; flow:established,from_client; content:"GET"; http_method; content:"//2025/07/19/15/683192372.png"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"www2.0zz0.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_21; reference:url, urlhaus.abuse.ch/url/3587551/; classtype:trojan-activity;sid:84450651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3586631)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"1.1.104.97"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_21; reference:url, urlhaus.abuse.ch/url/3586631/; classtype:trojan-activity;sid:84449731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3586622)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.220.163.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_21; reference:url, urlhaus.abuse.ch/url/3586622/; classtype:trojan-activity;sid:84449722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3586202)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.109.140.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_20; reference:url, urlhaus.abuse.ch/url/3586202/; classtype:trojan-activity;sid:84449302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3586153)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.114.95.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_20; reference:url, urlhaus.abuse.ch/url/3586153/; classtype:trojan-activity;sid:84449253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3586154)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.97.32.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_20; reference:url, urlhaus.abuse.ch/url/3586154/; classtype:trojan-activity;sid:84449254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3586156)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.200.208.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_20; reference:url, urlhaus.abuse.ch/url/3586156/; classtype:trojan-activity;sid:84449256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3586157)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.131.175.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_20; reference:url, urlhaus.abuse.ch/url/3586157/; classtype:trojan-activity;sid:84449257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3586158)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.157.219.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_20; reference:url, urlhaus.abuse.ch/url/3586158/; classtype:trojan-activity;sid:84449258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3586160)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.4.141.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_20; reference:url, urlhaus.abuse.ch/url/3586160/; classtype:trojan-activity;sid:84449260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3586167)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.83.186.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_20; reference:url, urlhaus.abuse.ch/url/3586167/; classtype:trojan-activity;sid:84449267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3586151)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"24.37.71.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_20; reference:url, urlhaus.abuse.ch/url/3586151/; classtype:trojan-activity;sid:84449251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3586138)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"1.1.104.12"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_20; reference:url, urlhaus.abuse.ch/url/3586138/; classtype:trojan-activity;sid:84449238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3586143)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"1.1.104.120"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_20; reference:url, urlhaus.abuse.ch/url/3586143/; classtype:trojan-activity;sid:84449243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3585947)"; flow:established,from_client; content:"GET"; http_method; content:"/kjcy9kgh/02vcj.png"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"i.ibb.co"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_07_19; reference:url, urlhaus.abuse.ch/url/3585947/; classtype:trojan-activity;sid:84449047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3585184)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"118.25.85.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_17; reference:url, urlhaus.abuse.ch/url/3585184/; classtype:trojan-activity;sid:84448284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3585164)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.212.128.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_17; reference:url, urlhaus.abuse.ch/url/3585164/; classtype:trojan-activity;sid:84448264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3585148)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.122.246.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_17; reference:url, urlhaus.abuse.ch/url/3585148/; classtype:trojan-activity;sid:84448248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3585135)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.75.67.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_17; reference:url, urlhaus.abuse.ch/url/3585135/; classtype:trojan-activity;sid:84448235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3584739)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.247.2.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_17; reference:url, urlhaus.abuse.ch/url/3584739/; classtype:trojan-activity;sid:84447839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3584732)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.242.149.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_17; reference:url, urlhaus.abuse.ch/url/3584732/; classtype:trojan-activity;sid:84447832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3584733)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.101.123.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_17; reference:url, urlhaus.abuse.ch/url/3584733/; classtype:trojan-activity;sid:84447833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3584719)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"61.2.45.191"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_17; reference:url, urlhaus.abuse.ch/url/3584719/; classtype:trojan-activity;sid:84447819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3584281)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.202.204.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_16; reference:url, urlhaus.abuse.ch/url/3584281/; classtype:trojan-activity;sid:84447381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3584277)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.212.60.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_16; reference:url, urlhaus.abuse.ch/url/3584277/; classtype:trojan-activity;sid:84447377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3584272)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.103.57.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_16; reference:url, urlhaus.abuse.ch/url/3584272/; classtype:trojan-activity;sid:84447372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3584174)"; flow:established,from_client; content:"GET"; http_method; content:"/download.php|3f|filepath=/var/www/html/outport/proc|7c|26|7c|filename=proc."; http_uri; depth:76; isdataat:!1,relative; nocase; content:"ndirection.kr"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_16; reference:url, urlhaus.abuse.ch/url/3584174/; classtype:trojan-activity;sid:84447274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3583571)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_15; reference:url, urlhaus.abuse.ch/url/3583571/; classtype:trojan-activity;sid:84446671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3583284)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"138.207.174.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_14; reference:url, urlhaus.abuse.ch/url/3583284/; classtype:trojan-activity;sid:84446384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3583276)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"138.207.174.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_14; reference:url, urlhaus.abuse.ch/url/3583276/; classtype:trojan-activity;sid:84446376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3583040)"; flow:established,from_client; content:"GET"; http_method; content:"/laurenxss/42429a19c72b875b93608f8cb0cab933/raw/"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"gist.githubusercontent.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_07_14; reference:url, urlhaus.abuse.ch/url/3583040/; classtype:trojan-activity;sid:84446140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3583039)"; flow:established,from_client; content:"GET"; http_method; content:"/x-8.6-.snoopy"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"222.255.100.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_14; reference:url, urlhaus.abuse.ch/url/3583039/; classtype:trojan-activity;sid:84446139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3583027)"; flow:established,from_client; content:"GET"; http_method; content:"/i-5.8-6.snoopy"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"222.255.100.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_14; reference:url, urlhaus.abuse.ch/url/3583027/; classtype:trojan-activity;sid:84446127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3583028)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-4.snoopy"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"222.255.100.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_14; reference:url, urlhaus.abuse.ch/url/3583028/; classtype:trojan-activity;sid:84446128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3583029)"; flow:established,from_client; content:"GET"; http_method; content:"/snoopy.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"222.255.100.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_14; reference:url, urlhaus.abuse.ch/url/3583029/; classtype:trojan-activity;sid:84446129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3583030)"; flow:established,from_client; content:"GET"; http_method; content:"/x-3.2-.snoopy"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"222.255.100.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_14; reference:url, urlhaus.abuse.ch/url/3583030/; classtype:trojan-activity;sid:84446130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3583031)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-7.snoopy"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"222.255.100.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_14; reference:url, urlhaus.abuse.ch/url/3583031/; classtype:trojan-activity;sid:84446131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3583032)"; flow:established,from_client; content:"GET"; http_method; content:"/m-i.p-s.snoopy"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"222.255.100.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_14; reference:url, urlhaus.abuse.ch/url/3583032/; classtype:trojan-activity;sid:84446132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3583033)"; flow:established,from_client; content:"GET"; http_method; content:"/m-p.s-l.snoopy"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"222.255.100.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_14; reference:url, urlhaus.abuse.ch/url/3583033/; classtype:trojan-activity;sid:84446133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3583034)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-5.snoopy"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"222.255.100.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_14; reference:url, urlhaus.abuse.ch/url/3583034/; classtype:trojan-activity;sid:84446134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3583035)"; flow:established,from_client; content:"GET"; http_method; content:"/p-p.c-.snoopy"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"222.255.100.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_14; reference:url, urlhaus.abuse.ch/url/3583035/; classtype:trojan-activity;sid:84446135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3583036)"; flow:established,from_client; content:"GET"; http_method; content:"/m-6.8-k.snoopy"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"222.255.100.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_14; reference:url, urlhaus.abuse.ch/url/3583036/; classtype:trojan-activity;sid:84446136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3583037)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-6.snoopy"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"222.255.100.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_14; reference:url, urlhaus.abuse.ch/url/3583037/; classtype:trojan-activity;sid:84446137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3583038)"; flow:established,from_client; content:"GET"; http_method; content:"/s-h.4-.snoopy"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"222.255.100.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_14; reference:url, urlhaus.abuse.ch/url/3583038/; classtype:trojan-activity;sid:84446138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3582633)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.72.69.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_13; reference:url, urlhaus.abuse.ch/url/3582633/; classtype:trojan-activity;sid:84445733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3582363)"; flow:established,from_client; content:"GET"; http_method; content:"/rated1337-group/rated1337-project/-/raw/main/000.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"gitlab.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_13; reference:url, urlhaus.abuse.ch/url/3582363/; classtype:trojan-activity;sid:84445463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3582266)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.132.131.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_13; reference:url, urlhaus.abuse.ch/url/3582266/; classtype:trojan-activity;sid:84445366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3582136)"; flow:established,from_client; content:"GET"; http_method; content:"/j/xle1"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_12; reference:url, urlhaus.abuse.ch/url/3582136/; classtype:trojan-activity;sid:84445236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3582132)"; flow:established,from_client; content:"GET"; http_method; content:"/j/mle1"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_12; reference:url, urlhaus.abuse.ch/url/3582132/; classtype:trojan-activity;sid:84445232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3582134)"; flow:established,from_client; content:"GET"; http_method; content:"/j/a5le1"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_12; reference:url, urlhaus.abuse.ch/url/3582134/; classtype:trojan-activity;sid:84445234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3582125)"; flow:established,from_client; content:"GET"; http_method; content:"/j/mbe1"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_12; reference:url, urlhaus.abuse.ch/url/3582125/; classtype:trojan-activity;sid:84445225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3582127)"; flow:established,from_client; content:"GET"; http_method; content:"/j/a7le1"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_12; reference:url, urlhaus.abuse.ch/url/3582127/; classtype:trojan-activity;sid:84445227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3582128)"; flow:established,from_client; content:"GET"; http_method; content:"/j/aale1"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_12; reference:url, urlhaus.abuse.ch/url/3582128/; classtype:trojan-activity;sid:84445228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3582131)"; flow:established,from_client; content:"GET"; http_method; content:"/j/xale1"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_12; reference:url, urlhaus.abuse.ch/url/3582131/; classtype:trojan-activity;sid:84445231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3582069)"; flow:established,from_client; content:"GET"; http_method; content:"/red.mp4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.frontier.net.pk"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_07_12; reference:url, urlhaus.abuse.ch/url/3582069/; classtype:trojan-activity;sid:84445169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3582066)"; flow:established,from_client; content:"GET"; http_method; content:"/green.mp4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.frontier.net.pk"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_07_12; reference:url, urlhaus.abuse.ch/url/3582066/; classtype:trojan-activity;sid:84445166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3582035)"; flow:established,from_client; content:"GET"; http_method; content:"/darkcyan-fa1d3_install.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"dansorium.gr"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_12; reference:url, urlhaus.abuse.ch/url/3582035/; classtype:trojan-activity;sid:84445135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3581849)"; flow:established,from_client; content:"GET"; http_method; content:"/x/tplink"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_12; reference:url, urlhaus.abuse.ch/url/3581849/; classtype:trojan-activity;sid:84444949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3581711)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.108.63.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_12; reference:url, urlhaus.abuse.ch/url/3581711/; classtype:trojan-activity;sid:84444811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3581695)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.47.176.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_12; reference:url, urlhaus.abuse.ch/url/3581695/; classtype:trojan-activity;sid:84444795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3581699)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.211.101.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_12; reference:url, urlhaus.abuse.ch/url/3581699/; classtype:trojan-activity;sid:84444799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3581701)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.78.43.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_12; reference:url, urlhaus.abuse.ch/url/3581701/; classtype:trojan-activity;sid:84444801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3581440)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.86.5.176"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3581440/; classtype:trojan-activity;sid:84444540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3581423)"; flow:established,from_client; content:"GET"; http_method; content:"/j/mbe0"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3581423/; classtype:trojan-activity;sid:84444523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3581424)"; flow:established,from_client; content:"GET"; http_method; content:"/j/a7le0"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3581424/; classtype:trojan-activity;sid:84444524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3581425)"; flow:established,from_client; content:"GET"; http_method; content:"/j/aale0"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3581425/; classtype:trojan-activity;sid:84444525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3581426)"; flow:established,from_client; content:"GET"; http_method; content:"/j/xle0"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3581426/; classtype:trojan-activity;sid:84444526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3581427)"; flow:established,from_client; content:"GET"; http_method; content:"/j/ppc0"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3581427/; classtype:trojan-activity;sid:84444527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3581428)"; flow:established,from_client; content:"GET"; http_method; content:"/j/a6le0"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3581428/; classtype:trojan-activity;sid:84444528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3581421)"; flow:established,from_client; content:"GET"; http_method; content:"/j/mle0"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3581421/; classtype:trojan-activity;sid:84444521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3581422)"; flow:established,from_client; content:"GET"; http_method; content:"/j/a5le0"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3581422/; classtype:trojan-activity;sid:84444522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580943)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/scink.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"94.159.99.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3580943/; classtype:trojan-activity;sid:84444043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580936)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"35.222.201.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3580936/; classtype:trojan-activity;sid:84444036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580925)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"1.15.25.148"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3580925/; classtype:trojan-activity;sid:84444025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580919)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"1.92.138.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3580919/; classtype:trojan-activity;sid:84444019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580902)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"61.2.45.141"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3580902/; classtype:trojan-activity;sid:84444002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580896)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.247.191.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3580896/; classtype:trojan-activity;sid:84443996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580874)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.235.22.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3580874/; classtype:trojan-activity;sid:84443974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580884)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.202.153.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3580884/; classtype:trojan-activity;sid:84443984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580863)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.96.233"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3580863/; classtype:trojan-activity;sid:84443963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580861)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.8.22.161"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3580861/; classtype:trojan-activity;sid:84443961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580429)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"cast.organzoperate.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_07_10; reference:url, urlhaus.abuse.ch/url/3580429/; classtype:trojan-activity;sid:84443529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580430)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"city.organzoperate.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_07_10; reference:url, urlhaus.abuse.ch/url/3580430/; classtype:trojan-activity;sid:84443530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580425)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"crew.organzoperate.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_07_10; reference:url, urlhaus.abuse.ch/url/3580425/; classtype:trojan-activity;sid:84443525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580428)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"camp.organzoperate.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_07_10; reference:url, urlhaus.abuse.ch/url/3580428/; classtype:trojan-activity;sid:84443528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580421)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe|3f|e=access|7c|26|7c|y=guest"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"crew.organzoperate.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_07_10; reference:url, urlhaus.abuse.ch/url/3580421/; classtype:trojan-activity;sid:84443521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580412)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe|3f|e=access|7c|26|7c|y=guest"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"cast.organzoperate.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_07_10; reference:url, urlhaus.abuse.ch/url/3580412/; classtype:trojan-activity;sid:84443512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580415)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe|3f|e=access|7c|26|7c|y=guest"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"city.organzoperate.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_07_10; reference:url, urlhaus.abuse.ch/url/3580415/; classtype:trojan-activity;sid:84443515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580416)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe|3f|e=access|7c|26|7c|y=guest"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"dive.organzoperate.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_07_10; reference:url, urlhaus.abuse.ch/url/3580416/; classtype:trojan-activity;sid:84443516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580417)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe|3f|e=access|7c|26|7c|y=guest"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"buzz.organzoperate.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_07_10; reference:url, urlhaus.abuse.ch/url/3580417/; classtype:trojan-activity;sid:84443517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580419)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe|3f|e=access|7c|26|7c|y=guest"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"camp.organzoperate.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_07_10; reference:url, urlhaus.abuse.ch/url/3580419/; classtype:trojan-activity;sid:84443519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580407)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"home.organzoperate.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_07_10; reference:url, urlhaus.abuse.ch/url/3580407/; classtype:trojan-activity;sid:84443507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580408)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe|3f|e=access|7c|26|7c|y=guest"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"home.organzoperate.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_07_10; reference:url, urlhaus.abuse.ch/url/3580408/; classtype:trojan-activity;sid:84443508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580401)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"dive.organzoperate.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_07_10; reference:url, urlhaus.abuse.ch/url/3580401/; classtype:trojan-activity;sid:84443501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580402)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"buzz.organzoperate.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_07_10; reference:url, urlhaus.abuse.ch/url/3580402/; classtype:trojan-activity;sid:84443502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3579954)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.232.114.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_10; reference:url, urlhaus.abuse.ch/url/3579954/; classtype:trojan-activity;sid:84443054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3579459)"; flow:established,from_client; content:"GET"; http_method; content:"/test.jpg|3f|137113"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"bafybeidvf6tytrspkd4wnvxzs23m3kjr6bfvgszbfwybmmcosl4rrhvuo4.ipfs.dweb.link"; http_host; depth:74; isdataat:!1,relative; metadata:created_at 2025_07_09; reference:url, urlhaus.abuse.ch/url/3579459/; classtype:trojan-activity;sid:84442559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3578386)"; flow:established,from_client; content:"GET"; http_method; content:"/invisiblebunny/records/main/bunny-mini/mini.shell.php"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_07_07; reference:url, urlhaus.abuse.ch/url/3578386/; classtype:trojan-activity;sid:84441486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3578385)"; flow:established,from_client; content:"GET"; http_method; content:"/ly4k/pwnkit/main/pwnkit"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_07_07; reference:url, urlhaus.abuse.ch/url/3578385/; classtype:trojan-activity;sid:84441485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3577302)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"197.89.38.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_06; reference:url, urlhaus.abuse.ch/url/3577302/; classtype:trojan-activity;sid:84440402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3577299)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.212.60.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_06; reference:url, urlhaus.abuse.ch/url/3577299/; classtype:trojan-activity;sid:84440399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3577298)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"145.255.210.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_06; reference:url, urlhaus.abuse.ch/url/3577298/; classtype:trojan-activity;sid:84440398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3577188)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.229.218.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_06; reference:url, urlhaus.abuse.ch/url/3577188/; classtype:trojan-activity;sid:84440288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3577021)"; flow:established,from_client; content:"GET"; http_method; content:"/lost%2bfound/photo.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3577021/; classtype:trojan-activity;sid:84440121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3577019)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3577019/; classtype:trojan-activity;sid:84440119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3577020)"; flow:established,from_client; content:"GET"; http_method; content:"/1/av.lnk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3577020/; classtype:trojan-activity;sid:84440120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3577008)"; flow:established,from_client; content:"GET"; http_method; content:"/1/video.scr"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3577008/; classtype:trojan-activity;sid:84440108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3577009)"; flow:established,from_client; content:"GET"; http_method; content:"/1/photo.scr"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3577009/; classtype:trojan-activity;sid:84440109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576996)"; flow:established,from_client; content:"GET"; http_method; content:"/1/av.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576996/; classtype:trojan-activity;sid:84440096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576990)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576990/; classtype:trojan-activity;sid:84440090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576991)"; flow:established,from_client; content:"GET"; http_method; content:"/lost%2bfound/photo.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576991/; classtype:trojan-activity;sid:84440091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576992)"; flow:established,from_client; content:"GET"; http_method; content:"/lost%2bfound/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576992/; classtype:trojan-activity;sid:84440092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576993)"; flow:established,from_client; content:"GET"; http_method; content:"/lost%2bfound/av.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576993/; classtype:trojan-activity;sid:84440093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576994)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576994/; classtype:trojan-activity;sid:84440094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576995)"; flow:established,from_client; content:"GET"; http_method; content:"/lost%2bfound/av.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576995/; classtype:trojan-activity;sid:84440095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576988)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576988/; classtype:trojan-activity;sid:84440088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576989)"; flow:established,from_client; content:"GET"; http_method; content:"/lost%2bfound/video.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576989/; classtype:trojan-activity;sid:84440089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576987)"; flow:established,from_client; content:"GET"; http_method; content:"/lost%2bfound/video.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576987/; classtype:trojan-activity;sid:84440087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576981)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576981/; classtype:trojan-activity;sid:84440081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576982)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576982/; classtype:trojan-activity;sid:84440082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576984)"; flow:established,from_client; content:"GET"; http_method; content:"/1/photo.lnk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576984/; classtype:trojan-activity;sid:84440084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576985)"; flow:established,from_client; content:"GET"; http_method; content:"/1/info.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576985/; classtype:trojan-activity;sid:84440085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576986)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576986/; classtype:trojan-activity;sid:84440086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576914)"; flow:established,from_client; content:"GET"; http_method; content:"/%e9%aa%97%e6%88%91%e3%81%ae.apk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"42.51.49.238"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576914/; classtype:trojan-activity;sid:84440014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576913)"; flow:established,from_client; content:"GET"; http_method; content:"/dopamine.ipa"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"42.51.49.238"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576913/; classtype:trojan-activity;sid:84440013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576912)"; flow:established,from_client; content:"GET"; http_method; content:"/%e9%9b%aa%e8%8a%b1%e8%bf%9c%e7%a8%8b%e7%89%88.apk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"42.51.49.238"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576912/; classtype:trojan-activity;sid:84440012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576911)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b0%8f%e8%9a%82%e8%9a%81bdt_v1.0.0-9_sign.apk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"42.51.49.238"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576911/; classtype:trojan-activity;sid:84440011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576909)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b0%8f%e9%9b%a8%e7%82%b9%e6%96%b01.apk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"42.51.49.238"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576909/; classtype:trojan-activity;sid:84440009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576908)"; flow:established,from_client; content:"GET"; http_method; content:"/%e9%9b%aa%e8%8a%b1%e8%bf%9c%e7%a8%8b%e7%89%88%e6%96%b0.apk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"42.51.49.238"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576908/; classtype:trojan-activity;sid:84440008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576885)"; flow:established,from_client; content:"GET"; http_method; content:"/dropper.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"91.212.166.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576885/; classtype:trojan-activity;sid:84439985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576855)"; flow:established,from_client; content:"GET"; http_method; content:"/%e7%ba%a2%e5%b0%98%e5%ae%a2%e6%a0%88-%e7%94%b0%e9%9c%87muszk%e2%80%ae.3pm.exe"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"1.82.240.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576855/; classtype:trojan-activity;sid:84439955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576853)"; flow:established,from_client; content:"GET"; http_method; content:"/%e6%9c%a8%e9%a9%ac.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"1.82.240.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576853/; classtype:trojan-activity;sid:84439953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576851)"; flow:established,from_client; content:"GET"; http_method; content:"/conf.ini"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"14.225.238.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576851/; classtype:trojan-activity;sid:84439951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576852)"; flow:established,from_client; content:"GET"; http_method; content:"/debugview%2b%2b.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"1.15.230.7"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576852/; classtype:trojan-activity;sid:84439952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576848)"; flow:established,from_client; content:"GET"; http_method; content:"/testdll"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"14.225.238.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576848/; classtype:trojan-activity;sid:84439948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576846)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"119.91.238.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576846/; classtype:trojan-activity;sid:84439946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576844)"; flow:established,from_client; content:"GET"; http_method; content:"/666.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"1.82.240.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576844/; classtype:trojan-activity;sid:84439944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576826)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"1.15.230.7"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576826/; classtype:trojan-activity;sid:84439926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576810)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"1.15.230.7"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576810/; classtype:trojan-activity;sid:84439910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576805)"; flow:established,from_client; content:"GET"; http_method; content:"/debugview%2b%2b.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"43.140.214.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576805/; classtype:trojan-activity;sid:84439905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576809)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.33.244.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576809/; classtype:trojan-activity;sid:84439909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576804)"; flow:established,from_client; content:"GET"; http_method; content:"/mlwr/mlav-linux-elf"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"161.132.50.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576804/; classtype:trojan-activity;sid:84439904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576793)"; flow:established,from_client; content:"GET"; http_method; content:"/debugview%2b%2b.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"119.91.238.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576793/; classtype:trojan-activity;sid:84439893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576768)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.140.214.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576768/; classtype:trojan-activity;sid:84439868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576756)"; flow:established,from_client; content:"GET"; http_method; content:"/debugview%2b%2b.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"119.29.147.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576756/; classtype:trojan-activity;sid:84439856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576743)"; flow:established,from_client; content:"GET"; http_method; content:"/999.html"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"14.225.238.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576743/; classtype:trojan-activity;sid:84439843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576740)"; flow:established,from_client; content:"GET"; http_method; content:"/debugview%2b%2b.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"101.33.244.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576740/; classtype:trojan-activity;sid:84439840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576728)"; flow:established,from_client; content:"GET"; http_method; content:"/mlwr/mlav-ms-doc.doc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"161.132.50.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576728/; classtype:trojan-activity;sid:84439828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576707)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"43.140.214.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576707/; classtype:trojan-activity;sid:84439807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576686)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"119.91.238.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576686/; classtype:trojan-activity;sid:84439786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576679)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"101.33.244.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576679/; classtype:trojan-activity;sid:84439779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576670)"; flow:established,from_client; content:"GET"; http_method; content:"/mlwr/mlav-ms-exe.exe.000"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"161.132.50.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576670/; classtype:trojan-activity;sid:84439770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576676)"; flow:established,from_client; content:"GET"; http_method; content:"/mlwr/mlav-ms-excel.xls"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"161.132.50.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576676/; classtype:trojan-activity;sid:84439776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576542)"; flow:established,from_client; content:"GET"; http_method; content:"/logsbins.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"78.142.229.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576542/; classtype:trojan-activity;sid:84439642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576412)"; flow:established,from_client; content:"GET"; http_method; content:"/blue.mp4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"investtrad.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576412/; classtype:trojan-activity;sid:84439512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576384)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.212.60.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576384/; classtype:trojan-activity;sid:84439484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576367)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"153.37.252.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576367/; classtype:trojan-activity;sid:84439467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576359)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.212.60.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576359/; classtype:trojan-activity;sid:84439459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576353)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"197.89.38.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576353/; classtype:trojan-activity;sid:84439453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575978)"; flow:established,from_client; content:"GET"; http_method; content:"/allbnc.jpg"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.253.75.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3575978/; classtype:trojan-activity;sid:84439078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575979)"; flow:established,from_client; content:"GET"; http_method; content:"/auto.jpg"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.253.75.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3575979/; classtype:trojan-activity;sid:84439079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575971)"; flow:established,from_client; content:"GET"; http_method; content:"/a.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.253.75.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3575971/; classtype:trojan-activity;sid:84439071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575961)"; flow:established,from_client; content:"GET"; http_method; content:"/asp.gif"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.165.81.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3575961/; classtype:trojan-activity;sid:84439061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575958)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"119.29.147.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3575958/; classtype:trojan-activity;sid:84439058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575928)"; flow:established,from_client; content:"GET"; http_method; content:"/ekaspx.jpg"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.165.81.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3575928/; classtype:trojan-activity;sid:84439028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575923)"; flow:established,from_client; content:"GET"; http_method; content:"/mshell.elf"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.165.81.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3575923/; classtype:trojan-activity;sid:84439023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575924)"; flow:established,from_client; content:"GET"; http_method; content:"/shfrpc.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"14.225.238.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3575924/; classtype:trojan-activity;sid:84439024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575907)"; flow:established,from_client; content:"GET"; http_method; content:"/svchos.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"14.225.238.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3575907/; classtype:trojan-activity;sid:84439007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575892)"; flow:established,from_client; content:"GET"; http_method; content:"/cata2.jpg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.253.75.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3575892/; classtype:trojan-activity;sid:84438992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575891)"; flow:established,from_client; content:"GET"; http_method; content:"/ek.jspx"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.165.81.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3575891/; classtype:trojan-activity;sid:84438991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575885)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"119.29.147.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3575885/; classtype:trojan-activity;sid:84438985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575870)"; flow:established,from_client; content:"GET"; http_method; content:"/ek.jsp"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.165.81.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3575870/; classtype:trojan-activity;sid:84438970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575824)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"145.255.210.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_04; reference:url, urlhaus.abuse.ch/url/3575824/; classtype:trojan-activity;sid:84438924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575355)"; flow:established,from_client; content:"GET"; http_method; content:"/labubu99999/localoco8386/main/shaman.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_07_04; reference:url, urlhaus.abuse.ch/url/3575355/; classtype:trojan-activity;sid:84438455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575354)"; flow:established,from_client; content:"GET"; http_method; content:"/labubu99999/localoco8386/raw/main/update0.bat"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_04; reference:url, urlhaus.abuse.ch/url/3575354/; classtype:trojan-activity;sid:84438454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575022)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"72.80.246.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_03; reference:url, urlhaus.abuse.ch/url/3575022/; classtype:trojan-activity;sid:84438122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575012)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"92.253.237.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_03; reference:url, urlhaus.abuse.ch/url/3575012/; classtype:trojan-activity;sid:84438112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3574168)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.148.103.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_02; reference:url, urlhaus.abuse.ch/url/3574168/; classtype:trojan-activity;sid:84437268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3574027)"; flow:established,from_client; content:"GET"; http_method; content:"/7030.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ecs-124-70-158-53.compute.hwclouds-dns.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_07_02; reference:url, urlhaus.abuse.ch/url/3574027/; classtype:trojan-activity;sid:84437127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3573966)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_02; reference:url, urlhaus.abuse.ch/url/3573966/; classtype:trojan-activity;sid:84437066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3573965)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_02; reference:url, urlhaus.abuse.ch/url/3573965/; classtype:trojan-activity;sid:84437065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3573963)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"110.227.197.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_02; reference:url, urlhaus.abuse.ch/url/3573963/; classtype:trojan-activity;sid:84437063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3573921)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.88.242.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_02; reference:url, urlhaus.abuse.ch/url/3573921/; classtype:trojan-activity;sid:84437021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3573728)"; flow:established,from_client; content:"GET"; http_method; content:"/test/12h/12h.msi"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"47.238.228.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_02; reference:url, urlhaus.abuse.ch/url/3573728/; classtype:trojan-activity;sid:84436828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3573586)"; flow:established,from_client; content:"GET"; http_method; content:"/12/wwlib.dll"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"47.238.228.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_02; reference:url, urlhaus.abuse.ch/url/3573586/; classtype:trojan-activity;sid:84436686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3573587)"; flow:established,from_client; content:"GET"; http_method; content:"/12/ok.bat"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.238.228.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_02; reference:url, urlhaus.abuse.ch/url/3573587/; classtype:trojan-activity;sid:84436687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3573588)"; flow:established,from_client; content:"GET"; http_method; content:"/12/del.bat"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"47.238.228.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_02; reference:url, urlhaus.abuse.ch/url/3573588/; classtype:trojan-activity;sid:84436688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3573585)"; flow:established,from_client; content:"GET"; http_method; content:"/exclusions.ps1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.238.228.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_02; reference:url, urlhaus.abuse.ch/url/3573585/; classtype:trojan-activity;sid:84436685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3573583)"; flow:established,from_client; content:"GET"; http_method; content:"/12/windowsprvse.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"47.238.228.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_02; reference:url, urlhaus.abuse.ch/url/3573583/; classtype:trojan-activity;sid:84436683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3573581)"; flow:established,from_client; content:"GET"; http_method; content:"/12/name.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"47.238.228.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_02; reference:url, urlhaus.abuse.ch/url/3573581/; classtype:trojan-activity;sid:84436681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3573580)"; flow:established,from_client; content:"GET"; http_method; content:"/12/asc.xml"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"47.238.228.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_02; reference:url, urlhaus.abuse.ch/url/3573580/; classtype:trojan-activity;sid:84436680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3573398)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.150.45.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_02; reference:url, urlhaus.abuse.ch/url/3573398/; classtype:trojan-activity;sid:84436498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3573345)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.131.118.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_01; reference:url, urlhaus.abuse.ch/url/3573345/; classtype:trojan-activity;sid:84436445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3573133)"; flow:established,from_client; content:"GET"; http_method; content:"/dourvsity187.bin"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"iiiconstruction.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_07_01; reference:url, urlhaus.abuse.ch/url/3573133/; classtype:trojan-activity;sid:84436233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3573084)"; flow:established,from_client; content:"GET"; http_method; content:"/chrome_134.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"lomejordesalamanca.es"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_07_01; reference:url, urlhaus.abuse.ch/url/3573084/; classtype:trojan-activity;sid:84436184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3572729)"; flow:established,from_client; content:"GET"; http_method; content:"/3/2.txt"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"hotellacastellana.com.uy"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_07_01; reference:url, urlhaus.abuse.ch/url/3572729/; classtype:trojan-activity;sid:84435829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3572728)"; flow:established,from_client; content:"GET"; http_method; content:"/3/1.txt"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"hotellacastellana.com.uy"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_07_01; reference:url, urlhaus.abuse.ch/url/3572728/; classtype:trojan-activity;sid:84435828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3572341)"; flow:established,from_client; content:"GET"; http_method; content:"/ghostgera/"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"intelligentopennetworkingawards.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_07_01; reference:url, urlhaus.abuse.ch/url/3572341/; classtype:trojan-activity;sid:84435441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3572294)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.202.142.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_01; reference:url, urlhaus.abuse.ch/url/3572294/; classtype:trojan-activity;sid:84435394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3571969)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.91.153.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_30; reference:url, urlhaus.abuse.ch/url/3571969/; classtype:trojan-activity;sid:84435069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3571844)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"90.229.218.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_30; reference:url, urlhaus.abuse.ch/url/3571844/; classtype:trojan-activity;sid:84434944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3571786)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"24.88.242.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_06_30; reference:url, urlhaus.abuse.ch/url/3571786/; classtype:trojan-activity;sid:84434886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3571790)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.91.153.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_30; reference:url, urlhaus.abuse.ch/url/3571790/; classtype:trojan-activity;sid:84434890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3571722)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.150.45.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_30; reference:url, urlhaus.abuse.ch/url/3571722/; classtype:trojan-activity;sid:84434822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3571573)"; flow:established,from_client; content:"GET"; http_method; content:"/0rknrw2j/jru8j.png"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"i.ibb.co"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_06_30; reference:url, urlhaus.abuse.ch/url/3571573/; classtype:trojan-activity;sid:84434673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3571424)"; flow:established,from_client; content:"GET"; http_method; content:"/a3f.dof"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"checkinetverifk.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_06_30; reference:url, urlhaus.abuse.ch/url/3571424/; classtype:trojan-activity;sid:84434524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3571382)"; flow:established,from_client; content:"GET"; http_method; content:"/fyvu.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"michellegraci.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_06_30; reference:url, urlhaus.abuse.ch/url/3571382/; classtype:trojan-activity;sid:84434482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3571385)"; flow:established,from_client; content:"GET"; http_method; content:"/fyvu.zip|3f|le=19"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"michellegraci.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_06_30; reference:url, urlhaus.abuse.ch/url/3571385/; classtype:trojan-activity;sid:84434485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3571386)"; flow:established,from_client; content:"GET"; http_method; content:"/smkl.zip|3f|le=48/"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"michellegraci.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_06_30; reference:url, urlhaus.abuse.ch/url/3571386/; classtype:trojan-activity;sid:84434486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3571387)"; flow:established,from_client; content:"GET"; http_method; content:"/hatz.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"michellegraci.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_06_30; reference:url, urlhaus.abuse.ch/url/3571387/; classtype:trojan-activity;sid:84434487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3571381)"; flow:established,from_client; content:"GET"; http_method; content:"/hatz.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"michellegraci.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_06_30; reference:url, urlhaus.abuse.ch/url/3571381/; classtype:trojan-activity;sid:84434481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3571379)"; flow:established,from_client; content:"GET"; http_method; content:"/tuvu.zip|3f|le=12"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"michellegraci.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_06_30; reference:url, urlhaus.abuse.ch/url/3571379/; classtype:trojan-activity;sid:84434479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3571376)"; flow:established,from_client; content:"GET"; http_method; content:"/smkl.zip|3f|le=48"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"michellegraci.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_06_30; reference:url, urlhaus.abuse.ch/url/3571376/; classtype:trojan-activity;sid:84434476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3571377)"; flow:established,from_client; content:"GET"; http_method; content:"/tuvu.zip|3f|le=12"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"michellegraci.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_06_30; reference:url, urlhaus.abuse.ch/url/3571377/; classtype:trojan-activity;sid:84434477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3571372)"; flow:established,from_client; content:"GET"; http_method; content:"/hatz.zip|3f|le=17"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"michellegraci.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_06_30; reference:url, urlhaus.abuse.ch/url/3571372/; classtype:trojan-activity;sid:84434472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3571370)"; flow:established,from_client; content:"GET"; http_method; content:"/hatz.zip|3f|le=65"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"michellegraci.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_06_30; reference:url, urlhaus.abuse.ch/url/3571370/; classtype:trojan-activity;sid:84434470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3571371)"; flow:established,from_client; content:"GET"; http_method; content:"/hatz.zip|3f|le=9"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"michellegraci.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_06_30; reference:url, urlhaus.abuse.ch/url/3571371/; classtype:trojan-activity;sid:84434471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3571094)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.38.19.192"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_28; reference:url, urlhaus.abuse.ch/url/3571094/; classtype:trojan-activity;sid:84434194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3571093)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"111.57.151.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_28; reference:url, urlhaus.abuse.ch/url/3571093/; classtype:trojan-activity;sid:84434193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3570843)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.34.172.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_27; reference:url, urlhaus.abuse.ch/url/3570843/; classtype:trojan-activity;sid:84433943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3570433)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.120.203.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_26; reference:url, urlhaus.abuse.ch/url/3570433/; classtype:trojan-activity;sid:84433533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3570196)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.109.93.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_25; reference:url, urlhaus.abuse.ch/url/3570196/; classtype:trojan-activity;sid:84433296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3570170)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.55.73.44"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_25; reference:url, urlhaus.abuse.ch/url/3570170/; classtype:trojan-activity;sid:84433270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3569818)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.209.4.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_24; reference:url, urlhaus.abuse.ch/url/3569818/; classtype:trojan-activity;sid:84432918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3569817)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.57.30.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_06_24; reference:url, urlhaus.abuse.ch/url/3569817/; classtype:trojan-activity;sid:84432917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3569802)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"90.8.83.87"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_24; reference:url, urlhaus.abuse.ch/url/3569802/; classtype:trojan-activity;sid:84432902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3569803)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"90.8.83.87"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_24; reference:url, urlhaus.abuse.ch/url/3569803/; classtype:trojan-activity;sid:84432903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3569657)"; flow:established,from_client; content:"GET"; http_method; content:"/juancamilo1914/youtube-mp3-converter/releases/download/buprestidan/youtube.mp3.converter.v1.0.0.-.buprestidan.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_23; reference:url, urlhaus.abuse.ch/url/3569657/; classtype:trojan-activity;sid:84432757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3569549)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"129.204.103.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_23; reference:url, urlhaus.abuse.ch/url/3569549/; classtype:trojan-activity;sid:84432649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3569208)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"154.222.31.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_22; reference:url, urlhaus.abuse.ch/url/3569208/; classtype:trojan-activity;sid:84432308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3569182)"; flow:established,from_client; content:"GET"; http_method; content:"/mig"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"80.94.92.89"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_06_22; reference:url, urlhaus.abuse.ch/url/3569182/; classtype:trojan-activity;sid:84432282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3568977)"; flow:established,from_client; content:"GET"; http_method; content:"/aminer.gz"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"162.215.218.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_21; reference:url, urlhaus.abuse.ch/url/3568977/; classtype:trojan-activity;sid:84432077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3568976)"; flow:established,from_client; content:"GET"; http_method; content:"/install.tgz"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"162.215.218.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_21; reference:url, urlhaus.abuse.ch/url/3568976/; classtype:trojan-activity;sid:84432076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3568818)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"211.226.243.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_20; reference:url, urlhaus.abuse.ch/url/3568818/; classtype:trojan-activity;sid:84431918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3568238)"; flow:established,from_client; content:"GET"; http_method; content:"/new_image.jpg"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"talentrecruitments.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_06_19; reference:url, urlhaus.abuse.ch/url/3568238/; classtype:trojan-activity;sid:84431338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3568230)"; flow:established,from_client; content:"GET"; http_method; content:"/js/new_image.jpg"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"talentrecruitments.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_06_19; reference:url, urlhaus.abuse.ch/url/3568230/; classtype:trojan-activity;sid:84431330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3568176)"; flow:established,from_client; content:"GET"; http_method; content:"/ud-prog/gv-cu/main/ud.png"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_19; reference:url, urlhaus.abuse.ch/url/3568176/; classtype:trojan-activity;sid:84431276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3568162)"; flow:established,from_client; content:"GET"; http_method; content:"/ud-prog/gv-cu/raw/main/ud.png"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_19; reference:url, urlhaus.abuse.ch/url/3568162/; classtype:trojan-activity;sid:84431262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3568006)"; flow:established,from_client; content:"GET"; http_method; content:"/xl.txt"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mundocarnes.cl"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3568006/; classtype:trojan-activity;sid:84431106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567781)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172165/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567781/; classtype:trojan-activity;sid:84430881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567780)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170520/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567780/; classtype:trojan-activity;sid:84430880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567779)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171726/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567779/; classtype:trojan-activity;sid:84430879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567778)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165200/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567778/; classtype:trojan-activity;sid:84430878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567777)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165826/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567777/; classtype:trojan-activity;sid:84430877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567769)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171308/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567769/; classtype:trojan-activity;sid:84430869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567770)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167041/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567770/; classtype:trojan-activity;sid:84430870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567771)"; flow:established,from_client; content:"GET"; http_method; content:"/relftp/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567771/; classtype:trojan-activity;sid:84430871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567763)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167509/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567763/; classtype:trojan-activity;sid:84430863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567764)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168365/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567764/; classtype:trojan-activity;sid:84430864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567765)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170378/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567765/; classtype:trojan-activity;sid:84430865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567766)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567766/; classtype:trojan-activity;sid:84430866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567767)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166739/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567767/; classtype:trojan-activity;sid:84430867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567768)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168553/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567768/; classtype:trojan-activity;sid:84430868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567753)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167437/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567753/; classtype:trojan-activity;sid:84430853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567741)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168897/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567741/; classtype:trojan-activity;sid:84430841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567719)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170776/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567719/; classtype:trojan-activity;sid:84430819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567710)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171330/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567710/; classtype:trojan-activity;sid:84430810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567713)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567713/; classtype:trojan-activity;sid:84430813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567696)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171888/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567696/; classtype:trojan-activity;sid:84430796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567698)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160981/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567698/; classtype:trojan-activity;sid:84430798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567699)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165850/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567699/; classtype:trojan-activity;sid:84430799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567676)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170506/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567676/; classtype:trojan-activity;sid:84430776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567636)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166259/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567636/; classtype:trojan-activity;sid:84430736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567656)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167451/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567656/; classtype:trojan-activity;sid:84430756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567615)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160628/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567615/; classtype:trojan-activity;sid:84430715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567617)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171476/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567617/; classtype:trojan-activity;sid:84430717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567618)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171986/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567618/; classtype:trojan-activity;sid:84430718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567619)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172574/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567619/; classtype:trojan-activity;sid:84430719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567606)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166971/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567606/; classtype:trojan-activity;sid:84430706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567587)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168301/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567587/; classtype:trojan-activity;sid:84430687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567574)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166665/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567574/; classtype:trojan-activity;sid:84430674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567576)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165250/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567576/; classtype:trojan-activity;sid:84430676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567551)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172170/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567551/; classtype:trojan-activity;sid:84430651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567533)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164236/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567533/; classtype:trojan-activity;sid:84430633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567534)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166869/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567534/; classtype:trojan-activity;sid:84430634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567539)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168881/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567539/; classtype:trojan-activity;sid:84430639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567518)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000162506/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567518/; classtype:trojan-activity;sid:84430618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567482)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171310/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567482/; classtype:trojan-activity;sid:84430582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567493)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165246/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567493/; classtype:trojan-activity;sid:84430593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567498)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171474/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567498/; classtype:trojan-activity;sid:84430598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567474)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171556/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567474/; classtype:trojan-activity;sid:84430574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567478)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168275/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567478/; classtype:trojan-activity;sid:84430578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567452)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166237/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567452/; classtype:trojan-activity;sid:84430552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567461)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164804/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567461/; classtype:trojan-activity;sid:84430561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567440)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171858/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567440/; classtype:trojan-activity;sid:84430540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567401)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171742/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567401/; classtype:trojan-activity;sid:84430501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567402)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168289/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567402/; classtype:trojan-activity;sid:84430502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567381)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165999/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567381/; classtype:trojan-activity;sid:84430481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567385)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166243/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567385/; classtype:trojan-activity;sid:84430485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567387)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171284/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567387/; classtype:trojan-activity;sid:84430487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567332)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171286/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567332/; classtype:trojan-activity;sid:84430432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567344)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169769/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567344/; classtype:trojan-activity;sid:84430444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567345)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000173022/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567345/; classtype:trojan-activity;sid:84430445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567346)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165656/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567346/; classtype:trojan-activity;sid:84430446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567352)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165116/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567352/; classtype:trojan-activity;sid:84430452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567315)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167243/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567315/; classtype:trojan-activity;sid:84430415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567294)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171064/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567294/; classtype:trojan-activity;sid:84430394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567279)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165010/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567279/; classtype:trojan-activity;sid:84430379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567239)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168551/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567239/; classtype:trojan-activity;sid:84430339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567240)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171458/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567240/; classtype:trojan-activity;sid:84430340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567250)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164122/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567250/; classtype:trojan-activity;sid:84430350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567259)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172094/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567259/; classtype:trojan-activity;sid:84430359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567209)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170774/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567209/; classtype:trojan-activity;sid:84430309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567210)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165090/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567210/; classtype:trojan-activity;sid:84430310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567218)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171854/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567218/; classtype:trojan-activity;sid:84430318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567219)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171244/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567219/; classtype:trojan-activity;sid:84430319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567221)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172788/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567221/; classtype:trojan-activity;sid:84430321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567186)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160742/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567186/; classtype:trojan-activity;sid:84430286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567178)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171318/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567178/; classtype:trojan-activity;sid:84430278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567182)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160982/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567182/; classtype:trojan-activity;sid:84430282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567125)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171438/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567125/; classtype:trojan-activity;sid:84430225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567113)"; flow:established,from_client; content:"GET"; http_method; content:"/gdbftp/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567113/; classtype:trojan-activity;sid:84430213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567115)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167339/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567115/; classtype:trojan-activity;sid:84430215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567099)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171478/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567099/; classtype:trojan-activity;sid:84430199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567067)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000162652/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567067/; classtype:trojan-activity;sid:84430167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567073)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168387/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567073/; classtype:trojan-activity;sid:84430173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567074)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168291/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567074/; classtype:trojan-activity;sid:84430174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567081)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160615/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567081/; classtype:trojan-activity;sid:84430181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567049)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165184/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567049/; classtype:trojan-activity;sid:84430149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567036)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165014/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567036/; classtype:trojan-activity;sid:84430136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567037)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567037/; classtype:trojan-activity;sid:84430137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567007)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165480/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567007/; classtype:trojan-activity;sid:84430107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566986)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172466/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566986/; classtype:trojan-activity;sid:84430086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567001)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172470/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567001/; classtype:trojan-activity;sid:84430101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566972)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160599/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566972/; classtype:trojan-activity;sid:84430072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566983)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167601/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566983/; classtype:trojan-activity;sid:84430083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566962)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165020/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566962/; classtype:trojan-activity;sid:84430062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566968)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165844/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566968/; classtype:trojan-activity;sid:84430068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566956)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000159804/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566956/; classtype:trojan-activity;sid:84430056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566930)"; flow:established,from_client; content:"GET"; http_method; content:"/aspnet_client/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566930/; classtype:trojan-activity;sid:84430030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566886)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168527/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566886/; classtype:trojan-activity;sid:84429986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566887)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000176793/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566887/; classtype:trojan-activity;sid:84429987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566901)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171466/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566901/; classtype:trojan-activity;sid:84430001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566902)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171464/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566902/; classtype:trojan-activity;sid:84430002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566848)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172163/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566848/; classtype:trojan-activity;sid:84429948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566852)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171224/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566852/; classtype:trojan-activity;sid:84429952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566855)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167115/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566855/; classtype:trojan-activity;sid:84429955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566861)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169966/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566861/; classtype:trojan-activity;sid:84429961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566864)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171228/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566864/; classtype:trojan-activity;sid:84429964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566865)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170482/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566865/; classtype:trojan-activity;sid:84429965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566837)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166801/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566837/; classtype:trojan-activity;sid:84429937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566841)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566841/; classtype:trojan-activity;sid:84429941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566842)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171402/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566842/; classtype:trojan-activity;sid:84429942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566801)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168121/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566801/; classtype:trojan-activity;sid:84429901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566802)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168303/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566802/; classtype:trojan-activity;sid:84429902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566807)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171242/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566807/; classtype:trojan-activity;sid:84429907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566787)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165794/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566787/; classtype:trojan-activity;sid:84429887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566779)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168063/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566779/; classtype:trojan-activity;sid:84429879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566784)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172670/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566784/; classtype:trojan-activity;sid:84429884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566761)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164510/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566761/; classtype:trojan-activity;sid:84429861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566767)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167445/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566767/; classtype:trojan-activity;sid:84429867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566753)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165935/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566753/; classtype:trojan-activity;sid:84429853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566738)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171288/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566738/; classtype:trojan-activity;sid:84429838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566742)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171640/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566742/; classtype:trojan-activity;sid:84429842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566743)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171316/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566743/; classtype:trojan-activity;sid:84429843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566706)"; flow:established,from_client; content:"GET"; http_method; content:"/ramon/info.zip"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566706/; classtype:trojan-activity;sid:84429806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566718)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000173466/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566718/; classtype:trojan-activity;sid:84429818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566687)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172872/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566687/; classtype:trojan-activity;sid:84429787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566697)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166307/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566697/; classtype:trojan-activity;sid:84429797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566650)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170596/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566650/; classtype:trojan-activity;sid:84429750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566655)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160478/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566655/; classtype:trojan-activity;sid:84429755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566661)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168293/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566661/; classtype:trojan-activity;sid:84429761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566664)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168339/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566664/; classtype:trojan-activity;sid:84429764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566671)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168278/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566671/; classtype:trojan-activity;sid:84429771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566648)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164836/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566648/; classtype:trojan-activity;sid:84429748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566629)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160612/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566629/; classtype:trojan-activity;sid:84429729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566596)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172292/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566596/; classtype:trojan-activity;sid:84429696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566602)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168509/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566602/; classtype:trojan-activity;sid:84429702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566604)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166657/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566604/; classtype:trojan-activity;sid:84429704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566579)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171702/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566579/; classtype:trojan-activity;sid:84429679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566581)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171454/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566581/; classtype:trojan-activity;sid:84429681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566582)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171250/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566582/; classtype:trojan-activity;sid:84429682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566568)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171256/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566568/; classtype:trojan-activity;sid:84429668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566546)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171470/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566546/; classtype:trojan-activity;sid:84429646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566557)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169947/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566557/; classtype:trojan-activity;sid:84429657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566559)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168749/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566559/; classtype:trojan-activity;sid:84429659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566518)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166747/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566518/; classtype:trojan-activity;sid:84429618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566519)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170836/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566519/; classtype:trojan-activity;sid:84429619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566520)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168281/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566520/; classtype:trojan-activity;sid:84429620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566524)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171292/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566524/; classtype:trojan-activity;sid:84429624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566499)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167219/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566499/; classtype:trojan-activity;sid:84429599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566506)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166851/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566506/; classtype:trojan-activity;sid:84429606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566507)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166887/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566507/; classtype:trojan-activity;sid:84429607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566509)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168305/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566509/; classtype:trojan-activity;sid:84429609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566482)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168297/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566482/; classtype:trojan-activity;sid:84429582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566485)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000162637/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566485/; classtype:trojan-activity;sid:84429585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566488)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166079/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566488/; classtype:trojan-activity;sid:84429588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566492)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171090/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566492/; classtype:trojan-activity;sid:84429592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566494)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169473/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566494/; classtype:trojan-activity;sid:84429594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566498)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170010/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566498/; classtype:trojan-activity;sid:84429598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566448)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166183/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566448/; classtype:trojan-activity;sid:84429548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566462)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164138/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566462/; classtype:trojan-activity;sid:84429562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566468)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/app_error/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566468/; classtype:trojan-activity;sid:84429568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566445)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171314/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566445/; classtype:trojan-activity;sid:84429545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566426)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171304/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566426/; classtype:trojan-activity;sid:84429526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566409)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165772/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566409/; classtype:trojan-activity;sid:84429509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566420)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170922/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566420/; classtype:trojan-activity;sid:84429520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566421)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166309/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566421/; classtype:trojan-activity;sid:84429521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566393)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168295/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566393/; classtype:trojan-activity;sid:84429493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566394)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169469/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566394/; classtype:trojan-activity;sid:84429494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566399)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000179610/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566399/; classtype:trojan-activity;sid:84429499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566404)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165644/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566404/; classtype:trojan-activity;sid:84429504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566379)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170516/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566379/; classtype:trojan-activity;sid:84429479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566380)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171240/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566380/; classtype:trojan-activity;sid:84429480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566369)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171296/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566369/; classtype:trojan-activity;sid:84429469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566371)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170532/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566371/; classtype:trojan-activity;sid:84429471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566368)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172428/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566368/; classtype:trojan-activity;sid:84429468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566349)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172690/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566349/; classtype:trojan-activity;sid:84429449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566351)"; flow:established,from_client; content:"GET"; http_method; content:"/aspnet_client/system_web/info.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566351/; classtype:trojan-activity;sid:84429451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566340)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171306/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566340/; classtype:trojan-activity;sid:84429440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566342)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164262/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566342/; classtype:trojan-activity;sid:84429442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566317)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169171/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566317/; classtype:trojan-activity;sid:84429417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566318)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167279/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566318/; classtype:trojan-activity;sid:84429418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566292)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171450/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566292/; classtype:trojan-activity;sid:84429392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566301)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171312/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566301/; classtype:trojan-activity;sid:84429401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566304)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168287/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566304/; classtype:trojan-activity;sid:84429404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566278)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160984/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566278/; classtype:trojan-activity;sid:84429378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566258)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/info.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566258/; classtype:trojan-activity;sid:84429358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566260)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171194/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566260/; classtype:trojan-activity;sid:84429360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566261)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167423/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566261/; classtype:trojan-activity;sid:84429361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566263)"; flow:established,from_client; content:"GET"; http_method; content:"/install/info.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566263/; classtype:trojan-activity;sid:84429363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566270)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165820/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566270/; classtype:trojan-activity;sid:84429370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566233)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167557/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566233/; classtype:trojan-activity;sid:84429333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566242)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172576/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566242/; classtype:trojan-activity;sid:84429342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566212)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171462/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566212/; classtype:trojan-activity;sid:84429312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566213)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160619/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566213/; classtype:trojan-activity;sid:84429313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566192)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164394/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566192/; classtype:trojan-activity;sid:84429292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566193)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160718/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566193/; classtype:trojan-activity;sid:84429293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566194)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171472/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566194/; classtype:trojan-activity;sid:84429294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566195)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171294/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566195/; classtype:trojan-activity;sid:84429295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566197)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170894/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566197/; classtype:trojan-activity;sid:84429297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566204)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165248/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566204/; classtype:trojan-activity;sid:84429304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566180)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171468/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566180/; classtype:trojan-activity;sid:84429280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566187)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165900/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566187/; classtype:trojan-activity;sid:84429287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566165)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168559/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566165/; classtype:trojan-activity;sid:84429265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566166)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171016/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566166/; classtype:trojan-activity;sid:84429266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566134)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566134/; classtype:trojan-activity;sid:84429234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566145)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164808/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566145/; classtype:trojan-activity;sid:84429245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566114)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165244/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566114/; classtype:trojan-activity;sid:84429214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566116)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169167/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566116/; classtype:trojan-activity;sid:84429216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566117)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171332/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566117/; classtype:trojan-activity;sid:84429217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566087)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000162883/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566087/; classtype:trojan-activity;sid:84429187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566089)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000163666/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566089/; classtype:trojan-activity;sid:84429189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566099)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171298/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566099/; classtype:trojan-activity;sid:84429199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566071)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166135/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566071/; classtype:trojan-activity;sid:84429171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566076)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169527/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566076/; classtype:trojan-activity;sid:84429176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566048)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171252/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566048/; classtype:trojan-activity;sid:84429148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566056)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165004/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566056/; classtype:trojan-activity;sid:84429156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566058)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168329/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566058/; classtype:trojan-activity;sid:84429158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566064)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164253/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566064/; classtype:trojan-activity;sid:84429164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566068)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165486/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566068/; classtype:trojan-activity;sid:84429168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566069)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171302/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566069/; classtype:trojan-activity;sid:84429169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566031)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172568/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566031/; classtype:trojan-activity;sid:84429131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566044)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165504/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566044/; classtype:trojan-activity;sid:84429144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566015)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566015/; classtype:trojan-activity;sid:84429115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565985)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169927/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565985/; classtype:trojan-activity;sid:84429085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565965)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171246/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565965/; classtype:trojan-activity;sid:84429065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565971)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160618/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565971/; classtype:trojan-activity;sid:84429071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565982)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171358/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565982/; classtype:trojan-activity;sid:84429082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565959)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169465/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565959/; classtype:trojan-activity;sid:84429059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565922)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160995/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565922/; classtype:trojan-activity;sid:84429022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565881)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172746/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565881/; classtype:trojan-activity;sid:84428981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565904)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166323/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565904/; classtype:trojan-activity;sid:84429004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565905)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167443/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565905/; classtype:trojan-activity;sid:84429005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565854)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169865/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565854/; classtype:trojan-activity;sid:84428954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565870)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166105/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565870/; classtype:trojan-activity;sid:84428970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565876)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565876/; classtype:trojan-activity;sid:84428976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565839)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565839/; classtype:trojan-activity;sid:84428939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565845)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000179593/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565845/; classtype:trojan-activity;sid:84428945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565846)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165824/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565846/; classtype:trojan-activity;sid:84428946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565835)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169013/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565835/; classtype:trojan-activity;sid:84428935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565816)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171248/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565816/; classtype:trojan-activity;sid:84428916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565772)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165072/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565772/; classtype:trojan-activity;sid:84428872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565743)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168299/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565743/; classtype:trojan-activity;sid:84428843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565719)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171452/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565719/; classtype:trojan-activity;sid:84428819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565726)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167071/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565726/; classtype:trojan-activity;sid:84428826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565728)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166085/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565728/; classtype:trojan-activity;sid:84428828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565410)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/itempicture/av.scr"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565410/; classtype:trojan-activity;sid:84428510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565409)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/library/video.scr"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565409/; classtype:trojan-activity;sid:84428509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565407)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/itempicture/photo.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565407/; classtype:trojan-activity;sid:84428507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565408)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/video.scr"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565408/; classtype:trojan-activity;sid:84428508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565403)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565403/; classtype:trojan-activity;sid:84428503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565404)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/video.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565404/; classtype:trojan-activity;sid:84428504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565405)"; flow:established,from_client; content:"GET"; http_method; content:"/program/photo.scr"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565405/; classtype:trojan-activity;sid:84428505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565399)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/busiprocess/av.scr"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565399/; classtype:trojan-activity;sid:84428499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565393)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/av.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565393/; classtype:trojan-activity;sid:84428493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565395)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/av.scr"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565395/; classtype:trojan-activity;sid:84428495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565390)"; flow:established,from_client; content:"GET"; http_method; content:"/program/av.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565390/; classtype:trojan-activity;sid:84428490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565364)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/busiprocess/photo.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565364/; classtype:trojan-activity;sid:84428464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565343)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/itempicture/video.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565343/; classtype:trojan-activity;sid:84428443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565344)"; flow:established,from_client; content:"GET"; http_method; content:"/program/video.lnk"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565344/; classtype:trojan-activity;sid:84428444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565352)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/av.scr"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565352/; classtype:trojan-activity;sid:84428452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565357)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/library/video.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565357/; classtype:trojan-activity;sid:84428457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565331)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/av.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565331/; classtype:trojan-activity;sid:84428431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565333)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/photo.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565333/; classtype:trojan-activity;sid:84428433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565337)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/video.scr"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565337/; classtype:trojan-activity;sid:84428437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565338)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/library/av.scr"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565338/; classtype:trojan-activity;sid:84428438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565339)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/photo.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565339/; classtype:trojan-activity;sid:84428439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565340)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565340/; classtype:trojan-activity;sid:84428440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565341)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/busiprocess/av.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565341/; classtype:trojan-activity;sid:84428441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565329)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/video.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565329/; classtype:trojan-activity;sid:84428429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565319)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/library/av.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565319/; classtype:trojan-activity;sid:84428419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565311)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/busiprocess/video.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565311/; classtype:trojan-activity;sid:84428411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565312)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/video.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565312/; classtype:trojan-activity;sid:84428412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565313)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/av.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565313/; classtype:trojan-activity;sid:84428413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565314)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/av.lnk"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565314/; classtype:trojan-activity;sid:84428414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565315)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/photo.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565315/; classtype:trojan-activity;sid:84428415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565317)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565317/; classtype:trojan-activity;sid:84428417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565288)"; flow:established,from_client; content:"GET"; http_method; content:"/agent2b_web_6.05.030/instalador%20corevision/disk1/setup.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565288/; classtype:trojan-activity;sid:84428388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565286)"; flow:established,from_client; content:"GET"; http_method; content:"/database/setup.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565286/; classtype:trojan-activity;sid:84428386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565283)"; flow:established,from_client; content:"GET"; http_method; content:"/images/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"5.149.184.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565283/; classtype:trojan-activity;sid:84428383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565284)"; flow:established,from_client; content:"GET"; http_method; content:"/svg/info.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"5.149.184.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565284/; classtype:trojan-activity;sid:84428384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565285)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.149.184.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565285/; classtype:trojan-activity;sid:84428385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565282)"; flow:established,from_client; content:"GET"; http_method; content:"/agent2b_web_6.05.030/instalador%20completo/disk1/setup.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565282/; classtype:trojan-activity;sid:84428382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565281)"; flow:established,from_client; content:"GET"; http_method; content:"/client/setup.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565281/; classtype:trojan-activity;sid:84428381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565262)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/jurisdict/dao/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565262/; classtype:trojan-activity;sid:84428362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565260)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp%20-%20copia/badmail/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565260/; classtype:trojan-activity;sid:84428360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565261)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/1/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565261/; classtype:trojan-activity;sid:84428361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565259)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565259/; classtype:trojan-activity;sid:84428359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565258)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp%20-%20copia/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565258/; classtype:trojan-activity;sid:84428358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565257)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565257/; classtype:trojan-activity;sid:84428357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565256)"; flow:established,from_client; content:"GET"; http_method; content:"/bkp/info.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565256/; classtype:trojan-activity;sid:84428356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565255)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp%20-%20copia/queue/info.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565255/; classtype:trojan-activity;sid:84428355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565254)"; flow:established,from_client; content:"GET"; http_method; content:"/relftp/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565254/; classtype:trojan-activity;sid:84428354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565253)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp%20-%20copia/drop/info.zip"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565253/; classtype:trojan-activity;sid:84428353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565252)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565252/; classtype:trojan-activity;sid:84428352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565249)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp%20-%20copia/pickup/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565249/; classtype:trojan-activity;sid:84428349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565244)"; flow:established,from_client; content:"GET"; http_method; content:"/h4lud3ae/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565244/; classtype:trojan-activity;sid:84428344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565245)"; flow:established,from_client; content:"GET"; http_method; content:"/install/info.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565245/; classtype:trojan-activity;sid:84428345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565246)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565246/; classtype:trojan-activity;sid:84428346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565243)"; flow:established,from_client; content:"GET"; http_method; content:"/relftp/pdf/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565243/; classtype:trojan-activity;sid:84428343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565230)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565230/; classtype:trojan-activity;sid:84428330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565236)"; flow:established,from_client; content:"GET"; http_method; content:"/idi/info.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565236/; classtype:trojan-activity;sid:84428336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565239)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565239/; classtype:trojan-activity;sid:84428339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565240)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp%20-%20copia/idi/info.zip"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565240/; classtype:trojan-activity;sid:84428340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565241)"; flow:established,from_client; content:"GET"; http_method; content:"/gdbftp/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565241/; classtype:trojan-activity;sid:84428341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565091)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/org/apache/jsp/web_002dinf/com/vkl/ckts_005fpc/cksy/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565091/; classtype:trojan-activity;sid:84428191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565090)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/log/service/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565090/; classtype:trojan-activity;sid:84428190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565089)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/org/apache/jsp/web_002dinf/com/vkl/ckts_005fpc/rgsy/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565089/; classtype:trojan-activity;sid:84428189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565088)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/chkptwss/dto/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565088/; classtype:trojan-activity;sid:84428188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565087)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/count/entity/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565087/; classtype:trojan-activity;sid:84428187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565085)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pda/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565085/; classtype:trojan-activity;sid:84428185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565086)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/pdawss/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565086/; classtype:trojan-activity;sid:84428186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565084)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565084/; classtype:trojan-activity;sid:84428184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565083)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/unusual/entity/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565083/; classtype:trojan-activity;sid:84428183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565082)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pda/module/utils/constrant/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565082/; classtype:trojan-activity;sid:84428182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565081)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/nvrsetting/dao/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565081/; classtype:trojan-activity;sid:84428181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565080)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/org/apache/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565080/; classtype:trojan-activity;sid:84428180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565079)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/log/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565079/; classtype:trojan-activity;sid:84428179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565078)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/log/info.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565078/; classtype:trojan-activity;sid:84428178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565077)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/unusual/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565077/; classtype:trojan-activity;sid:84428177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565076)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/chkptwss/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565076/; classtype:trojan-activity;sid:84428176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565075)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/static/images/new/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565075/; classtype:trojan-activity;sid:84428175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565074)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/info.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565074/; classtype:trojan-activity;sid:84428174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565073)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/photoset/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565073/; classtype:trojan-activity;sid:84428173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565072)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/templete/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565072/; classtype:trojan-activity;sid:84428172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565071)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/count/service/impl/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565071/; classtype:trojan-activity;sid:84428171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565070)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pda/module/action/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565070/; classtype:trojan-activity;sid:84428170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565069)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/vehiclereview/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565069/; classtype:trojan-activity;sid:84428169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565068)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/root/org/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565068/; classtype:trojan-activity;sid:84428168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565066)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/static/css1/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565066/; classtype:trojan-activity;sid:84428166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565067)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/cksy/base/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565067/; classtype:trojan-activity;sid:84428167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565065)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/vkl/pcwss/module/zbawss/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565065/; classtype:trojan-activity;sid:84428165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565064)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/nvrsetting/entity/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565064/; classtype:trojan-activity;sid:84428164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565062)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/set/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565062/; classtype:trojan-activity;sid:84428162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565063)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/zbzlwss/dto/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565063/; classtype:trojan-activity;sid:84428163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565061)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/vehicleinformation/service/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565061/; classtype:trojan-activity;sid:84428161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565060)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/root/org/apache/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565060/; classtype:trojan-activity;sid:84428160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565059)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/templete/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565059/; classtype:trojan-activity;sid:84428159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565057)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/photo/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565057/; classtype:trojan-activity;sid:84428157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565058)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/videosetting/service/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565058/; classtype:trojan-activity;sid:84428158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565056)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/vehicleinformation/entity/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565056/; classtype:trojan-activity;sid:84428156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565054)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/base/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565054/; classtype:trojan-activity;sid:84428154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565049)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/servacpt/service/impl/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565049/; classtype:trojan-activity;sid:84428149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565050)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/hdk/localxml.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565050/; classtype:trojan-activity;sid:84428150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565051)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/static/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565051/; classtype:trojan-activity;sid:84428151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565048)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/gbrwss/dto/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565048/; classtype:trojan-activity;sid:84428148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565044)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/viewwss/action/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565044/; classtype:trojan-activity;sid:84428144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565043)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/vehiclereview/entity/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565043/; classtype:trojan-activity;sid:84428143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565040)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/cksy/servacpt/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565040/; classtype:trojan-activity;sid:84428140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565035)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/temp/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565035/; classtype:trojan-activity;sid:84428135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565034)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/pdawss/dto/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565034/; classtype:trojan-activity;sid:84428134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565030)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/pdauser/action/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565030/; classtype:trojan-activity;sid:84428130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565029)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/sysparam/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565029/; classtype:trojan-activity;sid:84428129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565024)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/info.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565024/; classtype:trojan-activity;sid:84428124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565017)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/wss/client/info.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565017/; classtype:trojan-activity;sid:84428117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565018)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565018/; classtype:trojan-activity;sid:84428118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565016)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/vkl/pcwss/module/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565016/; classtype:trojan-activity;sid:84428116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565015)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/count/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565015/; classtype:trojan-activity;sid:84428115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565014)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/vehicleinformation/dao/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565014/; classtype:trojan-activity;sid:84428114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565008)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/base/interceptor/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565008/; classtype:trojan-activity;sid:84428108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565009)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/plugin/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565009/; classtype:trojan-activity;sid:84428109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565010)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/base/dto/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565010/; classtype:trojan-activity;sid:84428110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565011)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/info.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565011/; classtype:trojan-activity;sid:84428111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565004)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/ckwss/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565004/; classtype:trojan-activity;sid:84428104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565001)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/info.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565001/; classtype:trojan-activity;sid:84428101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564999)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/datawrite/dto/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564999/; classtype:trojan-activity;sid:84428099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564992)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/spotcheck/service/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564992/; classtype:trojan-activity;sid:84428092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564993)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/zbzlwss/mgr/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564993/; classtype:trojan-activity;sid:84428093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564990)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/vkl/pcwss/module/visitwss/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564990/; classtype:trojan-activity;sid:84428090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564988)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/com/vkl/ckts_pc/info.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564988/; classtype:trojan-activity;sid:84428088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564986)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pda/module/wss/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564986/; classtype:trojan-activity;sid:84428086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564985)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/pdawss/dto/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564985/; classtype:trojan-activity;sid:84428085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564984)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/ckwss/dataquery/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564984/; classtype:trojan-activity;sid:84428084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564983)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/vkl/info.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564983/; classtype:trojan-activity;sid:84428083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564980)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/base/exception/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564980/; classtype:trojan-activity;sid:84428080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564979)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/videosetting/dao/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564979/; classtype:trojan-activity;sid:84428079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564977)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/ckwss/datawrite/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564977/; classtype:trojan-activity;sid:84428077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564975)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/nvrsetting/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564975/; classtype:trojan-activity;sid:84428075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564976)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/pdawss/dao/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564976/; classtype:trojan-activity;sid:84428076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564974)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/unusual/service/impl/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564974/; classtype:trojan-activity;sid:84428074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564972)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/count/dao/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564972/; classtype:trojan-activity;sid:84428072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564971)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/hdk/localxml.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564971/; classtype:trojan-activity;sid:84428071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564969)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/info.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564969/; classtype:trojan-activity;sid:84428069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564968)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/jurisdict/service/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564968/; classtype:trojan-activity;sid:84428068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564966)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/com/vkl/ckts_pc/rgsy/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564966/; classtype:trojan-activity;sid:84428066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564965)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/operationsetting/dao/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564965/; classtype:trojan-activity;sid:84428065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564964)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564964/; classtype:trojan-activity;sid:84428064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564960)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/info.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564960/; classtype:trojan-activity;sid:84428060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564961)"; flow:established,from_client; content:"GET"; http_method; content:"/aspnet_client/system_web/info.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564961/; classtype:trojan-activity;sid:84428061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564958)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/ckwss/datawrite/dto/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564958/; classtype:trojan-activity;sid:84428058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564957)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/dataquery/action/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564957/; classtype:trojan-activity;sid:84428057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564956)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/conf/catalina/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564956/; classtype:trojan-activity;sid:84428056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564953)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/zbzlwss/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564953/; classtype:trojan-activity;sid:84428053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564948)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/vehiclereview/service/impl/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564948/; classtype:trojan-activity;sid:84428048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564949)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564949/; classtype:trojan-activity;sid:84428049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564944)"; flow:established,from_client; content:"GET"; http_method; content:"/2345downloads/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564944/; classtype:trojan-activity;sid:84428044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564937)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/lib/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564937/; classtype:trojan-activity;sid:84428037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564938)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564938/; classtype:trojan-activity;sid:84428038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564939)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/pub/service/impl/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564939/; classtype:trojan-activity;sid:84428039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564940)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/record/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564940/; classtype:trojan-activity;sid:84428040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564935)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/base/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564935/; classtype:trojan-activity;sid:84428035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564936)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/jurisdict/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564936/; classtype:trojan-activity;sid:84428036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564931)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/dataquery/mgr/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564931/; classtype:trojan-activity;sid:84428031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564927)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/nvrsetting/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564927/; classtype:trojan-activity;sid:84428027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564925)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/static/css1/_notes/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564925/; classtype:trojan-activity;sid:84428025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564926)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/com/vkl/ckts_pc/rgsy/system/info.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564926/; classtype:trojan-activity;sid:84428026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564924)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/org/apache/jsp/web_002dinf/com/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564924/; classtype:trojan-activity;sid:84428024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564920)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/base/dto/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564920/; classtype:trojan-activity;sid:84428020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564908)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/checksetting/web/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564908/; classtype:trojan-activity;sid:84428008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564909)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/info.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564909/; classtype:trojan-activity;sid:84428009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564906)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/lib/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564906/; classtype:trojan-activity;sid:84428006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564903)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/base/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564903/; classtype:trojan-activity;sid:84428003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564902)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/unusual/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564902/; classtype:trojan-activity;sid:84428002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564900)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/vehiclereview/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564900/; classtype:trojan-activity;sid:84428000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564899)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/com/vkl/ckts_pc/pub/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564899/; classtype:trojan-activity;sid:84427999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564898)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/org/apache/jsp/info.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564898/; classtype:trojan-activity;sid:84427998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564895)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/cyzpdytemp/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564895/; classtype:trojan-activity;sid:84427995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564896)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/systemset/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564896/; classtype:trojan-activity;sid:84427996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564893)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/viewwss/info.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564893/; classtype:trojan-activity;sid:84427993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564894)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/wss/util/info.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564894/; classtype:trojan-activity;sid:84427994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564892)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/base/wss/util/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564892/; classtype:trojan-activity;sid:84427992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564888)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pda/module/utils/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564888/; classtype:trojan-activity;sid:84427988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564889)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/wss/util/nvr/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564889/; classtype:trojan-activity;sid:84427989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564882)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/dataquery/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564882/; classtype:trojan-activity;sid:84427982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564883)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/com/vkl/ckts_pc/cksy/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564883/; classtype:trojan-activity;sid:84427983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564881)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/vkl/pcwss/module/sysparam/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564881/; classtype:trojan-activity;sid:84427981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564878)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/bin/tomcat8.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564878/; classtype:trojan-activity;sid:84427978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564876)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564876/; classtype:trojan-activity;sid:84427976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564874)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/wss/info.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564874/; classtype:trojan-activity;sid:84427974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564871)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/record/dao/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564871/; classtype:trojan-activity;sid:84427971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564866)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/chkptwss/dao/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564866/; classtype:trojan-activity;sid:84427966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564861)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/pdawss/action/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564861/; classtype:trojan-activity;sid:84427961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564862)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/info.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564862/; classtype:trojan-activity;sid:84427962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564863)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/viewwss/dto/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564863/; classtype:trojan-activity;sid:84427963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564858)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/cksy/vehicleinformation/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564858/; classtype:trojan-activity;sid:84427958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564859)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/logs/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564859/; classtype:trojan-activity;sid:84427959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564855)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/spotcheck/entity/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564855/; classtype:trojan-activity;sid:84427955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564852)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/log/entity/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564852/; classtype:trojan-activity;sid:84427952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564850)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/vehicleinformation/info.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564850/; classtype:trojan-activity;sid:84427950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564849)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/gbrwrite/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564849/; classtype:trojan-activity;sid:84427949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564847)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/base/utils/excel/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564847/; classtype:trojan-activity;sid:84427947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564845)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/vehiclereview/service/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564845/; classtype:trojan-activity;sid:84427945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564844)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/wss/szclient/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564844/; classtype:trojan-activity;sid:84427944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564838)"; flow:established,from_client; content:"GET"; http_method; content:"/futai/info.zip"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564838/; classtype:trojan-activity;sid:84427938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564839)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/org/apache/jsp/web_002dinf/com/vkl/ckts_005fpc/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564839/; classtype:trojan-activity;sid:84427939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564832)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/servacpt/service/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564832/; classtype:trojan-activity;sid:84427932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564819)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/checksetting/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564819/; classtype:trojan-activity;sid:84427919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564820)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/chkptwss/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564820/; classtype:trojan-activity;sid:84427920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564821)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/gbrwrite/dto/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564821/; classtype:trojan-activity;sid:84427921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564822)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/videosetting/service/impl/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564822/; classtype:trojan-activity;sid:84427922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564823)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564823/; classtype:trojan-activity;sid:84427923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564809)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/jurisdict/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564809/; classtype:trojan-activity;sid:84427909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564810)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/set/service/info.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564810/; classtype:trojan-activity;sid:84427910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564812)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pda/module/utils/exception/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564812/; classtype:trojan-activity;sid:84427912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564807)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/hdk/hcnetsdkcom/info.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564807/; classtype:trojan-activity;sid:84427907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564808)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564808/; classtype:trojan-activity;sid:84427908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564804)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/base/dao/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564804/; classtype:trojan-activity;sid:84427904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564801)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/chkptwss/mgr/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564801/; classtype:trojan-activity;sid:84427901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564800)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564800/; classtype:trojan-activity;sid:84427900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564799)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/pub/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564799/; classtype:trojan-activity;sid:84427899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564797)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/cksy/info.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564797/; classtype:trojan-activity;sid:84427897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564796)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564796/; classtype:trojan-activity;sid:84427896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564794)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/org/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564794/; classtype:trojan-activity;sid:84427894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564793)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564793/; classtype:trojan-activity;sid:84427893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564791)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/hdk/hcnetsdkcom/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564791/; classtype:trojan-activity;sid:84427891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564787)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/info.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564787/; classtype:trojan-activity;sid:84427887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564785)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/org/apache/jsp/web_002dinf/com/vkl/ckts_005fpc/pub/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564785/; classtype:trojan-activity;sid:84427885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564783)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/pub/service/info.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564783/; classtype:trojan-activity;sid:84427883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564784)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/viewwss/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564784/; classtype:trojan-activity;sid:84427884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564781)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/vkl/pcwss/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564781/; classtype:trojan-activity;sid:84427881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564782)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/static/js/info.zip"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564782/; classtype:trojan-activity;sid:84427882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564780)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/com/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564780/; classtype:trojan-activity;sid:84427880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564778)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/count/web/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564778/; classtype:trojan-activity;sid:84427878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564777)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/vkl/pcwss/module/base/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564777/; classtype:trojan-activity;sid:84427877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564776)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pda/module/dto/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564776/; classtype:trojan-activity;sid:84427876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564769)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/servacpt/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564769/; classtype:trojan-activity;sid:84427869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564770)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/meta-inf/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564770/; classtype:trojan-activity;sid:84427870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564771)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/base/wss/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564771/; classtype:trojan-activity;sid:84427871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564766)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/root/org/apache/jsp/info.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564766/; classtype:trojan-activity;sid:84427866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564761)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pda/module/utils/nvr/info.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564761/; classtype:trojan-activity;sid:84427861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564760)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/photosetting/web/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564760/; classtype:trojan-activity;sid:84427860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564755)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/meta-inf/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564755/; classtype:trojan-activity;sid:84427855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564756)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/photosetting/service/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564756/; classtype:trojan-activity;sid:84427856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564757)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/conf/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564757/; classtype:trojan-activity;sid:84427857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564753)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pda/module/mgr/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564753/; classtype:trojan-activity;sid:84427853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564752)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/gbrwrite/action/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564752/; classtype:trojan-activity;sid:84427852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564749)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/visitwss/dao/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564749/; classtype:trojan-activity;sid:84427849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564748)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/sysparam/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564748/; classtype:trojan-activity;sid:84427848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564747)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/ckwss/dataquery/dto/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564747/; classtype:trojan-activity;sid:84427847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564746)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/static/css/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564746/; classtype:trojan-activity;sid:84427846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564743)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/viewwss/mgr/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564743/; classtype:trojan-activity;sid:84427843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564739)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/record/service/impl/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564739/; classtype:trojan-activity;sid:84427839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564740)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/chkptwss/dto/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564740/; classtype:trojan-activity;sid:84427840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564737)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/gbrwss/action/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564737/; classtype:trojan-activity;sid:84427837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564734)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/datawrite/exception/info.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564734/; classtype:trojan-activity;sid:84427834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564735)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/org/apache/jsp/web_002dinf/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564735/; classtype:trojan-activity;sid:84427835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564736)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/unusual/dao/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564736/; classtype:trojan-activity;sid:84427836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564731)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/static/images/info.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564731/; classtype:trojan-activity;sid:84427831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564726)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/download/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564726/; classtype:trojan-activity;sid:84427826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564724)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564724/; classtype:trojan-activity;sid:84427824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564725)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/hdk/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564725/; classtype:trojan-activity;sid:84427825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564720)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/vehicleinformation/controller/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564720/; classtype:trojan-activity;sid:84427820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564717)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/sysparam/dto/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564717/; classtype:trojan-activity;sid:84427817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564718)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564718/; classtype:trojan-activity;sid:84427818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564715)"; flow:established,from_client; content:"GET"; http_method; content:"/xinheyuan/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564715/; classtype:trojan-activity;sid:84427815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564713)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/datawrite/dao/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564713/; classtype:trojan-activity;sid:84427813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564711)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/spotcheck/dao/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564711/; classtype:trojan-activity;sid:84427811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564706)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/sysparam/mgr/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564706/; classtype:trojan-activity;sid:84427806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564703)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564703/; classtype:trojan-activity;sid:84427803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564704)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/spotcheck/service/impl/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564704/; classtype:trojan-activity;sid:84427804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564700)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/pdawss/mgr/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564700/; classtype:trojan-activity;sid:84427800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564697)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/dataquery/dao/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564697/; classtype:trojan-activity;sid:84427797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564693)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/spotcheck/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564693/; classtype:trojan-activity;sid:84427793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564694)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/static/images/icons/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564694/; classtype:trojan-activity;sid:84427794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564685)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/hdk/info.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564685/; classtype:trojan-activity;sid:84427785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564686)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564686/; classtype:trojan-activity;sid:84427786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564687)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/record/service/info.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564687/; classtype:trojan-activity;sid:84427787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564681)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/datawrite/mgr/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564681/; classtype:trojan-activity;sid:84427781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564682)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/datawrite/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564682/; classtype:trojan-activity;sid:84427782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564675)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/lib/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564675/; classtype:trojan-activity;sid:84427775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564674)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/videosetting/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564674/; classtype:trojan-activity;sid:84427774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564673)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/bin/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564673/; classtype:trojan-activity;sid:84427773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564672)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/pdauser/dao/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564672/; classtype:trojan-activity;sid:84427772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564671)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/videosetting/entity/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564671/; classtype:trojan-activity;sid:84427771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564669)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/info.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564669/; classtype:trojan-activity;sid:84427769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564670)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/jurisdict/service/impl/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564670/; classtype:trojan-activity;sid:84427770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564666)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/base/utils/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564666/; classtype:trojan-activity;sid:84427766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564667)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/gbrwrite/dao/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564667/; classtype:trojan-activity;sid:84427767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564665)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/sysparam/dao/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564665/; classtype:trojan-activity;sid:84427765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564659)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/photosetting/service/impl/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564659/; classtype:trojan-activity;sid:84427759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564660)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/spotckeck/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564660/; classtype:trojan-activity;sid:84427760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564653)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/photosetting/entity/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564653/; classtype:trojan-activity;sid:84427753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564654)"; flow:established,from_client; content:"GET"; http_method; content:"/hengsheng/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564654/; classtype:trojan-activity;sid:84427754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564655)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/info.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564655/; classtype:trojan-activity;sid:84427755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564648)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/vehicleinformation/service/impl/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564648/; classtype:trojan-activity;sid:84427748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564644)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/pdauser/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564644/; classtype:trojan-activity;sid:84427744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564640)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/ckwss/base/dto/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564640/; classtype:trojan-activity;sid:84427740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564641)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/servacpt/dao/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564641/; classtype:trojan-activity;sid:84427741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564636)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/pub/dto/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564636/; classtype:trojan-activity;sid:84427736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564638)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/base/dao/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564638/; classtype:trojan-activity;sid:84427738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564633)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/visitwss/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564633/; classtype:trojan-activity;sid:84427733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564634)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/base/service/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564634/; classtype:trojan-activity;sid:84427734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564635)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564635/; classtype:trojan-activity;sid:84427735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564630)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/operationsetting/entity/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564630/; classtype:trojan-activity;sid:84427730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564629)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/dept/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564629/; classtype:trojan-activity;sid:84427729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564620)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564620/; classtype:trojan-activity;sid:84427720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564621)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/unusual/service/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564621/; classtype:trojan-activity;sid:84427721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564616)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/log/web/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564616/; classtype:trojan-activity;sid:84427716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564611)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/dept/web/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564611/; classtype:trojan-activity;sid:84427711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564599)"; flow:established,from_client; content:"GET"; http_method; content:"/guirui/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564599/; classtype:trojan-activity;sid:84427699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564600)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/info.zip"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564600/; classtype:trojan-activity;sid:84427700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564601)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/operationsetting/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564601/; classtype:trojan-activity;sid:84427701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564602)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/sysparam/action/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564602/; classtype:trojan-activity;sid:84427702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564603)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/datawrite/action/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564603/; classtype:trojan-activity;sid:84427703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564597)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/zbzlwss/dao/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564597/; classtype:trojan-activity;sid:84427697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564598)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/gbrwss/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564598/; classtype:trojan-activity;sid:84427698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564594)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564594/; classtype:trojan-activity;sid:84427694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564595)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/info.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564595/; classtype:trojan-activity;sid:84427695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564596)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/nvrsetting/service/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564596/; classtype:trojan-activity;sid:84427696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564593)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/base/utils/excel/annotation/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564593/; classtype:trojan-activity;sid:84427693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564592)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/set/service/impl/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564592/; classtype:trojan-activity;sid:84427692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564589)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/base/utils/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564589/; classtype:trojan-activity;sid:84427689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564590)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/vehiclereview/dao/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564590/; classtype:trojan-activity;sid:84427690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564583)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/operationsetting/service/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564583/; classtype:trojan-activity;sid:84427683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564584)"; flow:established,from_client; content:"GET"; http_method; content:"/%e6%96%b0%e6%96%87%e4%bb%b6%e5%a4%b9%20(2)/info.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564584/; classtype:trojan-activity;sid:84427684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564585)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/info.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564585/; classtype:trojan-activity;sid:84427685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564581)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/checksetting/service/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564581/; classtype:trojan-activity;sid:84427681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564578)"; flow:established,from_client; content:"GET"; http_method; content:"/haohua/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564578/; classtype:trojan-activity;sid:84427678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564577)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/ckwss/base/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564577/; classtype:trojan-activity;sid:84427677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564576)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/count/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564576/; classtype:trojan-activity;sid:84427676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564574)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/checksetting/dao/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564574/; classtype:trojan-activity;sid:84427674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564575)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/info.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564575/; classtype:trojan-activity;sid:84427675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564569)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pda/module/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564569/; classtype:trojan-activity;sid:84427669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564568)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/operationsetting/service/impl/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564568/; classtype:trojan-activity;sid:84427668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564566)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/org/apache/jsp/web_002dinf/com/vkl/ckts_005fpc/rgsy/system/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564566/; classtype:trojan-activity;sid:84427666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564565)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/vkl/pcwss/module/chkpt/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564565/; classtype:trojan-activity;sid:84427665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564563)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/pub/info.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564563/; classtype:trojan-activity;sid:84427663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564561)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/vehiclereview/controller/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564561/; classtype:trojan-activity;sid:84427661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564562)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/info.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564562/; classtype:trojan-activity;sid:84427662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564559)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/record/entity/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564559/; classtype:trojan-activity;sid:84427659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564554)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/lib/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564554/; classtype:trojan-activity;sid:84427654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564542)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/root/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564542/; classtype:trojan-activity;sid:84427642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564543)"; flow:established,from_client; content:"GET"; http_method; content:"/kaifa/info.zip"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564543/; classtype:trojan-activity;sid:84427643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564544)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/dataquery/dto/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564544/; classtype:trojan-activity;sid:84427644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564545)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/org/apache/jsp/web_002dinf/com/vkl/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564545/; classtype:trojan-activity;sid:84427645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564539)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/record/info.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564539/; classtype:trojan-activity;sid:84427639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564540)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/vkl/pcwss/module/viewws/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564540/; classtype:trojan-activity;sid:84427640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564541)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/pdawss/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564541/; classtype:trojan-activity;sid:84427641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564538)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/record/web/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564538/; classtype:trojan-activity;sid:84427638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564534)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564534/; classtype:trojan-activity;sid:84427634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564535)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/vkl/pcwss/module/ckwss/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564535/; classtype:trojan-activity;sid:84427635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564536)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/zbzlwss/action/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564536/; classtype:trojan-activity;sid:84427636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564537)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/info.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564537/; classtype:trojan-activity;sid:84427637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564527)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564527/; classtype:trojan-activity;sid:84427627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564528)"; flow:established,from_client; content:"GET"; http_method; content:"/aspnet_client/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564528/; classtype:trojan-activity;sid:84427628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564529)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/pub/web/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564529/; classtype:trojan-activity;sid:84427629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564526)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/temp/poifiles/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564526/; classtype:trojan-activity;sid:84427626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564522)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/report/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564522/; classtype:trojan-activity;sid:84427622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564521)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/pub/dao/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564521/; classtype:trojan-activity;sid:84427621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564519)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/visitwss/dto/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564519/; classtype:trojan-activity;sid:84427619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564518)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/servacpt/entity/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564518/; classtype:trojan-activity;sid:84427618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564515)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/info.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564515/; classtype:trojan-activity;sid:84427615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564514)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/wss/action/info.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564514/; classtype:trojan-activity;sid:84427614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564509)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/photosetting/dao/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564509/; classtype:trojan-activity;sid:84427609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564500)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564500/; classtype:trojan-activity;sid:84427600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564502)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/gbrwss/dao/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564502/; classtype:trojan-activity;sid:84427602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564498)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/dept/service/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564498/; classtype:trojan-activity;sid:84427598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564499)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/dept/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564499/; classtype:trojan-activity;sid:84427599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564497)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/photosetting/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564497/; classtype:trojan-activity;sid:84427597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563547)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/dist/fonts/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563547/; classtype:trojan-activity;sid:84426647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563546)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/conn/img001.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563546/; classtype:trojan-activity;sid:84426646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563543)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/img001.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563543/; classtype:trojan-activity;sid:84426643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563544)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/dist/img001.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563544/; classtype:trojan-activity;sid:84426644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563545)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/dist/css/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563545/; classtype:trojan-activity;sid:84426645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563540)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/dist/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563540/; classtype:trojan-activity;sid:84426640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563541)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/conn/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563541/; classtype:trojan-activity;sid:84426641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563542)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/css/info.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563542/; classtype:trojan-activity;sid:84426642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563535)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/dist/fonts/img001.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563535/; classtype:trojan-activity;sid:84426635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563536)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/dist/css/img001.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563536/; classtype:trojan-activity;sid:84426636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563539)"; flow:established,from_client; content:"GET"; http_method; content:"/aspjpeg_setup%e5%9b%be%e7%89%87%e5%a4%84%e7%90%86%e7%bb%84%e4%bb%b6/img001.exe"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563539/; classtype:trojan-activity;sid:84426639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563533)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/css/img001.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563533/; classtype:trojan-activity;sid:84426633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563454)"; flow:established,from_client; content:"GET"; http_method; content:"/ngrok.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.201.174.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563454/; classtype:trojan-activity;sid:84426554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563449)"; flow:established,from_client; content:"GET"; http_method; content:"/evil.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"150.158.33.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563449/; classtype:trojan-activity;sid:84426549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563446)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"123.206.214.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563446/; classtype:trojan-activity;sid:84426546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563444)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.136.88.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563444/; classtype:trojan-activity;sid:84426544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563445)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.33.243.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563445/; classtype:trojan-activity;sid:84426545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563441)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"175.178.174.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563441/; classtype:trojan-activity;sid:84426541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563442)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"175.178.174.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563442/; classtype:trojan-activity;sid:84426542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563443)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.136.94.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563443/; classtype:trojan-activity;sid:84426543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563434)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.53.72.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563434/; classtype:trojan-activity;sid:84426534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563435)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.136.51.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563435/; classtype:trojan-activity;sid:84426535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563437)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"106.53.72.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563437/; classtype:trojan-activity;sid:84426537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563438)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"175.178.251.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563438/; classtype:trojan-activity;sid:84426538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563439)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"175.24.81.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563439/; classtype:trojan-activity;sid:84426539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563440)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.220.78.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563440/; classtype:trojan-activity;sid:84426540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563432)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"42.193.115.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563432/; classtype:trojan-activity;sid:84426532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563433)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"123.207.73.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563433/; classtype:trojan-activity;sid:84426533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563431)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"82.157.148.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563431/; classtype:trojan-activity;sid:84426531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563430)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"82.157.200.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563430/; classtype:trojan-activity;sid:84426530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563429)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"175.24.81.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563429/; classtype:trojan-activity;sid:84426529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563425)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"43.136.51.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563425/; classtype:trojan-activity;sid:84426525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563426)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"123.207.73.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563426/; classtype:trojan-activity;sid:84426526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563427)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"175.178.251.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563427/; classtype:trojan-activity;sid:84426527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563416)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"124.220.78.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563416/; classtype:trojan-activity;sid:84426516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563417)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"101.33.243.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563417/; classtype:trojan-activity;sid:84426517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563418)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"42.193.115.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563418/; classtype:trojan-activity;sid:84426518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563419)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"82.157.148.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563419/; classtype:trojan-activity;sid:84426519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563420)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"123.206.214.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563420/; classtype:trojan-activity;sid:84426520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563421)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"43.136.94.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563421/; classtype:trojan-activity;sid:84426521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563422)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"82.157.200.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563422/; classtype:trojan-activity;sid:84426522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563424)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"43.136.88.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563424/; classtype:trojan-activity;sid:84426524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563412)"; flow:established,from_client; content:"GET"; http_method; content:"/ios.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"111.229.234.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563412/; classtype:trojan-activity;sid:84426512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563413)"; flow:established,from_client; content:"GET"; http_method; content:"/android.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"43.142.186.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563413/; classtype:trojan-activity;sid:84426513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563405)"; flow:established,from_client; content:"GET"; http_method; content:"/ios.lnk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"111.229.234.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563405/; classtype:trojan-activity;sid:84426505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563394)"; flow:established,from_client; content:"GET"; http_method; content:"/android.lnk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"43.142.186.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563394/; classtype:trojan-activity;sid:84426494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563388)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"114.132.86.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563388/; classtype:trojan-activity;sid:84426488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563387)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"49.233.189.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563387/; classtype:trojan-activity;sid:84426487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563385)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.139.88.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563385/; classtype:trojan-activity;sid:84426485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563386)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.138.242.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563386/; classtype:trojan-activity;sid:84426486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563384)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.55.134.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563384/; classtype:trojan-activity;sid:84426484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563383)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.136.28.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563383/; classtype:trojan-activity;sid:84426483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563382)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.138.163.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563382/; classtype:trojan-activity;sid:84426482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563381)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"124.223.73.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563381/; classtype:trojan-activity;sid:84426481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563379)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"114.132.185.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563379/; classtype:trojan-activity;sid:84426479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563376)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"129.211.27.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563376/; classtype:trojan-activity;sid:84426476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563378)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"124.220.93.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563378/; classtype:trojan-activity;sid:84426478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563374)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"42.194.199.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563374/; classtype:trojan-activity;sid:84426474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563375)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"118.89.84.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563375/; classtype:trojan-activity;sid:84426475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563372)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"43.138.242.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563372/; classtype:trojan-activity;sid:84426472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563373)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"114.132.86.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563373/; classtype:trojan-activity;sid:84426473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563369)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"49.233.172.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563369/; classtype:trojan-activity;sid:84426469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563370)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"129.204.226.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563370/; classtype:trojan-activity;sid:84426470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563371)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"106.52.165.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563371/; classtype:trojan-activity;sid:84426471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563362)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"43.139.88.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563362/; classtype:trojan-activity;sid:84426462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563363)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"49.233.172.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563363/; classtype:trojan-activity;sid:84426463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563364)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"119.91.58.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563364/; classtype:trojan-activity;sid:84426464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563358)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"119.29.5.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563358/; classtype:trojan-activity;sid:84426458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563360)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.52.183.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563360/; classtype:trojan-activity;sid:84426460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563355)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"49.232.194.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563355/; classtype:trojan-activity;sid:84426455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563357)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"129.211.27.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563357/; classtype:trojan-activity;sid:84426457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563354)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"119.91.199.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563354/; classtype:trojan-activity;sid:84426454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563351)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.220.93.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563351/; classtype:trojan-activity;sid:84426451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563346)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"110.40.187.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563346/; classtype:trojan-activity;sid:84426446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563349)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"81.69.185.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563349/; classtype:trojan-activity;sid:84426449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563344)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"49.232.194.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563344/; classtype:trojan-activity;sid:84426444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563343)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"81.69.185.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563343/; classtype:trojan-activity;sid:84426443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563340)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"49.232.134.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563340/; classtype:trojan-activity;sid:84426440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563342)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"129.204.226.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563342/; classtype:trojan-activity;sid:84426442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563338)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"211.159.155.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563338/; classtype:trojan-activity;sid:84426438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563339)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"140.143.190.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563339/; classtype:trojan-activity;sid:84426439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563337)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"110.40.187.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563337/; classtype:trojan-activity;sid:84426437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563336)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"106.55.134.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563336/; classtype:trojan-activity;sid:84426436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563334)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"114.132.185.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563334/; classtype:trojan-activity;sid:84426434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563329)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"119.91.199.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563329/; classtype:trojan-activity;sid:84426429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563320)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"119.91.58.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563320/; classtype:trojan-activity;sid:84426420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563321)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"43.136.28.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563321/; classtype:trojan-activity;sid:84426421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563322)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"211.159.155.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563322/; classtype:trojan-activity;sid:84426422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563323)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"106.52.183.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563323/; classtype:trojan-activity;sid:84426423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563324)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"119.29.5.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563324/; classtype:trojan-activity;sid:84426424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563326)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"175.178.112.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563326/; classtype:trojan-activity;sid:84426426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563315)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"49.233.189.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563315/; classtype:trojan-activity;sid:84426415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563316)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"49.232.134.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563316/; classtype:trojan-activity;sid:84426416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563317)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"140.143.190.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563317/; classtype:trojan-activity;sid:84426417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563318)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"118.89.84.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563318/; classtype:trojan-activity;sid:84426418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563080)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/testlnk1.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"94.159.99.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563080/; classtype:trojan-activity;sid:84426180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563068)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.200.149.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563068/; classtype:trojan-activity;sid:84426168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562926)"; flow:established,from_client; content:"GET"; http_method; content:"/mar10/wsgidav/archive/refs/heads/master.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3562926/; classtype:trojan-activity;sid:84426026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562803)"; flow:established,from_client; content:"GET"; http_method; content:"/mlwr/mlav-linux-elf"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"161.132.50.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562803/; classtype:trojan-activity;sid:84425903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562785)"; flow:established,from_client; content:"GET"; http_method; content:"/mlwr/mlav-ms-exe.exe.000"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"161.132.50.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562785/; classtype:trojan-activity;sid:84425885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562786)"; flow:established,from_client; content:"GET"; http_method; content:"/mlwr/mlav-ms-doc.doc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"161.132.50.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562786/; classtype:trojan-activity;sid:84425886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562789)"; flow:established,from_client; content:"GET"; http_method; content:"/mlwr/mlav-ms-excel.xls"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"161.132.50.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562789/; classtype:trojan-activity;sid:84425889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562778)"; flow:established,from_client; content:"GET"; http_method; content:"/dangerous/flame/msglu32.ocx"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"172.236.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562778/; classtype:trojan-activity;sid:84425878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562768)"; flow:established,from_client; content:"GET"; http_method; content:"/dangerous/energizertrojan-malware.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"172.236.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562768/; classtype:trojan-activity;sid:84425868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562769)"; flow:established,from_client; content:"GET"; http_method; content:"/dangerous/flame/advnetcfg.ocx"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"172.236.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562769/; classtype:trojan-activity;sid:84425869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562770)"; flow:established,from_client; content:"GET"; http_method; content:"/malware/icecast2_2.0.0_vulnerable.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"172.236.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562770/; classtype:trojan-activity;sid:84425870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562771)"; flow:established,from_client; content:"GET"; http_method; content:"/dangerous/flame/mssecmgr.ocx"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"172.236.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562771/; classtype:trojan-activity;sid:84425871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562772)"; flow:established,from_client; content:"GET"; http_method; content:"/dangerous/dnsmasq-2.73rc7.tar.gz"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"172.236.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562772/; classtype:trojan-activity;sid:84425872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562774)"; flow:established,from_client; content:"GET"; http_method; content:"/dangerous/flame/boot32drv.sys"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"172.236.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562774/; classtype:trojan-activity;sid:84425874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562775)"; flow:established,from_client; content:"GET"; http_method; content:"/malware/energizertrojan-malware.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"172.236.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562775/; classtype:trojan-activity;sid:84425875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562766)"; flow:established,from_client; content:"GET"; http_method; content:"/dangerous/flame/nteps32.ocx"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"172.236.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562766/; classtype:trojan-activity;sid:84425866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562767)"; flow:established,from_client; content:"GET"; http_method; content:"/malware/dnsmasq-2.73rc7.tar.gz"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"172.236.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562767/; classtype:trojan-activity;sid:84425867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562765)"; flow:established,from_client; content:"GET"; http_method; content:"/dangerous/icecast2_2.0.0_vulnerable.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"172.236.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562765/; classtype:trojan-activity;sid:84425865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562763)"; flow:established,from_client; content:"GET"; http_method; content:"/dangerous/flame/ccalc32.sys"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"172.236.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562763/; classtype:trojan-activity;sid:84425863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562760)"; flow:established,from_client; content:"GET"; http_method; content:"/evil.apk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"130.61.242.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562760/; classtype:trojan-activity;sid:84425860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562759)"; flow:established,from_client; content:"GET"; http_method; content:"/evilflashlight.apk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"130.61.242.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562759/; classtype:trojan-activity;sid:84425859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562757)"; flow:established,from_client; content:"GET"; http_method; content:"/tcp_linux_amd64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"101.43.49.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562757/; classtype:trojan-activity;sid:84425857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562758)"; flow:established,from_client; content:"GET"; http_method; content:"/cve-2020-15972/tear-down.js"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"119.28.140.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562758/; classtype:trojan-activity;sid:84425858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562752)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"119.45.29.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562752/; classtype:trojan-activity;sid:84425852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562747)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.109.48.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562747/; classtype:trojan-activity;sid:84425847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562709)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.83.229.165"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562709/; classtype:trojan-activity;sid:84425809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562711)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.167.219.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562711/; classtype:trojan-activity;sid:84425811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562674)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.28.31.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562674/; classtype:trojan-activity;sid:84425774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562678)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.116.56.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562678/; classtype:trojan-activity;sid:84425778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562662)"; flow:established,from_client; content:"GET"; http_method; content:"/botx.arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.247.226.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562662/; classtype:trojan-activity;sid:84425762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562661)"; flow:established,from_client; content:"GET"; http_method; content:"/botx.arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.247.226.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562661/; classtype:trojan-activity;sid:84425761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562600)"; flow:established,from_client; content:"GET"; http_method; content:"/zusyaku/malware-collection-part-2/refs/heads/main/666/666.exe"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562600/; classtype:trojan-activity;sid:84425700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562599)"; flow:established,from_client; content:"GET"; http_method; content:"/wp.bat"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"92.127.156.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562599/; classtype:trojan-activity;sid:84425699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562593)"; flow:established,from_client; content:"GET"; http_method; content:"/platinum.mp4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.modernitgen.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562593/; classtype:trojan-activity;sid:84425693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562404)"; flow:established,from_client; content:"GET"; http_method; content:"/live.lnk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.116.190.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562404/; classtype:trojan-activity;sid:84425504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562403)"; flow:established,from_client; content:"GET"; http_method; content:"/uat.lnk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.116.190.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562403/; classtype:trojan-activity;sid:84425503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562166)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.237.122.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_14; reference:url, urlhaus.abuse.ch/url/3562166/; classtype:trojan-activity;sid:84425266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561991)"; flow:established,from_client; content:"GET"; http_method; content:"/wyverntkc/cpuminer-gr-avx2/releases/download/1.2.4.1/cpuminer-gr-1.2.4.1-x86_64_windows.7z"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_14; reference:url, urlhaus.abuse.ch/url/3561991/; classtype:trojan-activity;sid:84425091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561989)"; flow:established,from_client; content:"GET"; http_method; content:"/wyverntkc/cpuminer-gr-avx2/archive/refs/tags/1.2.4.1.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_14; reference:url, urlhaus.abuse.ch/url/3561989/; classtype:trojan-activity;sid:84425089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561990)"; flow:established,from_client; content:"GET"; http_method; content:"/wyverntkc/cpuminer-gr-avx2/archive/refs/tags/1.2.4.1.tar.gz"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_14; reference:url, urlhaus.abuse.ch/url/3561990/; classtype:trojan-activity;sid:84425090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561988)"; flow:established,from_client; content:"GET"; http_method; content:"/wyverntkc/cpuminer-gr-avx2/releases/download/1.2.4.1/cpuminer-gr-1.2.4.1-args-x86_64_linux.tar.gz"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_14; reference:url, urlhaus.abuse.ch/url/3561988/; classtype:trojan-activity;sid:84425088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561859)"; flow:established,from_client; content:"GET"; http_method; content:"/invc/xfspeed/qqpcmgr/module_update/fid1747308966_runqmhunt.exe.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"dlied6.bytes.tcdnos.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_06_13; reference:url, urlhaus.abuse.ch/url/3561859/; classtype:trojan-activity;sid:84424959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561858)"; flow:established,from_client; content:"GET"; http_method; content:"/invc/xfspeed/qqpcmgr/module_update/fid1747209335_runqmhunt.exe.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"dlied6.bytes.tcdnos.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_06_13; reference:url, urlhaus.abuse.ch/url/3561858/; classtype:trojan-activity;sid:84424958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561857)"; flow:established,from_client; content:"GET"; http_method; content:"/invc/xfspeed/qqpcmgr/module_update/fid1747732120_runqmhunt.exe.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"dlied6.bytes.tcdnos.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_06_13; reference:url, urlhaus.abuse.ch/url/3561857/; classtype:trojan-activity;sid:84424957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561856)"; flow:established,from_client; content:"GET"; http_method; content:"/invc/xfspeed/qqpcmgr/module_update/fid1747640975_runqmhunt.exe.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"dlied6.bytes.tcdnos.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_06_13; reference:url, urlhaus.abuse.ch/url/3561856/; classtype:trojan-activity;sid:84424956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561839)"; flow:established,from_client; content:"GET"; http_method; content:"/files/data/drss/drbw.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"124.223.105.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_13; reference:url, urlhaus.abuse.ch/url/3561839/; classtype:trojan-activity;sid:84424939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561730)"; flow:established,from_client; content:"GET"; http_method; content:"/mlwr/mlav-ms-doc.doc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"161.132.50.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_13; reference:url, urlhaus.abuse.ch/url/3561730/; classtype:trojan-activity;sid:84424830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561731)"; flow:established,from_client; content:"GET"; http_method; content:"/mlwr/mlav-ms-excel.xls"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"161.132.50.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_13; reference:url, urlhaus.abuse.ch/url/3561731/; classtype:trojan-activity;sid:84424831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561727)"; flow:established,from_client; content:"GET"; http_method; content:"/mlwr/mlav.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"161.132.50.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_13; reference:url, urlhaus.abuse.ch/url/3561727/; classtype:trojan-activity;sid:84424827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561729)"; flow:established,from_client; content:"GET"; http_method; content:"/mlwr/mlav-ms-exe.exe.000"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"161.132.50.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_13; reference:url, urlhaus.abuse.ch/url/3561729/; classtype:trojan-activity;sid:84424829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561267)"; flow:established,from_client; content:"GET"; http_method; content:"/b12c87cb-d08b-43f6-abbd-11e7f745c9c1/orderlist.js"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"ucarecdn.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_12; reference:url, urlhaus.abuse.ch/url/3561267/; classtype:trojan-activity;sid:84424367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561096)"; flow:established,from_client; content:"GET"; http_method; content:"/sun32.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"1.94.184.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_06_11; reference:url, urlhaus.abuse.ch/url/3561096/; classtype:trojan-activity;sid:84424196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561086)"; flow:established,from_client; content:"GET"; http_method; content:"/zbsm.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"1.94.184.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_06_11; reference:url, urlhaus.abuse.ch/url/3561086/; classtype:trojan-activity;sid:84424186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561082)"; flow:established,from_client; content:"GET"; http_method; content:"/1.jsp"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"1.94.184.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_06_11; reference:url, urlhaus.abuse.ch/url/3561082/; classtype:trojan-activity;sid:84424182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561083)"; flow:established,from_client; content:"GET"; http_method; content:"/poc.xml"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"1.94.184.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_06_11; reference:url, urlhaus.abuse.ch/url/3561083/; classtype:trojan-activity;sid:84424183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560938)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.88.234.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_11; reference:url, urlhaus.abuse.ch/url/3560938/; classtype:trojan-activity;sid:84424038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560607)"; flow:established,from_client; content:"GET"; http_method; content:"/kij.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_11; reference:url, urlhaus.abuse.ch/url/3560607/; classtype:trojan-activity;sid:84423707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560550)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig.tar.gz"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"14.103.234.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_11; reference:url, urlhaus.abuse.ch/url/3560550/; classtype:trojan-activity;sid:84423650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560546)"; flow:established,from_client; content:"GET"; http_method; content:"/setup_c3pool_miner.sh"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"14.103.234.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_11; reference:url, urlhaus.abuse.ch/url/3560546/; classtype:trojan-activity;sid:84423646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560462)"; flow:established,from_client; content:"GET"; http_method; content:"/setup/terminal.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"vip.3a9.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560462/; classtype:trojan-activity;sid:84423562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560463)"; flow:established,from_client; content:"GET"; http_method; content:"/website1/hue2/view.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"xemhang.vn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560463/; classtype:trojan-activity;sid:84423563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560460)"; flow:established,from_client; content:"GET"; http_method; content:"/yc.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560460/; classtype:trojan-activity;sid:84423560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560453)"; flow:established,from_client; content:"GET"; http_method; content:"/annym1/start/main/dnd.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560453/; classtype:trojan-activity;sid:84423553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560452)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/master/ransomware/annabelle.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560452/; classtype:trojan-activity;sid:84423552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560449)"; flow:established,from_client; content:"GET"; http_method; content:"/rzm-crack-team/redline-crack/main/redline-crack-by-rzt.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560449/; classtype:trojan-activity;sid:84423549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560445)"; flow:established,from_client; content:"GET"; http_method; content:"/barrigudinha157/barrigudinha/master/ydrag.dll"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560445/; classtype:trojan-activity;sid:84423545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560439)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/loic/master/loic.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560439/; classtype:trojan-activity;sid:84423539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560434)"; flow:established,from_client; content:"GET"; http_method; content:"/phantompeek/kematian/main/frontend-src/kematian_shellcode.ps1"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560434/; classtype:trojan-activity;sid:84423534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560418)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/master/ransomware/cryptowall.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560418/; classtype:trojan-activity;sid:84423518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560419)"; flow:established,from_client; content:"GET"; http_method; content:"/phantompeek/kematian/main/frontend-src/main.ps1"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560419/; classtype:trojan-activity;sid:84423519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560422)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/master/ransomware/cryptolocker.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560422/; classtype:trojan-activity;sid:84423522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560416)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/master/email-worm/prolin.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560416/; classtype:trojan-activity;sid:84423516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560412)"; flow:established,from_client; content:"GET"; http_method; content:"/phantompeek/kematian/main/frontend-src/main.bat"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560412/; classtype:trojan-activity;sid:84423512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560414)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/funbatchcode-malicousandnonmalicous/master/worm.bat"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560414/; classtype:trojan-activity;sid:84423514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560409)"; flow:established,from_client; content:"GET"; http_method; content:"/noccenter/noccenter/main/huong%20dan%20xu%20ly%20tai%20khoan%20mail%20noi%20bo.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560409/; classtype:trojan-activity;sid:84423509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560410)"; flow:established,from_client; content:"GET"; http_method; content:"/mentaliczz/bloxflip-op-predictor/main/bloxflip%20predictor.exe"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560410/; classtype:trojan-activity;sid:84423510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560392)"; flow:established,from_client; content:"GET"; http_method; content:"/exe/set-2%20firmware%204.01.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"cegelecinfo.fr"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560392/; classtype:trojan-activity;sid:84423492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560386)"; flow:established,from_client; content:"GET"; http_method; content:"/_private/me3_setup.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"me3.ne.jp"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560386/; classtype:trojan-activity;sid:84423486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560385)"; flow:established,from_client; content:"GET"; http_method; content:"/pc/pdfconvert/pdfconverter_p2w154-zx-666.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"download.pdf00.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560385/; classtype:trojan-activity;sid:84423485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560380)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rod_en_1.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.r-tt.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560380/; classtype:trojan-activity;sid:84423480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560381)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rmd_en_1.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.r-tt.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560381/; classtype:trojan-activity;sid:84423481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560383)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rxd_en_1.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.r-tt.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560383/; classtype:trojan-activity;sid:84423483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560378)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/bunglers/build.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"www.techgeeks.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560378/; classtype:trojan-activity;sid:84423478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560299)"; flow:established,from_client; content:"GET"; http_method; content:"/arm61"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"205.185.124.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560299/; classtype:trojan-activity;sid:84423399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560297)"; flow:established,from_client; content:"GET"; http_method; content:"/sex.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"205.185.124.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560297/; classtype:trojan-activity;sid:84423397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560209)"; flow:established,from_client; content:"GET"; http_method; content:"/cybertoxin/remcos-professional-cracked-by-alcatraz3222/raw/master/remcos%20professional%20cracked%20by%20alcatraz3222.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560209/; classtype:trojan-activity;sid:84423309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560099)"; flow:established,from_client; content:"GET"; http_method; content:"/update.vbs"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"181.206.158.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_09; reference:url, urlhaus.abuse.ch/url/3560099/; classtype:trojan-activity;sid:84423199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560098)"; flow:established,from_client; content:"GET"; http_method; content:"/copilotdriver.vbs"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"181.206.158.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_09; reference:url, urlhaus.abuse.ch/url/3560098/; classtype:trojan-activity;sid:84423198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560095)"; flow:established,from_client; content:"GET"; http_method; content:"/copilotdriver.vbs"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"181.206.158.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_09; reference:url, urlhaus.abuse.ch/url/3560095/; classtype:trojan-activity;sid:84423195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560081)"; flow:established,from_client; content:"GET"; http_method; content:"/actwindowsupdate.vbs"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"181.206.158.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_09; reference:url, urlhaus.abuse.ch/url/3560081/; classtype:trojan-activity;sid:84423181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560082)"; flow:established,from_client; content:"GET"; http_method; content:"/actwindowsupdate.vbs"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"181.206.158.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_09; reference:url, urlhaus.abuse.ch/url/3560082/; classtype:trojan-activity;sid:84423182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560034)"; flow:established,from_client; content:"GET"; http_method; content:"/586"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"205.185.124.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_09; reference:url, urlhaus.abuse.ch/url/3560034/; classtype:trojan-activity;sid:84423134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560035)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"205.185.124.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_09; reference:url, urlhaus.abuse.ch/url/3560035/; classtype:trojan-activity;sid:84423135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560036)"; flow:established,from_client; content:"GET"; http_method; content:"/dss"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"205.185.124.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_09; reference:url, urlhaus.abuse.ch/url/3560036/; classtype:trojan-activity;sid:84423136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560037)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"205.185.124.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_09; reference:url, urlhaus.abuse.ch/url/3560037/; classtype:trojan-activity;sid:84423137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560038)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"205.185.124.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_09; reference:url, urlhaus.abuse.ch/url/3560038/; classtype:trojan-activity;sid:84423138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560039)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"205.185.124.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_09; reference:url, urlhaus.abuse.ch/url/3560039/; classtype:trojan-activity;sid:84423139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560040)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"205.185.124.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_09; reference:url, urlhaus.abuse.ch/url/3560040/; classtype:trojan-activity;sid:84423140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560041)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"205.185.124.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_09; reference:url, urlhaus.abuse.ch/url/3560041/; classtype:trojan-activity;sid:84423141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560042)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"205.185.124.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_09; reference:url, urlhaus.abuse.ch/url/3560042/; classtype:trojan-activity;sid:84423142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560043)"; flow:established,from_client; content:"GET"; http_method; content:"/co"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"205.185.124.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_09; reference:url, urlhaus.abuse.ch/url/3560043/; classtype:trojan-activity;sid:84423143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559942)"; flow:established,from_client; content:"GET"; http_method; content:"/866.txt"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pub-1445de8c8aa84761aac5200e0036237d.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_06_09; reference:url, urlhaus.abuse.ch/url/3559942/; classtype:trojan-activity;sid:84423042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559895)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.213.237.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_09; reference:url, urlhaus.abuse.ch/url/3559895/; classtype:trojan-activity;sid:84422995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559345)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.213.237.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_08; reference:url, urlhaus.abuse.ch/url/3559345/; classtype:trojan-activity;sid:84422445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559327)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.115.254.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_08; reference:url, urlhaus.abuse.ch/url/3559327/; classtype:trojan-activity;sid:84422427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559309)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.164.18.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_08; reference:url, urlhaus.abuse.ch/url/3559309/; classtype:trojan-activity;sid:84422409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559217)"; flow:established,from_client; content:"GET"; http_method; content:"/public/update/bmw_v1.7.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"acc.jiangsujiaxue.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559217/; classtype:trojan-activity;sid:84422317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559216)"; flow:established,from_client; content:"GET"; http_method; content:"/classticket.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"class1004.dothome.co.kr"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559216/; classtype:trojan-activity;sid:84422316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559211)"; flow:established,from_client; content:"GET"; http_method; content:"/static/download/teleport-assist-windows.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"58.49.210.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559211/; classtype:trojan-activity;sid:84422311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559208)"; flow:established,from_client; content:"GET"; http_method; content:"/yx/dts/sqft/904576/yx_dts.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"d.14yaa.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559208/; classtype:trojan-activity;sid:84422308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559206)"; flow:established,from_client; content:"GET"; http_method; content:"/cmd/services.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"43.229.135.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559206/; classtype:trojan-activity;sid:84422306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559123)"; flow:established,from_client; content:"GET"; http_method; content:"/nps.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"118.219.11.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559123/; classtype:trojan-activity;sid:84422223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559116)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"185.196.8.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559116/; classtype:trojan-activity;sid:84422216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559040)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/keystone.dll"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559040/; classtype:trojan-activity;sid:84422140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559037)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/sgn.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559037/; classtype:trojan-activity;sid:84422137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559033)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/bsodlogicbomb.ps1"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559033/; classtype:trojan-activity;sid:84422133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559034)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/powersyringe.ps1"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559034/; classtype:trojan-activity;sid:84422134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559022)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/invoke-reflectivepeinjection.ps1"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559022/; classtype:trojan-activity;sid:84422122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559025)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/pe2shc.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559025/; classtype:trojan-activity;sid:84422125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559019)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/encrypted.enc"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559019/; classtype:trojan-activity;sid:84422119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559009)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/masquerade-peb.ps1"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559009/; classtype:trojan-activity;sid:84422109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559012)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/uacbstartup.ps1"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559012/; classtype:trojan-activity;sid:84422112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559014)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/invoke-shellcode-fixed.ps1"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559014/; classtype:trojan-activity;sid:84422114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559015)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/onedoesnotsimplybypassentirewindefender.ps1"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559015/; classtype:trojan-activity;sid:84422115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559005)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/migrate.rb"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559005/; classtype:trojan-activity;sid:84422105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559006)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/base64.rb"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559006/; classtype:trojan-activity;sid:84422106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558975)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/master/email-worm/bugsoft.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3558975/; classtype:trojan-activity;sid:84422075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558976)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/master/email-worm/brontok.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3558976/; classtype:trojan-activity;sid:84422076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558977)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/master/banking-malware/zloader.xlsm"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3558977/; classtype:trojan-activity;sid:84422077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558973)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/master/email-worm/anap.a.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3558973/; classtype:trojan-activity;sid:84422073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558974)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/master/email-worm/axam.a.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3558974/; classtype:trojan-activity;sid:84422074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558966)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/master/banking-malware/emotet.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3558966/; classtype:trojan-activity;sid:84422066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558969)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/rickware/master/rickroll.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3558969/; classtype:trojan-activity;sid:84422069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558659)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.115.236.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_05; reference:url, urlhaus.abuse.ch/url/3558659/; classtype:trojan-activity;sid:84421759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558646)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"152.32.251.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_05; reference:url, urlhaus.abuse.ch/url/3558646/; classtype:trojan-activity;sid:84421746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558624)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.236.65.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_05; reference:url, urlhaus.abuse.ch/url/3558624/; classtype:trojan-activity;sid:84421724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558632)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.156.10.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_05; reference:url, urlhaus.abuse.ch/url/3558632/; classtype:trojan-activity;sid:84421732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558634)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.73.64.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_05; reference:url, urlhaus.abuse.ch/url/3558634/; classtype:trojan-activity;sid:84421734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558602)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.26.97.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_05; reference:url, urlhaus.abuse.ch/url/3558602/; classtype:trojan-activity;sid:84421702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558501)"; flow:established,from_client; content:"GET"; http_method; content:"/g7_update.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"118.219.11.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_05; reference:url, urlhaus.abuse.ch/url/3558501/; classtype:trojan-activity;sid:84421601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558331)"; flow:established,from_client; content:"GET"; http_method; content:"/iluxa94/-3-/main/%d0%a4%d0%be%d1%80%d0%bc%d0%b0%203%d0%9e%d0%a8%d0%91%d0%a0.exe"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558331/; classtype:trojan-activity;sid:84421431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558302)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/amsibypass/main/newamsibypass.ps1"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558302/; classtype:trojan-activity;sid:84421402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558300)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/link-exe-test/main/matthew.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558300/; classtype:trojan-activity;sid:84421400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558295)"; flow:established,from_client; content:"GET"; http_method; content:"/lehila05/pdc/main/second.bin"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558295/; classtype:trojan-activity;sid:84421395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558290)"; flow:established,from_client; content:"GET"; http_method; content:"/lehila05/pdc/main/urbanvpn.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558290/; classtype:trojan-activity;sid:84421390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558291)"; flow:established,from_client; content:"GET"; http_method; content:"/lehila05/pdc/main/svhost.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558291/; classtype:trojan-activity;sid:84421391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558292)"; flow:established,from_client; content:"GET"; http_method; content:"/lehila05/pdc/main/second.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558292/; classtype:trojan-activity;sid:84421392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558289)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/invoke-nicelittlekittieobf/main/invoke-nicelittlekittieobf.ps1"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558289/; classtype:trojan-activity;sid:84421389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558285)"; flow:established,from_client; content:"GET"; http_method; content:"/lehila05/pdc/main/pvp.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558285/; classtype:trojan-activity;sid:84421385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558287)"; flow:established,from_client; content:"GET"; http_method; content:"/lehila05/pdc/main/darwin.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558287/; classtype:trojan-activity;sid:84421387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558280)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/rust-dropper/main/src/main.rs"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558280/; classtype:trojan-activity;sid:84421380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558271)"; flow:established,from_client; content:"GET"; http_method; content:"/c5hackr/phantom/main/phantom/bin/x64/release/phantom.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558271/; classtype:trojan-activity;sid:84421371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558266)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/invoke-shell/main/reverse.ps1"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558266/; classtype:trojan-activity;sid:84421366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558264)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/iso-file-testing/main/pleaserunme.iso"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558264/; classtype:trojan-activity;sid:84421364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558260)"; flow:established,from_client; content:"GET"; http_method; content:"/c5hackr/phantom/main/phantom/resources/uac64.dll"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558260/; classtype:trojan-activity;sid:84421360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558252)"; flow:established,from_client; content:"GET"; http_method; content:"/lehila05/pdc/main/payload.bin"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558252/; classtype:trojan-activity;sid:84421352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558247)"; flow:established,from_client; content:"GET"; http_method; content:"/lehila05/pdc/main/riende.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558247/; classtype:trojan-activity;sid:84421347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558249)"; flow:established,from_client; content:"GET"; http_method; content:"/c5hackr/phantom/main/phantom/resources/uac.dll"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558249/; classtype:trojan-activity;sid:84421349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558243)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/invoke-nicelittlekittie/main/invoke-nicelittlekittie.ps1"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558243/; classtype:trojan-activity;sid:84421343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558235)"; flow:established,from_client; content:"GET"; http_method; content:"/lehila05/pdc/main/payload_encrypted.bin"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558235/; classtype:trojan-activity;sid:84421335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558237)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/meter/main/meter5555.ps1"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558237/; classtype:trojan-activity;sid:84421337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558229)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/js-file-test/main/loader.js"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558229/; classtype:trojan-activity;sid:84421329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558230)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/rust-revshell/main/src/main.rs"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558230/; classtype:trojan-activity;sid:84421330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558120)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.239.251.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558120/; classtype:trojan-activity;sid:84421220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3556803)"; flow:established,from_client; content:"GET"; http_method; content:"/qcojt/logs.ldk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"classroomseven.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_06_03; reference:url, urlhaus.abuse.ch/url/3556803/; classtype:trojan-activity;sid:84419903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3556779)"; flow:established,from_client; content:"GET"; http_method; content:"/qcojt/logs.ldr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"classroomseven.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_06_03; reference:url, urlhaus.abuse.ch/url/3556779/; classtype:trojan-activity;sid:84419879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3556612)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"192.250.228.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_03; reference:url, urlhaus.abuse.ch/url/3556612/; classtype:trojan-activity;sid:84419712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3556322)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.13.136.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_02; reference:url, urlhaus.abuse.ch/url/3556322/; classtype:trojan-activity;sid:84419422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555900)"; flow:established,from_client; content:"GET"; http_method; content:"/plugin2.plg"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"xai830k.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_05_31; reference:url, urlhaus.abuse.ch/url/3555900/; classtype:trojan-activity;sid:84419000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555899)"; flow:established,from_client; content:"GET"; http_method; content:"/plugin3.plg"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"xai830k.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_05_31; reference:url, urlhaus.abuse.ch/url/3555899/; classtype:trojan-activity;sid:84418999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555898)"; flow:established,from_client; content:"GET"; http_method; content:"/plugin4.plg"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"xai830k.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_05_31; reference:url, urlhaus.abuse.ch/url/3555898/; classtype:trojan-activity;sid:84418998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555897)"; flow:established,from_client; content:"GET"; http_method; content:"/plugin1.plg"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"xai830k.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_05_31; reference:url, urlhaus.abuse.ch/url/3555897/; classtype:trojan-activity;sid:84418997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555773)"; flow:established,from_client; content:"GET"; http_method; content:"/kix.txt"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"1-engineer.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_31; reference:url, urlhaus.abuse.ch/url/3555773/; classtype:trojan-activity;sid:84418873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555717)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"39.107.85.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_30; reference:url, urlhaus.abuse.ch/url/3555717/; classtype:trojan-activity;sid:84418817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555694)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.202.153.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_30; reference:url, urlhaus.abuse.ch/url/3555694/; classtype:trojan-activity;sid:84418794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555478)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.127.119.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_30; reference:url, urlhaus.abuse.ch/url/3555478/; classtype:trojan-activity;sid:84418578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555470)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.30.208.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_30; reference:url, urlhaus.abuse.ch/url/3555470/; classtype:trojan-activity;sid:84418570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555397)"; flow:established,from_client; content:"GET"; http_method; content:"/tcp1000gbps.mips"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"192.250.228.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_29; reference:url, urlhaus.abuse.ch/url/3555397/; classtype:trojan-activity;sid:84418497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555395)"; flow:established,from_client; content:"GET"; http_method; content:"/tcp1000gbps.m68k"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"192.250.228.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_29; reference:url, urlhaus.abuse.ch/url/3555395/; classtype:trojan-activity;sid:84418495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555396)"; flow:established,from_client; content:"GET"; http_method; content:"/tcp1000gbps.mpsl"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"192.250.228.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_29; reference:url, urlhaus.abuse.ch/url/3555396/; classtype:trojan-activity;sid:84418496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555394)"; flow:established,from_client; content:"GET"; http_method; content:"/tcp1000gbps.arm4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"192.250.228.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_29; reference:url, urlhaus.abuse.ch/url/3555394/; classtype:trojan-activity;sid:84418494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555393)"; flow:established,from_client; content:"GET"; http_method; content:"/tcp1000gbps.arm6"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"192.250.228.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_29; reference:url, urlhaus.abuse.ch/url/3555393/; classtype:trojan-activity;sid:84418493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555392)"; flow:established,from_client; content:"GET"; http_method; content:"/tcp1000gbps.x86"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"192.250.228.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_29; reference:url, urlhaus.abuse.ch/url/3555392/; classtype:trojan-activity;sid:84418492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555391)"; flow:established,from_client; content:"GET"; http_method; content:"/tcp1000gbps.sh4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"192.250.228.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_29; reference:url, urlhaus.abuse.ch/url/3555391/; classtype:trojan-activity;sid:84418491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555390)"; flow:established,from_client; content:"GET"; http_method; content:"/tcp1000gbps.ppc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"192.250.228.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_29; reference:url, urlhaus.abuse.ch/url/3555390/; classtype:trojan-activity;sid:84418490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555389)"; flow:established,from_client; content:"GET"; http_method; content:"/tcp1000gbps.i586"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"192.250.228.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_29; reference:url, urlhaus.abuse.ch/url/3555389/; classtype:trojan-activity;sid:84418489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555388)"; flow:established,from_client; content:"GET"; http_method; content:"/tcp1000gbps.arm5"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"192.250.228.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_29; reference:url, urlhaus.abuse.ch/url/3555388/; classtype:trojan-activity;sid:84418488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555371)"; flow:established,from_client; content:"GET"; http_method; content:"/tcp1000gbps.sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"192.250.228.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_29; reference:url, urlhaus.abuse.ch/url/3555371/; classtype:trojan-activity;sid:84418471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555192)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/raw/refs/heads/master/ransomware/wannacry.exe"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_05_29; reference:url, urlhaus.abuse.ch/url/3555192/; classtype:trojan-activity;sid:84418292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555005)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.55.90.62"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_05_29; reference:url, urlhaus.abuse.ch/url/3555005/; classtype:trojan-activity;sid:84418105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3554430)"; flow:established,from_client; content:"GET"; http_method; content:"/rate.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"celebratingseniors.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_05_28; reference:url, urlhaus.abuse.ch/url/3554430/; classtype:trojan-activity;sid:84417530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553944)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.64.2.200"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_05_27; reference:url, urlhaus.abuse.ch/url/3553944/; classtype:trojan-activity;sid:84417044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553933)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.135.230.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_27; reference:url, urlhaus.abuse.ch/url/3553933/; classtype:trojan-activity;sid:84417033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553733)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"47.239.251.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_27; reference:url, urlhaus.abuse.ch/url/3553733/; classtype:trojan-activity;sid:84416833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553731)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"47.239.251.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_27; reference:url, urlhaus.abuse.ch/url/3553731/; classtype:trojan-activity;sid:84416831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553730)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.239.251.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_27; reference:url, urlhaus.abuse.ch/url/3553730/; classtype:trojan-activity;sid:84416830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553729)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.239.251.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_27; reference:url, urlhaus.abuse.ch/url/3553729/; classtype:trojan-activity;sid:84416829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553723)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.239.251.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_27; reference:url, urlhaus.abuse.ch/url/3553723/; classtype:trojan-activity;sid:84416823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553636)"; flow:established,from_client; content:"GET"; http_method; content:"/bufs.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"maidforyou1985.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_05_27; reference:url, urlhaus.abuse.ch/url/3553636/; classtype:trojan-activity;sid:84416736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553631)"; flow:established,from_client; content:"GET"; http_method; content:"/zsps.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"jakestrack.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_27; reference:url, urlhaus.abuse.ch/url/3553631/; classtype:trojan-activity;sid:84416731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553633)"; flow:established,from_client; content:"GET"; http_method; content:"/osxs.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"windomstatetheater.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_05_27; reference:url, urlhaus.abuse.ch/url/3553633/; classtype:trojan-activity;sid:84416733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553634)"; flow:established,from_client; content:"GET"; http_method; content:"/fste.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"jakestrack.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_27; reference:url, urlhaus.abuse.ch/url/3553634/; classtype:trojan-activity;sid:84416734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553619)"; flow:established,from_client; content:"GET"; http_method; content:"/fsps.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"jakestrack.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_27; reference:url, urlhaus.abuse.ch/url/3553619/; classtype:trojan-activity;sid:84416719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553609)"; flow:established,from_client; content:"GET"; http_method; content:"/rars.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"windomstatetheater.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_05_27; reference:url, urlhaus.abuse.ch/url/3553609/; classtype:trojan-activity;sid:84416709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553385)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"8.210.122.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_27; reference:url, urlhaus.abuse.ch/url/3553385/; classtype:trojan-activity;sid:84416485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553268)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.92.228.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_27; reference:url, urlhaus.abuse.ch/url/3553268/; classtype:trojan-activity;sid:84416368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553170)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.55.125.165"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_26; reference:url, urlhaus.abuse.ch/url/3553170/; classtype:trojan-activity;sid:84416270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553167)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"70.79.175.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_26; reference:url, urlhaus.abuse.ch/url/3553167/; classtype:trojan-activity;sid:84416267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553112)"; flow:established,from_client; content:"GET"; http_method; content:"/t"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.251.115.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_26; reference:url, urlhaus.abuse.ch/url/3553112/; classtype:trojan-activity;sid:84416212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553026)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.131.45.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_26; reference:url, urlhaus.abuse.ch/url/3553026/; classtype:trojan-activity;sid:84416126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552816)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.226.201.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_26; reference:url, urlhaus.abuse.ch/url/3552816/; classtype:trojan-activity;sid:84415916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552756)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.81.156.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_26; reference:url, urlhaus.abuse.ch/url/3552756/; classtype:trojan-activity;sid:84415856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552757)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.81.156.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_26; reference:url, urlhaus.abuse.ch/url/3552757/; classtype:trojan-activity;sid:84415857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552725)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.76.252.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_26; reference:url, urlhaus.abuse.ch/url/3552725/; classtype:trojan-activity;sid:84415825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552617)"; flow:established,from_client; content:"GET"; http_method; content:"/bre"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"109.74.204.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_26; reference:url, urlhaus.abuse.ch/url/3552617/; classtype:trojan-activity;sid:84415717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552613)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"70.79.175.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_26; reference:url, urlhaus.abuse.ch/url/3552613/; classtype:trojan-activity;sid:84415713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552086)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.86.176.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_25; reference:url, urlhaus.abuse.ch/url/3552086/; classtype:trojan-activity;sid:84415186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552048)"; flow:established,from_client; content:"GET"; http_method; content:"/bosontn/m.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"nvtai.id.vn"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_05_24; reference:url, urlhaus.abuse.ch/url/3552048/; classtype:trojan-activity;sid:84415148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552045)"; flow:established,from_client; content:"GET"; http_method; content:"/anonimusman00-2/xmr/refs/heads/main/silent%20miner.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_05_24; reference:url, urlhaus.abuse.ch/url/3552045/; classtype:trojan-activity;sid:84415145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552042)"; flow:established,from_client; content:"GET"; http_method; content:"/waf/dracula-cmd/master/dist/colortool.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_05_24; reference:url, urlhaus.abuse.ch/url/3552042/; classtype:trojan-activity;sid:84415142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552043)"; flow:established,from_client; content:"GET"; http_method; content:"/iamsysadmin/setteamsbg/main/set-teams-backgrounds.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_05_24; reference:url, urlhaus.abuse.ch/url/3552043/; classtype:trojan-activity;sid:84415143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552009)"; flow:established,from_client; content:"GET"; http_method; content:"/anonimusman00-2/xmr/raw/refs/heads/main/silent%20miner.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_05_24; reference:url, urlhaus.abuse.ch/url/3552009/; classtype:trojan-activity;sid:84415109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552005)"; flow:established,from_client; content:"GET"; http_method; content:"/alanparadis/stalker2simplemodmerger/releases/download/vortex-v1.4.9/stalker2simplemodmergerforvortex.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_05_24; reference:url, urlhaus.abuse.ch/url/3552005/; classtype:trojan-activity;sid:84415105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3551953)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.92.232.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_24; reference:url, urlhaus.abuse.ch/url/3551953/; classtype:trojan-activity;sid:84415053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3551493)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.242.66.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_24; reference:url, urlhaus.abuse.ch/url/3551493/; classtype:trojan-activity;sid:84414593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3551375)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.115.101.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_24; reference:url, urlhaus.abuse.ch/url/3551375/; classtype:trojan-activity;sid:84414475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3551361)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.15.250.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_24; reference:url, urlhaus.abuse.ch/url/3551361/; classtype:trojan-activity;sid:84414461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3551316)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14-0-204-188.static.pccw-hkt.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_05_24; reference:url, urlhaus.abuse.ch/url/3551316/; classtype:trojan-activity;sid:84414416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3551305)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.202.208.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_24; reference:url, urlhaus.abuse.ch/url/3551305/; classtype:trojan-activity;sid:84414405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3550926)"; flow:established,from_client; content:"GET"; http_method; content:"/user_profiles_photo/update.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"94.154.35.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_23; reference:url, urlhaus.abuse.ch/url/3550926/; classtype:trojan-activity;sid:84414026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3550735)"; flow:established,from_client; content:"GET"; http_method; content:"/macmid_sonoma_14_5.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"107.198.40.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_23; reference:url, urlhaus.abuse.ch/url/3550735/; classtype:trojan-activity;sid:84413835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3550710)"; flow:established,from_client; content:"GET"; http_method; content:"/aecheck2.txt"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"khavar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_05_23; reference:url, urlhaus.abuse.ch/url/3550710/; classtype:trojan-activity;sid:84413810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3550381)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.59.90.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_23; reference:url, urlhaus.abuse.ch/url/3550381/; classtype:trojan-activity;sid:84413481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3550388)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.238.151"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_23; reference:url, urlhaus.abuse.ch/url/3550388/; classtype:trojan-activity;sid:84413488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3550358)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.119.34.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_23; reference:url, urlhaus.abuse.ch/url/3550358/; classtype:trojan-activity;sid:84413458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3550356)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.86.190.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_23; reference:url, urlhaus.abuse.ch/url/3550356/; classtype:trojan-activity;sid:84413456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3550290)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"84.15.250.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_23; reference:url, urlhaus.abuse.ch/url/3550290/; classtype:trojan-activity;sid:84413390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3550044)"; flow:established,from_client; content:"GET"; http_method; content:"/mig"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"80.94.92.143"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_22; reference:url, urlhaus.abuse.ch/url/3550044/; classtype:trojan-activity;sid:84413144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3550019)"; flow:established,from_client; content:"GET"; http_method; content:"/2023"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"143.92.48.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_05_22; reference:url, urlhaus.abuse.ch/url/3550019/; classtype:trojan-activity;sid:84413119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3550006)"; flow:established,from_client; content:"GET"; http_method; content:"/3r%bc%bc%ca%f5.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"8.138.182.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_22; reference:url, urlhaus.abuse.ch/url/3550006/; classtype:trojan-activity;sid:84413106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3549998)"; flow:established,from_client; content:"GET"; http_method; content:"/server.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"106.14.68.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_22; reference:url, urlhaus.abuse.ch/url/3549998/; classtype:trojan-activity;sid:84413098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3549996)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"106.14.68.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_22; reference:url, urlhaus.abuse.ch/url/3549996/; classtype:trojan-activity;sid:84413096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3549664)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.72.206.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_22; reference:url, urlhaus.abuse.ch/url/3549664/; classtype:trojan-activity;sid:84412764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3549645)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.87.82.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_22; reference:url, urlhaus.abuse.ch/url/3549645/; classtype:trojan-activity;sid:84412745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3549627)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.83.155"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_05_22; reference:url, urlhaus.abuse.ch/url/3549627/; classtype:trojan-activity;sid:84412727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3548988)"; flow:established,from_client; content:"GET"; http_method; content:"/fsps.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"jakestrack.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_21; reference:url, urlhaus.abuse.ch/url/3548988/; classtype:trojan-activity;sid:84412088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3548684)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.23.70.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_21; reference:url, urlhaus.abuse.ch/url/3548684/; classtype:trojan-activity;sid:84411784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3548647)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.8.22.161"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_05_21; reference:url, urlhaus.abuse.ch/url/3548647/; classtype:trojan-activity;sid:84411747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3548058)"; flow:established,from_client; content:"GET"; http_method; content:"/admin-pc/stikpille.psp"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"artacom.com.br"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_20; reference:url, urlhaus.abuse.ch/url/3548058/; classtype:trojan-activity;sid:84411158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3548057)"; flow:established,from_client; content:"GET"; http_method; content:"/admin-pc/qsllcxnogwi52.bin"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"artacom.com.br"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_20; reference:url, urlhaus.abuse.ch/url/3548057/; classtype:trojan-activity;sid:84411157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3548023)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.226.201.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_20; reference:url, urlhaus.abuse.ch/url/3548023/; classtype:trojan-activity;sid:84411123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3548015)"; flow:established,from_client; content:"GET"; http_method; content:"/acheck3.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"khavar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_05_20; reference:url, urlhaus.abuse.ch/url/3548015/; classtype:trojan-activity;sid:84411115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3548001)"; flow:established,from_client; content:"GET"; http_method; content:"/atata.txt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"khavar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_05_20; reference:url, urlhaus.abuse.ch/url/3548001/; classtype:trojan-activity;sid:84411101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3547880)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ed2w0zvvx53_mfifdszyslleurub40zo"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_05_20; reference:url, urlhaus.abuse.ch/url/3547880/; classtype:trojan-activity;sid:84410980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3547782)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.98.176.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_20; reference:url, urlhaus.abuse.ch/url/3547782/; classtype:trojan-activity;sid:84410882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3547420)"; flow:established,from_client; content:"GET"; http_method; content:"/dropper.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"91.212.166.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_19; reference:url, urlhaus.abuse.ch/url/3547420/; classtype:trojan-activity;sid:84410520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3546977)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.91.77.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_19; reference:url, urlhaus.abuse.ch/url/3546977/; classtype:trojan-activity;sid:84410077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3546975)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.119.108.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_19; reference:url, urlhaus.abuse.ch/url/3546975/; classtype:trojan-activity;sid:84410075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3546969)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"84.236.147.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_19; reference:url, urlhaus.abuse.ch/url/3546969/; classtype:trojan-activity;sid:84410069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3545468)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.247.124.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_17; reference:url, urlhaus.abuse.ch/url/3545468/; classtype:trojan-activity;sid:84408568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3545469)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.28.95.35"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_05_17; reference:url, urlhaus.abuse.ch/url/3545469/; classtype:trojan-activity;sid:84408569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3545463)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.66.59.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_17; reference:url, urlhaus.abuse.ch/url/3545463/; classtype:trojan-activity;sid:84408563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3545216)"; flow:established,from_client; content:"GET"; http_method; content:"/b33b49c5-5e3d-4a33-b66b-c719b917fa62/zip.log"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"cdn.glitch.global"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_05_16; reference:url, urlhaus.abuse.ch/url/3545216/; classtype:trojan-activity;sid:84408316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3545217)"; flow:established,from_client; content:"GET"; http_method; content:"/b33b49c5-5e3d-4a33-b66b-c719b917fa62/tax.pdf"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"cdn.glitch.global"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_05_16; reference:url, urlhaus.abuse.ch/url/3545217/; classtype:trojan-activity;sid:84408317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3545213)"; flow:established,from_client; content:"GET"; http_method; content:"/b33b49c5-5e3d-4a33-b66b-c719b917fa62/txjyh.hta"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"cdn.glitch.global"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_05_16; reference:url, urlhaus.abuse.ch/url/3545213/; classtype:trojan-activity;sid:84408313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3544992)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/nk/wunbbnvf102.bin"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"planetariumobil.ro"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_05_16; reference:url, urlhaus.abuse.ch/url/3544992/; classtype:trojan-activity;sid:84408092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3544916)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/bule.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"daviddarle.fr"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_16; reference:url, urlhaus.abuse.ch/url/3544916/; classtype:trojan-activity;sid:84408016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3544437)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.102.164.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_16; reference:url, urlhaus.abuse.ch/url/3544437/; classtype:trojan-activity;sid:84407537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3544014)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"screen.connectprotocol.es"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_05_15; reference:url, urlhaus.abuse.ch/url/3544014/; classtype:trojan-activity;sid:84407114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3543803)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.239.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_05_15; reference:url, urlhaus.abuse.ch/url/3543803/; classtype:trojan-activity;sid:84406903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3543805)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.239.98"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_05_15; reference:url, urlhaus.abuse.ch/url/3543805/; classtype:trojan-activity;sid:84406905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3543801)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.83.40"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_05_15; reference:url, urlhaus.abuse.ch/url/3543801/; classtype:trojan-activity;sid:84406901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3543392)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.50.222.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_14; reference:url, urlhaus.abuse.ch/url/3543392/; classtype:trojan-activity;sid:84406492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3542820)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/leks.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"daviddarle.fr"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_13; reference:url, urlhaus.abuse.ch/url/3542820/; classtype:trojan-activity;sid:84405920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3542563)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1wvxiyf_ryvgg_x3x7uceicqrndhb7lul"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_05_13; reference:url, urlhaus.abuse.ch/url/3542563/; classtype:trojan-activity;sid:84405663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541826)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/giphy.gif"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"onfiltre.com.tr"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_12; reference:url, urlhaus.abuse.ch/url/3541826/; classtype:trojan-activity;sid:84404926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541594)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.235.164.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541594/; classtype:trojan-activity;sid:84404694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541487)"; flow:established,from_client; content:"GET"; http_method; content:"/download/uninstall.sh"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"update.aegis.aliyun.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541487/; classtype:trojan-activity;sid:84404587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541486)"; flow:established,from_client; content:"GET"; http_method; content:"/download/quartz_uninstall.sh"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"update.aegis.aliyun.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541486/; classtype:trojan-activity;sid:84404586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541432)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.63.149.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541432/; classtype:trojan-activity;sid:84404532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3540931)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig/xmrig/releases/download/v6.12.2/xmrig-6.12.2-linux-static-x64.tar.gz"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3540931/; classtype:trojan-activity;sid:84404031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3540517)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.45.77.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_05_10; reference:url, urlhaus.abuse.ch/url/3540517/; classtype:trojan-activity;sid:84403617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3540188)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.52.241.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_10; reference:url, urlhaus.abuse.ch/url/3540188/; classtype:trojan-activity;sid:84403288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3540164)"; flow:established,from_client; content:"GET"; http_method; content:"/tidesec/tscanplus/releases/download/v2.8.0/tscanclient_linux_amd64_v2.8.0.tar.gz"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_05_10; reference:url, urlhaus.abuse.ch/url/3540164/; classtype:trojan-activity;sid:84403264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3540085)"; flow:established,from_client; content:"GET"; http_method; content:"/.x/pax.txt"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"13.71.2.244"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_05_10; reference:url, urlhaus.abuse.ch/url/3540085/; classtype:trojan-activity;sid:84403185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539735)"; flow:established,from_client; content:"GET"; http_method; content:"/xostes.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.surethinks.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539735/; classtype:trojan-activity;sid:84402835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539686)"; flow:established,from_client; content:"GET"; http_method; content:"/js_bo/werkstastt/shotstar.prm"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"www.silver-hubdachwohnwagen.de"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539686/; classtype:trojan-activity;sid:84402786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539653)"; flow:established,from_client; content:"GET"; http_method; content:"/config.json"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539653/; classtype:trojan-activity;sid:84402753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539651)"; flow:established,from_client; content:"GET"; http_method; content:"/wbw.xml"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539651/; classtype:trojan-activity;sid:84402751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539652)"; flow:established,from_client; content:"GET"; http_method; content:"/application.jar"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539652/; classtype:trojan-activity;sid:84402752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539650)"; flow:established,from_client; content:"GET"; http_method; content:"/h2.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539650/; classtype:trojan-activity;sid:84402750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539649)"; flow:established,from_client; content:"GET"; http_method; content:"/1.ps1"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539649/; classtype:trojan-activity;sid:84402749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539646)"; flow:established,from_client; content:"GET"; http_method; content:"/d.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539646/; classtype:trojan-activity;sid:84402746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539645)"; flow:established,from_client; content:"GET"; http_method; content:"/cpr.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539645/; classtype:trojan-activity;sid:84402745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539644)"; flow:established,from_client; content:"GET"; http_method; content:"/ce.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539644/; classtype:trojan-activity;sid:84402744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539643)"; flow:established,from_client; content:"GET"; http_method; content:"/xx.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539643/; classtype:trojan-activity;sid:84402743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539640)"; flow:established,from_client; content:"GET"; http_method; content:"/lf.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539640/; classtype:trojan-activity;sid:84402740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539641)"; flow:established,from_client; content:"GET"; http_method; content:"/ws.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539641/; classtype:trojan-activity;sid:84402741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539642)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539642/; classtype:trojan-activity;sid:84402742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539639)"; flow:established,from_client; content:"GET"; http_method; content:"/sm.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539639/; classtype:trojan-activity;sid:84402739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539635)"; flow:established,from_client; content:"GET"; http_method; content:"/f.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539635/; classtype:trojan-activity;sid:84402735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539636)"; flow:established,from_client; content:"GET"; http_method; content:"/se.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539636/; classtype:trojan-activity;sid:84402736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539638)"; flow:established,from_client; content:"GET"; http_method; content:"/tf.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539638/; classtype:trojan-activity;sid:84402738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539626)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539626/; classtype:trojan-activity;sid:84402726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539627)"; flow:established,from_client; content:"GET"; http_method; content:"/k.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539627/; classtype:trojan-activity;sid:84402727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539628)"; flow:established,from_client; content:"GET"; http_method; content:"/ph.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539628/; classtype:trojan-activity;sid:84402728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539630)"; flow:established,from_client; content:"GET"; http_method; content:"/kn.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539630/; classtype:trojan-activity;sid:84402730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539631)"; flow:established,from_client; content:"GET"; http_method; content:"/cp.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539631/; classtype:trojan-activity;sid:84402731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539632)"; flow:established,from_client; content:"GET"; http_method; content:"/vm.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539632/; classtype:trojan-activity;sid:84402732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539633)"; flow:established,from_client; content:"GET"; http_method; content:"/vml.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539633/; classtype:trojan-activity;sid:84402733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539634)"; flow:established,from_client; content:"GET"; http_method; content:"/pg.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539634/; classtype:trojan-activity;sid:84402734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539620)"; flow:established,from_client; content:"GET"; http_method; content:"/vb.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539620/; classtype:trojan-activity;sid:84402720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539621)"; flow:established,from_client; content:"GET"; http_method; content:"/hb.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539621/; classtype:trojan-activity;sid:84402721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539622)"; flow:established,from_client; content:"GET"; http_method; content:"/scg.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539622/; classtype:trojan-activity;sid:84402722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539623)"; flow:established,from_client; content:"GET"; http_method; content:"/ge.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539623/; classtype:trojan-activity;sid:84402723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539624)"; flow:established,from_client; content:"GET"; http_method; content:"/pg2.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539624/; classtype:trojan-activity;sid:84402724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539616)"; flow:established,from_client; content:"GET"; http_method; content:"/ae.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539616/; classtype:trojan-activity;sid:84402716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539617)"; flow:established,from_client; content:"GET"; http_method; content:"/unk.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539617/; classtype:trojan-activity;sid:84402717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539618)"; flow:established,from_client; content:"GET"; http_method; content:"/ap.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539618/; classtype:trojan-activity;sid:84402718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539619)"; flow:established,from_client; content:"GET"; http_method; content:"/cf.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539619/; classtype:trojan-activity;sid:84402719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539615)"; flow:established,from_client; content:"GET"; http_method; content:"/ci.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539615/; classtype:trojan-activity;sid:84402715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539614)"; flow:established,from_client; content:"GET"; http_method; content:"/wpf.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539614/; classtype:trojan-activity;sid:84402714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539605)"; flow:established,from_client; content:"GET"; http_method; content:"/sc.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539605/; classtype:trojan-activity;sid:84402705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539606)"; flow:established,from_client; content:"GET"; http_method; content:"/tr.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539606/; classtype:trojan-activity;sid:84402706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539607)"; flow:established,from_client; content:"GET"; http_method; content:"/al.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539607/; classtype:trojan-activity;sid:84402707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539608)"; flow:established,from_client; content:"GET"; http_method; content:"/an.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539608/; classtype:trojan-activity;sid:84402708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539609)"; flow:established,from_client; content:"GET"; http_method; content:"/s.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539609/; classtype:trojan-activity;sid:84402709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539610)"; flow:established,from_client; content:"GET"; http_method; content:"/j.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539610/; classtype:trojan-activity;sid:84402710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539611)"; flow:established,from_client; content:"GET"; http_method; content:"/mo.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539611/; classtype:trojan-activity;sid:84402711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539612)"; flow:established,from_client; content:"GET"; http_method; content:"/mi.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539612/; classtype:trojan-activity;sid:84402712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539613)"; flow:established,from_client; content:"GET"; http_method; content:"/bg.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539613/; classtype:trojan-activity;sid:84402713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539589)"; flow:established,from_client; content:"GET"; http_method; content:"/gi.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539589/; classtype:trojan-activity;sid:84402689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539590)"; flow:established,from_client; content:"GET"; http_method; content:"/ku.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539590/; classtype:trojan-activity;sid:84402690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539591)"; flow:established,from_client; content:"GET"; http_method; content:"/h.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539591/; classtype:trojan-activity;sid:84402691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539592)"; flow:established,from_client; content:"GET"; http_method; content:"/n.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539592/; classtype:trojan-activity;sid:84402692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539593)"; flow:established,from_client; content:"GET"; http_method; content:"/lr.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539593/; classtype:trojan-activity;sid:84402693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539594)"; flow:established,from_client; content:"GET"; http_method; content:"/ki.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539594/; classtype:trojan-activity;sid:84402694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539595)"; flow:established,from_client; content:"GET"; http_method; content:"/sp.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539595/; classtype:trojan-activity;sid:84402695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539596)"; flow:established,from_client; content:"GET"; http_method; content:"/lh.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539596/; classtype:trojan-activity;sid:84402696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539597)"; flow:established,from_client; content:"GET"; http_method; content:"/acb.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539597/; classtype:trojan-activity;sid:84402697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539598)"; flow:established,from_client; content:"GET"; http_method; content:"/sa.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539598/; classtype:trojan-activity;sid:84402698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539599)"; flow:established,from_client; content:"GET"; http_method; content:"/ni.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539599/; classtype:trojan-activity;sid:84402699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539600)"; flow:established,from_client; content:"GET"; http_method; content:"/t.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539600/; classtype:trojan-activity;sid:84402700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539601)"; flow:established,from_client; content:"GET"; http_method; content:"/rm.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539601/; classtype:trojan-activity;sid:84402701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539602)"; flow:established,from_client; content:"GET"; http_method; content:"/gl.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539602/; classtype:trojan-activity;sid:84402702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539603)"; flow:established,from_client; content:"GET"; http_method; content:"/tm.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539603/; classtype:trojan-activity;sid:84402703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539604)"; flow:established,from_client; content:"GET"; http_method; content:"/do.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539604/; classtype:trojan-activity;sid:84402704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539577)"; flow:established,from_client; content:"GET"; http_method; content:"/cb.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539577/; classtype:trojan-activity;sid:84402677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539578)"; flow:established,from_client; content:"GET"; http_method; content:"/wb.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539578/; classtype:trojan-activity;sid:84402678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539579)"; flow:established,from_client; content:"GET"; http_method; content:"/tc.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539579/; classtype:trojan-activity;sid:84402679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539580)"; flow:established,from_client; content:"GET"; http_method; content:"/mt.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539580/; classtype:trojan-activity;sid:84402680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539581)"; flow:established,from_client; content:"GET"; http_method; content:"/sup.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539581/; classtype:trojan-activity;sid:84402681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539583)"; flow:established,from_client; content:"GET"; http_method; content:"/md.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539583/; classtype:trojan-activity;sid:84402683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539584)"; flow:established,from_client; content:"GET"; http_method; content:"/py.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539584/; classtype:trojan-activity;sid:84402684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539585)"; flow:established,from_client; content:"GET"; http_method; content:"/spr.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539585/; classtype:trojan-activity;sid:84402685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539586)"; flow:established,from_client; content:"GET"; http_method; content:"/st.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539586/; classtype:trojan-activity;sid:84402686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539587)"; flow:established,from_client; content:"GET"; http_method; content:"/a.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539587/; classtype:trojan-activity;sid:84402687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539588)"; flow:established,from_client; content:"GET"; http_method; content:"/pa.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539588/; classtype:trojan-activity;sid:84402688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539576)"; flow:established,from_client; content:"GET"; http_method; content:"/m.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539576/; classtype:trojan-activity;sid:84402676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539575)"; flow:established,from_client; content:"GET"; http_method; content:"/rv.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539575/; classtype:trojan-activity;sid:84402675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539574)"; flow:established,from_client; content:"GET"; http_method; content:"/curl-amd64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539574/; classtype:trojan-activity;sid:84402674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539571)"; flow:established,from_client; content:"GET"; http_method; content:"/kinsing2"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539571/; classtype:trojan-activity;sid:84402671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539572)"; flow:established,from_client; content:"GET"; http_method; content:"/curl-aarch64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539572/; classtype:trojan-activity;sid:84402672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539573)"; flow:established,from_client; content:"GET"; http_method; content:"/kinsing_aarch64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539573/; classtype:trojan-activity;sid:84402673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539569)"; flow:established,from_client; content:"GET"; http_method; content:"/for"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539569/; classtype:trojan-activity;sid:84402669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539570)"; flow:established,from_client; content:"GET"; http_method; content:"/libsystem.so"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539570/; classtype:trojan-activity;sid:84402670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539568)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539568/; classtype:trojan-activity;sid:84402668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539471)"; flow:established,from_client; content:"GET"; http_method; content:"/kinsing"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539471/; classtype:trojan-activity;sid:84402571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539455)"; flow:established,from_client; content:"GET"; http_method; content:"/ex.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539455/; classtype:trojan-activity;sid:84402555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539354)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"8.218.225.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539354/; classtype:trojan-activity;sid:84402454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539035)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.160.75.182"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3539035/; classtype:trojan-activity;sid:84402135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539028)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.22.42.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3539028/; classtype:trojan-activity;sid:84402128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538764)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.202.211.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538764/; classtype:trojan-activity;sid:84401864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538763)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.202.208.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538763/; classtype:trojan-activity;sid:84401863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538762)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.202.209.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538762/; classtype:trojan-activity;sid:84401862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538761)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.94.181.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538761/; classtype:trojan-activity;sid:84401861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538754)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.202.209.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538754/; classtype:trojan-activity;sid:84401854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538755)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.202.209.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538755/; classtype:trojan-activity;sid:84401855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538747)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.94.181.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538747/; classtype:trojan-activity;sid:84401847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538741)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.94.181.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538741/; classtype:trojan-activity;sid:84401841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538744)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.94.181.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538744/; classtype:trojan-activity;sid:84401844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538737)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"74.72.72.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538737/; classtype:trojan-activity;sid:84401837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538671)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.202.210.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538671/; classtype:trojan-activity;sid:84401771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538670)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.202.208.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538670/; classtype:trojan-activity;sid:84401770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538213)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.67.170.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538213/; classtype:trojan-activity;sid:84401313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538190)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.118.147.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538190/; classtype:trojan-activity;sid:84401290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538179)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.22.42.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538179/; classtype:trojan-activity;sid:84401279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3537744)"; flow:established,from_client; content:"GET"; http_method; content:"/dfffrf/dfdf/downloads/notificaci%c3%b3n_demanda_virtual_juzgado_09_de_circuito_de_bogot%c3%a1.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_07; reference:url, urlhaus.abuse.ch/url/3537744/; classtype:trojan-activity;sid:84400844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3537710)"; flow:established,from_client; content:"GET"; http_method; content:"/wp/wex.gif"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"stonecradle.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_07; reference:url, urlhaus.abuse.ch/url/3537710/; classtype:trojan-activity;sid:84400810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3537561)"; flow:established,from_client; content:"GET"; http_method; content:"/sansebas/sdsd/downloads/01citaci%c3%b3n_personal_demanda_virtual_juzgado_penal_de_circuito_de.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_07; reference:url, urlhaus.abuse.ch/url/3537561/; classtype:trojan-activity;sid:84400661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3537001)"; flow:established,from_client; content:"GET"; http_method; content:"/386"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"42.200.207.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_06; reference:url, urlhaus.abuse.ch/url/3537001/; classtype:trojan-activity;sid:84400101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3536838)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"42.200.207.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_06; reference:url, urlhaus.abuse.ch/url/3536838/; classtype:trojan-activity;sid:84399938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3536070)"; flow:established,from_client; content:"GET"; http_method; content:"/dl202"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_06; reference:url, urlhaus.abuse.ch/url/3536070/; classtype:trojan-activity;sid:84399170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3536047)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.10.63.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_06; reference:url, urlhaus.abuse.ch/url/3536047/; classtype:trojan-activity;sid:84399147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3535453)"; flow:established,from_client; content:"GET"; http_method; content:"/4492/e569abd317d7e5f7a39d4af364fe6376/sorandaru2015.pdf"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"2024.sci-hub.se"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_05; reference:url, urlhaus.abuse.ch/url/3535453/; classtype:trojan-activity;sid:84398553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3535256)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"62.60.226.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_05; reference:url, urlhaus.abuse.ch/url/3535256/; classtype:trojan-activity;sid:84398356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3534891)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.107.81.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_04; reference:url, urlhaus.abuse.ch/url/3534891/; classtype:trojan-activity;sid:84397991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3534886)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.153.93.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_04; reference:url, urlhaus.abuse.ch/url/3534886/; classtype:trojan-activity;sid:84397986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3534191)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.249.142.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_04; reference:url, urlhaus.abuse.ch/url/3534191/; classtype:trojan-activity;sid:84397291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3534104)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"210.96.44.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_03; reference:url, urlhaus.abuse.ch/url/3534104/; classtype:trojan-activity;sid:84397204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3533775)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.156.8.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_03; reference:url, urlhaus.abuse.ch/url/3533775/; classtype:trojan-activity;sid:84396875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3533769)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.188.92.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_03; reference:url, urlhaus.abuse.ch/url/3533769/; classtype:trojan-activity;sid:84396869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3533753)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.76.252.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_03; reference:url, urlhaus.abuse.ch/url/3533753/; classtype:trojan-activity;sid:84396853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3533582)"; flow:established,from_client; content:"GET"; http_method; content:"/kokotpycauholica/ultraundetecteddrv/refs/heads/main/hbvtmbp46iieehp1.exe"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_05_03; reference:url, urlhaus.abuse.ch/url/3533582/; classtype:trojan-activity;sid:84396682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3532985)"; flow:established,from_client; content:"GET"; http_method; content:"/dl201"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_02; reference:url, urlhaus.abuse.ch/url/3532985/; classtype:trojan-activity;sid:84396085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3532847)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"114.129.49.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_02; reference:url, urlhaus.abuse.ch/url/3532847/; classtype:trojan-activity;sid:84395947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3532848)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"114.129.49.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_02; reference:url, urlhaus.abuse.ch/url/3532848/; classtype:trojan-activity;sid:84395948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3532849)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"114.129.49.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_02; reference:url, urlhaus.abuse.ch/url/3532849/; classtype:trojan-activity;sid:84395949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3532833)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.76.101.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_02; reference:url, urlhaus.abuse.ch/url/3532833/; classtype:trojan-activity;sid:84395933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3532827)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.8.22.161"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_05_02; reference:url, urlhaus.abuse.ch/url/3532827/; classtype:trojan-activity;sid:84395927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3532726)"; flow:established,from_client; content:"GET"; http_method; content:"/2294/7a43bb4cf6c57229b02a9604a1f4614e/skidmore1966.pdf"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"2024.sci-hub.se"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_02; reference:url, urlhaus.abuse.ch/url/3532726/; classtype:trojan-activity;sid:84395826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3532282)"; flow:established,from_client; content:"GET"; http_method; content:"/dl200"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_02; reference:url, urlhaus.abuse.ch/url/3532282/; classtype:trojan-activity;sid:84395382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3531990)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.21.252.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_01; reference:url, urlhaus.abuse.ch/url/3531990/; classtype:trojan-activity;sid:84395090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3531992)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.81.58.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_01; reference:url, urlhaus.abuse.ch/url/3531992/; classtype:trojan-activity;sid:84395092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3531994)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.203.88.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_01; reference:url, urlhaus.abuse.ch/url/3531994/; classtype:trojan-activity;sid:84395094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3531972)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"157.255.22.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_01; reference:url, urlhaus.abuse.ch/url/3531972/; classtype:trojan-activity;sid:84395072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3531974)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"101.58.146.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_01; reference:url, urlhaus.abuse.ch/url/3531974/; classtype:trojan-activity;sid:84395074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3531975)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"71.15.96.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_01; reference:url, urlhaus.abuse.ch/url/3531975/; classtype:trojan-activity;sid:84395075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3531643)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.188.92.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_01; reference:url, urlhaus.abuse.ch/url/3531643/; classtype:trojan-activity;sid:84394743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3531576)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"8.210.178.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_01; reference:url, urlhaus.abuse.ch/url/3531576/; classtype:trojan-activity;sid:84394676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3531323)"; flow:established,from_client; content:"GET"; http_method; content:"/zc3.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"1.234.66.181"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_30; reference:url, urlhaus.abuse.ch/url/3531323/; classtype:trojan-activity;sid:84394423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3531322)"; flow:established,from_client; content:"GET"; http_method; content:"/zal.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"1.234.66.181"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_30; reference:url, urlhaus.abuse.ch/url/3531322/; classtype:trojan-activity;sid:84394422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3531095)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.12.100.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_30; reference:url, urlhaus.abuse.ch/url/3531095/; classtype:trojan-activity;sid:84394195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3530887)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.40.178.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_30; reference:url, urlhaus.abuse.ch/url/3530887/; classtype:trojan-activity;sid:84393987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3530888)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.40.178.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_30; reference:url, urlhaus.abuse.ch/url/3530888/; classtype:trojan-activity;sid:84393988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3530891)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.127.68.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_30; reference:url, urlhaus.abuse.ch/url/3530891/; classtype:trojan-activity;sid:84393991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3530868)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.8.22.161"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_30; reference:url, urlhaus.abuse.ch/url/3530868/; classtype:trojan-activity;sid:84393968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3530870)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.8.22.161"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_30; reference:url, urlhaus.abuse.ch/url/3530870/; classtype:trojan-activity;sid:84393970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3530776)"; flow:established,from_client; content:"GET"; http_method; content:"/download/static/files/bootstrappernew.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"4393eb8c.solaraweb-alj.pages.dev"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_04_30; reference:url, urlhaus.abuse.ch/url/3530776/; classtype:trojan-activity;sid:84393876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3530262)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.153.97.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3530262/; classtype:trojan-activity;sid:84393362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3530250)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.70.214.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3530250/; classtype:trojan-activity;sid:84393350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3530248)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.31.8.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3530248/; classtype:trojan-activity;sid:84393348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3530244)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.124.228.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3530244/; classtype:trojan-activity;sid:84393344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3530189)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.91.184.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3530189/; classtype:trojan-activity;sid:84393289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3530184)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.39.251.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3530184/; classtype:trojan-activity;sid:84393284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3530168)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.8.22.161"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3530168/; classtype:trojan-activity;sid:84393268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3530163)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.154.79.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3530163/; classtype:trojan-activity;sid:84393263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3530015)"; flow:established,from_client; content:"GET"; http_method; content:"/pocz/new_image.jpg"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"glaustralia.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3530015/; classtype:trojan-activity;sid:84393115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3529934)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.12.100.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3529934/; classtype:trojan-activity;sid:84393034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3529933)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.156.8.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3529933/; classtype:trojan-activity;sid:84393033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3529927)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"125.128.239.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3529927/; classtype:trojan-activity;sid:84393027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3529929)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.21.252.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3529929/; classtype:trojan-activity;sid:84393029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3529930)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.203.88.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3529930/; classtype:trojan-activity;sid:84393030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3529922)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.131.95.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3529922/; classtype:trojan-activity;sid:84393022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3529912)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.86.1.37"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3529912/; classtype:trojan-activity;sid:84393012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3529908)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"220.81.58.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3529908/; classtype:trojan-activity;sid:84393008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3529891)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"101.58.146.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3529891/; classtype:trojan-activity;sid:84392991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3529895)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.252.11.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3529895/; classtype:trojan-activity;sid:84392995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3529878)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"110.4.13.252"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3529878/; classtype:trojan-activity;sid:84392978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3529882)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"71.15.96.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3529882/; classtype:trojan-activity;sid:84392982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528280)"; flow:established,from_client; content:"GET"; http_method; content:"/mir1ce/hawkeye/releases/download/v0319/hawkeye.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_28; reference:url, urlhaus.abuse.ch/url/3528280/; classtype:trojan-activity;sid:84391380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528279)"; flow:established,from_client; content:"GET"; http_method; content:"/yarahq/yara-forge/releases/latest/download/yara-forge-rules-core.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_28; reference:url, urlhaus.abuse.ch/url/3528279/; classtype:trojan-activity;sid:84391379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528277)"; flow:established,from_client; content:"GET"; http_method; content:"/meckazin/chromekatz/releases/download/0.6.1/chromekatzbofs.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_28; reference:url, urlhaus.abuse.ch/url/3528277/; classtype:trojan-activity;sid:84391377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528179)"; flow:established,from_client; content:"GET"; http_method; content:"/peizhi/yh02/csr.bin"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"218.93.208.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528179/; classtype:trojan-activity;sid:84391279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528171)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/19831362/alpha.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528171/; classtype:trojan-activity;sid:84391271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528170)"; flow:established,from_client; content:"GET"; http_method; content:"/decalage2/oletools/releases/download/v0.60.2/oletools-0.60.2.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528170/; classtype:trojan-activity;sid:84391270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528165)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/19831288/crack.nurik.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528165/; classtype:trojan-activity;sid:84391265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528167)"; flow:established,from_client; content:"GET"; http_method; content:"/firmware/ts2_0001.bin"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"172.170.254.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528167/; classtype:trojan-activity;sid:84391267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528162)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/19831450/solara.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528162/; classtype:trojan-activity;sid:84391262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528154)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/19835739/solarus.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528154/; classtype:trojan-activity;sid:84391254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528156)"; flow:established,from_client; content:"GET"; http_method; content:"/wj/vcruntime140.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"8.134.199.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528156/; classtype:trojan-activity;sid:84391256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528128)"; flow:established,from_client; content:"GET"; http_method; content:"/zxc5wezxc/new/main/dllbase64reverse.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528128/; classtype:trojan-activity;sid:84391228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528127)"; flow:established,from_client; content:"GET"; http_method; content:"/androidmalware/android_hid/f25d0234cff288ab8384689685e37b1b4bbaf2ba/test.exe"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528127/; classtype:trojan-activity;sid:84391227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528108)"; flow:established,from_client; content:"GET"; http_method; content:"/monkeyadece/v-f/releases/download/1.4.2/vector-fixer-v1.4.2.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528108/; classtype:trojan-activity;sid:84391208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528105)"; flow:established,from_client; content:"GET"; http_method; content:"/ui.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"public.demo.securecloudsandbox.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528105/; classtype:trojan-activity;sid:84391205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528107)"; flow:established,from_client; content:"GET"; http_method; content:"/lbormann/darts-gif/releases/download/v1.1.0/darts-gif.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528107/; classtype:trojan-activity;sid:84391207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528100)"; flow:established,from_client; content:"GET"; http_method; content:"/lbormann/darts-pixelit/releases/download/v1.2.2/darts-pixelit.exe"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528100/; classtype:trojan-activity;sid:84391200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528101)"; flow:established,from_client; content:"GET"; http_method; content:"/lbormann/darts-wled/releases/download/v1.8.1/darts-wled.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528101/; classtype:trojan-activity;sid:84391201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528097)"; flow:established,from_client; content:"GET"; http_method; content:"/harelba/q/releases/download/2.0.19/q-amd64-windows.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528097/; classtype:trojan-activity;sid:84391197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528098)"; flow:established,from_client; content:"GET"; http_method; content:"/mikf/gallery-dl/releases/download/v1.15.0/gallery-dl.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528098/; classtype:trojan-activity;sid:84391198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3527875)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.36.124.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3527875/; classtype:trojan-activity;sid:84390975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3527870)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.95.183.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3527870/; classtype:trojan-activity;sid:84390970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3527866)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.187.151.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3527866/; classtype:trojan-activity;sid:84390966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3527841)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.240.130.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3527841/; classtype:trojan-activity;sid:84390941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3527856)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.36.11.185"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3527856/; classtype:trojan-activity;sid:84390956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3527814)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.57.30.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3527814/; classtype:trojan-activity;sid:84390914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3527254)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"102.31.165.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3527254/; classtype:trojan-activity;sid:84390354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3526930)"; flow:established,from_client; content:"GET"; http_method; content:"/verify-sec"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"msoftdatastore.z22.web.core.windows.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3526930/; classtype:trojan-activity;sid:84390030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3526868)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.228.12.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3526868/; classtype:trojan-activity;sid:84389968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3526869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.117.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3526869/; classtype:trojan-activity;sid:84389969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3526859)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.131.46.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3526859/; classtype:trojan-activity;sid:84389959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3526832)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.252.69.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3526832/; classtype:trojan-activity;sid:84389932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3526857)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.214.56.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3526857/; classtype:trojan-activity;sid:84389957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3526807)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.26.211.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3526807/; classtype:trojan-activity;sid:84389907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3526810)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.26.222.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3526810/; classtype:trojan-activity;sid:84389910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525788)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.83.124.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3525788/; classtype:trojan-activity;sid:84388888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525783)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"71.239.8.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3525783/; classtype:trojan-activity;sid:84388883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525776)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.39.251.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3525776/; classtype:trojan-activity;sid:84388876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525778)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.95.183.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3525778/; classtype:trojan-activity;sid:84388878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525748)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.76.211.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3525748/; classtype:trojan-activity;sid:84388848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525743)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"123.57.166.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3525743/; classtype:trojan-activity;sid:84388843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525738)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.86.176.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3525738/; classtype:trojan-activity;sid:84388838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525728)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"123.240.130.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3525728/; classtype:trojan-activity;sid:84388828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525714)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.83.158.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3525714/; classtype:trojan-activity;sid:84388814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525710)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"149.241.40.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3525710/; classtype:trojan-activity;sid:84388810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525709)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.87.136.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3525709/; classtype:trojan-activity;sid:84388809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525285)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.16.117.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_25; reference:url, urlhaus.abuse.ch/url/3525285/; classtype:trojan-activity;sid:84388385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525238)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.133.41.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_25; reference:url, urlhaus.abuse.ch/url/3525238/; classtype:trojan-activity;sid:84388338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525151)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.110.37.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_25; reference:url, urlhaus.abuse.ch/url/3525151/; classtype:trojan-activity;sid:84388251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525074)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.118.101.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_25; reference:url, urlhaus.abuse.ch/url/3525074/; classtype:trojan-activity;sid:84388174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525009)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"113.214.56.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_25; reference:url, urlhaus.abuse.ch/url/3525009/; classtype:trojan-activity;sid:84388109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525013)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.252.69.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_25; reference:url, urlhaus.abuse.ch/url/3525013/; classtype:trojan-activity;sid:84388113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525021)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.83.203.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_25; reference:url, urlhaus.abuse.ch/url/3525021/; classtype:trojan-activity;sid:84388121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3524811)"; flow:established,from_client; content:"GET"; http_method; content:"/vaxilu/x-ui/releases/latest/download/x-ui-linux-amd64.tar.gz"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_25; reference:url, urlhaus.abuse.ch/url/3524811/; classtype:trojan-activity;sid:84387911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3524808)"; flow:established,from_client; content:"GET"; http_method; content:"/teddysun/across/raw/master/bbr.sh"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_25; reference:url, urlhaus.abuse.ch/url/3524808/; classtype:trojan-activity;sid:84387908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3524506)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ccjlbddgjhpeeff1b1hfkgp3x16c_tj1"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_04_25; reference:url, urlhaus.abuse.ch/url/3524506/; classtype:trojan-activity;sid:84387606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3524454)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1bpc5z-hv6kosk6artkfmbtsnnwwpdghy"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_04_25; reference:url, urlhaus.abuse.ch/url/3524454/; classtype:trojan-activity;sid:84387554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3523718)"; flow:established,from_client; content:"GET"; http_method; content:"/10/del.bat"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"8.213.216.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_24; reference:url, urlhaus.abuse.ch/url/3523718/; classtype:trojan-activity;sid:84386818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3523710)"; flow:established,from_client; content:"GET"; http_method; content:"/10/wwlib.dll"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"8.213.216.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_24; reference:url, urlhaus.abuse.ch/url/3523710/; classtype:trojan-activity;sid:84386810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3523696)"; flow:established,from_client; content:"GET"; http_method; content:"/10/ok.bat"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"8.213.216.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_24; reference:url, urlhaus.abuse.ch/url/3523696/; classtype:trojan-activity;sid:84386796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3523704)"; flow:established,from_client; content:"GET"; http_method; content:"/10/king.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"8.213.216.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_24; reference:url, urlhaus.abuse.ch/url/3523704/; classtype:trojan-activity;sid:84386804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3523685)"; flow:established,from_client; content:"GET"; http_method; content:"/17/asc.xml"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"dow.895628.xyz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_24; reference:url, urlhaus.abuse.ch/url/3523685/; classtype:trojan-activity;sid:84386785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3523682)"; flow:established,from_client; content:"GET"; http_method; content:"/exclusions.ps1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.213.216.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_24; reference:url, urlhaus.abuse.ch/url/3523682/; classtype:trojan-activity;sid:84386782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3523645)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.69.219.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_24; reference:url, urlhaus.abuse.ch/url/3523645/; classtype:trojan-activity;sid:84386745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3523621)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.47.243.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_24; reference:url, urlhaus.abuse.ch/url/3523621/; classtype:trojan-activity;sid:84386721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3522943)"; flow:established,from_client; content:"GET"; http_method; content:"/oto"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"162.215.218.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_23; reference:url, urlhaus.abuse.ch/url/3522943/; classtype:trojan-activity;sid:84386043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3522871)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.236.65.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_23; reference:url, urlhaus.abuse.ch/url/3522871/; classtype:trojan-activity;sid:84385971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3522876)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.30.92.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_23; reference:url, urlhaus.abuse.ch/url/3522876/; classtype:trojan-activity;sid:84385976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3522687)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ltrdqlgcl6smoqujfs1pb2ernzhsbydh"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_04_23; reference:url, urlhaus.abuse.ch/url/3522687/; classtype:trojan-activity;sid:84385787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3522201)"; flow:established,from_client; content:"GET"; http_method; content:"/eed8989/u/main/ud.bat"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_04_22; reference:url, urlhaus.abuse.ch/url/3522201/; classtype:trojan-activity;sid:84385301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3522158)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.238.213.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_22; reference:url, urlhaus.abuse.ch/url/3522158/; classtype:trojan-activity;sid:84385258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3522159)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.243.36.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_22; reference:url, urlhaus.abuse.ch/url/3522159/; classtype:trojan-activity;sid:84385259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3521407)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"62.60.226.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_22; reference:url, urlhaus.abuse.ch/url/3521407/; classtype:trojan-activity;sid:84384507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3521377)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"62.60.226.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_22; reference:url, urlhaus.abuse.ch/url/3521377/; classtype:trojan-activity;sid:84384477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3521360)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"62.60.226.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_22; reference:url, urlhaus.abuse.ch/url/3521360/; classtype:trojan-activity;sid:84384460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3521335)"; flow:established,from_client; content:"GET"; http_method; content:"/////bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"62.60.226.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_22; reference:url, urlhaus.abuse.ch/url/3521335/; classtype:trojan-activity;sid:84384435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3521316)"; flow:established,from_client; content:"GET"; http_method; content:"/////bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"62.60.226.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_22; reference:url, urlhaus.abuse.ch/url/3521316/; classtype:trojan-activity;sid:84384416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3521312)"; flow:established,from_client; content:"GET"; http_method; content:"/////bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"62.60.226.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_22; reference:url, urlhaus.abuse.ch/url/3521312/; classtype:trojan-activity;sid:84384412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3520923)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.55.73.103"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_21; reference:url, urlhaus.abuse.ch/url/3520923/; classtype:trojan-activity;sid:84384023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3520366)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig/xmrig/releases/download/v6.12.2/xmrig-6.12.2-linux-x64.tar.gz"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_21; reference:url, urlhaus.abuse.ch/url/3520366/; classtype:trojan-activity;sid:84383466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3520082)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"77.226.241.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3520082/; classtype:trojan-activity;sid:84383182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3520081)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.57.43.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3520081/; classtype:trojan-activity;sid:84383181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3520073)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.63.168.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3520073/; classtype:trojan-activity;sid:84383173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3520075)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"122.55.206.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3520075/; classtype:trojan-activity;sid:84383175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3520071)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.156.141.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3520071/; classtype:trojan-activity;sid:84383171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3520070)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.136.63.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3520070/; classtype:trojan-activity;sid:84383170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3520068)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.182.77.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3520068/; classtype:trojan-activity;sid:84383168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519608)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.160.116.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519608/; classtype:trojan-activity;sid:84382708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519584)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.229.20.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519584/; classtype:trojan-activity;sid:84382684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519563)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.50.168.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519563/; classtype:trojan-activity;sid:84382663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519542)"; flow:established,from_client; content:"GET"; http_method; content:"/hostfile/taptin/game.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"update.volam2005pk.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519542/; classtype:trojan-activity;sid:84382642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519540)"; flow:established,from_client; content:"GET"; http_method; content:"/_autovlbs19_new/trainjx2.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"thtp2.volamngayxua.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519540/; classtype:trojan-activity;sid:84382640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519529)"; flow:established,from_client; content:"GET"; http_method; content:"/_autovlbs19_new/trainjx.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"thtp2.volamngayxua.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519529/; classtype:trojan-activity;sid:84382629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519525)"; flow:established,from_client; content:"GET"; http_method; content:"/down/linm_free/tg_linm_data_image_free.dll"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"tiwanlinm.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519525/; classtype:trojan-activity;sid:84382625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519523)"; flow:established,from_client; content:"GET"; http_method; content:"/testmemtest10.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519523/; classtype:trojan-activity;sid:84382623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519518)"; flow:established,from_client; content:"GET"; http_method; content:"/fb/32.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"ny.lshdw.cc"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519518/; classtype:trojan-activity;sid:84382618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519521)"; flow:established,from_client; content:"GET"; http_method; content:"/testmemtest14.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519521/; classtype:trojan-activity;sid:84382621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519514)"; flow:established,from_client; content:"GET"; http_method; content:"/testmemtest12.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519514/; classtype:trojan-activity;sid:84382614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519515)"; flow:established,from_client; content:"GET"; http_method; content:"/test4.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519515/; classtype:trojan-activity;sid:84382615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519513)"; flow:established,from_client; content:"GET"; http_method; content:"/install/namu832.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"www.namuvpn.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519513/; classtype:trojan-activity;sid:84382613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519503)"; flow:established,from_client; content:"GET"; http_method; content:"/autoupdate/autoupdate.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"jxhuyhoang.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519503/; classtype:trojan-activity;sid:84382603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519493)"; flow:established,from_client; content:"GET"; http_method; content:"/testmemtest24.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519493/; classtype:trojan-activity;sid:84382593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519485)"; flow:established,from_client; content:"GET"; http_method; content:"/versions/gestioniccv20.21.8.51/gestionicc.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"icoffeecloud.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519485/; classtype:trojan-activity;sid:84382585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519478)"; flow:established,from_client; content:"GET"; http_method; content:"/creation_made_by_grokai.mp4%20%20%20openai.com"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"innaflux.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519478/; classtype:trojan-activity;sid:84382578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519469)"; flow:established,from_client; content:"GET"; http_method; content:"/download/static/files/bootstrappernew.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"60aaf9c6.salamanderprocessing.pages.dev"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519469/; classtype:trojan-activity;sid:84382569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519467)"; flow:established,from_client; content:"GET"; http_method; content:"/down/linm_free/tg_linm_data_map_free.dll"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"tiwanlinm.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519467/; classtype:trojan-activity;sid:84382567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519464)"; flow:established,from_client; content:"GET"; http_method; content:"/fb/sm.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"ny.lshdw.cc"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519464/; classtype:trojan-activity;sid:84382564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519458)"; flow:established,from_client; content:"GET"; http_method; content:"/testmemtest38.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519458/; classtype:trojan-activity;sid:84382558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519459)"; flow:established,from_client; content:"GET"; http_method; content:"/pds/mogimall/giftorder/giftorder.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"mogimall.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519459/; classtype:trojan-activity;sid:84382559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519456)"; flow:established,from_client; content:"GET"; http_method; content:"/test9.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519456/; classtype:trojan-activity;sid:84382556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519454)"; flow:established,from_client; content:"GET"; http_method; content:"/testpte2.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519454/; classtype:trojan-activity;sid:84382554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519449)"; flow:established,from_client; content:"GET"; http_method; content:"/testwindow.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519449/; classtype:trojan-activity;sid:84382549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519446)"; flow:established,from_client; content:"GET"; http_method; content:"/newchaisupon/vendor/bin/psysh.bat"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"99194034-96-20180108171507.webstarterz.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519446/; classtype:trojan-activity;sid:84382546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519442)"; flow:established,from_client; content:"GET"; http_method; content:"/diaclients/doitallmain.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"www.salonmarketing.ca"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519442/; classtype:trojan-activity;sid:84382542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519443)"; flow:established,from_client; content:"GET"; http_method; content:"/sa0611/systemsa32.dll"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.ss-01.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519443/; classtype:trojan-activity;sid:84382543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519430)"; flow:established,from_client; content:"GET"; http_method; content:"/test6.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519430/; classtype:trojan-activity;sid:84382530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519432)"; flow:established,from_client; content:"GET"; http_method; content:"/msedge.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"c9791c08-f1e4-4402-9510-d04c13c50ea3.selstorage.ru"; http_host; depth:50; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519432/; classtype:trojan-activity;sid:84382532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519429)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pubdata/hpsocket4c.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"114.55.106.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519429/; classtype:trojan-activity;sid:84382529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519425)"; flow:established,from_client; content:"GET"; http_method; content:"/testmemtest31.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519425/; classtype:trojan-activity;sid:84382525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519420)"; flow:established,from_client; content:"GET"; http_method; content:"/testdumpall.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519420/; classtype:trojan-activity;sid:84382520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519421)"; flow:established,from_client; content:"GET"; http_method; content:"/testmemtest11.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519421/; classtype:trojan-activity;sid:84382521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519419)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/sm02zsvdywdotb7rql/"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"dhnconstrucciones.com.ar"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519419/; classtype:trojan-activity;sid:84382519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519416)"; flow:established,from_client; content:"GET"; http_method; content:"/filea.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519416/; classtype:trojan-activity;sid:84382516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519415)"; flow:established,from_client; content:"GET"; http_method; content:"/download/static/files/bootstrappernew.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"c3436037.salamanderprocessing.pages.dev"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519415/; classtype:trojan-activity;sid:84382515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519410)"; flow:established,from_client; content:"GET"; http_method; content:"/testpte.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519410/; classtype:trojan-activity;sid:84382510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519408)"; flow:established,from_client; content:"GET"; http_method; content:"/rh/setup.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"d3cciiowg5l3jx.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519408/; classtype:trojan-activity;sid:84382508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519404)"; flow:established,from_client; content:"GET"; http_method; content:"/pds/mogimall/giftorder/updater.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"mogimall.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519404/; classtype:trojan-activity;sid:84382504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519392)"; flow:established,from_client; content:"GET"; http_method; content:"/media/video_file/round_setup.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"tapestryoftruth.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519392/; classtype:trojan-activity;sid:84382492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519380)"; flow:established,from_client; content:"GET"; http_method; content:"/testmemtest36.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519380/; classtype:trojan-activity;sid:84382480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519378)"; flow:established,from_client; content:"GET"; http_method; content:"/test5.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519378/; classtype:trojan-activity;sid:84382478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519374)"; flow:established,from_client; content:"GET"; http_method; content:"/tingpong.dll"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"windatem.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519374/; classtype:trojan-activity;sid:84382474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519368)"; flow:established,from_client; content:"GET"; http_method; content:"/r0400/yahoodll.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"www.ss-01.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519368/; classtype:trojan-activity;sid:84382468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519369)"; flow:established,from_client; content:"GET"; http_method; content:"/driveapplet.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"noithaticon.vn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519369/; classtype:trojan-activity;sid:84382469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519354)"; flow:established,from_client; content:"GET"; http_method; content:"/licensing/updates/addmefast%20bot.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"www.blackhattoolz.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519354/; classtype:trojan-activity;sid:84382454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519356)"; flow:established,from_client; content:"GET"; http_method; content:"/nircmd.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"pub-0478b308b8cf46709a73d0eed5afd633.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519356/; classtype:trojan-activity;sid:84382456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519346)"; flow:established,from_client; content:"GET"; http_method; content:"/test7.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519346/; classtype:trojan-activity;sid:84382446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519347)"; flow:established,from_client; content:"GET"; http_method; content:"/test8.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519347/; classtype:trojan-activity;sid:84382447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519348)"; flow:established,from_client; content:"GET"; http_method; content:"/test1.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519348/; classtype:trojan-activity;sid:84382448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519349)"; flow:established,from_client; content:"GET"; http_method; content:"/testmemtest35.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519349/; classtype:trojan-activity;sid:84382449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519092)"; flow:established,from_client; content:"GET"; http_method; content:"/pst.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"o24o.ru"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519092/; classtype:trojan-activity;sid:84382192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519084)"; flow:established,from_client; content:"GET"; http_method; content:"/airportbeta/files/foam.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"neirong.funshion.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519084/; classtype:trojan-activity;sid:84382184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519066)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig/xmrig/releases/download/v6.22.2/xmrig-6.22.2-msvc-win64.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519066/; classtype:trojan-activity;sid:84382166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519063)"; flow:established,from_client; content:"GET"; http_method; content:"/vinhuptoday/testbn/raw/refs/heads/main/brbotnet.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519063/; classtype:trojan-activity;sid:84382163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519036)"; flow:established,from_client; content:"GET"; http_method; content:"/tiansys(xp%e4%b8%93%e7%94%a8).exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"fz.tiansys.cn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519036/; classtype:trojan-activity;sid:84382136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519035)"; flow:established,from_client; content:"GET"; http_method; content:"/disbalancer-project/main/releases/latest/download/disbalancer-go-client-windows-386.exe"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519035/; classtype:trojan-activity;sid:84382135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519032)"; flow:established,from_client; content:"GET"; http_method; content:"/game/ysjyx880.exe|3f|tk=ujyxmzylvzn3utywumy0qwomddmyytozqwo1gdo0qdn852b812bj5cm2mtaopxaixhn1idnzcjm5ytm"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"52mj.susuwei.cn"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519032/; classtype:trojan-activity;sid:84382132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519030)"; flow:established,from_client; content:"GET"; http_method; content:"/images/tp.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"42.194.150.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519030/; classtype:trojan-activity;sid:84382130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519029)"; flow:established,from_client; content:"GET"; http_method; content:"/client/update.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.91.133.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519029/; classtype:trojan-activity;sid:84382129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519027)"; flow:established,from_client; content:"GET"; http_method; content:"/cosmicdevv/icarus-lite/releases/download/v1.1.13/icaruslite-v1.1.13-win.exe"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519027/; classtype:trojan-activity;sid:84382127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519024)"; flow:established,from_client; content:"GET"; http_method; content:"/farmerok/telegram-remote-control-pc/raw/refs/heads/main/updater/update.exe"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519024/; classtype:trojan-activity;sid:84382124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519025)"; flow:established,from_client; content:"GET"; http_method; content:"/sebaxakerhtc/rdpwrap/releases/download/v1.8.9.9/rdpw_installer.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519025/; classtype:trojan-activity;sid:84382125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519026)"; flow:established,from_client; content:"GET"; http_method; content:"/dax009yt/chilledwindows-gui/releases/download/1.0/chilledwindows.gui.exe"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519026/; classtype:trojan-activity;sid:84382126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519019)"; flow:established,from_client; content:"GET"; http_method; content:"/jackson2323/mohradiant/blob/master/updt.exe|3f|raw=true"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519019/; classtype:trojan-activity;sid:84382119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519020)"; flow:established,from_client; content:"GET"; http_method; content:"/down/pkexu0ytxar3.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"115.159.149.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519020/; classtype:trojan-activity;sid:84382120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519021)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/public_file/relogintool.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"47.238.238.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519021/; classtype:trojan-activity;sid:84382121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519016)"; flow:established,from_client; content:"GET"; http_method; content:"/bol-van/zapret/releases/download/v70.6/zapret-v70.6.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519016/; classtype:trojan-activity;sid:84382116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519012)"; flow:established,from_client; content:"GET"; http_method; content:"/boyo3473/irack/releases/download/idk/load.driver.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519012/; classtype:trojan-activity;sid:84382112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3518999)"; flow:established,from_client; content:"GET"; http_method; content:"/2590057.s21d-2.faiusrd.com/0/abuiabblgaagytxhtauo1pck0ge.exe|3f|f=ghost%e7%bd%91%e5%85%8b%e9%9a%86%e6%a3%80%e6%b5%8b%e5%b7%a5%e5%85%b7.exe|7c|26|7c|v=1452829385|7c|26|7c|wsiphost=local|7c|26|7c|wsrid_tag=61c52eb2_psmgzjgord1de87_17635-16713"; http_uri; depth:241; isdataat:!1,relative; nocase; content:"157.185.170.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3518999/; classtype:trojan-activity;sid:84382099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519000)"; flow:established,from_client; content:"GET"; http_method; content:"/vexcentry/vex/raw/refs/heads/main/runtimebroker.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519000/; classtype:trojan-activity;sid:84382100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3518861)"; flow:established,from_client; content:"GET"; http_method; content:"/ns3.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"162.215.218.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3518861/; classtype:trojan-activity;sid:84381961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3518860)"; flow:established,from_client; content:"GET"; http_method; content:"/ns1.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"162.215.218.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3518860/; classtype:trojan-activity;sid:84381960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3518308)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.39.181.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_19; reference:url, urlhaus.abuse.ch/url/3518308/; classtype:trojan-activity;sid:84381408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3517053)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"124.123.26.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_18; reference:url, urlhaus.abuse.ch/url/3517053/; classtype:trojan-activity;sid:84380153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3517040)"; flow:established,from_client; content:"GET"; http_method; content:"/mig"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"2.57.122.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_18; reference:url, urlhaus.abuse.ch/url/3517040/; classtype:trojan-activity;sid:84380140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3516658)"; flow:established,from_client; content:"GET"; http_method; content:"/vinhuptoday/testbn/raw/refs/heads/main/brbotnet.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_18; reference:url, urlhaus.abuse.ch/url/3516658/; classtype:trojan-activity;sid:84379758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3516584)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"211.219.49.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_18; reference:url, urlhaus.abuse.ch/url/3516584/; classtype:trojan-activity;sid:84379684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3516130)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.191.156.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_04_17; reference:url, urlhaus.abuse.ch/url/3516130/; classtype:trojan-activity;sid:84379230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3516004)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"114.96.89.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_17; reference:url, urlhaus.abuse.ch/url/3516004/; classtype:trojan-activity;sid:84379104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3515982)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.163.81.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_17; reference:url, urlhaus.abuse.ch/url/3515982/; classtype:trojan-activity;sid:84379082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3515966)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"84.21.172.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_17; reference:url, urlhaus.abuse.ch/url/3515966/; classtype:trojan-activity;sid:84379066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3515950)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.116.208.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_17; reference:url, urlhaus.abuse.ch/url/3515950/; classtype:trojan-activity;sid:84379050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3515947)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.93.28.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_17; reference:url, urlhaus.abuse.ch/url/3515947/; classtype:trojan-activity;sid:84379047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3515937)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.93.28.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_17; reference:url, urlhaus.abuse.ch/url/3515937/; classtype:trojan-activity;sid:84379037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3515938)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"129.204.254.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_04_17; reference:url, urlhaus.abuse.ch/url/3515938/; classtype:trojan-activity;sid:84379038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3515929)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"20.74.209.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_17; reference:url, urlhaus.abuse.ch/url/3515929/; classtype:trojan-activity;sid:84379029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3515905)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"20.74.209.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_17; reference:url, urlhaus.abuse.ch/url/3515905/; classtype:trojan-activity;sid:84379005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3515908)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.155.195.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_17; reference:url, urlhaus.abuse.ch/url/3515908/; classtype:trojan-activity;sid:84379008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3514570)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1hrp9lnasbplclnhppp1abwb1uwv4kdvs"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_04_17; reference:url, urlhaus.abuse.ch/url/3514570/; classtype:trojan-activity;sid:84377670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3514528)"; flow:established,from_client; content:"GET"; http_method; content:"/asdfghjkl/frp.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"66.187.4.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_17; reference:url, urlhaus.abuse.ch/url/3514528/; classtype:trojan-activity;sid:84377628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3514066)"; flow:established,from_client; content:"GET"; http_method; content:"/nkminash/my-codd/raw/896d806a9b4569c9c3a275f200ebe7d2ecec5702/snd16061.exe"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_17; reference:url, urlhaus.abuse.ch/url/3514066/; classtype:trojan-activity;sid:84377166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3513248)"; flow:established,from_client; content:"GET"; http_method; content:"/bin//support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:78; isdataat:!1,relative; nocase; content:"192.159.99.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_16; reference:url, urlhaus.abuse.ch/url/3513248/; classtype:trojan-activity;sid:84376348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3513251)"; flow:established,from_client; content:"GET"; http_method; content:"/bin//support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:78; isdataat:!1,relative; nocase; content:"45.88.186.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_16; reference:url, urlhaus.abuse.ch/url/3513251/; classtype:trojan-activity;sid:84376351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3513255)"; flow:established,from_client; content:"GET"; http_method; content:"/bin//support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:78; isdataat:!1,relative; nocase; content:"45.88.186.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_16; reference:url, urlhaus.abuse.ch/url/3513255/; classtype:trojan-activity;sid:84376355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3513186)"; flow:established,from_client; content:"GET"; http_method; content:"/bin//support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:78; isdataat:!1,relative; nocase; content:"45.94.31.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_16; reference:url, urlhaus.abuse.ch/url/3513186/; classtype:trojan-activity;sid:84376286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3513183)"; flow:established,from_client; content:"GET"; http_method; content:"/bin//support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:78; isdataat:!1,relative; nocase; content:"194.26.192.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_16; reference:url, urlhaus.abuse.ch/url/3513183/; classtype:trojan-activity;sid:84376283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3512004)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.200.12.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_15; reference:url, urlhaus.abuse.ch/url/3512004/; classtype:trojan-activity;sid:84375104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3512003)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.147.155.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_15; reference:url, urlhaus.abuse.ch/url/3512003/; classtype:trojan-activity;sid:84375103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3511995)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.242.103.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_15; reference:url, urlhaus.abuse.ch/url/3511995/; classtype:trojan-activity;sid:84375095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3511783)"; flow:established,from_client; content:"GET"; http_method; content:"/ghdsdcbn124.bin"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.khavar.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_15; reference:url, urlhaus.abuse.ch/url/3511783/; classtype:trojan-activity;sid:84374883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3511300)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.210.78.137"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_14; reference:url, urlhaus.abuse.ch/url/3511300/; classtype:trojan-activity;sid:84374400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3511286)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.43.91.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_14; reference:url, urlhaus.abuse.ch/url/3511286/; classtype:trojan-activity;sid:84374386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3510901)"; flow:established,from_client; content:"GET"; http_method; content:"/dl16"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_14; reference:url, urlhaus.abuse.ch/url/3510901/; classtype:trojan-activity;sid:84374001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3510726)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"66.187.4.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_14; reference:url, urlhaus.abuse.ch/url/3510726/; classtype:trojan-activity;sid:84373826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3510727)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"66.187.4.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_14; reference:url, urlhaus.abuse.ch/url/3510727/; classtype:trojan-activity;sid:84373827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3510724)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"66.187.4.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_14; reference:url, urlhaus.abuse.ch/url/3510724/; classtype:trojan-activity;sid:84373824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3510725)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"66.187.4.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_14; reference:url, urlhaus.abuse.ch/url/3510725/; classtype:trojan-activity;sid:84373825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3510721)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.i686"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"66.187.4.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_14; reference:url, urlhaus.abuse.ch/url/3510721/; classtype:trojan-activity;sid:84373821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3510722)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.mips64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"66.187.4.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_14; reference:url, urlhaus.abuse.ch/url/3510722/; classtype:trojan-activity;sid:84373822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3510723)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.i486"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"66.187.4.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_14; reference:url, urlhaus.abuse.ch/url/3510723/; classtype:trojan-activity;sid:84373823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3510718)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"66.187.4.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_14; reference:url, urlhaus.abuse.ch/url/3510718/; classtype:trojan-activity;sid:84373818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3510712)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"66.187.4.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_14; reference:url, urlhaus.abuse.ch/url/3510712/; classtype:trojan-activity;sid:84373812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3510713)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"66.187.4.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_14; reference:url, urlhaus.abuse.ch/url/3510713/; classtype:trojan-activity;sid:84373813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3510714)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"66.187.4.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_14; reference:url, urlhaus.abuse.ch/url/3510714/; classtype:trojan-activity;sid:84373814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3510715)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"66.187.4.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_14; reference:url, urlhaus.abuse.ch/url/3510715/; classtype:trojan-activity;sid:84373815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3510126)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.10.26.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_13; reference:url, urlhaus.abuse.ch/url/3510126/; classtype:trojan-activity;sid:84373226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3509907)"; flow:established,from_client; content:"GET"; http_method; content:"/rahmounben/lc/refs/heads/main/xclient.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_04_13; reference:url, urlhaus.abuse.ch/url/3509907/; classtype:trojan-activity;sid:84373007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3509904)"; flow:established,from_client; content:"GET"; http_method; content:"/justjzero/ahh/refs/heads/main/cloudy.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_04_13; reference:url, urlhaus.abuse.ch/url/3509904/; classtype:trojan-activity;sid:84373004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3509901)"; flow:established,from_client; content:"GET"; http_method; content:"/justjzero/ahh/raw/refs/heads/main/cloudy.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_13; reference:url, urlhaus.abuse.ch/url/3509901/; classtype:trojan-activity;sid:84373001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3509872)"; flow:established,from_client; content:"GET"; http_method; content:"/niggedddx/dependenciuesfeife/raw/refs/heads/main/bruterv3.1.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_13; reference:url, urlhaus.abuse.ch/url/3509872/; classtype:trojan-activity;sid:84372972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3509591)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"nnnpanel.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_13; reference:url, urlhaus.abuse.ch/url/3509591/; classtype:trojan-activity;sid:84372691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3509583)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxprotectech.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_04_13; reference:url, urlhaus.abuse.ch/url/3509583/; classtype:trojan-activity;sid:84372683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3509585)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxguardwave.de"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_04_13; reference:url, urlhaus.abuse.ch/url/3509585/; classtype:trojan-activity;sid:84372685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3509586)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxshieldcore.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_04_13; reference:url, urlhaus.abuse.ch/url/3509586/; classtype:trojan-activity;sid:84372686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3509588)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxcryptorix.de"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_04_13; reference:url, urlhaus.abuse.ch/url/3509588/; classtype:trojan-activity;sid:84372688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3509589)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxarmorcrypt.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_04_13; reference:url, urlhaus.abuse.ch/url/3509589/; classtype:trojan-activity;sid:84372689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3509590)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxguardify.de"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_04_13; reference:url, urlhaus.abuse.ch/url/3509590/; classtype:trojan-activity;sid:84372690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3509574)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxcyberedge.de"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_04_13; reference:url, urlhaus.abuse.ch/url/3509574/; classtype:trojan-activity;sid:84372674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3509101)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.vbs"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"runds.duckdns.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_04_12; reference:url, urlhaus.abuse.ch/url/3509101/; classtype:trojan-activity;sid:84372201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3508862)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.125.72.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_12; reference:url, urlhaus.abuse.ch/url/3508862/; classtype:trojan-activity;sid:84371962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3507474)"; flow:established,from_client; content:"GET"; http_method; content:"/kibnakamoto/mimikatz/main/mimikatz.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_04_11; reference:url, urlhaus.abuse.ch/url/3507474/; classtype:trojan-activity;sid:84370574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3507456)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/mimikatz.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_11; reference:url, urlhaus.abuse.ch/url/3507456/; classtype:trojan-activity;sid:84370556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3507452)"; flow:established,from_client; content:"GET"; http_method; content:"/misterlobster22/mimik/blob/main/mimikatz.exe|3f|raw=true"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_11; reference:url, urlhaus.abuse.ch/url/3507452/; classtype:trojan-activity;sid:84370552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3506999)"; flow:established,from_client; content:"GET"; http_method; content:"/wj/feishu.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"8.134.199.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_10; reference:url, urlhaus.abuse.ch/url/3506999/; classtype:trojan-activity;sid:84370099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3506996)"; flow:established,from_client; content:"GET"; http_method; content:"/wj/pcre.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"8.134.199.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_10; reference:url, urlhaus.abuse.ch/url/3506996/; classtype:trojan-activity;sid:84370096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3506997)"; flow:established,from_client; content:"GET"; http_method; content:"/wj/glib-2.0.dll"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"8.134.199.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_10; reference:url, urlhaus.abuse.ch/url/3506997/; classtype:trojan-activity;sid:84370097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3506998)"; flow:established,from_client; content:"GET"; http_method; content:"/wj/intl.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"8.134.199.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_10; reference:url, urlhaus.abuse.ch/url/3506998/; classtype:trojan-activity;sid:84370098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3506993)"; flow:established,from_client; content:"GET"; http_method; content:"/wj/hei.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"8.134.199.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_10; reference:url, urlhaus.abuse.ch/url/3506993/; classtype:trojan-activity;sid:84370093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3506991)"; flow:established,from_client; content:"GET"; http_method; content:"/wj/gmodule-2.0.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"8.134.199.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_10; reference:url, urlhaus.abuse.ch/url/3506991/; classtype:trojan-activity;sid:84370091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3506992)"; flow:established,from_client; content:"GET"; http_method; content:"/wj/vcruntime140_1.dll"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"8.134.199.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_10; reference:url, urlhaus.abuse.ch/url/3506992/; classtype:trojan-activity;sid:84370092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3506392)"; flow:established,from_client; content:"GET"; http_method; content:"/deepakmeena2006/lib/6753a65f543afe81079459a8439ec1e0c0a660b4/s86.txt"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_04_10; reference:url, urlhaus.abuse.ch/url/3506392/; classtype:trojan-activity;sid:84369492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3506391)"; flow:established,from_client; content:"GET"; http_method; content:"/deepakmeena2006/lib/6753a65f543afe81079459a8439ec1e0c0a660b4/s64.txt"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_04_10; reference:url, urlhaus.abuse.ch/url/3506391/; classtype:trojan-activity;sid:84369491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3506386)"; flow:established,from_client; content:"GET"; http_method; content:"/mosseve/reverbed/releases/download/3.8.8/reverbed.v3.8.8.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_10; reference:url, urlhaus.abuse.ch/url/3506386/; classtype:trojan-activity;sid:84369486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3506346)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1kcbhxhjt-bdxszgxt1nfnzdt5hpvkwk4"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_04_10; reference:url, urlhaus.abuse.ch/url/3506346/; classtype:trojan-activity;sid:84369446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505672)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1muftth-5lscdi3ovd5vn7sjkeit2h9k1"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505672/; classtype:trojan-activity;sid:84368772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505645)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"139.255.40.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505645/; classtype:trojan-activity;sid:84368745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505506)"; flow:established,from_client; content:"GET"; http_method; content:"/makeewyk.msi"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"bestieslos.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505506/; classtype:trojan-activity;sid:84368606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505504)"; flow:established,from_client; content:"GET"; http_method; content:"/uulyorik.msi"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"bestieslos.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505504/; classtype:trojan-activity;sid:84368604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505502)"; flow:established,from_client; content:"GET"; http_method; content:"/pmlqrjin.msi"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"bestieslos.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505502/; classtype:trojan-activity;sid:84368602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505422)"; flow:established,from_client; content:"GET"; http_method; content:"/jaime00marulanda/yt-audio-api/releases/download/v2.6.9/yt-audio-api_v2.6.9.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505422/; classtype:trojan-activity;sid:84368522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505418)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/helloswaps/releases/download/v2.0/application.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505418/; classtype:trojan-activity;sid:84368518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505393)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/react-material/releases/download/v1.0/application.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505393/; classtype:trojan-activity;sid:84368493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505394)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/ticker-ai-with-tailwind-css/releases/download/v2.0/application.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505394/; classtype:trojan-activity;sid:84368494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505395)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/react-material/releases/download/v2.0/application.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505395/; classtype:trojan-activity;sid:84368495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505396)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/docs/releases/download/v2.0/application.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505396/; classtype:trojan-activity;sid:84368496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505397)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/simple-todo-list/releases/download/v2.0/application.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505397/; classtype:trojan-activity;sid:84368497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505398)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/governingdocs/releases/download/v1.0/application.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505398/; classtype:trojan-activity;sid:84368498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505399)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/creatives-for-you/releases/download/v2.0/application.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505399/; classtype:trojan-activity;sid:84368499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505400)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/basic-js-problem-solving/releases/download/v1.0/application.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505400/; classtype:trojan-activity;sid:84368500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505401)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/governingdocs/releases/download/v2.0/application.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505401/; classtype:trojan-activity;sid:84368501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505402)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/ticker-ai-with-tailwind-css/releases/download/v1.0/application.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505402/; classtype:trojan-activity;sid:84368502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505403)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/wizia/releases/download/v1.0/application.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505403/; classtype:trojan-activity;sid:84368503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505404)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/kiekefotografie/releases/download/v2.0/application.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505404/; classtype:trojan-activity;sid:84368504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505405)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/kiekefotografie/releases/download/v1.0/application.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505405/; classtype:trojan-activity;sid:84368505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505406)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/docs/releases/download/v1.0/application.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505406/; classtype:trojan-activity;sid:84368506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505407)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/helloswaps/releases/download/v1.0/application.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505407/; classtype:trojan-activity;sid:84368507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505408)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/mastercard-ui/releases/download/v2.0/application.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505408/; classtype:trojan-activity;sid:84368508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505409)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/wizia/releases/download/v2.0/application.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505409/; classtype:trojan-activity;sid:84368509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505410)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/profile-card/releases/download/v2.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505410/; classtype:trojan-activity;sid:84368510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505411)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/creative-for-you/releases/download/v1.0/application.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505411/; classtype:trojan-activity;sid:84368511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505412)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/mastercard-ui/releases/download/v1.0/application.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505412/; classtype:trojan-activity;sid:84368512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505413)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/profile-card/releases/download/v1.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505413/; classtype:trojan-activity;sid:84368513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505414)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/creatives-for-you/releases/download/v1.0/application.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505414/; classtype:trojan-activity;sid:84368514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505415)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/creative-for-you/releases/download/v2.0/application.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505415/; classtype:trojan-activity;sid:84368515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505416)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/simple-todo-list/releases/download/v1.0/application.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505416/; classtype:trojan-activity;sid:84368516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505417)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/basic-js-problem-solving/releases/download/v2.0/application.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505417/; classtype:trojan-activity;sid:84368517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505384)"; flow:established,from_client; content:"GET"; http_method; content:"/klhhrx/reel-rec/releases/download/v2.0/release_x64.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505384/; classtype:trojan-activity;sid:84368484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505385)"; flow:established,from_client; content:"GET"; http_method; content:"/andremedina15/reel-rec/releases/download/v1.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505385/; classtype:trojan-activity;sid:84368485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505376)"; flow:established,from_client; content:"GET"; http_method; content:"/andremedina15/reel-rec/releases/download/v2.0/release_x64.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505376/; classtype:trojan-activity;sid:84368476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505377)"; flow:established,from_client; content:"GET"; http_method; content:"/electrichermit/vegas-pro-version/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505377/; classtype:trojan-activity;sid:84368477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505378)"; flow:established,from_client; content:"GET"; http_method; content:"/7777suprim/expo-rsc-movies/releases/download/v1.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505378/; classtype:trojan-activity;sid:84368478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505379)"; flow:established,from_client; content:"GET"; http_method; content:"/klhhrx/reel-rec/releases/download/v1.0/software.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505379/; classtype:trojan-activity;sid:84368479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505382)"; flow:established,from_client; content:"GET"; http_method; content:"/ergin3432432/movie-mates/releases/download/v1.0/application.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505382/; classtype:trojan-activity;sid:84368482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505342)"; flow:established,from_client; content:"GET"; http_method; content:"/quyw/microphonefixer/releases/download/v3.0.8-beta.4/microphonefixer.v3.0.8-beta.4.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505342/; classtype:trojan-activity;sid:84368442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505336)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/youtube_playlist_downloader/releases/download/v1.0/application.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505336/; classtype:trojan-activity;sid:84368436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505334)"; flow:established,from_client; content:"GET"; http_method; content:"/yumyumdonuts/free-youtube-to-mp3-converter-free/releases/download/1.1.2/freeyoutubetomp3converterfree-1.1.2.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505334/; classtype:trojan-activity;sid:84368434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505325)"; flow:established,from_client; content:"GET"; http_method; content:"/lucaspb833/ytmpx/releases/download/1.3.4/ytmpx-1.3.4.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505325/; classtype:trojan-activity;sid:84368425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505326)"; flow:established,from_client; content:"GET"; http_method; content:"/vnnha/ytd-youtube-downloader-download/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505326/; classtype:trojan-activity;sid:84368426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505327)"; flow:established,from_client; content:"GET"; http_method; content:"/lbngrg/social-media-downloader/releases/download/glassful/social-media-downloader-glassful"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505327/; classtype:trojan-activity;sid:84368427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505328)"; flow:established,from_client; content:"GET"; http_method; content:"/vignesh5229/yt-blaze/releases/download/1.9.1-beta.4/yt-blaze-1.9.1-beta.4.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505328/; classtype:trojan-activity;sid:84368428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505329)"; flow:established,from_client; content:"GET"; http_method; content:"/vnnha/ytd-youtube-downloader-download/releases/download/v1.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505329/; classtype:trojan-activity;sid:84368429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505332)"; flow:established,from_client; content:"GET"; http_method; content:"/lbngrg/social-media-downloader/releases/download/v1.8.0/social-media-downloader-v1.8.0"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505332/; classtype:trojan-activity;sid:84368432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505313)"; flow:established,from_client; content:"GET"; http_method; content:"/nmattioni/upload/raw/refs/heads/master/software.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505313/; classtype:trojan-activity;sid:84368413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505307)"; flow:established,from_client; content:"GET"; http_method; content:"/anamesias580/upload/refs/heads/master/software.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505307/; classtype:trojan-activity;sid:84368407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505305)"; flow:established,from_client; content:"GET"; http_method; content:"/phanu85/upload/raw/refs/heads/master/software.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505305/; classtype:trojan-activity;sid:84368405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505304)"; flow:established,from_client; content:"GET"; http_method; content:"/pantay/upload/raw/refs/heads/master/software.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505304/; classtype:trojan-activity;sid:84368404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505108)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"45.88.186.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505108/; classtype:trojan-activity;sid:84368208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505095)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"45.88.186.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505095/; classtype:trojan-activity;sid:84368195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505097)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"45.94.31.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505097/; classtype:trojan-activity;sid:84368197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505073)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"194.26.192.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505073/; classtype:trojan-activity;sid:84368173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505074)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"192.159.99.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505074/; classtype:trojan-activity;sid:84368174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3504870)"; flow:established,from_client; content:"GET"; http_method; content:"/public/upload/files/l.sh"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"39.104.161.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3504870/; classtype:trojan-activity;sid:84367970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3504713)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.238.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_08; reference:url, urlhaus.abuse.ch/url/3504713/; classtype:trojan-activity;sid:84367813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3504716)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.58.85.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_08; reference:url, urlhaus.abuse.ch/url/3504716/; classtype:trojan-activity;sid:84367816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3503677)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"179.60.216.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_07; reference:url, urlhaus.abuse.ch/url/3503677/; classtype:trojan-activity;sid:84366777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3503671)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.227.177.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_04_07; reference:url, urlhaus.abuse.ch/url/3503671/; classtype:trojan-activity;sid:84366771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3503657)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.43.17.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_07; reference:url, urlhaus.abuse.ch/url/3503657/; classtype:trojan-activity;sid:84366757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3503409)"; flow:established,from_client; content:"GET"; http_method; content:"/tirtekeka/rat-client/zip/refs/heads/main"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_04_07; reference:url, urlhaus.abuse.ch/url/3503409/; classtype:trojan-activity;sid:84366509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3503003)"; flow:established,from_client; content:"GET"; http_method; content:"/download/konsol.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"backupso.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_06; reference:url, urlhaus.abuse.ch/url/3503003/; classtype:trojan-activity;sid:84366103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3502746)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.117.61.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_06; reference:url, urlhaus.abuse.ch/url/3502746/; classtype:trojan-activity;sid:84365846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3502701)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.210.214.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_06; reference:url, urlhaus.abuse.ch/url/3502701/; classtype:trojan-activity;sid:84365801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3502654)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.115.103.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_06; reference:url, urlhaus.abuse.ch/url/3502654/; classtype:trojan-activity;sid:84365754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3501628)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"209.42.54.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_05; reference:url, urlhaus.abuse.ch/url/3501628/; classtype:trojan-activity;sid:84364728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3501625)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.99.248.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_05; reference:url, urlhaus.abuse.ch/url/3501625/; classtype:trojan-activity;sid:84364725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3501619)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"49.0.41.126"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_05; reference:url, urlhaus.abuse.ch/url/3501619/; classtype:trojan-activity;sid:84364719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3501608)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"35.137.185.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_05; reference:url, urlhaus.abuse.ch/url/3501608/; classtype:trojan-activity;sid:84364708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3500891)"; flow:established,from_client; content:"GET"; http_method; content:"/chin/ifjjmktge.mp3"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dcrun.co.uk"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_04; reference:url, urlhaus.abuse.ch/url/3500891/; classtype:trojan-activity;sid:84363991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3500747)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.185.1.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_04; reference:url, urlhaus.abuse.ch/url/3500747/; classtype:trojan-activity;sid:84363847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3500726)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.173.136.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_04_04; reference:url, urlhaus.abuse.ch/url/3500726/; classtype:trojan-activity;sid:84363826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3499996)"; flow:established,from_client; content:"GET"; http_method; content:"/bahaaaymen/chapito/releases/download/v3.3.6/stay.out.firewind.v1.8.6.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_03; reference:url, urlhaus.abuse.ch/url/3499996/; classtype:trojan-activity;sid:84363096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3499995)"; flow:established,from_client; content:"GET"; http_method; content:"/sylvanogammer/apex-no-recoil/releases/download/v1.8.4-beta.4/apex-no-recoil-v1.8.4-beta.4.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_03; reference:url, urlhaus.abuse.ch/url/3499995/; classtype:trojan-activity;sid:84363095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3499993)"; flow:established,from_client; content:"GET"; http_method; content:"/roniel8/apex-no-recoil/releases/download/v2.5.1-alpha.3/apex-no-recoil-v2-5-1-alpha-3.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_03; reference:url, urlhaus.abuse.ch/url/3499993/; classtype:trojan-activity;sid:84363093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3499800)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxironvault.de"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_04_03; reference:url, urlhaus.abuse.ch/url/3499800/; classtype:trojan-activity;sid:84362900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3499801)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxphantomlock.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_04_03; reference:url, urlhaus.abuse.ch/url/3499801/; classtype:trojan-activity;sid:84362901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3499150)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"79.124.72.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_02; reference:url, urlhaus.abuse.ch/url/3499150/; classtype:trojan-activity;sid:84362250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498482)"; flow:established,from_client; content:"GET"; http_method; content:"/juanbustoss/src/raw/refs/heads/master/application.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498482/; classtype:trojan-activity;sid:84361582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498084)"; flow:established,from_client; content:"GET"; http_method; content:"/shellyacm/imgx/releases/download/v1.0/software.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498084/; classtype:trojan-activity;sid:84361184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498082)"; flow:established,from_client; content:"GET"; http_method; content:"/shellyacm/imgx/releases/download/v2.0/software.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498082/; classtype:trojan-activity;sid:84361182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498069)"; flow:established,from_client; content:"GET"; http_method; content:"/unknownn89/hackinggpt/releases/download/1.8.9/hackinggpt-1.8.9.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498069/; classtype:trojan-activity;sid:84361169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498070)"; flow:established,from_client; content:"GET"; http_method; content:"/demonsofhe/onion-rings/releases/download/3.1.7/onion-rings-3.1.7.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498070/; classtype:trojan-activity;sid:84361170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498071)"; flow:established,from_client; content:"GET"; http_method; content:"/soulfly02/greentendo/releases/download/v1.1/soft.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498071/; classtype:trojan-activity;sid:84361171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498072)"; flow:established,from_client; content:"GET"; http_method; content:"/warisalishah/mytube/releases/download/v1.1/soft.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498072/; classtype:trojan-activity;sid:84361172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498073)"; flow:established,from_client; content:"GET"; http_method; content:"/rippez/wordkeeper/releases/download/caseharden/release.caseharden.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498073/; classtype:trojan-activity;sid:84361173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498074)"; flow:established,from_client; content:"GET"; http_method; content:"/alesti19/driver-booster-pro-installer-2025/releases/download/3.5.4/driver-booster-pro-installer-2025-3.5.4.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498074/; classtype:trojan-activity;sid:84361174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498076)"; flow:established,from_client; content:"GET"; http_method; content:"/jxx1234567890jxx/datatransformationchecker/releases/download/v2.0/software.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498076/; classtype:trojan-activity;sid:84361176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498077)"; flow:established,from_client; content:"GET"; http_method; content:"/gsrajput08/rewitte.jlgradmap/releases/download/v1.1/soft.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498077/; classtype:trojan-activity;sid:84361177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498078)"; flow:established,from_client; content:"GET"; http_method; content:"/8e8bdba457c18cf692a95fe2ec67000b/vulkancooperativematrixattention/releases/download/v2.0/software.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498078/; classtype:trojan-activity;sid:84361178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498064)"; flow:established,from_client; content:"GET"; http_method; content:"/hackerboy5916/booknotify/releases/download/v1.0/release_x64.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498064/; classtype:trojan-activity;sid:84361164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498065)"; flow:established,from_client; content:"GET"; http_method; content:"/soup6792/silverblue-base-/releases/download/v1.0/release_x64.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498065/; classtype:trojan-activity;sid:84361165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498066)"; flow:established,from_client; content:"GET"; http_method; content:"/madureira20/pixtrail/releases/download/3.3.3/pixtrail-3.3.3.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498066/; classtype:trojan-activity;sid:84361166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498067)"; flow:established,from_client; content:"GET"; http_method; content:"/frank698/localocr/releases/download/v2.3.3/localocr_v2.3.3.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498067/; classtype:trojan-activity;sid:84361167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498055)"; flow:established,from_client; content:"GET"; http_method; content:"/unknownn89/hackinggpt/releases/download/crowned/hackinggpt-crowned.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498055/; classtype:trojan-activity;sid:84361155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498056)"; flow:established,from_client; content:"GET"; http_method; content:"/wfeifefeifef/pokemon-crud/releases/download/v1.1/soft.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498056/; classtype:trojan-activity;sid:84361156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498058)"; flow:established,from_client; content:"GET"; http_method; content:"/03juseroto/fitlog-progress-tracker-app/releases/download/v1.1/soft.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498058/; classtype:trojan-activity;sid:84361158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498059)"; flow:established,from_client; content:"GET"; http_method; content:"/julia2806/stock-watch/releases/download/v1.0/application.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498059/; classtype:trojan-activity;sid:84361159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498044)"; flow:established,from_client; content:"GET"; http_method; content:"/soup6792/silverblue-base-/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498044/; classtype:trojan-activity;sid:84361144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498045)"; flow:established,from_client; content:"GET"; http_method; content:"/ushii/weather_app/releases/download/v1.0/installer.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498045/; classtype:trojan-activity;sid:84361145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498047)"; flow:established,from_client; content:"GET"; http_method; content:"/rahulpa045/cphishtermux/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498047/; classtype:trojan-activity;sid:84361147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498048)"; flow:established,from_client; content:"GET"; http_method; content:"/gsrajput08/rewitte.jlgradmap/releases/download/v1.2/soft.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498048/; classtype:trojan-activity;sid:84361148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498050)"; flow:established,from_client; content:"GET"; http_method; content:"/wfeifefeifef/pokemon-crud/releases/download/v1.2/soft.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498050/; classtype:trojan-activity;sid:84361150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498052)"; flow:established,from_client; content:"GET"; http_method; content:"/soulfly02/greentendo/releases/download/v1.2/soft.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498052/; classtype:trojan-activity;sid:84361152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498053)"; flow:established,from_client; content:"GET"; http_method; content:"/jxx1234567890jxx/datatransformationchecker/releases/download/v1.0/application.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498053/; classtype:trojan-activity;sid:84361153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498054)"; flow:established,from_client; content:"GET"; http_method; content:"/nazaastore/abacus2api/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498054/; classtype:trojan-activity;sid:84361154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498029)"; flow:established,from_client; content:"GET"; http_method; content:"/03juseroto/fitlog-progress-tracker-app/releases/download/v1.2/soft.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498029/; classtype:trojan-activity;sid:84361129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498030)"; flow:established,from_client; content:"GET"; http_method; content:"/x4lex19o/vue3-crypto-dashboard/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498030/; classtype:trojan-activity;sid:84361130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498031)"; flow:established,from_client; content:"GET"; http_method; content:"/clemmrobl/capture-one-pro-free/releases/download/1.1.2/capture-one-pro-free-1.1.2.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498031/; classtype:trojan-activity;sid:84361131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498032)"; flow:established,from_client; content:"GET"; http_method; content:"/computoki/e/releases/download/v1.0/software.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498032/; classtype:trojan-activity;sid:84361132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498033)"; flow:established,from_client; content:"GET"; http_method; content:"/gamer615/acdsee-photo-studio-professional-download/releases/download/v1.0/software.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498033/; classtype:trojan-activity;sid:84361133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498034)"; flow:established,from_client; content:"GET"; http_method; content:"/ushii/weather_app/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498034/; classtype:trojan-activity;sid:84361134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498035)"; flow:established,from_client; content:"GET"; http_method; content:"/lucianoolferxa98/solanaj/releases/download/1.9.4-alpha.2/solanaj-v1.9.4-alpha.2.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498035/; classtype:trojan-activity;sid:84361135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498036)"; flow:established,from_client; content:"GET"; http_method; content:"/gamer615/acdsee-photo-studio-professional-download/releases/download/v2.0/software.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498036/; classtype:trojan-activity;sid:84361136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498038)"; flow:established,from_client; content:"GET"; http_method; content:"/eltrapico2/php-library-system/releases/download/v1.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498038/; classtype:trojan-activity;sid:84361138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498040)"; flow:established,from_client; content:"GET"; http_method; content:"/warisalishah/mytube/releases/download/v1.2/soft.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498040/; classtype:trojan-activity;sid:84361140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498041)"; flow:established,from_client; content:"GET"; http_method; content:"/hackerboy5916/booknotify/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498041/; classtype:trojan-activity;sid:84361141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497914)"; flow:established,from_client; content:"GET"; http_method; content:"/pirlokipngeno/crackftp/releases/download/3.5.4/crackftp-3.5.4.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497914/; classtype:trojan-activity;sid:84361014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497913)"; flow:established,from_client; content:"GET"; http_method; content:"/kinayeeasd/wpcracker/releases/download/2.0.7-beta.4/wpcracker.2.0.7-beta.4.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497913/; classtype:trojan-activity;sid:84361013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497910)"; flow:established,from_client; content:"GET"; http_method; content:"/tefa1234/wpcracker/releases/download/v1.0.2/release-x64.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497910/; classtype:trojan-activity;sid:84361010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497906)"; flow:established,from_client; content:"GET"; http_method; content:"/tefa1234/wpcracker/releases/download/v1.0.1/release-x64.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497906/; classtype:trojan-activity;sid:84361006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497898)"; flow:established,from_client; content:"GET"; http_method; content:"/slyge/yescrypt_crack/releases/download/v2.0/application.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497898/; classtype:trojan-activity;sid:84360998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497905)"; flow:established,from_client; content:"GET"; http_method; content:"/slyge/yescrypt_crack/releases/download/v1.0/application.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497905/; classtype:trojan-activity;sid:84361005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497893)"; flow:established,from_client; content:"GET"; http_method; content:"/agent-piss/stellar-data-recovery-pro-free/releases/download/v1.4.8/stellar.moonlight.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497893/; classtype:trojan-activity;sid:84360993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497894)"; flow:established,from_client; content:"GET"; http_method; content:"/ahiuit/keyword-researcher-pro-free/releases/download/3.8.9/keywordresearcherprofree-3.8.9.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497894/; classtype:trojan-activity;sid:84360994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497890)"; flow:established,from_client; content:"GET"; http_method; content:"/acemardri1/ashampoo-burning-studio-crack/releases/download/1.1.4/ashampoo.burning.bliss.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497890/; classtype:trojan-activity;sid:84360990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497885)"; flow:established,from_client; content:"GET"; http_method; content:"/zigaaaaaaaa/crackftp/releases/download/v2.3.0/crackftp.v2.3.0.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497885/; classtype:trojan-activity;sid:84360985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497878)"; flow:established,from_client; content:"GET"; http_method; content:"/zigaaaaaaaa/crackftp/releases/download/v3.4.5/release.v3.4.5.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497878/; classtype:trojan-activity;sid:84360978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497873)"; flow:established,from_client; content:"GET"; http_method; content:"/jewonsan/dvd-cloner_crack/releases/download/v3.3.4/dvd-cloner_crack_v3.3.4.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497873/; classtype:trojan-activity;sid:84360973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497872)"; flow:established,from_client; content:"GET"; http_method; content:"/tisha466/stardock_groupy_crack/releases/download/1.7.2/release.1.7.2.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497872/; classtype:trojan-activity;sid:84360972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497868)"; flow:established,from_client; content:"GET"; http_method; content:"/maykolingui/miside-cheat/releases/download/v2.1.7/miside-cheat-v2.1.7.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497868/; classtype:trojan-activity;sid:84360968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497826)"; flow:established,from_client; content:"GET"; http_method; content:"/itznaviya/hamster-kombat-bot/releases/download/v2.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497826/; classtype:trojan-activity;sid:84360926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497822)"; flow:established,from_client; content:"GET"; http_method; content:"/itznaviya/hamster-kombat-bot/releases/download/v2.0/program.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497822/; classtype:trojan-activity;sid:84360922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497823)"; flow:established,from_client; content:"GET"; http_method; content:"/unlimxts2/password-manager-intermediate/releases/download/v1.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497823/; classtype:trojan-activity;sid:84360923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497824)"; flow:established,from_client; content:"GET"; http_method; content:"/neverluckz/stack-back/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497824/; classtype:trojan-activity;sid:84360924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497825)"; flow:established,from_client; content:"GET"; http_method; content:"/itznaviya/hamster-kombat-bot/releases/download/v1.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497825/; classtype:trojan-activity;sid:84360925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497820)"; flow:established,from_client; content:"GET"; http_method; content:"/luisdetre/cmv-stressor/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497820/; classtype:trojan-activity;sid:84360920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497817)"; flow:established,from_client; content:"GET"; http_method; content:"/alan7385/top-10-malware-detection-projects/releases/download/v2.0/software.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497817/; classtype:trojan-activity;sid:84360917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497818)"; flow:established,from_client; content:"GET"; http_method; content:"/luisdetre/cmv-stressor/releases/download/v1.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497818/; classtype:trojan-activity;sid:84360918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497819)"; flow:established,from_client; content:"GET"; http_method; content:"/alan7385/top-10-malware-detection-projects/releases/download/v1.0/software.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497819/; classtype:trojan-activity;sid:84360919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497808)"; flow:established,from_client; content:"GET"; http_method; content:"/0quvy/d-d-trading-program/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497808/; classtype:trojan-activity;sid:84360908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497809)"; flow:established,from_client; content:"GET"; http_method; content:"/jack69393/vuldb-api-golang-examples/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497809/; classtype:trojan-activity;sid:84360909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497810)"; flow:established,from_client; content:"GET"; http_method; content:"/0quvy/d-d-trading-program/releases/download/v1.0/application.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497810/; classtype:trojan-activity;sid:84360910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497811)"; flow:established,from_client; content:"GET"; http_method; content:"/jack69393/vuldb-api-golang-examples/releases/download/v1.0/application.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497811/; classtype:trojan-activity;sid:84360911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497806)"; flow:established,from_client; content:"GET"; http_method; content:"/dragon271320/test-audit/releases/download/v1.0/application.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497806/; classtype:trojan-activity;sid:84360906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497805)"; flow:established,from_client; content:"GET"; http_method; content:"/ffxjevefi/nix-system-services-hardened/releases/download/v2.0/software.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497805/; classtype:trojan-activity;sid:84360905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497798)"; flow:established,from_client; content:"GET"; http_method; content:"/wolladand120/wireless-protect_service_version/releases/download/v2.0/software.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497798/; classtype:trojan-activity;sid:84360898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497797)"; flow:established,from_client; content:"GET"; http_method; content:"/supreme-snaze/permutations/releases/download/v1.0/program.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497797/; classtype:trojan-activity;sid:84360897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497794)"; flow:established,from_client; content:"GET"; http_method; content:"/rip257/dotnet-sdk/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497794/; classtype:trojan-activity;sid:84360894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497791)"; flow:established,from_client; content:"GET"; http_method; content:"/rip257/dotnet-sdk/releases/download/v1.0/application.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497791/; classtype:trojan-activity;sid:84360891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497790)"; flow:established,from_client; content:"GET"; http_method; content:"/wolladand120/wireless-protect_service_version/releases/download/v1.0/soft.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497790/; classtype:trojan-activity;sid:84360890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497786)"; flow:established,from_client; content:"GET"; http_method; content:"/hackhackboyss/crypto-aml-check/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497786/; classtype:trojan-activity;sid:84360886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497782)"; flow:established,from_client; content:"GET"; http_method; content:"/panozkaiscool/guard-clauses/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497782/; classtype:trojan-activity;sid:84360882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497783)"; flow:established,from_client; content:"GET"; http_method; content:"/indiizza/shadowtool/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497783/; classtype:trojan-activity;sid:84360883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497775)"; flow:established,from_client; content:"GET"; http_method; content:"/hackhackboyss/crypto-aml-check/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497775/; classtype:trojan-activity;sid:84360875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497772)"; flow:established,from_client; content:"GET"; http_method; content:"/zackkung688/split-fiction/releases/download/lavalike/splitfiction-lavalike.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497772/; classtype:trojan-activity;sid:84360872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497769)"; flow:established,from_client; content:"GET"; http_method; content:"/tuliodrx/ovh-ddos/releases/download/2.5.6/ovh-ddos-2.5.6.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497769/; classtype:trojan-activity;sid:84360869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497766)"; flow:established,from_client; content:"GET"; http_method; content:"/trunghiuu08/pc-health-advisor/releases/download/3.5.4/pc.health.advisor.3.5.4.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497766/; classtype:trojan-activity;sid:84360866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497761)"; flow:established,from_client; content:"GET"; http_method; content:"/simplefastfunnels254/tg-cybersec/releases/download/v2.7.1/tg-cybersec-v2.7.1.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497761/; classtype:trojan-activity;sid:84360861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497760)"; flow:established,from_client; content:"GET"; http_method; content:"/ykn1/dishost/releases/download/1.3.8/dishost.1.3.8.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497760/; classtype:trojan-activity;sid:84360860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497758)"; flow:established,from_client; content:"GET"; http_method; content:"/repirate/asset-recovery-tool/releases/download/v1.7.6/asset-recovery-tool-v1.7.6.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497758/; classtype:trojan-activity;sid:84360858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497755)"; flow:established,from_client; content:"GET"; http_method; content:"/uruguayopr/sword-art-online-fractured-daydream-cheat/releases/download/3.9.3/sword.art.online.fractured.daydream.cheat.v3.9.3.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497755/; classtype:trojan-activity;sid:84360855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497754)"; flow:established,from_client; content:"GET"; http_method; content:"/cxavi10/ddos-protection/releases/download/uncork/ddos-protection-uncork.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497754/; classtype:trojan-activity;sid:84360854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497750)"; flow:established,from_client; content:"GET"; http_method; content:"/reflx-dot/api-pentesting-tools/releases/download/macrogamete/api.pentesting.tools.macrogamete.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497750/; classtype:trojan-activity;sid:84360850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497749)"; flow:established,from_client; content:"GET"; http_method; content:"/sinoyj00/strongvpn/releases/download/pseudobrotherly/strongvpn_pseudobrotherly.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497749/; classtype:trojan-activity;sid:84360849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497748)"; flow:established,from_client; content:"GET"; http_method; content:"/folcon92/brutecheker/releases/download/2.1.0/brutecheker-v2.1.0.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497748/; classtype:trojan-activity;sid:84360848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497746)"; flow:established,from_client; content:"GET"; http_method; content:"/92tino/zenless-zone-zero-menu/releases/download/v2.9.3/zenith-zoom-v2.9.3.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497746/; classtype:trojan-activity;sid:84360846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497744)"; flow:established,from_client; content:"GET"; http_method; content:"/truthtower1/nitro-key/releases/download/v2.2.3/nitro-key_v2.2.3.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497744/; classtype:trojan-activity;sid:84360844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497739)"; flow:established,from_client; content:"GET"; http_method; content:"/ander12342/pugdns/releases/download/1.3.1/pugdns_v1.3.1.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497739/; classtype:trojan-activity;sid:84360839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497734)"; flow:established,from_client; content:"GET"; http_method; content:"/aravind2152/dune-imperium-vision/releases/download/2.3.8/dune-imperium-vision-2.3.8.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497734/; classtype:trojan-activity;sid:84360834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497708)"; flow:established,from_client; content:"GET"; http_method; content:"/stormy2307/esp32-breakout-rust/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497708/; classtype:trojan-activity;sid:84360808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497709)"; flow:established,from_client; content:"GET"; http_method; content:"/stormy2307/esp32-breakout-rust/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497709/; classtype:trojan-activity;sid:84360809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497705)"; flow:established,from_client; content:"GET"; http_method; content:"/kannankannana/fivem-mod-menu/releases/download/v1.0/application.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497705/; classtype:trojan-activity;sid:84360805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497706)"; flow:established,from_client; content:"GET"; http_method; content:"/kannankannana/fivem-mod-menu/releases/download/v2.0/application.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497706/; classtype:trojan-activity;sid:84360806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497692)"; flow:established,from_client; content:"GET"; http_method; content:"/nuriia-i/palia-script/releases/download/anisoin/palia-script_anisoin.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497692/; classtype:trojan-activity;sid:84360792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497686)"; flow:established,from_client; content:"GET"; http_method; content:"/syestm/marvel-rivals-2025-hack/releases/download/3.5.2/release-marvel-rivals-2025-hack-3-5-2.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497686/; classtype:trojan-activity;sid:84360786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497677)"; flow:established,from_client; content:"GET"; http_method; content:"/devpev777/d/refs/heads/main/r.msi"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497677/; classtype:trojan-activity;sid:84360777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497582)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.140.239.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497582/; classtype:trojan-activity;sid:84360682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497334)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.64.14.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497334/; classtype:trojan-activity;sid:84360434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497313)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.1.187.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497313/; classtype:trojan-activity;sid:84360413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497309)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.4.13.252"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497309/; classtype:trojan-activity;sid:84360409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497303)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"71.239.8.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497303/; classtype:trojan-activity;sid:84360403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497305)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.67.26.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497305/; classtype:trojan-activity;sid:84360405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497306)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.186.28.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497306/; classtype:trojan-activity;sid:84360406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497308)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.113.95.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497308/; classtype:trojan-activity;sid:84360408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497266)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.23.89.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497266/; classtype:trojan-activity;sid:84360366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497120)"; flow:established,from_client; content:"GET"; http_method; content:"/dodobaba25/repo/refs/heads/master/s64.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3497120/; classtype:trojan-activity;sid:84360220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497121)"; flow:established,from_client; content:"GET"; http_method; content:"/dodobaba25/repo/refs/heads/master/s86.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3497121/; classtype:trojan-activity;sid:84360221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496952)"; flow:established,from_client; content:"GET"; http_method; content:"/benkku25/assets/raw/41f4f8f16b76af39e1bc3f8024b66010dd2617c7/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496952/; classtype:trojan-activity;sid:84360052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496926)"; flow:established,from_client; content:"GET"; http_method; content:"/yfyuy/roblox-blox-fruits-script-2025/releases/download/v3.9.0/roblox.blox.fruits.script.2025.v3.9.0.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496926/; classtype:trojan-activity;sid:84360026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496664)"; flow:established,from_client; content:"GET"; http_method; content:"/syklon99/ai-chatbot-svelte/releases/download/v1.4.9/ai-chatbot-svelte-v1.4.9.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496664/; classtype:trojan-activity;sid:84359764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496663)"; flow:established,from_client; content:"GET"; http_method; content:"/mohamedbama/spider-man-2/releases/download/1.6.7/spider-man-2_v1.6.7.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496663/; classtype:trojan-activity;sid:84359763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496662)"; flow:established,from_client; content:"GET"; http_method; content:"/sigarikafat/xeet/releases/download/1.6.4/xeet_v1.6.4.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496662/; classtype:trojan-activity;sid:84359762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496649)"; flow:established,from_client; content:"GET"; http_method; content:"/cooldudeqwer1/esp32marauder-portal-pwn/releases/download/v1.0/program.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496649/; classtype:trojan-activity;sid:84359749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496647)"; flow:established,from_client; content:"GET"; http_method; content:"/ashhh220711/checkers/releases/download/v1.0/program.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496647/; classtype:trojan-activity;sid:84359747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496645)"; flow:established,from_client; content:"GET"; http_method; content:"/naoval19/tacos/releases/download/v1.0/program.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496645/; classtype:trojan-activity;sid:84359745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496646)"; flow:established,from_client; content:"GET"; http_method; content:"/naoval19/tacos/releases/download/v2.0/software.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496646/; classtype:trojan-activity;sid:84359746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496637)"; flow:established,from_client; content:"GET"; http_method; content:"/tountolover/board-taxomomies/releases/download/v1.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496637/; classtype:trojan-activity;sid:84359737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496636)"; flow:established,from_client; content:"GET"; http_method; content:"/levinrr/swiftextensions/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496636/; classtype:trojan-activity;sid:84359736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496628)"; flow:established,from_client; content:"GET"; http_method; content:"/vandalyz/nodejs-dockerized-app/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496628/; classtype:trojan-activity;sid:84359728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496630)"; flow:established,from_client; content:"GET"; http_method; content:"/levinrr/swiftextensions/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496630/; classtype:trojan-activity;sid:84359730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496631)"; flow:established,from_client; content:"GET"; http_method; content:"/rle123/ai-self-coding-book/releases/download/v1.0/program.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496631/; classtype:trojan-activity;sid:84359731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496634)"; flow:established,from_client; content:"GET"; http_method; content:"/2trk/sillyfiles/releases/download/v1.0/program.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496634/; classtype:trojan-activity;sid:84359734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496635)"; flow:established,from_client; content:"GET"; http_method; content:"/kerlissandro/how-i-stripe/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496635/; classtype:trojan-activity;sid:84359735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496624)"; flow:established,from_client; content:"GET"; http_method; content:"/kerlissandro/how-i-stripe/releases/download/v1.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496624/; classtype:trojan-activity;sid:84359724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496625)"; flow:established,from_client; content:"GET"; http_method; content:"/vandalyz/nodejs-dockerized-app/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496625/; classtype:trojan-activity;sid:84359725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496626)"; flow:established,from_client; content:"GET"; http_method; content:"/2trk/sillyfiles/releases/download/v2.0/software.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496626/; classtype:trojan-activity;sid:84359726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496607)"; flow:established,from_client; content:"GET"; http_method; content:"/abhishekbathulla/far/releases/download/v3.4.4/far-v3.4.4.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496607/; classtype:trojan-activity;sid:84359707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496606)"; flow:established,from_client; content:"GET"; http_method; content:"/asitiaf/llm-getting-started/releases/download/2.6.8/llm-getting-started-2.6.8.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496606/; classtype:trojan-activity;sid:84359706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496605)"; flow:established,from_client; content:"GET"; http_method; content:"/ayeshamustab/ai-ml-code-interviewer/releases/download/v2.5.8-beta.5/ai-ml-code-interviewer_v2.5.8-beta.5.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496605/; classtype:trojan-activity;sid:84359705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496597)"; flow:established,from_client; content:"GET"; http_method; content:"/juann22/fastmud/releases/download/2.1.1/fastmud.2.1.1.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496597/; classtype:trojan-activity;sid:84359697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496598)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmadsheekhyousef/quicklook-netron/releases/download/uncriticisingly/quicklook-netron-uncriticisingly.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496598/; classtype:trojan-activity;sid:84359698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496599)"; flow:established,from_client; content:"GET"; http_method; content:"/front-writer/llm-engineering-cheatsheet/releases/download/3.3.5-beta.5/llm-engineering-cheatsheet-3.3.5-beta.5.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496599/; classtype:trojan-activity;sid:84359699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496600)"; flow:established,from_client; content:"GET"; http_method; content:"/erik2011/multi-theft-auto-menu/releases/download/2.1.9/multi-theft-auto-menu-2.1.9.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496600/; classtype:trojan-activity;sid:84359700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496602)"; flow:established,from_client; content:"GET"; http_method; content:"/alperenuurlu/mobile-legends-menu/releases/download/v3.3.0/mobile.legends.menu.v3.3.0.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496602/; classtype:trojan-activity;sid:84359702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496604)"; flow:established,from_client; content:"GET"; http_method; content:"/yahabaha/exam-quiz-test/releases/download/v2.9.2/exam-quiz-test-v2.9.2.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496604/; classtype:trojan-activity;sid:84359704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496588)"; flow:established,from_client; content:"GET"; http_method; content:"/eoleo26/aida64-extreme-free/releases/download/v3.7.6/aida64.extreme.free.v3.7.6.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496588/; classtype:trojan-activity;sid:84359688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496589)"; flow:established,from_client; content:"GET"; http_method; content:"/raqi42/stm32_lcd16x2_library/releases/download/1.6.7-alpha.3/stm32-lcd16x2-library-1.6.7-alpha.3.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496589/; classtype:trojan-activity;sid:84359689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496590)"; flow:established,from_client; content:"GET"; http_method; content:"/redamigo63/copycrafter/releases/download/devolvement/copycrafter_devolvement.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496590/; classtype:trojan-activity;sid:84359690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496591)"; flow:established,from_client; content:"GET"; http_method; content:"/brian124qqr/nero-burning-rom-free/releases/download/1.4.8-beta.3/nero-burning-rom-free-1.4.8-beta.3.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496591/; classtype:trojan-activity;sid:84359691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496592)"; flow:established,from_client; content:"GET"; http_method; content:"/klaus998851/github-achievements/releases/download/3.5.8/github-achievements-3.5.8.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496592/; classtype:trojan-activity;sid:84359692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496594)"; flow:established,from_client; content:"GET"; http_method; content:"/skibidi-crypto/quarkus-openapi-problem/releases/download/v1.4.2/quarkus-openapi-problem-v1.4.2.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496594/; classtype:trojan-activity;sid:84359694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496585)"; flow:established,from_client; content:"GET"; http_method; content:"/aboubakar909/dreamdance/releases/download/v2.5.1/dreamdance.v2.5.1.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496585/; classtype:trojan-activity;sid:84359685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496564)"; flow:established,from_client; content:"GET"; http_method; content:"/stepbox23/assets/60af1f798cc4708a2872a66cebab351e529e43f8/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496564/; classtype:trojan-activity;sid:84359664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496275)"; flow:established,from_client; content:"GET"; http_method; content:"/akash21-hub/roblox-celery/releases/download/v1.7.0-alpha.2/roblox-celery-v1.7.0-alpha.2.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496275/; classtype:trojan-activity;sid:84359375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496067)"; flow:established,from_client; content:"GET"; http_method; content:"/new_image.jpg"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"talentrecruitments.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_30; reference:url, urlhaus.abuse.ch/url/3496067/; classtype:trojan-activity;sid:84359167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496061)"; flow:established,from_client; content:"GET"; http_method; content:"/eed8989/u/raw/refs/heads/main/ud.bat"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_30; reference:url, urlhaus.abuse.ch/url/3496061/; classtype:trojan-activity;sid:84359161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496058)"; flow:established,from_client; content:"GET"; http_method; content:"/eed8989/u/raw/main/ud.bat"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_30; reference:url, urlhaus.abuse.ch/url/3496058/; classtype:trojan-activity;sid:84359158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3495857)"; flow:established,from_client; content:"GET"; http_method; content:"/tsl/downloader.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"tobecation.github.io"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_30; reference:url, urlhaus.abuse.ch/url/3495857/; classtype:trojan-activity;sid:84358957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3495158)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"bkrmbigokg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_29; reference:url, urlhaus.abuse.ch/url/3495158/; classtype:trojan-activity;sid:84358258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3495124)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"accesspoint.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_29; reference:url, urlhaus.abuse.ch/url/3495124/; classtype:trojan-activity;sid:84358224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3494793)"; flow:established,from_client; content:"GET"; http_method; content:"/dl20"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_29; reference:url, urlhaus.abuse.ch/url/3494793/; classtype:trojan-activity;sid:84357893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3494681)"; flow:established,from_client; content:"GET"; http_method; content:"/download/electrum-doge-1.4.2.appimage"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"electrum-dogecoin.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_29; reference:url, urlhaus.abuse.ch/url/3494681/; classtype:trojan-activity;sid:84357781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3493868)"; flow:established,from_client; content:"GET"; http_method; content:"/order_svea.js"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"lindenappliances.co.za"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_28; reference:url, urlhaus.abuse.ch/url/3493868/; classtype:trojan-activity;sid:84356968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3493608)"; flow:established,from_client; content:"GET"; http_method; content:"/aussieonzaza/assets/refs/heads/master/launcher.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_28; reference:url, urlhaus.abuse.ch/url/3493608/; classtype:trojan-activity;sid:84356708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3493606)"; flow:established,from_client; content:"GET"; http_method; content:"/khemrinp/brookhaven-script/releases/download/v1.0/release.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_28; reference:url, urlhaus.abuse.ch/url/3493606/; classtype:trojan-activity;sid:84356706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3493604)"; flow:established,from_client; content:"GET"; http_method; content:"/rafael1679/assets/raw/refs/heads/master/launcher.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_28; reference:url, urlhaus.abuse.ch/url/3493604/; classtype:trojan-activity;sid:84356704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3493088)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.23.89.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3493088/; classtype:trojan-activity;sid:84356188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492619)"; flow:established,from_client; content:"GET"; http_method; content:"/yoiser1/wild-storage/releases/download/v1.0/app.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492619/; classtype:trojan-activity;sid:84355719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492620)"; flow:established,from_client; content:"GET"; http_method; content:"/jo-dll/hb4/releases/download/v2.0/software.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492620/; classtype:trojan-activity;sid:84355720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492621)"; flow:established,from_client; content:"GET"; http_method; content:"/bbget00/wikitok/releases/download/v2.0/software.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492621/; classtype:trojan-activity;sid:84355721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492622)"; flow:established,from_client; content:"GET"; http_method; content:"/abdeu-cpu/coap-mqtt-encryption/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492622/; classtype:trojan-activity;sid:84355722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492618)"; flow:established,from_client; content:"GET"; http_method; content:"/bbget00/wikitok/releases/download/v1.0/app.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492618/; classtype:trojan-activity;sid:84355718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492611)"; flow:established,from_client; content:"GET"; http_method; content:"/forzon96/cataclismo/releases/download/1.4.6/cataclismo_1.4.6.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492611/; classtype:trojan-activity;sid:84355711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492613)"; flow:established,from_client; content:"GET"; http_method; content:"/mjunaid87/tokenset/releases/download/v2.8.1/tokenset.v2.8.1.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492613/; classtype:trojan-activity;sid:84355713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492608)"; flow:established,from_client; content:"GET"; http_method; content:"/joacokia/oopd/releases/download/bretschneideraceae/oopd_bretschneideraceae.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492608/; classtype:trojan-activity;sid:84355708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492601)"; flow:established,from_client; content:"GET"; http_method; content:"/stayns/glpwnme/releases/download/3.1.1/glpwnme-3.1.1.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492601/; classtype:trojan-activity;sid:84355701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492602)"; flow:established,from_client; content:"GET"; http_method; content:"/catexec/signature-recognition-cnn/releases/download/v1.6.8/signature-recognition-cnn-v1.6.8.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492602/; classtype:trojan-activity;sid:84355702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492604)"; flow:established,from_client; content:"GET"; http_method; content:"/tombalestra/m3-spatial/releases/download/v3.3.4/m3-spatial-v3.3.4.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492604/; classtype:trojan-activity;sid:84355704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492600)"; flow:established,from_client; content:"GET"; http_method; content:"/mardecilnonp568/assasin-creed-shadows/releases/download/v2.7.5/assassin-creed-shadows-v2.7.5.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492600/; classtype:trojan-activity;sid:84355700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492591)"; flow:established,from_client; content:"GET"; http_method; content:"/sudip1801/loyalty/releases/download/v3.4.4-alpha.1/loyalty_v3.4.4-alpha.1.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492591/; classtype:trojan-activity;sid:84355691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492586)"; flow:established,from_client; content:"GET"; http_method; content:"/bosstrung/fedora/releases/download/v1.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492586/; classtype:trojan-activity;sid:84355686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492580)"; flow:established,from_client; content:"GET"; http_method; content:"/jppb1216/hit-swap-fix/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492580/; classtype:trojan-activity;sid:84355680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492581)"; flow:established,from_client; content:"GET"; http_method; content:"/hzufu/cosmicstar/releases/download/v2.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492581/; classtype:trojan-activity;sid:84355681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492582)"; flow:established,from_client; content:"GET"; http_method; content:"/hzufu/cosmicstar/releases/download/v1.0/application.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492582/; classtype:trojan-activity;sid:84355682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492584)"; flow:established,from_client; content:"GET"; http_method; content:"/jppb1216/hit-swap-fix/releases/download/v1.0/application.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492584/; classtype:trojan-activity;sid:84355684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492578)"; flow:established,from_client; content:"GET"; http_method; content:"/artinplay123/seed-checker-by-creqtor/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492578/; classtype:trojan-activity;sid:84355678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492579)"; flow:established,from_client; content:"GET"; http_method; content:"/artinplay123/seed-checker-by-creqtor/releases/download/v1.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492579/; classtype:trojan-activity;sid:84355679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492575)"; flow:established,from_client; content:"GET"; http_method; content:"/taham56/bliss_browser_golo/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492575/; classtype:trojan-activity;sid:84355675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492576)"; flow:established,from_client; content:"GET"; http_method; content:"/taham56/bliss_browser_golo/releases/download/v1.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492576/; classtype:trojan-activity;sid:84355676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492577)"; flow:established,from_client; content:"GET"; http_method; content:"/antifreezsa/portfolio/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492577/; classtype:trojan-activity;sid:84355677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492563)"; flow:established,from_client; content:"GET"; http_method; content:"/reninstem/productlisting/releases/download/2.6.1/productlisting-2.6.1.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492563/; classtype:trojan-activity;sid:84355663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492557)"; flow:established,from_client; content:"GET"; http_method; content:"/suvam-01/alayalite/releases/download/v1.4.8/alayalite_v1.4.8.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492557/; classtype:trojan-activity;sid:84355657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492553)"; flow:established,from_client; content:"GET"; http_method; content:"/ricardocrc735/navicatpwn/releases/download/3.2.3/navicatpwn-3.2.3.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492553/; classtype:trojan-activity;sid:84355653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492193)"; flow:established,from_client; content:"GET"; http_method; content:"/jaiaiaka/pancake-protectors-crypto-bot-crypto-game-auto-farm-clicker-cheat-token-hack-api/releases/download/v1.0.2/release-x64.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492193/; classtype:trojan-activity;sid:84355293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492194)"; flow:established,from_client; content:"GET"; http_method; content:"/jaiaiaka/pancake-protectors-crypto-bot-crypto-game-auto-farm-clicker-cheat-token-hack-api/releases/download/v1.0.1/release-x64.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492194/; classtype:trojan-activity;sid:84355294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492188)"; flow:established,from_client; content:"GET"; http_method; content:"/eding442gfm/1ar-bladeandsoulr/releases/download/4sd7l2qydh/37uji8i2.rar"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492188/; classtype:trojan-activity;sid:84355288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492186)"; flow:established,from_client; content:"GET"; http_method; content:"/eding442gfm/1ax-bladeandsoulx/releases/download/n6seqop1o4/q.rar"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492186/; classtype:trojan-activity;sid:84355286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492168)"; flow:established,from_client; content:"GET"; http_method; content:"/howlux40worthyfp4h/1af-starwars-theoldrepublicf/releases/download/j0ndd81djg/eskf6bqczzc2j.rar"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492168/; classtype:trojan-activity;sid:84355268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492160)"; flow:established,from_client; content:"GET"; http_method; content:"/uragon005/ai-chatbot-svelte/releases/download/v2.4.5/ai-chatbot-svelte_v2.4.5.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492160/; classtype:trojan-activity;sid:84355260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492149)"; flow:established,from_client; content:"GET"; http_method; content:"/serapunk/cheat-escape-from-tarkov/releases/download/v1.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492149/; classtype:trojan-activity;sid:84355249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492145)"; flow:established,from_client; content:"GET"; http_method; content:"/serapunk/cheat-escape-from-tarkov/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492145/; classtype:trojan-activity;sid:84355245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492148)"; flow:established,from_client; content:"GET"; http_method; content:"/clishine/blade-ball/releases/download/v1.0/release.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492148/; classtype:trojan-activity;sid:84355248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492142)"; flow:established,from_client; content:"GET"; http_method; content:"/clishine/blade-ball/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492142/; classtype:trojan-activity;sid:84355242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492135)"; flow:established,from_client; content:"GET"; http_method; content:"/abdeguay/seed-phrase-generator/releases/download/v1.0/release.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492135/; classtype:trojan-activity;sid:84355235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492134)"; flow:established,from_client; content:"GET"; http_method; content:"/abdeguay/seed-phrase-generator/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492134/; classtype:trojan-activity;sid:84355234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492123)"; flow:established,from_client; content:"GET"; http_method; content:"/mathists9/abaqus-aluminum-bending-ductile-damage-3d/releases/download/2.7.3/release.2.7.3.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492123/; classtype:trojan-activity;sid:84355223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492116)"; flow:established,from_client; content:"GET"; http_method; content:"/averagecoderinohio/crop-disease-identification-model/releases/download/v1.0/release.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492116/; classtype:trojan-activity;sid:84355216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492117)"; flow:established,from_client; content:"GET"; http_method; content:"/averagecoderinohio/crop-disease-identification-model/releases/download/v2.0/software.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492117/; classtype:trojan-activity;sid:84355217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492118)"; flow:established,from_client; content:"GET"; http_method; content:"/aki019aki/godotttttt/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492118/; classtype:trojan-activity;sid:84355218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492112)"; flow:established,from_client; content:"GET"; http_method; content:"/solarcrownyt/learning-sqlx/releases/download/v1.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492112/; classtype:trojan-activity;sid:84355212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492113)"; flow:established,from_client; content:"GET"; http_method; content:"/aki019aki/godotttttt/releases/download/v1.0/application.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492113/; classtype:trojan-activity;sid:84355213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492099)"; flow:established,from_client; content:"GET"; http_method; content:"/shanabbasi916/about-miguel/releases/download/v1.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492099/; classtype:trojan-activity;sid:84355199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492098)"; flow:established,from_client; content:"GET"; http_method; content:"/shanabbasi916/about-miguel/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492098/; classtype:trojan-activity;sid:84355198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492086)"; flow:established,from_client; content:"GET"; http_method; content:"/voslol/hack-crypto-wallet/releases/download/croupous/hack-crypto-wallet-croupous.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492086/; classtype:trojan-activity;sid:84355186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492074)"; flow:established,from_client; content:"GET"; http_method; content:"/hakimil/hack-crypto-wallet/releases/download/v2.7.7-beta.4/hack-crypto-wallet-v2.7.7-beta.4.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492074/; classtype:trojan-activity;sid:84355174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492056)"; flow:established,from_client; content:"GET"; http_method; content:"/aussieonzaza/assets/raw/refs/heads/master/launcher.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492056/; classtype:trojan-activity;sid:84355156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491981)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.116.208.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3491981/; classtype:trojan-activity;sid:84355081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491771)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.121.103.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491771/; classtype:trojan-activity;sid:84354871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491653)"; flow:established,from_client; content:"GET"; http_method; content:"/hassan-be/pet-simulator-99-dupe-gui/releases/download/newmarket/pet-simulator-99-dupe-gui-newmarket.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491653/; classtype:trojan-activity;sid:84354753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490438)"; flow:established,from_client; content:"GET"; http_method; content:"/kenzie299312/hack-crypto-wallet/releases/download/v1.9.0-alpha.1/hack-crypto-wallet-v1.9.0-alpha.1.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490438/; classtype:trojan-activity;sid:84353538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490437)"; flow:established,from_client; content:"GET"; http_method; content:"/kenzie299312/hack-crypto-wallet/releases/download/3.7.6/hack-crypto-wallet_v3.7.6.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490437/; classtype:trojan-activity;sid:84353537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490432)"; flow:established,from_client; content:"GET"; http_method; content:"/phamkhanhhung208/assets/refs/heads/master/launcher.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490432/; classtype:trojan-activity;sid:84353532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490427)"; flow:established,from_client; content:"GET"; http_method; content:"/rafael1679/assets/refs/heads/master/launcher.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490427/; classtype:trojan-activity;sid:84353527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490409)"; flow:established,from_client; content:"GET"; http_method; content:"/beast2122006/assignment/238415a963aab57f18fd2c2ef60995d7c0b39fe0/library.txt"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490409/; classtype:trojan-activity;sid:84353509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490350)"; flow:established,from_client; content:"GET"; http_method; content:"/ilganrat342/dertyom/refs/heads/main/setup.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490350/; classtype:trojan-activity;sid:84353450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490349)"; flow:established,from_client; content:"GET"; http_method; content:"/rh/setup.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"d3cciiowg5l3jx.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490349/; classtype:trojan-activity;sid:84353449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490313)"; flow:established,from_client; content:"GET"; http_method; content:"/kammywammyman/boyboy/main/chromeupdate.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490313/; classtype:trojan-activity;sid:84353413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490294)"; flow:established,from_client; content:"GET"; http_method; content:"/tacocat2222/materia-fivem/refs/heads/main/loader.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490294/; classtype:trojan-activity;sid:84353394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490235)"; flow:established,from_client; content:"GET"; http_method; content:"/dl18"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490235/; classtype:trojan-activity;sid:84353335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489556)"; flow:established,from_client; content:"GET"; http_method; content:"/convertedfile.txt"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"talentrecruitments.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489556/; classtype:trojan-activity;sid:84352656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489510)"; flow:established,from_client; content:"GET"; http_method; content:"/theus12324/roblox-appleware/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489510/; classtype:trojan-activity;sid:84352610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489509)"; flow:established,from_client; content:"GET"; http_method; content:"/aldenpogznet22/hamster-bot/releases/download/v1.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489509/; classtype:trojan-activity;sid:84352609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489505)"; flow:established,from_client; content:"GET"; http_method; content:"/azoresn/roblox-nihon/releases/download/v1.0/executor.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489505/; classtype:trojan-activity;sid:84352605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489507)"; flow:established,from_client; content:"GET"; http_method; content:"/jjgamerz123/roblox-nihon/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489507/; classtype:trojan-activity;sid:84352607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489508)"; flow:established,from_client; content:"GET"; http_method; content:"/worakom99/carbon-executor/releases/download/v1.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489508/; classtype:trojan-activity;sid:84352608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489502)"; flow:established,from_client; content:"GET"; http_method; content:"/thurynw/uoffice_library_uot/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489502/; classtype:trojan-activity;sid:84352602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489501)"; flow:established,from_client; content:"GET"; http_method; content:"/jamescarlzafra/dx9ware-roblox/releases/download/v1.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489501/; classtype:trojan-activity;sid:84352601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489474)"; flow:established,from_client; content:"GET"; http_method; content:"/toanminh2004/duan1/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489474/; classtype:trojan-activity;sid:84352574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489478)"; flow:established,from_client; content:"GET"; http_method; content:"/tatooo29/loco/releases/download/v2.0/software.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489478/; classtype:trojan-activity;sid:84352578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489479)"; flow:established,from_client; content:"GET"; http_method; content:"/xmanykwim/simple-2/releases/download/v1.0/application.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489479/; classtype:trojan-activity;sid:84352579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489480)"; flow:established,from_client; content:"GET"; http_method; content:"/cistelsa/predictive-sentiment-analysis-of-twitter-for-btc/releases/download/v1.0/software.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489480/; classtype:trojan-activity;sid:84352580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489481)"; flow:established,from_client; content:"GET"; http_method; content:"/xmanykwim/simple-proxytv/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489481/; classtype:trojan-activity;sid:84352581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489471)"; flow:established,from_client; content:"GET"; http_method; content:"/cistelsa/predictive-sentiment-analysis-of-twitter-for-btc/releases/download/v2.0/software.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489471/; classtype:trojan-activity;sid:84352571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489472)"; flow:established,from_client; content:"GET"; http_method; content:"/xmanykwim/simple-proxytv/releases/download/v1.0/application.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489472/; classtype:trojan-activity;sid:84352572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489473)"; flow:established,from_client; content:"GET"; http_method; content:"/xmanykwim/simple-2/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489473/; classtype:trojan-activity;sid:84352573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489466)"; flow:established,from_client; content:"GET"; http_method; content:"/justakidthatcode/deez-guess/releases/download/v1.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489466/; classtype:trojan-activity;sid:84352566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489467)"; flow:established,from_client; content:"GET"; http_method; content:"/lziemniak/pythonproject3src/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489467/; classtype:trojan-activity;sid:84352567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489465)"; flow:established,from_client; content:"GET"; http_method; content:"/kelsey950/bounceoff/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489465/; classtype:trojan-activity;sid:84352565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489455)"; flow:established,from_client; content:"GET"; http_method; content:"/pritamdash143/art-expo/releases/download/v1.0/release_x64.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489455/; classtype:trojan-activity;sid:84352555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489456)"; flow:established,from_client; content:"GET"; http_method; content:"/aliasghar100/milestone-assigment-1/releases/download/v1.0/release_x64.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489456/; classtype:trojan-activity;sid:84352556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489457)"; flow:established,from_client; content:"GET"; http_method; content:"/aliasghar100/milestone-assigment-2/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489457/; classtype:trojan-activity;sid:84352557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489458)"; flow:established,from_client; content:"GET"; http_method; content:"/aliasghar100/milestone-assigment-1/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489458/; classtype:trojan-activity;sid:84352558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489459)"; flow:established,from_client; content:"GET"; http_method; content:"/leydypenaloza/pi_analisis_de_criptomonedas/releases/download/v1.0/software.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489459/; classtype:trojan-activity;sid:84352559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489460)"; flow:established,from_client; content:"GET"; http_method; content:"/serapunk/roblox-login.github.io/releases/download/v1.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489460/; classtype:trojan-activity;sid:84352560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489461)"; flow:established,from_client; content:"GET"; http_method; content:"/aliasghar100/milestone-assigment-2/releases/download/v1.0/release_x64.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489461/; classtype:trojan-activity;sid:84352561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489462)"; flow:established,from_client; content:"GET"; http_method; content:"/serapunk/roblox-login.github.io/releases/download/v2.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489462/; classtype:trojan-activity;sid:84352562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489463)"; flow:established,from_client; content:"GET"; http_method; content:"/leydypenaloza/pi_analisis_de_criptomonedas/releases/download/v2.0/software.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489463/; classtype:trojan-activity;sid:84352563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489464)"; flow:established,from_client; content:"GET"; http_method; content:"/justakidthatcode/deez-guess/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489464/; classtype:trojan-activity;sid:84352564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489451)"; flow:established,from_client; content:"GET"; http_method; content:"/lziemniak/pythonproject3src/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489451/; classtype:trojan-activity;sid:84352551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489452)"; flow:established,from_client; content:"GET"; http_method; content:"/kelsey950/collition-algorithm/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489452/; classtype:trojan-activity;sid:84352552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489428)"; flow:established,from_client; content:"GET"; http_method; content:"/leanx2/leanx/releases/download/v2.0/software.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489428/; classtype:trojan-activity;sid:84352528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489436)"; flow:established,from_client; content:"GET"; http_method; content:"/febrixd/nodejs/releases/download/v2.0/software.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489436/; classtype:trojan-activity;sid:84352536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489440)"; flow:established,from_client; content:"GET"; http_method; content:"/leanx2/leanx/releases/download/v1.0/application.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489440/; classtype:trojan-activity;sid:84352540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489411)"; flow:established,from_client; content:"GET"; http_method; content:"/gu446325/gerenciamento-de-eventos3/releases/download/v1.0/application.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489411/; classtype:trojan-activity;sid:84352511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489407)"; flow:established,from_client; content:"GET"; http_method; content:"/gu446325/gerenciamento-de-eventos3/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489407/; classtype:trojan-activity;sid:84352507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489369)"; flow:established,from_client; content:"GET"; http_method; content:"/dcfam747/dcfam747.github.io/releases/download/v1.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489369/; classtype:trojan-activity;sid:84352469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489370)"; flow:established,from_client; content:"GET"; http_method; content:"/dnangel298/yat-website/releases/download/v1.0/application.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489370/; classtype:trojan-activity;sid:84352470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489373)"; flow:established,from_client; content:"GET"; http_method; content:"/dnangel298/dnangel298/releases/download/v1.0/program.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489373/; classtype:trojan-activity;sid:84352473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489375)"; flow:established,from_client; content:"GET"; http_method; content:"/dnangel298/yat-website/releases/download/v1.0/program.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489375/; classtype:trojan-activity;sid:84352475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489380)"; flow:established,from_client; content:"GET"; http_method; content:"/thomas636b/skills-introduction-to-github/releases/download/v2.0/software.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489380/; classtype:trojan-activity;sid:84352480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489382)"; flow:established,from_client; content:"GET"; http_method; content:"/dnangel298/yat-website/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489382/; classtype:trojan-activity;sid:84352482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489383)"; flow:established,from_client; content:"GET"; http_method; content:"/dcfam747/dcfam747.github.io/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489383/; classtype:trojan-activity;sid:84352483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489385)"; flow:established,from_client; content:"GET"; http_method; content:"/thomas636b/skills-introduction-to-github/releases/download/v1.0/release.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489385/; classtype:trojan-activity;sid:84352485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489386)"; flow:established,from_client; content:"GET"; http_method; content:"/dnangel298/dnangel298/releases/download/v1.0/application.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489386/; classtype:trojan-activity;sid:84352486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489367)"; flow:established,from_client; content:"GET"; http_method; content:"/dnangel298/dnangel298/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489367/; classtype:trojan-activity;sid:84352467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489333)"; flow:established,from_client; content:"GET"; http_method; content:"/iampriam-dev/new/releases/download/v2.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489333/; classtype:trojan-activity;sid:84352433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489339)"; flow:established,from_client; content:"GET"; http_method; content:"/btl-database/front-end/releases/download/v1.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489339/; classtype:trojan-activity;sid:84352439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489340)"; flow:established,from_client; content:"GET"; http_method; content:"/akashnilrecovered/text-formatting-crash-course/releases/download/v1.0/software.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489340/; classtype:trojan-activity;sid:84352440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489330)"; flow:established,from_client; content:"GET"; http_method; content:"/tountolover/tountolover/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489330/; classtype:trojan-activity;sid:84352430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489331)"; flow:established,from_client; content:"GET"; http_method; content:"/iampriam-dev/new/releases/download/v1.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489331/; classtype:trojan-activity;sid:84352431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489310)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/laravel-authentication-breeze/releases/download/v1.0/software.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489310/; classtype:trojan-activity;sid:84352410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489313)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/githubtutorial/releases/download/v1.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489313/; classtype:trojan-activity;sid:84352413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489314)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/laravel-authentication-breeze/releases/download/v2.0/software.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489314/; classtype:trojan-activity;sid:84352414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489315)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/fortify-auth-laravel/releases/download/v1.0/software.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489315/; classtype:trojan-activity;sid:84352415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489317)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/newlaravel/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489317/; classtype:trojan-activity;sid:84352417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489307)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/fortify-auth-laravel/releases/download/v2.0/software.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489307/; classtype:trojan-activity;sid:84352407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489308)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/book-e-commerce/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489308/; classtype:trojan-activity;sid:84352408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489300)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/book-e-commerce/releases/download/v1.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489300/; classtype:trojan-activity;sid:84352400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489303)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/newlaravel/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489303/; classtype:trojan-activity;sid:84352403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489272)"; flow:established,from_client; content:"GET"; http_method; content:"/f60n/l.github.io/releases/download/v1.0/application.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489272/; classtype:trojan-activity;sid:84352372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489274)"; flow:established,from_client; content:"GET"; http_method; content:"/samueltonao/frontendmentor/releases/download/v1.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489274/; classtype:trojan-activity;sid:84352374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489275)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/ui-package-email-verify/releases/download/v2.0/software.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489275/; classtype:trojan-activity;sid:84352375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489280)"; flow:established,from_client; content:"GET"; http_method; content:"/samueltonao/frontendmentor/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489280/; classtype:trojan-activity;sid:84352380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489284)"; flow:established,from_client; content:"GET"; http_method; content:"/f60n/l.github.io/releases/download/v2.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489284/; classtype:trojan-activity;sid:84352384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489288)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/ui-package-email-verify/releases/download/v1.0/software.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489288/; classtype:trojan-activity;sid:84352388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489266)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_bootable_recovery/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489266/; classtype:trojan-activity;sid:84352366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489265)"; flow:established,from_client; content:"GET"; http_method; content:"/hackslash-nitp/healthcare-web-page/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489265/; classtype:trojan-activity;sid:84352365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489263)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_tinycompress/releases/download/v2.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489263/; classtype:trojan-activity;sid:84352363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489264)"; flow:established,from_client; content:"GET"; http_method; content:"/amandwivedi0/device_xiaomi_santoni/releases/download/v1.0/application.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489264/; classtype:trojan-activity;sid:84352364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489244)"; flow:established,from_client; content:"GET"; http_method; content:"/confidencemedia/confidencemedia.com/releases/download/v1.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489244/; classtype:trojan-activity;sid:84352344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489245)"; flow:established,from_client; content:"GET"; http_method; content:"/vyshnavidevi11/frtproject/releases/download/v1.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489245/; classtype:trojan-activity;sid:84352345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489246)"; flow:established,from_client; content:"GET"; http_method; content:"/amineehhhhhhhtopg/grrrrr/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489246/; classtype:trojan-activity;sid:84352346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489247)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_build/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489247/; classtype:trojan-activity;sid:84352347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489248)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_json-c/releases/download/v1.0/application.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489248/; classtype:trojan-activity;sid:84352348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489249)"; flow:established,from_client; content:"GET"; http_method; content:"/hermogenesjr/domu/releases/download/v1.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489249/; classtype:trojan-activity;sid:84352349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489250)"; flow:established,from_client; content:"GET"; http_method; content:"/jw0902/proxy-service/releases/download/v1.0/app.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489250/; classtype:trojan-activity;sid:84352350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489251)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/laravel-ecommerce-project/releases/download/v1.0/software.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489251/; classtype:trojan-activity;sid:84352351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489252)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_tinycompress/releases/download/v1.0/application.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489252/; classtype:trojan-activity;sid:84352352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489253)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_build/releases/download/v1.0/application.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489253/; classtype:trojan-activity;sid:84352353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489254)"; flow:established,from_client; content:"GET"; http_method; content:"/yoiser1/proyecto_final/releases/download/v1.0/app.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489254/; classtype:trojan-activity;sid:84352354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489255)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_selinux/releases/download/v1.0/application.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489255/; classtype:trojan-activity;sid:84352355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489256)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_json-c/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489256/; classtype:trojan-activity;sid:84352356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489257)"; flow:established,from_client; content:"GET"; http_method; content:"/suryaimelandabp/mybot1/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489257/; classtype:trojan-activity;sid:84352357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489258)"; flow:established,from_client; content:"GET"; http_method; content:"/leehanini/leehanini.github.io/releases/download/v1.0/application.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489258/; classtype:trojan-activity;sid:84352358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489260)"; flow:established,from_client; content:"GET"; http_method; content:"/amandwivedi0/device_xiaomi_santoni/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489260/; classtype:trojan-activity;sid:84352360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489261)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_tinyxml/releases/download/v1.0/application.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489261/; classtype:trojan-activity;sid:84352361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489262)"; flow:established,from_client; content:"GET"; http_method; content:"/yoiser1/final/releases/download/v2.0/software.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489262/; classtype:trojan-activity;sid:84352362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489230)"; flow:established,from_client; content:"GET"; http_method; content:"/yoiser1/proyecto_final/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489230/; classtype:trojan-activity;sid:84352330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489231)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_sqlite/releases/download/v1.0/application.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489231/; classtype:trojan-activity;sid:84352331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489232)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_bootable_recovery/releases/download/v1.0/application.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489232/; classtype:trojan-activity;sid:84352332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489234)"; flow:established,from_client; content:"GET"; http_method; content:"/amineehhhhhhhtopg/grrrrr/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489234/; classtype:trojan-activity;sid:84352334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489235)"; flow:established,from_client; content:"GET"; http_method; content:"/suryaimelandabp/mybot1/releases/download/v1.0/app.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489235/; classtype:trojan-activity;sid:84352335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489237)"; flow:established,from_client; content:"GET"; http_method; content:"/nodiq/ranksshow/releases/download/v2.0/software.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489237/; classtype:trojan-activity;sid:84352337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489239)"; flow:established,from_client; content:"GET"; http_method; content:"/leehanini/leehanini.github.io/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489239/; classtype:trojan-activity;sid:84352339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489240)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_bionic/releases/download/v1.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489240/; classtype:trojan-activity;sid:84352340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489241)"; flow:established,from_client; content:"GET"; http_method; content:"/jw0902/proxy-service/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489241/; classtype:trojan-activity;sid:84352341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489242)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_sqlite/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489242/; classtype:trojan-activity;sid:84352342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489243)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/laravel-ecommerce-project/releases/download/v2.0/software.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489243/; classtype:trojan-activity;sid:84352343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489227)"; flow:established,from_client; content:"GET"; http_method; content:"/ambassadorscoders/togonon_motiv.poster/releases/download/v2.0/software.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489227/; classtype:trojan-activity;sid:84352327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489228)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_bionic/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489228/; classtype:trojan-activity;sid:84352328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489213)"; flow:established,from_client; content:"GET"; http_method; content:"/sriramapriyan/medicinal-plants-classification/releases/download/v1.0/software.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489213/; classtype:trojan-activity;sid:84352313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489214)"; flow:established,from_client; content:"GET"; http_method; content:"/eltrapico2/12-03assignment/releases/download/v1.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489214/; classtype:trojan-activity;sid:84352314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489215)"; flow:established,from_client; content:"GET"; http_method; content:"/cvm010/nucleus/releases/download/v1.0/software.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489215/; classtype:trojan-activity;sid:84352315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489218)"; flow:established,from_client; content:"GET"; http_method; content:"/eltrapico2/eltrapico2/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489218/; classtype:trojan-activity;sid:84352318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489219)"; flow:established,from_client; content:"GET"; http_method; content:"/puram-supriya/amazon/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489219/; classtype:trojan-activity;sid:84352319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489220)"; flow:established,from_client; content:"GET"; http_method; content:"/99monisha/land/releases/download/v1.0/software.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489220/; classtype:trojan-activity;sid:84352320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489205)"; flow:established,from_client; content:"GET"; http_method; content:"/eltrapico2/fri-app/releases/download/v1.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489205/; classtype:trojan-activity;sid:84352305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489206)"; flow:established,from_client; content:"GET"; http_method; content:"/essa1212/aku/releases/download/v1.0/software.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489206/; classtype:trojan-activity;sid:84352306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489207)"; flow:established,from_client; content:"GET"; http_method; content:"/puram-supriya/ecommerce/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489207/; classtype:trojan-activity;sid:84352307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489210)"; flow:established,from_client; content:"GET"; http_method; content:"/99monisha/90-days-dsa-challenges/releases/download/v1.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489210/; classtype:trojan-activity;sid:84352310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489211)"; flow:established,from_client; content:"GET"; http_method; content:"/student-chicken/fit-track-goal-progress/releases/download/v1.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489211/; classtype:trojan-activity;sid:84352311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489212)"; flow:established,from_client; content:"GET"; http_method; content:"/puram-supriya/resume/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489212/; classtype:trojan-activity;sid:84352312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489202)"; flow:established,from_client; content:"GET"; http_method; content:"/cvm010/movie/releases/download/v1.0/software.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489202/; classtype:trojan-activity;sid:84352302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489203)"; flow:established,from_client; content:"GET"; http_method; content:"/vernaloqui/farmer-shubreact/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489203/; classtype:trojan-activity;sid:84352303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489177)"; flow:established,from_client; content:"GET"; http_method; content:"/desmonsd/blazingtool/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489177/; classtype:trojan-activity;sid:84352277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489178)"; flow:established,from_client; content:"GET"; http_method; content:"/djmuro4ever/personal/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489178/; classtype:trojan-activity;sid:84352278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489179)"; flow:established,from_client; content:"GET"; http_method; content:"/desmonsd/blazingtool/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489179/; classtype:trojan-activity;sid:84352279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489176)"; flow:established,from_client; content:"GET"; http_method; content:"/99monisha/99monisha/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489176/; classtype:trojan-activity;sid:84352276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489173)"; flow:established,from_client; content:"GET"; http_method; content:"/boomerxd69/fixing-error-0xc00000ba/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489173/; classtype:trojan-activity;sid:84352273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489175)"; flow:established,from_client; content:"GET"; http_method; content:"/manuxing/deploy-admin/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489175/; classtype:trojan-activity;sid:84352275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489166)"; flow:established,from_client; content:"GET"; http_method; content:"/manuxing/manuxing/releases/download/v1.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489166/; classtype:trojan-activity;sid:84352266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489167)"; flow:established,from_client; content:"GET"; http_method; content:"/99monisha/protfolio-design/releases/download/v1.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489167/; classtype:trojan-activity;sid:84352267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489168)"; flow:established,from_client; content:"GET"; http_method; content:"/neko-emon/fixing-error-0xc000007b/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489168/; classtype:trojan-activity;sid:84352268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489169)"; flow:established,from_client; content:"GET"; http_method; content:"/ggjgjghggvc/fixing-error-0xc00000ba/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489169/; classtype:trojan-activity;sid:84352269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489171)"; flow:established,from_client; content:"GET"; http_method; content:"/matimazzia/worldgame-web/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489171/; classtype:trojan-activity;sid:84352271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489172)"; flow:established,from_client; content:"GET"; http_method; content:"/ashwani15upadhyay/portfolio/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489172/; classtype:trojan-activity;sid:84352272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489164)"; flow:established,from_client; content:"GET"; http_method; content:"/evil-cyber65/prem-ig/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489164/; classtype:trojan-activity;sid:84352264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489165)"; flow:established,from_client; content:"GET"; http_method; content:"/hannah20190/fixing-error-d3dx9-43-dll/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489165/; classtype:trojan-activity;sid:84352265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489153)"; flow:established,from_client; content:"GET"; http_method; content:"/anas200321/kernel-memory-reading-writing/releases/download/v1.0/software.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489153/; classtype:trojan-activity;sid:84352253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489154)"; flow:established,from_client; content:"GET"; http_method; content:"/lziemniak/aluraflix/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489154/; classtype:trojan-activity;sid:84352254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489155)"; flow:established,from_client; content:"GET"; http_method; content:"/yosif9999/hamster-clicker/releases/download/v3.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489155/; classtype:trojan-activity;sid:84352255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489156)"; flow:established,from_client; content:"GET"; http_method; content:"/pedjagejmer/digital-resume-builder/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489156/; classtype:trojan-activity;sid:84352256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489157)"; flow:established,from_client; content:"GET"; http_method; content:"/bryanlps/ai-data-scientist-scores-top-1-percent-on-kaggle/releases/download/v2.0/software.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489157/; classtype:trojan-activity;sid:84352257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489147)"; flow:established,from_client; content:"GET"; http_method; content:"/suffer220/bbuild/releases/download/v2.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489147/; classtype:trojan-activity;sid:84352247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489148)"; flow:established,from_client; content:"GET"; http_method; content:"/bryanlps/ai-data-scientist-scores-top-1-percent-on-kaggle/releases/download/v1.0/software.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489148/; classtype:trojan-activity;sid:84352248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489149)"; flow:established,from_client; content:"GET"; http_method; content:"/suffer220/bbuild/releases/download/v1.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489149/; classtype:trojan-activity;sid:84352249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489150)"; flow:established,from_client; content:"GET"; http_method; content:"/kennethxc33/bliss_browser_codeowners/releases/download/v1.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489150/; classtype:trojan-activity;sid:84352250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489151)"; flow:established,from_client; content:"GET"; http_method; content:"/yosif9999/hamster-clicker/releases/download/v1.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489151/; classtype:trojan-activity;sid:84352251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489152)"; flow:established,from_client; content:"GET"; http_method; content:"/kennethxc33/bliss_browser_codeowners/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489152/; classtype:trojan-activity;sid:84352252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489146)"; flow:established,from_client; content:"GET"; http_method; content:"/jorgegael5/tos/releases/download/v1.0/software.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489146/; classtype:trojan-activity;sid:84352246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489144)"; flow:established,from_client; content:"GET"; http_method; content:"/pedjagejmer/digital-resume-builder/releases/download/v1.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489144/; classtype:trojan-activity;sid:84352244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489145)"; flow:established,from_client; content:"GET"; http_method; content:"/lziemniak/aluraflix/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489145/; classtype:trojan-activity;sid:84352245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489123)"; flow:established,from_client; content:"GET"; http_method; content:"/kayraspro/snake-fruit-game-asmr/releases/download/v1.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489123/; classtype:trojan-activity;sid:84352223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489125)"; flow:established,from_client; content:"GET"; http_method; content:"/mrrobot0404/the-wild-oasis/releases/download/v1.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489125/; classtype:trojan-activity;sid:84352225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489126)"; flow:established,from_client; content:"GET"; http_method; content:"/guest0689/flutter-starter-app/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489126/; classtype:trojan-activity;sid:84352226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489127)"; flow:established,from_client; content:"GET"; http_method; content:"/drankrych/fakebtcsend/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489127/; classtype:trojan-activity;sid:84352227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489128)"; flow:established,from_client; content:"GET"; http_method; content:"/atom3dx/array-base-scatter-filled/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489128/; classtype:trojan-activity;sid:84352228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489129)"; flow:established,from_client; content:"GET"; http_method; content:"/bluecheatah123/apex/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489129/; classtype:trojan-activity;sid:84352229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489131)"; flow:established,from_client; content:"GET"; http_method; content:"/lethanhdat0403/earnorm/releases/download/v1.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489131/; classtype:trojan-activity;sid:84352231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489132)"; flow:established,from_client; content:"GET"; http_method; content:"/undenialable/grpc-sso-service/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489132/; classtype:trojan-activity;sid:84352232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489133)"; flow:established,from_client; content:"GET"; http_method; content:"/grahgrahboom/myportfolio/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489133/; classtype:trojan-activity;sid:84352233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489135)"; flow:established,from_client; content:"GET"; http_method; content:"/firematheo00x/chat-app-mern/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489135/; classtype:trojan-activity;sid:84352235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489137)"; flow:established,from_client; content:"GET"; http_method; content:"/monyigamer/bliss_browser_janet/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489137/; classtype:trojan-activity;sid:84352237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489138)"; flow:established,from_client; content:"GET"; http_method; content:"/undenialable/grpc-sso-service/releases/download/v1.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489138/; classtype:trojan-activity;sid:84352238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489115)"; flow:established,from_client; content:"GET"; http_method; content:"/brabaoeu/powershell_httpserver/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489115/; classtype:trojan-activity;sid:84352215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489116)"; flow:established,from_client; content:"GET"; http_method; content:"/theboss6921/json-to-typescript/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489116/; classtype:trojan-activity;sid:84352216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489117)"; flow:established,from_client; content:"GET"; http_method; content:"/speedwalker48700/snu_2d_programmingtools_ide_nwscript/releases/download/v2.0/software.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489117/; classtype:trojan-activity;sid:84352217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489118)"; flow:established,from_client; content:"GET"; http_method; content:"/monyigamer/bliss_browser_janet/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489118/; classtype:trojan-activity;sid:84352218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489119)"; flow:established,from_client; content:"GET"; http_method; content:"/tamiur2011/cors-proxy-server-employee-api/releases/download/v1.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489119/; classtype:trojan-activity;sid:84352219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489120)"; flow:established,from_client; content:"GET"; http_method; content:"/firematheo00x/chat-app-mern/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489120/; classtype:trojan-activity;sid:84352220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489121)"; flow:established,from_client; content:"GET"; http_method; content:"/theboss6921/json-to-typescript/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489121/; classtype:trojan-activity;sid:84352221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489122)"; flow:established,from_client; content:"GET"; http_method; content:"/austinxsome/key-clicker/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489122/; classtype:trojan-activity;sid:84352222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489105)"; flow:established,from_client; content:"GET"; http_method; content:"/preakp90/python_wallpaper_crawler/releases/download/v1.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489105/; classtype:trojan-activity;sid:84352205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489106)"; flow:established,from_client; content:"GET"; http_method; content:"/shirfor/autoforjob/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489106/; classtype:trojan-activity;sid:84352206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489107)"; flow:established,from_client; content:"GET"; http_method; content:"/shirfor/autoforjob/releases/download/v1.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489107/; classtype:trojan-activity;sid:84352207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489108)"; flow:established,from_client; content:"GET"; http_method; content:"/probe895/prodigy_wd_01/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489108/; classtype:trojan-activity;sid:84352208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489098)"; flow:established,from_client; content:"GET"; http_method; content:"/juliocesarmara/emojico/releases/download/v1.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489098/; classtype:trojan-activity;sid:84352198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489099)"; flow:established,from_client; content:"GET"; http_method; content:"/pop144615/wmpignore/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489099/; classtype:trojan-activity;sid:84352199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489100)"; flow:established,from_client; content:"GET"; http_method; content:"/samudark4068/test-interface/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489100/; classtype:trojan-activity;sid:84352200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489104)"; flow:established,from_client; content:"GET"; http_method; content:"/samudark4068/test-interface/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489104/; classtype:trojan-activity;sid:84352204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489097)"; flow:established,from_client; content:"GET"; http_method; content:"/daar12-web/testdmode/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489097/; classtype:trojan-activity;sid:84352197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489094)"; flow:established,from_client; content:"GET"; http_method; content:"/daar12-web/testdmode/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489094/; classtype:trojan-activity;sid:84352194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489095)"; flow:established,from_client; content:"GET"; http_method; content:"/probe895/prodigy_wd_01/releases/download/v1.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489095/; classtype:trojan-activity;sid:84352195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489090)"; flow:established,from_client; content:"GET"; http_method; content:"/lilanders123/act/releases/download/v2.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489090/; classtype:trojan-activity;sid:84352190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489088)"; flow:established,from_client; content:"GET"; http_method; content:"/tatooo29/project-hub/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489088/; classtype:trojan-activity;sid:84352188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489089)"; flow:established,from_client; content:"GET"; http_method; content:"/salvix317/bliss_browser_mirah/releases/download/v1.0/application.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489089/; classtype:trojan-activity;sid:84352189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489077)"; flow:established,from_client; content:"GET"; http_method; content:"/1erne/blue-potato-nvidia/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489077/; classtype:trojan-activity;sid:84352177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489078)"; flow:established,from_client; content:"GET"; http_method; content:"/monkeydluffy6956/fixedprojects/releases/download/v1.0/application.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489078/; classtype:trojan-activity;sid:84352178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489080)"; flow:established,from_client; content:"GET"; http_method; content:"/tiago1237/react-cooking-ninja/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489080/; classtype:trojan-activity;sid:84352180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489081)"; flow:established,from_client; content:"GET"; http_method; content:"/irineubelutti/pro-portfolio-website/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489081/; classtype:trojan-activity;sid:84352181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489082)"; flow:established,from_client; content:"GET"; http_method; content:"/jimjam112/linktree-template/releases/download/v1.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489082/; classtype:trojan-activity;sid:84352182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489083)"; flow:established,from_client; content:"GET"; http_method; content:"/tatooo29/project-hub/releases/download/v1.0/application.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489083/; classtype:trojan-activity;sid:84352183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489085)"; flow:established,from_client; content:"GET"; http_method; content:"/gu446325/bliss_browser_odin/releases/download/v1.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489085/; classtype:trojan-activity;sid:84352185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489086)"; flow:established,from_client; content:"GET"; http_method; content:"/irineubelutti/pro-portfolio-website/releases/download/v1.0/application.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489086/; classtype:trojan-activity;sid:84352186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489087)"; flow:established,from_client; content:"GET"; http_method; content:"/gu446325/bliss_browser_odin/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489087/; classtype:trojan-activity;sid:84352187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489073)"; flow:established,from_client; content:"GET"; http_method; content:"/1erne/blue-potato-nvidia/releases/download/v1.0/application.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489073/; classtype:trojan-activity;sid:84352173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489074)"; flow:established,from_client; content:"GET"; http_method; content:"/jimjam112/linktree-template/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489074/; classtype:trojan-activity;sid:84352174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489075)"; flow:established,from_client; content:"GET"; http_method; content:"/salvix317/bliss_browser_mirah/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489075/; classtype:trojan-activity;sid:84352175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489076)"; flow:established,from_client; content:"GET"; http_method; content:"/monkeydluffy6956/fixedprojects/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489076/; classtype:trojan-activity;sid:84352176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489062)"; flow:established,from_client; content:"GET"; http_method; content:"/syardha/locked-in/releases/download/v1.0/program.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489062/; classtype:trojan-activity;sid:84352162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489063)"; flow:established,from_client; content:"GET"; http_method; content:"/basterfg/myproject/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489063/; classtype:trojan-activity;sid:84352163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489054)"; flow:established,from_client; content:"GET"; http_method; content:"/booody123/manual-brick-breaker/releases/download/v1.0/program.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489054/; classtype:trojan-activity;sid:84352154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489055)"; flow:established,from_client; content:"GET"; http_method; content:"/joshuagamayutin/bytesized.webring/releases/download/v1.0/application.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489055/; classtype:trojan-activity;sid:84352155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489056)"; flow:established,from_client; content:"GET"; http_method; content:"/lucksssssss/flick_share/releases/download/v1.0/application.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489056/; classtype:trojan-activity;sid:84352156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489058)"; flow:established,from_client; content:"GET"; http_method; content:"/lol123123456/flowdown-beta/releases/download/v1.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489058/; classtype:trojan-activity;sid:84352158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489059)"; flow:established,from_client; content:"GET"; http_method; content:"/lucksssssss/flick_share/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489059/; classtype:trojan-activity;sid:84352159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489060)"; flow:established,from_client; content:"GET"; http_method; content:"/carlosprogramador991/baitroute/releases/download/v1.0/application.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489060/; classtype:trojan-activity;sid:84352160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489061)"; flow:established,from_client; content:"GET"; http_method; content:"/carlosprogramador991/baitroute/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489061/; classtype:trojan-activity;sid:84352161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489051)"; flow:established,from_client; content:"GET"; http_method; content:"/brahiim05/indian_migrating_students_analysis/releases/download/v1.0/program.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489051/; classtype:trojan-activity;sid:84352151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489052)"; flow:established,from_client; content:"GET"; http_method; content:"/lol123123456/flowdown-beta/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489052/; classtype:trojan-activity;sid:84352152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489049)"; flow:established,from_client; content:"GET"; http_method; content:"/basterfg/myproject/releases/download/v1.0/application.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489049/; classtype:trojan-activity;sid:84352149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489050)"; flow:established,from_client; content:"GET"; http_method; content:"/joshuagamayutin/bytesized.webring/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489050/; classtype:trojan-activity;sid:84352150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489048)"; flow:established,from_client; content:"GET"; http_method; content:"/syardha/locked-in/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489048/; classtype:trojan-activity;sid:84352148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489046)"; flow:established,from_client; content:"GET"; http_method; content:"/brahiim05/indian_migrating_students_analysis/releases/download/v2.0/software.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489046/; classtype:trojan-activity;sid:84352146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489047)"; flow:established,from_client; content:"GET"; http_method; content:"/booody123/manual-brick-breaker/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489047/; classtype:trojan-activity;sid:84352147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489042)"; flow:established,from_client; content:"GET"; http_method; content:"/ashraff12345/snu_2d_clouddrive_modes_snu/releases/download/v1.0/program.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489042/; classtype:trojan-activity;sid:84352142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489041)"; flow:established,from_client; content:"GET"; http_method; content:"/anthony166-cmyk/codify/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489041/; classtype:trojan-activity;sid:84352141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489031)"; flow:established,from_client; content:"GET"; http_method; content:"/soilder931/djlint-snap/releases/download/v1.0/application.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489031/; classtype:trojan-activity;sid:84352131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489032)"; flow:established,from_client; content:"GET"; http_method; content:"/pedrokax/webscraper-to-identify-which-girls-and-how-many-of-them-my-boyfriend-follows-on-github/releases/download/v1.0/application.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489032/; classtype:trojan-activity;sid:84352132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489034)"; flow:established,from_client; content:"GET"; http_method; content:"/anthony166-cmyk/codify/releases/download/v1.0.0/application.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489034/; classtype:trojan-activity;sid:84352134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489035)"; flow:established,from_client; content:"GET"; http_method; content:"/nash-abella/organization-service/releases/download/v1.0.0/application.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489035/; classtype:trojan-activity;sid:84352135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489036)"; flow:established,from_client; content:"GET"; http_method; content:"/oneshotviper24/g-n-rateur-de-robots.txt-et-sitemap.xml/releases/download/v1.0/application.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489036/; classtype:trojan-activity;sid:84352136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489038)"; flow:established,from_client; content:"GET"; http_method; content:"/soilder931/djlint-snap/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489038/; classtype:trojan-activity;sid:84352138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489039)"; flow:established,from_client; content:"GET"; http_method; content:"/2jzlove/property-portfolio-forecaster/releases/download/v1.0/application.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489039/; classtype:trojan-activity;sid:84352139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489040)"; flow:established,from_client; content:"GET"; http_method; content:"/emilio549/solindexllm/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489040/; classtype:trojan-activity;sid:84352140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489026)"; flow:established,from_client; content:"GET"; http_method; content:"/2jzlove/property-portfolio-forecaster/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489026/; classtype:trojan-activity;sid:84352126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489027)"; flow:established,from_client; content:"GET"; http_method; content:"/nash-abella/organization-service/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489027/; classtype:trojan-activity;sid:84352127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489028)"; flow:established,from_client; content:"GET"; http_method; content:"/pedrokax/webscraper-to-identify-which-girls-and-how-many-of-them-my-boyfriend-follows-on-github/releases/download/v2.0/software.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489028/; classtype:trojan-activity;sid:84352128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489029)"; flow:established,from_client; content:"GET"; http_method; content:"/oneshotviper24/g-n-rateur-de-robots.txt-et-sitemap.xml/releases/download/v2.0/software.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489029/; classtype:trojan-activity;sid:84352129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489025)"; flow:established,from_client; content:"GET"; http_method; content:"/ashraff12345/snu_2d_clouddrive_modes_snu/releases/download/v2.0/software.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489025/; classtype:trojan-activity;sid:84352125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489020)"; flow:established,from_client; content:"GET"; http_method; content:"/tailstheflyingfox/subghost/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489020/; classtype:trojan-activity;sid:84352120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488997)"; flow:established,from_client; content:"GET"; http_method; content:"/zaytosmooth23/metamask-wallet-api-react-web3-extension-connect-blockhain-ethereum/releases/download/v1.0/release.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488997/; classtype:trojan-activity;sid:84352097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488998)"; flow:established,from_client; content:"GET"; http_method; content:"/rizasaurus/car-price-prediction-exercise-with-regression-model/releases/download/v2.0/software.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488998/; classtype:trojan-activity;sid:84352098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488999)"; flow:established,from_client; content:"GET"; http_method; content:"/julianarpr/coinbase-wallet-python-api-wallet-storage-web-browser-multi-crypto-secure-gui/releases/download/v2.0/software.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488999/; classtype:trojan-activity;sid:84352099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489000)"; flow:established,from_client; content:"GET"; http_method; content:"/refloxo/nlp-translator/releases/download/v1.0/soft.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489000/; classtype:trojan-activity;sid:84352100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489001)"; flow:established,from_client; content:"GET"; http_method; content:"/rizasaurus/car-price-prediction-exercise-with-regression-model/releases/download/v1.0/release.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489001/; classtype:trojan-activity;sid:84352101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489002)"; flow:established,from_client; content:"GET"; http_method; content:"/whathedogding/bitpay-crypto-signal-trading-bot-analysis-signal-masters-trading-crypto/releases/download/v1.0/release.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489002/; classtype:trojan-activity;sid:84352102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489003)"; flow:established,from_client; content:"GET"; http_method; content:"/tailstheflyingfox/subghost/releases/download/v1.0/release.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489003/; classtype:trojan-activity;sid:84352103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489004)"; flow:established,from_client; content:"GET"; http_method; content:"/zilts345890/golang-html-parsing/releases/download/v1.0/application.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489004/; classtype:trojan-activity;sid:84352104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489005)"; flow:established,from_client; content:"GET"; http_method; content:"/basemnabill/stock-forecasting-rnn/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489005/; classtype:trojan-activity;sid:84352105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489006)"; flow:established,from_client; content:"GET"; http_method; content:"/seiolonmsk/contextindent.nvim/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489006/; classtype:trojan-activity;sid:84352106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489007)"; flow:established,from_client; content:"GET"; http_method; content:"/basemnabill/stock-forecasting-rnn/releases/download/v1.0/application.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489007/; classtype:trojan-activity;sid:84352107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489008)"; flow:established,from_client; content:"GET"; http_method; content:"/jatomsplamkakj/mysql-bootcamp-go-from-sql-beginner-to-expert/releases/download/v1.0/release.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489008/; classtype:trojan-activity;sid:84352108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489009)"; flow:established,from_client; content:"GET"; http_method; content:"/nuclearcatlegit/simple_bank/releases/download/v1.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489009/; classtype:trojan-activity;sid:84352109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489010)"; flow:established,from_client; content:"GET"; http_method; content:"/seiolonmsk/contextindent.nvim/releases/download/v1.0/application.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489010/; classtype:trojan-activity;sid:84352110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489011)"; flow:established,from_client; content:"GET"; http_method; content:"/zilts345890/golang-html-parsing/releases/download/v1.0/program.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489011/; classtype:trojan-activity;sid:84352111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489012)"; flow:established,from_client; content:"GET"; http_method; content:"/jatomsplamkakj/mysql-bootcamp-go-from-sql-beginner-to-expert/releases/download/v2.0/software.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489012/; classtype:trojan-activity;sid:84352112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489013)"; flow:established,from_client; content:"GET"; http_method; content:"/dungtaplaptrinh/ivms/releases/download/v1.0/release.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489013/; classtype:trojan-activity;sid:84352113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489014)"; flow:established,from_client; content:"GET"; http_method; content:"/whathedogding/bitpay-crypto-signal-trading-bot-analysis-signal-masters-trading-crypto/releases/download/v2.0/software.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489014/; classtype:trojan-activity;sid:84352114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489015)"; flow:established,from_client; content:"GET"; http_method; content:"/naiahahah/musicbox/releases/download/v1.0/release.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489015/; classtype:trojan-activity;sid:84352115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489016)"; flow:established,from_client; content:"GET"; http_method; content:"/julianarpr/coinbase-wallet-python-api-wallet-storage-web-browser-multi-crypto-secure-gui/releases/download/v1.0/release.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489016/; classtype:trojan-activity;sid:84352116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488992)"; flow:established,from_client; content:"GET"; http_method; content:"/notnc/android-x64_android5.1_degoogled_edition_docs/releases/download/v1.0/application.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488992/; classtype:trojan-activity;sid:84352092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488993)"; flow:established,from_client; content:"GET"; http_method; content:"/refloxo/nlp-translator/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488993/; classtype:trojan-activity;sid:84352093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488994)"; flow:established,from_client; content:"GET"; http_method; content:"/nuclearcatlegit/simple_bank/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488994/; classtype:trojan-activity;sid:84352094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488995)"; flow:established,from_client; content:"GET"; http_method; content:"/seiolonmsk/contextindent.nvim/releases/download/v1.0/program.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488995/; classtype:trojan-activity;sid:84352095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488990)"; flow:established,from_client; content:"GET"; http_method; content:"/dungtaplaptrinh/ivms/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488990/; classtype:trojan-activity;sid:84352090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488983)"; flow:established,from_client; content:"GET"; http_method; content:"/majorclient/html-crypto-currency-chart-snippets/releases/download/v1.0/release.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488983/; classtype:trojan-activity;sid:84352083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488986)"; flow:established,from_client; content:"GET"; http_method; content:"/zaytosmooth23/metamask-wallet-api-react-web3-extension-connect-blockhain-ethereum/releases/download/v2.0/software.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488986/; classtype:trojan-activity;sid:84352086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488987)"; flow:established,from_client; content:"GET"; http_method; content:"/notnc/android-x64_android5.1_degoogled_edition_docs/releases/download/v1.0/program.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488987/; classtype:trojan-activity;sid:84352087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488988)"; flow:established,from_client; content:"GET"; http_method; content:"/dredarty/ringsharp/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488988/; classtype:trojan-activity;sid:84352088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488964)"; flow:established,from_client; content:"GET"; http_method; content:"/megapuppiedoctor/evo/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488964/; classtype:trojan-activity;sid:84352064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488965)"; flow:established,from_client; content:"GET"; http_method; content:"/bedlessno/binaural/releases/download/v1.0/release.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488965/; classtype:trojan-activity;sid:84352065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488966)"; flow:established,from_client; content:"GET"; http_method; content:"/peloixitu35/javascript-questions-pro/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488966/; classtype:trojan-activity;sid:84352066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488967)"; flow:established,from_client; content:"GET"; http_method; content:"/bardock47/detecteur-de-contenu-ia/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488967/; classtype:trojan-activity;sid:84352067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488969)"; flow:established,from_client; content:"GET"; http_method; content:"/peloixitu35/javascript-questions-pro/releases/download/v1.0/program.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488969/; classtype:trojan-activity;sid:84352069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488970)"; flow:established,from_client; content:"GET"; http_method; content:"/mkailal/traking_app/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488970/; classtype:trojan-activity;sid:84352070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488971)"; flow:established,from_client; content:"GET"; http_method; content:"/happie123/milvus-querying/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488971/; classtype:trojan-activity;sid:84352071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488973)"; flow:established,from_client; content:"GET"; http_method; content:"/brunoesmael/cot_proxy/releases/download/v1.0/release.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488973/; classtype:trojan-activity;sid:84352073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488974)"; flow:established,from_client; content:"GET"; http_method; content:"/kentcann/generateur-de-fichiers-.htaccess-pour-redirections-seo/releases/download/v2.0/software.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488974/; classtype:trojan-activity;sid:84352074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488975)"; flow:established,from_client; content:"GET"; http_method; content:"/sinaralay/generateur-de-fil-d-ariane/releases/download/v1.0/release_x64.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488975/; classtype:trojan-activity;sid:84352075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488976)"; flow:established,from_client; content:"GET"; http_method; content:"/happie123/milvus-querying/releases/download/v1.0/release_x64.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488976/; classtype:trojan-activity;sid:84352076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488961)"; flow:established,from_client; content:"GET"; http_method; content:"/bardock47/detecteur-de-contenu-ia/releases/download/v1.0/release_x64.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488961/; classtype:trojan-activity;sid:84352061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488962)"; flow:established,from_client; content:"GET"; http_method; content:"/sinaralay/generateur-de-fil-d-ariane/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488962/; classtype:trojan-activity;sid:84352062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488963)"; flow:established,from_client; content:"GET"; http_method; content:"/brunoesmael/cot_proxy/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488963/; classtype:trojan-activity;sid:84352063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488958)"; flow:established,from_client; content:"GET"; http_method; content:"/kentcann/generateur-de-fichiers-.htaccess-pour-redirections-seo/releases/download/v1.0/release_x64.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488958/; classtype:trojan-activity;sid:84352058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488959)"; flow:established,from_client; content:"GET"; http_method; content:"/megapuppiedoctor/evo/releases/download/v1.0/release.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488959/; classtype:trojan-activity;sid:84352059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488960)"; flow:established,from_client; content:"GET"; http_method; content:"/bedlessno/binaural/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488960/; classtype:trojan-activity;sid:84352060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488949)"; flow:established,from_client; content:"GET"; http_method; content:"/externator/drizzle-next-tauri/releases/download/v1.0/release_x64.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488949/; classtype:trojan-activity;sid:84352049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488950)"; flow:established,from_client; content:"GET"; http_method; content:"/konnuyu/0xbuilder/releases/download/v1.0/release_x64.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488950/; classtype:trojan-activity;sid:84352050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488940)"; flow:established,from_client; content:"GET"; http_method; content:"/finn9633/batchgenie/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488940/; classtype:trojan-activity;sid:84352040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488941)"; flow:established,from_client; content:"GET"; http_method; content:"/konnuyu/0xbuilder/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488941/; classtype:trojan-activity;sid:84352041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488942)"; flow:established,from_client; content:"GET"; http_method; content:"/big0loser/nodepay-bot/releases/download/v1.0/release_x64.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488942/; classtype:trojan-activity;sid:84352042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488943)"; flow:established,from_client; content:"GET"; http_method; content:"/rakkunsatura/p.e.n.i.s./releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488943/; classtype:trojan-activity;sid:84352043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488944)"; flow:established,from_client; content:"GET"; http_method; content:"/big0loser/nodepay-bot/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488944/; classtype:trojan-activity;sid:84352044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488945)"; flow:established,from_client; content:"GET"; http_method; content:"/thiagx08/bue-introduction-to-programming-and-problem-solving/releases/download/v1.0/release_x64.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488945/; classtype:trojan-activity;sid:84352045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488946)"; flow:established,from_client; content:"GET"; http_method; content:"/thiagx08/bue-introduction-to-programming-and-problem-solving/releases/download/v2.0/software.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488946/; classtype:trojan-activity;sid:84352046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488939)"; flow:established,from_client; content:"GET"; http_method; content:"/externator/drizzle-next-tauri/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488939/; classtype:trojan-activity;sid:84352039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488926)"; flow:established,from_client; content:"GET"; http_method; content:"/t7dela/shadowtool/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488926/; classtype:trojan-activity;sid:84352026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488927)"; flow:established,from_client; content:"GET"; http_method; content:"/danblox669/fixing-error-0xc000007b/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488927/; classtype:trojan-activity;sid:84352027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488904)"; flow:established,from_client; content:"GET"; http_method; content:"/ahvaitomanocuvai/shadcn-tour/releases/download/v1.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488904/; classtype:trojan-activity;sid:84352004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488905)"; flow:established,from_client; content:"GET"; http_method; content:"/tsmdavidyt10kpro/myquest/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488905/; classtype:trojan-activity;sid:84352005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488908)"; flow:established,from_client; content:"GET"; http_method; content:"/malo360/tapsi/releases/download/v1.0/software.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488908/; classtype:trojan-activity;sid:84352008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488909)"; flow:established,from_client; content:"GET"; http_method; content:"/malo360/tapsi/releases/download/v2.0/software.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488909/; classtype:trojan-activity;sid:84352009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488910)"; flow:established,from_client; content:"GET"; http_method; content:"/jayvzz121706/basic-geometry-engine/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488910/; classtype:trojan-activity;sid:84352010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488912)"; flow:established,from_client; content:"GET"; http_method; content:"/phillipp09/countriesfacts-quiz/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488912/; classtype:trojan-activity;sid:84352012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488914)"; flow:established,from_client; content:"GET"; http_method; content:"/tsmdavidyt10kpro/myquest/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488914/; classtype:trojan-activity;sid:84352014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488915)"; flow:established,from_client; content:"GET"; http_method; content:"/phillipp09/countriesfacts-quiz/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488915/; classtype:trojan-activity;sid:84352015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488916)"; flow:established,from_client; content:"GET"; http_method; content:"/ghzfps/mastering-mern-with-react/releases/download/v1.0/application.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488916/; classtype:trojan-activity;sid:84352016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488918)"; flow:established,from_client; content:"GET"; http_method; content:"/ghzfps/mastering-mern-with-react/releases/download/v1.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488918/; classtype:trojan-activity;sid:84352018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488919)"; flow:established,from_client; content:"GET"; http_method; content:"/leydypenaloza/oade_openvoices/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488919/; classtype:trojan-activity;sid:84352019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488920)"; flow:established,from_client; content:"GET"; http_method; content:"/leydypenaloza/oade_openvoices/releases/download/v1.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488920/; classtype:trojan-activity;sid:84352020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488921)"; flow:established,from_client; content:"GET"; http_method; content:"/jayvzz121706/basic-geometry-engine/releases/download/v1.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488921/; classtype:trojan-activity;sid:84352021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488903)"; flow:established,from_client; content:"GET"; http_method; content:"/ghzfps/mastering-mern-with-react/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488903/; classtype:trojan-activity;sid:84352003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488892)"; flow:established,from_client; content:"GET"; http_method; content:"/nezukoontop/orbia/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488892/; classtype:trojan-activity;sid:84351992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488893)"; flow:established,from_client; content:"GET"; http_method; content:"/clearlyaxgen/to-do-task-app-with-oracle-apex/releases/download/v1.0/software.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488893/; classtype:trojan-activity;sid:84351993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488894)"; flow:established,from_client; content:"GET"; http_method; content:"/ilayking/exam-surveillance-platform/releases/download/v1.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488894/; classtype:trojan-activity;sid:84351994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488895)"; flow:established,from_client; content:"GET"; http_method; content:"/clearlyaxgen/to-do-task-app-with-oracle-apex/releases/download/v2.0/software.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488895/; classtype:trojan-activity;sid:84351995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488896)"; flow:established,from_client; content:"GET"; http_method; content:"/fallidox/varzesh3/releases/download/v1.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488896/; classtype:trojan-activity;sid:84351996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488897)"; flow:established,from_client; content:"GET"; http_method; content:"/itallo1122/csharp-devcontainer-template/releases/download/v2.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488897/; classtype:trojan-activity;sid:84351997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488898)"; flow:established,from_client; content:"GET"; http_method; content:"/nezukoontop/orbia/releases/download/v1.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488898/; classtype:trojan-activity;sid:84351998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488891)"; flow:established,from_client; content:"GET"; http_method; content:"/ilayking/exam-surveillance-platform/releases/download/v2.0/release_x64.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488891/; classtype:trojan-activity;sid:84351991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488890)"; flow:established,from_client; content:"GET"; http_method; content:"/samix151210/ndarray-base-normalize-indices/releases/download/v2.0/software.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488890/; classtype:trojan-activity;sid:84351990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488883)"; flow:established,from_client; content:"GET"; http_method; content:"/kirukazuma/react-ulbitv/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488883/; classtype:trojan-activity;sid:84351983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488884)"; flow:established,from_client; content:"GET"; http_method; content:"/simoqanboui/dawn-validator-bot-js/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488884/; classtype:trojan-activity;sid:84351984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488881)"; flow:established,from_client; content:"GET"; http_method; content:"/simoqanboui/dawn-validator-bot-js/releases/download/v1.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488881/; classtype:trojan-activity;sid:84351981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488880)"; flow:established,from_client; content:"GET"; http_method; content:"/asdadadsaasdsadas991/database-project/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488880/; classtype:trojan-activity;sid:84351980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488872)"; flow:established,from_client; content:"GET"; http_method; content:"/jonatanelmaspro2023/ailert-nextjs/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488872/; classtype:trojan-activity;sid:84351972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488873)"; flow:established,from_client; content:"GET"; http_method; content:"/hyuki875/transformers/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488873/; classtype:trojan-activity;sid:84351973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488874)"; flow:established,from_client; content:"GET"; http_method; content:"/merosegamerx/pizza_webapp/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488874/; classtype:trojan-activity;sid:84351974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488875)"; flow:established,from_client; content:"GET"; http_method; content:"/tinhuynh123/secluded/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488875/; classtype:trojan-activity;sid:84351975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488877)"; flow:established,from_client; content:"GET"; http_method; content:"/nguyenquy19/fit-track-goals-app/releases/download/v2.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488877/; classtype:trojan-activity;sid:84351977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488879)"; flow:established,from_client; content:"GET"; http_method; content:"/merosegamerx/pizza_webapp/releases/download/v1.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488879/; classtype:trojan-activity;sid:84351979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488867)"; flow:established,from_client; content:"GET"; http_method; content:"/marionerjattv/lapack-base-zlacpy/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488867/; classtype:trojan-activity;sid:84351967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488868)"; flow:established,from_client; content:"GET"; http_method; content:"/marionerjattv/lapack-base-zlacpy/releases/download/v1.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488868/; classtype:trojan-activity;sid:84351968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488869)"; flow:established,from_client; content:"GET"; http_method; content:"/hkabj/codefetch/releases/download/v1.0/software.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488869/; classtype:trojan-activity;sid:84351969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488870)"; flow:established,from_client; content:"GET"; http_method; content:"/dandygamer198981/bliss_browser_mint/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488870/; classtype:trojan-activity;sid:84351970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488865)"; flow:established,from_client; content:"GET"; http_method; content:"/hkabj/codefetch/releases/download/v2.0/software.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488865/; classtype:trojan-activity;sid:84351965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488866)"; flow:established,from_client; content:"GET"; http_method; content:"/charles100000/twitch-clone/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488866/; classtype:trojan-activity;sid:84351966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488863)"; flow:established,from_client; content:"GET"; http_method; content:"/ligdeezznuts/bliss_browser_jcl/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488863/; classtype:trojan-activity;sid:84351963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488857)"; flow:established,from_client; content:"GET"; http_method; content:"/enessah00/adaptive-classifier/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488857/; classtype:trojan-activity;sid:84351957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488845)"; flow:established,from_client; content:"GET"; http_method; content:"/benbonbun/carvisionai/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488845/; classtype:trojan-activity;sid:84351945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488848)"; flow:established,from_client; content:"GET"; http_method; content:"/benbonbun/carvisionai/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488848/; classtype:trojan-activity;sid:84351948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488849)"; flow:established,from_client; content:"GET"; http_method; content:"/astral-ash/deployeride-erc20-toolkit/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488849/; classtype:trojan-activity;sid:84351949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488850)"; flow:established,from_client; content:"GET"; http_method; content:"/kleteee/injectra/releases/download/v1.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488850/; classtype:trojan-activity;sid:84351950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488851)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmed2006-cmd/carrepairreservationsystem-loginpage/releases/download/v1.0/software.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488851/; classtype:trojan-activity;sid:84351951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488852)"; flow:established,from_client; content:"GET"; http_method; content:"/thalik330/bliss_browser_jison-lex/releases/download/v1.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488852/; classtype:trojan-activity;sid:84351952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488854)"; flow:established,from_client; content:"GET"; http_method; content:"/astral-ash/deployeride-erc20-toolkit/releases/download/v1.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488854/; classtype:trojan-activity;sid:84351954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488855)"; flow:established,from_client; content:"GET"; http_method; content:"/enessah00/adaptive-classifier/releases/download/v1.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488855/; classtype:trojan-activity;sid:84351955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488841)"; flow:established,from_client; content:"GET"; http_method; content:"/edgaras980/audiocrypt/releases/download/v1.0/application.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488841/; classtype:trojan-activity;sid:84351941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488842)"; flow:established,from_client; content:"GET"; http_method; content:"/imenapr/crime-news-ai-nlp-machine-learning/releases/download/v1.0/application.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488842/; classtype:trojan-activity;sid:84351942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488843)"; flow:established,from_client; content:"GET"; http_method; content:"/softnightmare/fit-goals/releases/download/v1.0/application.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488843/; classtype:trojan-activity;sid:84351943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488840)"; flow:established,from_client; content:"GET"; http_method; content:"/yuxiangwuzhang/prodigy_wd_02/releases/download/v2.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488840/; classtype:trojan-activity;sid:84351940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488839)"; flow:established,from_client; content:"GET"; http_method; content:"/imenapr/crime-news-ai-nlp-machine-learning/releases/download/v2.0/software.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488839/; classtype:trojan-activity;sid:84351939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488835)"; flow:established,from_client; content:"GET"; http_method; content:"/brehdonacounter/contact-form1-main/releases/download/v1.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488835/; classtype:trojan-activity;sid:84351935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488837)"; flow:established,from_client; content:"GET"; http_method; content:"/yuxiangwuzhang/prodigy_wd_02/releases/download/v1.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488837/; classtype:trojan-activity;sid:84351937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488831)"; flow:established,from_client; content:"GET"; http_method; content:"/frebirus/poll-maker/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488831/; classtype:trojan-activity;sid:84351931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488832)"; flow:established,from_client; content:"GET"; http_method; content:"/edgaras980/audiocrypt/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488832/; classtype:trojan-activity;sid:84351932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488833)"; flow:established,from_client; content:"GET"; http_method; content:"/vzcar/bliss_browser_turtle/releases/download/v1.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488833/; classtype:trojan-activity;sid:84351933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488826)"; flow:established,from_client; content:"GET"; http_method; content:"/softnightmare/fit-goals/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488826/; classtype:trojan-activity;sid:84351926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488827)"; flow:established,from_client; content:"GET"; http_method; content:"/frebirus/poll-maker/releases/download/v1.0/application.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488827/; classtype:trojan-activity;sid:84351927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488828)"; flow:established,from_client; content:"GET"; http_method; content:"/vzcar/bliss_browser_turtle/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488828/; classtype:trojan-activity;sid:84351928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488829)"; flow:established,from_client; content:"GET"; http_method; content:"/brehdonacounter/contact-form1-main/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488829/; classtype:trojan-activity;sid:84351929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488811)"; flow:established,from_client; content:"GET"; http_method; content:"/baconlitoshub/asyncrat-fud-fixed-dll-remote-administration-tool-new/releases/download/v1.0/application.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488811/; classtype:trojan-activity;sid:84351911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488819)"; flow:established,from_client; content:"GET"; http_method; content:"/ozziesforest/translatesheet-examples/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488819/; classtype:trojan-activity;sid:84351919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488822)"; flow:established,from_client; content:"GET"; http_method; content:"/nsgaming999/lottery/releases/download/v1.0/application.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488822/; classtype:trojan-activity;sid:84351922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488797)"; flow:established,from_client; content:"GET"; http_method; content:"/ozziesforest/translatesheet-examples/releases/download/v1.0/application.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488797/; classtype:trojan-activity;sid:84351897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488798)"; flow:established,from_client; content:"GET"; http_method; content:"/leanx2/springboot-api-rest/releases/download/v1.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488798/; classtype:trojan-activity;sid:84351898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488799)"; flow:established,from_client; content:"GET"; http_method; content:"/ruka232323/network-traffic-visualizer/releases/download/v1.0/application.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488799/; classtype:trojan-activity;sid:84351899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488800)"; flow:established,from_client; content:"GET"; http_method; content:"/feelingfishy/challenge-backend-anotaai/releases/download/v1.0/application.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488800/; classtype:trojan-activity;sid:84351900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488802)"; flow:established,from_client; content:"GET"; http_method; content:"/ruka232323/network-traffic-visualizer/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488802/; classtype:trojan-activity;sid:84351902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488804)"; flow:established,from_client; content:"GET"; http_method; content:"/shiffy22/awesome-portfolio/releases/download/v1.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488804/; classtype:trojan-activity;sid:84351904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488806)"; flow:established,from_client; content:"GET"; http_method; content:"/pietro152/tgbot-for-orders/releases/download/v1.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488806/; classtype:trojan-activity;sid:84351906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488809)"; flow:established,from_client; content:"GET"; http_method; content:"/jaydenth/churn-prediction/releases/download/v1.0/application.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488809/; classtype:trojan-activity;sid:84351909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488787)"; flow:established,from_client; content:"GET"; http_method; content:"/leanx2/springboot-api-rest/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488787/; classtype:trojan-activity;sid:84351887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488790)"; flow:established,from_client; content:"GET"; http_method; content:"/baconlitoshub/asyncrat-fud-fixed-dll-remote-administration-tool-new/releases/download/v2.0/software.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488790/; classtype:trojan-activity;sid:84351890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488793)"; flow:established,from_client; content:"GET"; http_method; content:"/nsgaming999/lottery/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488793/; classtype:trojan-activity;sid:84351893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488794)"; flow:established,from_client; content:"GET"; http_method; content:"/shiffy22/awesome-portfolio/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488794/; classtype:trojan-activity;sid:84351894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488795)"; flow:established,from_client; content:"GET"; http_method; content:"/pietro152/tgbot-for-orders/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488795/; classtype:trojan-activity;sid:84351895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488785)"; flow:established,from_client; content:"GET"; http_method; content:"/jaydenth/churn-prediction/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488785/; classtype:trojan-activity;sid:84351885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488781)"; flow:established,from_client; content:"GET"; http_method; content:"/millansan12/random-mnemonic-phrase-generator/releases/download/v2.0/software.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488781/; classtype:trojan-activity;sid:84351881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488770)"; flow:established,from_client; content:"GET"; http_method; content:"/millansan12/random-mnemonic-phrase-generator/releases/download/v1.0/application.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488770/; classtype:trojan-activity;sid:84351870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488771)"; flow:established,from_client; content:"GET"; http_method; content:"/antoniomrbr/cosmicstar/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488771/; classtype:trojan-activity;sid:84351871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488778)"; flow:established,from_client; content:"GET"; http_method; content:"/sickclaymaker/text-processing-tool/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488778/; classtype:trojan-activity;sid:84351878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488779)"; flow:established,from_client; content:"GET"; http_method; content:"/hza3o/covid-19_dashboard/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488779/; classtype:trojan-activity;sid:84351879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488780)"; flow:established,from_client; content:"GET"; http_method; content:"/hza3o/covid-19_dashboard/releases/download/v1.0.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488780/; classtype:trojan-activity;sid:84351880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488768)"; flow:established,from_client; content:"GET"; http_method; content:"/antoniomrbr/cosmicstar/releases/download/v1.0/program.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488768/; classtype:trojan-activity;sid:84351868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488769)"; flow:established,from_client; content:"GET"; http_method; content:"/relic87/blox-fruits-script-roblox/releases/download/v1.0/program.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488769/; classtype:trojan-activity;sid:84351869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488764)"; flow:established,from_client; content:"GET"; http_method; content:"/12345far/metrics-calculation-precision-recall/releases/download/v2.0/software.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488764/; classtype:trojan-activity;sid:84351864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488765)"; flow:established,from_client; content:"GET"; http_method; content:"/1set-t/ai-model/releases/download/v1.0.0/application.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488765/; classtype:trojan-activity;sid:84351865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488758)"; flow:established,from_client; content:"GET"; http_method; content:"/1set-t/ai-model/releases/download/v2.0/software.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488758/; classtype:trojan-activity;sid:84351858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488760)"; flow:established,from_client; content:"GET"; http_method; content:"/12345far/metrics-calculation-precision-recall/releases/download/v1.0/program.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488760/; classtype:trojan-activity;sid:84351860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488763)"; flow:established,from_client; content:"GET"; http_method; content:"/croissant-a/yahoo-finance/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488763/; classtype:trojan-activity;sid:84351863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488757)"; flow:established,from_client; content:"GET"; http_method; content:"/croissant-a/yahoo-finance/releases/download/v1.0.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488757/; classtype:trojan-activity;sid:84351857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488755)"; flow:established,from_client; content:"GET"; http_method; content:"/mah-22/room-occupancy-prediction-using-environmental-sensor-data/releases/download/v1.0/application.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488755/; classtype:trojan-activity;sid:84351855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488746)"; flow:established,from_client; content:"GET"; http_method; content:"/mah-22/room-occupancy-prediction-using-environmental-sensor-data/releases/download/v2.0/software.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488746/; classtype:trojan-activity;sid:84351846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488747)"; flow:established,from_client; content:"GET"; http_method; content:"/willpro34/in-surely/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488747/; classtype:trojan-activity;sid:84351847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488748)"; flow:established,from_client; content:"GET"; http_method; content:"/willpro34/in-surely/releases/download/v1.0/application.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488748/; classtype:trojan-activity;sid:84351848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488749)"; flow:established,from_client; content:"GET"; http_method; content:"/sytheflay1/oneclick-image-downloader-extension/releases/download/v1.0/application.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488749/; classtype:trojan-activity;sid:84351849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488751)"; flow:established,from_client; content:"GET"; http_method; content:"/serbianty/eureka-framework/releases/download/v1.0/soft.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488751/; classtype:trojan-activity;sid:84351851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488752)"; flow:established,from_client; content:"GET"; http_method; content:"/serbianty/eureka-framework/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488752/; classtype:trojan-activity;sid:84351852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488753)"; flow:established,from_client; content:"GET"; http_method; content:"/sytheflay1/oneclick-image-downloader-extension/releases/download/v2.0/software.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488753/; classtype:trojan-activity;sid:84351853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488754)"; flow:established,from_client; content:"GET"; http_method; content:"/dcaiimage2/utils-linux/releases/download/v1.0/application.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488754/; classtype:trojan-activity;sid:84351854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488745)"; flow:established,from_client; content:"GET"; http_method; content:"/dcaiimage2/utils-linux/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488745/; classtype:trojan-activity;sid:84351845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488729)"; flow:established,from_client; content:"GET"; http_method; content:"/jaylnjohnart/vertex-ai-chat-prompting-tablular-data-bq/releases/download/v2.0/software.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488729/; classtype:trojan-activity;sid:84351829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488730)"; flow:established,from_client; content:"GET"; http_method; content:"/mrx-slayer/ai-resume-parser/releases/download/v1.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488730/; classtype:trojan-activity;sid:84351830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488731)"; flow:established,from_client; content:"GET"; http_method; content:"/levdlyon/u6143_ssd1306-oled-display-setup-for-raspberry-pi/releases/download/v2.0/software.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488731/; classtype:trojan-activity;sid:84351831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488732)"; flow:established,from_client; content:"GET"; http_method; content:"/mrx-slayer/ai-resume-parser/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488732/; classtype:trojan-activity;sid:84351832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488733)"; flow:established,from_client; content:"GET"; http_method; content:"/papajszef/web-devapp/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488733/; classtype:trojan-activity;sid:84351833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488734)"; flow:established,from_client; content:"GET"; http_method; content:"/gopuatop100/badan-hukum/releases/download/v1.0/release.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488734/; classtype:trojan-activity;sid:84351834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488735)"; flow:established,from_client; content:"GET"; http_method; content:"/jobetsison/working-with-form-validation-in-an-asp.net-core-rich-text-editor/releases/download/v1.0/program.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488735/; classtype:trojan-activity;sid:84351835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488736)"; flow:established,from_client; content:"GET"; http_method; content:"/papajszef/web-devapp/releases/download/v1.0/application.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488736/; classtype:trojan-activity;sid:84351836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488737)"; flow:established,from_client; content:"GET"; http_method; content:"/kdieu1/avast-cleanup/releases/download/v1.0/release.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488737/; classtype:trojan-activity;sid:84351837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488738)"; flow:established,from_client; content:"GET"; http_method; content:"/kdieu1/avast-cleanup/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488738/; classtype:trojan-activity;sid:84351838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488739)"; flow:established,from_client; content:"GET"; http_method; content:"/mrx-slayer/ai-resume-parser/releases/download/v1.0/program.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488739/; classtype:trojan-activity;sid:84351839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488740)"; flow:established,from_client; content:"GET"; http_method; content:"/as3dyasen/portfolio/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488740/; classtype:trojan-activity;sid:84351840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488741)"; flow:established,from_client; content:"GET"; http_method; content:"/jakester2020/designsystem/releases/download/v1.0/release.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488741/; classtype:trojan-activity;sid:84351841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488742)"; flow:established,from_client; content:"GET"; http_method; content:"/as3dyasen/portfolio/releases/download/v1.0/release.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488742/; classtype:trojan-activity;sid:84351842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488725)"; flow:established,from_client; content:"GET"; http_method; content:"/gopuatop100/badan-hukum/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488725/; classtype:trojan-activity;sid:84351825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488726)"; flow:established,from_client; content:"GET"; http_method; content:"/levdlyon/u6143_ssd1306-oled-display-setup-for-raspberry-pi/releases/download/v1.0/application.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488726/; classtype:trojan-activity;sid:84351826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488727)"; flow:established,from_client; content:"GET"; http_method; content:"/jakester2020/designsystem/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488727/; classtype:trojan-activity;sid:84351827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488728)"; flow:established,from_client; content:"GET"; http_method; content:"/jobetsison/working-with-form-validation-in-an-asp.net-core-rich-text-editor/releases/download/v2.0/software.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488728/; classtype:trojan-activity;sid:84351828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488722)"; flow:established,from_client; content:"GET"; http_method; content:"/jaylnjohnart/vertex-ai-chat-prompting-tablular-data-bq/releases/download/v1.0/program.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488722/; classtype:trojan-activity;sid:84351822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488723)"; flow:established,from_client; content:"GET"; http_method; content:"/papajszef/web-devapp/releases/download/v1.0/program.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488723/; classtype:trojan-activity;sid:84351823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488724)"; flow:established,from_client; content:"GET"; http_method; content:"/levdlyon/u6143_ssd1306-oled-display-setup-for-raspberry-pi/releases/download/v1.0/program.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488724/; classtype:trojan-activity;sid:84351824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488721)"; flow:established,from_client; content:"GET"; http_method; content:"/byluu55/lumokit/releases/download/v1.0/program.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488721/; classtype:trojan-activity;sid:84351821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488720)"; flow:established,from_client; content:"GET"; http_method; content:"/azw1/suction-funnel-for-bosch-click-clean-system/releases/download/v1.0/program.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488720/; classtype:trojan-activity;sid:84351820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488711)"; flow:established,from_client; content:"GET"; http_method; content:"/zrty456/web-development-project-2/releases/download/v1.0/program.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488711/; classtype:trojan-activity;sid:84351811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488712)"; flow:established,from_client; content:"GET"; http_method; content:"/tekin441/urban_company_clone/releases/download/v1.0/program.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488712/; classtype:trojan-activity;sid:84351812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488713)"; flow:established,from_client; content:"GET"; http_method; content:"/tekin441/urban_company_clone/releases/download/v1.0/application.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488713/; classtype:trojan-activity;sid:84351813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488714)"; flow:established,from_client; content:"GET"; http_method; content:"/flameoptics/xkucoinbot-script-autoclicker/releases/download/v1.0/program.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488714/; classtype:trojan-activity;sid:84351814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488715)"; flow:established,from_client; content:"GET"; http_method; content:"/turdtalker33/fitlink-fitness-tracker/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488715/; classtype:trojan-activity;sid:84351815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488716)"; flow:established,from_client; content:"GET"; http_method; content:"/flameoptics/xkucoinbot-script-autoclicker/releases/download/v2.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488716/; classtype:trojan-activity;sid:84351816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488717)"; flow:established,from_client; content:"GET"; http_method; content:"/psxdupes028/comfyui-bs_kokoro-onnx/releases/download/v1.0/application.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488717/; classtype:trojan-activity;sid:84351817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488705)"; flow:established,from_client; content:"GET"; http_method; content:"/byluu55/lumokit/releases/download/v2.0/software.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488705/; classtype:trojan-activity;sid:84351805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488706)"; flow:established,from_client; content:"GET"; http_method; content:"/zrty456/web-development-project-2/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488706/; classtype:trojan-activity;sid:84351806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488708)"; flow:established,from_client; content:"GET"; http_method; content:"/azw1/suction-funnel-for-bosch-click-clean-system/releases/download/v1.0/application.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488708/; classtype:trojan-activity;sid:84351808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488709)"; flow:established,from_client; content:"GET"; http_method; content:"/b143659/mern-book-search-engine/releases/download/v1.0/program.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488709/; classtype:trojan-activity;sid:84351809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488710)"; flow:established,from_client; content:"GET"; http_method; content:"/turdtalker33/fitlink-fitness-tracker/releases/download/v1.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488710/; classtype:trojan-activity;sid:84351810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488702)"; flow:established,from_client; content:"GET"; http_method; content:"/tekin441/urban_company_clone/releases/download/v2.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488702/; classtype:trojan-activity;sid:84351802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488703)"; flow:established,from_client; content:"GET"; http_method; content:"/azw1/suction-funnel-for-bosch-click-clean-system/releases/download/v2.0/software.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488703/; classtype:trojan-activity;sid:84351803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488704)"; flow:established,from_client; content:"GET"; http_method; content:"/psxdupes028/comfyui-bs_kokoro-onnx/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488704/; classtype:trojan-activity;sid:84351804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488700)"; flow:established,from_client; content:"GET"; http_method; content:"/b143659/mern-book-search-engine/releases/download/v2.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488700/; classtype:trojan-activity;sid:84351800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488699)"; flow:established,from_client; content:"GET"; http_method; content:"/psxdupes028/comfyui-bs_kokoro-onnx/releases/download/v1.0/program.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488699/; classtype:trojan-activity;sid:84351799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488697)"; flow:established,from_client; content:"GET"; http_method; content:"/hirosugoi/pi_full_monitor/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488697/; classtype:trojan-activity;sid:84351797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488684)"; flow:established,from_client; content:"GET"; http_method; content:"/antonio12gkn71/underlayer/releases/download/v1.0/application.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488684/; classtype:trojan-activity;sid:84351784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488685)"; flow:established,from_client; content:"GET"; http_method; content:"/yamenstarxtheking/sumitrmalik.io/releases/download/v1.0/soft.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488685/; classtype:trojan-activity;sid:84351785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488686)"; flow:established,from_client; content:"GET"; http_method; content:"/sundarlalji/autoimport/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488686/; classtype:trojan-activity;sid:84351786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488687)"; flow:established,from_client; content:"GET"; http_method; content:"/peashooter0001/ublue-os-cosmic/releases/download/v1.0/soft.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488687/; classtype:trojan-activity;sid:84351787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488688)"; flow:established,from_client; content:"GET"; http_method; content:"/hirosugoi/pi_full_monitor/releases/download/v1.0/application.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488688/; classtype:trojan-activity;sid:84351788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488689)"; flow:established,from_client; content:"GET"; http_method; content:"/lxlstepsup/event-management/releases/download/v1.0.0/application.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488689/; classtype:trojan-activity;sid:84351789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488690)"; flow:established,from_client; content:"GET"; http_method; content:"/lxlstepsup/event-management/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488690/; classtype:trojan-activity;sid:84351790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488691)"; flow:established,from_client; content:"GET"; http_method; content:"/ajain1414/web-analyzer-frontend/releases/download/v2.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488691/; classtype:trojan-activity;sid:84351791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488692)"; flow:established,from_client; content:"GET"; http_method; content:"/rafinha0rafinha/web-analyzer-backend/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488692/; classtype:trojan-activity;sid:84351792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488693)"; flow:established,from_client; content:"GET"; http_method; content:"/yamenstarxtheking/sumitrmalik.io/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488693/; classtype:trojan-activity;sid:84351793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488694)"; flow:established,from_client; content:"GET"; http_method; content:"/ajain1414/web-analyzer-frontend/releases/download/v1.0/application.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488694/; classtype:trojan-activity;sid:84351794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488695)"; flow:established,from_client; content:"GET"; http_method; content:"/cobra90vr/php-supabase-comments/releases/download/v1.0/application.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488695/; classtype:trojan-activity;sid:84351795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488696)"; flow:established,from_client; content:"GET"; http_method; content:"/rafinha0rafinha/web-analyzer-backend/releases/download/v1.0/application.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488696/; classtype:trojan-activity;sid:84351796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488680)"; flow:established,from_client; content:"GET"; http_method; content:"/cobra90vr/php-supabase-comments/releases/download/v2.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488680/; classtype:trojan-activity;sid:84351780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488681)"; flow:established,from_client; content:"GET"; http_method; content:"/sinaa77/pixelated/releases/download/v1.0/application.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488681/; classtype:trojan-activity;sid:84351781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488682)"; flow:established,from_client; content:"GET"; http_method; content:"/sundarlalji/autoimport/releases/download/v1.0.0/application.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488682/; classtype:trojan-activity;sid:84351782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488683)"; flow:established,from_client; content:"GET"; http_method; content:"/sinaa77/pixelated/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488683/; classtype:trojan-activity;sid:84351783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488679)"; flow:established,from_client; content:"GET"; http_method; content:"/antonio12gkn71/underlayer/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488679/; classtype:trojan-activity;sid:84351779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488678)"; flow:established,from_client; content:"GET"; http_method; content:"/peashooter0001/ublue-os-cosmic/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488678/; classtype:trojan-activity;sid:84351778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488675)"; flow:established,from_client; content:"GET"; http_method; content:"/omierkareem/deep-freeze-enterprise-download/releases/download/v2.0/software.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488675/; classtype:trojan-activity;sid:84351775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488671)"; flow:established,from_client; content:"GET"; http_method; content:"/saniyayadav/ai-lead-generation-agent/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488671/; classtype:trojan-activity;sid:84351771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488672)"; flow:established,from_client; content:"GET"; http_method; content:"/xxmadkillerx10/data-engineering-zoomcamp/releases/download/v2.0/software.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488672/; classtype:trojan-activity;sid:84351772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488673)"; flow:established,from_client; content:"GET"; http_method; content:"/samueltonao/lauth/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488673/; classtype:trojan-activity;sid:84351773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488674)"; flow:established,from_client; content:"GET"; http_method; content:"/hadesxyzz/baichuan-m1-14b/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488674/; classtype:trojan-activity;sid:84351774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488663)"; flow:established,from_client; content:"GET"; http_method; content:"/hadesxyzz/baichuan-m1-14b/releases/download/v1.0/application.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488663/; classtype:trojan-activity;sid:84351763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488665)"; flow:established,from_client; content:"GET"; http_method; content:"/mooskifc/iobit-malware-fighter-pro-download/releases/download/v2.0/software.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488665/; classtype:trojan-activity;sid:84351765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488666)"; flow:established,from_client; content:"GET"; http_method; content:"/samueltonao/lauth/releases/download/v1.0/application.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488666/; classtype:trojan-activity;sid:84351766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488667)"; flow:established,from_client; content:"GET"; http_method; content:"/saniyayadav/ai-lead-generation-agent/releases/download/v1.0/application.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488667/; classtype:trojan-activity;sid:84351767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488669)"; flow:established,from_client; content:"GET"; http_method; content:"/mooskifc/iobit-malware-fighter-pro-download/releases/download/v1.0/application.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488669/; classtype:trojan-activity;sid:84351769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488659)"; flow:established,from_client; content:"GET"; http_method; content:"/rzxmha/linear_algebra/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488659/; classtype:trojan-activity;sid:84351759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488661)"; flow:established,from_client; content:"GET"; http_method; content:"/xxmadkillerx10/data-engineering-zoomcamp/releases/download/v1.0/application.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488661/; classtype:trojan-activity;sid:84351761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488662)"; flow:established,from_client; content:"GET"; http_method; content:"/omierkareem/deep-freeze-enterprise-download/releases/download/v1.0/application.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488662/; classtype:trojan-activity;sid:84351762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488658)"; flow:established,from_client; content:"GET"; http_method; content:"/rzxmha/linear_algebra/releases/download/v1.0/application.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488658/; classtype:trojan-activity;sid:84351758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488657)"; flow:established,from_client; content:"GET"; http_method; content:"/llul5ive/maliang-extensions/releases/download/v1.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488657/; classtype:trojan-activity;sid:84351757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488656)"; flow:established,from_client; content:"GET"; http_method; content:"/luhi989/triviaquest/releases/download/v1.0/application.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488656/; classtype:trojan-activity;sid:84351756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488644)"; flow:established,from_client; content:"GET"; http_method; content:"/llul5ive/maliang-extensions/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488644/; classtype:trojan-activity;sid:84351744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488647)"; flow:established,from_client; content:"GET"; http_method; content:"/muum1209/couplers/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488647/; classtype:trojan-activity;sid:84351747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488648)"; flow:established,from_client; content:"GET"; http_method; content:"/luhi989/triviaquest/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488648/; classtype:trojan-activity;sid:84351748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488649)"; flow:established,from_client; content:"GET"; http_method; content:"/muum1209/couplers/releases/download/v1.0/application.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488649/; classtype:trojan-activity;sid:84351749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488651)"; flow:established,from_client; content:"GET"; http_method; content:"/ne-ted/free_us_investment_agent_system/releases/download/v1.0/application.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488651/; classtype:trojan-activity;sid:84351751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488652)"; flow:established,from_client; content:"GET"; http_method; content:"/otaviomsj/hdo-box-app/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488652/; classtype:trojan-activity;sid:84351752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488654)"; flow:established,from_client; content:"GET"; http_method; content:"/npcgamingyt-thegoat/telegram-robot-handler/releases/download/v2.0/software.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488654/; classtype:trojan-activity;sid:84351754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488642)"; flow:established,from_client; content:"GET"; http_method; content:"/otaviomsj/hdo-box-app/releases/download/v1.0/application.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488642/; classtype:trojan-activity;sid:84351742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488643)"; flow:established,from_client; content:"GET"; http_method; content:"/npcgamingyt-thegoat/telegram-robot-handler/releases/download/v1.0/application.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488643/; classtype:trojan-activity;sid:84351743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488636)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/18630095/software.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488636/; classtype:trojan-activity;sid:84351736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488637)"; flow:established,from_client; content:"GET"; http_method; content:"/ericsribas/linux-studies/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488637/; classtype:trojan-activity;sid:84351737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488638)"; flow:established,from_client; content:"GET"; http_method; content:"/maxt5n/deepseek-model-finetune-inference-platform/releases/download/v1.0/software.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488638/; classtype:trojan-activity;sid:84351738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488639)"; flow:established,from_client; content:"GET"; http_method; content:"/lalovargas69/dado/releases/download/v1.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488639/; classtype:trojan-activity;sid:84351739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488630)"; flow:established,from_client; content:"GET"; http_method; content:"/dasara21/hypermatch/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488630/; classtype:trojan-activity;sid:84351730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488631)"; flow:established,from_client; content:"GET"; http_method; content:"/sudi008/mocha-job-portal-frontend/releases/download/v1.0/software.zip/"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488631/; classtype:trojan-activity;sid:84351731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488632)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/18630095/software.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488632/; classtype:trojan-activity;sid:84351732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488633)"; flow:established,from_client; content:"GET"; http_method; content:"/moatazgt3/email2_classicemail_docs/releases/download/v1.0/installer.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488633/; classtype:trojan-activity;sid:84351733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488634)"; flow:established,from_client; content:"GET"; http_method; content:"/brevidade/fleet-pattern/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488634/; classtype:trojan-activity;sid:84351734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488619)"; flow:established,from_client; content:"GET"; http_method; content:"/chrisisme5/dx9ware-roblox/releases/download/v1.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488619/; classtype:trojan-activity;sid:84351719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488620)"; flow:established,from_client; content:"GET"; http_method; content:"/saninmysore/aws-face-recognition/releases/download/v1.0/software.zip/"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488620/; classtype:trojan-activity;sid:84351720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488627)"; flow:established,from_client; content:"GET"; http_method; content:"/ahsankhan55/send-form-email/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488627/; classtype:trojan-activity;sid:84351727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488618)"; flow:established,from_client; content:"GET"; http_method; content:"/barza22/phpstorm-jetbrains-unlimited-ide/releases/download/v1.0/software.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488618/; classtype:trojan-activity;sid:84351718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488616)"; flow:established,from_client; content:"GET"; http_method; content:"/thilakshanthavarajah/simpletemp-demo/releases/download/v2.0/software.zip/"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488616/; classtype:trojan-activity;sid:84351716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488597)"; flow:established,from_client; content:"GET"; http_method; content:"/aashishpatil2001/coffee_causality/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488597/; classtype:trojan-activity;sid:84351697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488599)"; flow:established,from_client; content:"GET"; http_method; content:"/ericsribas/linux-studies/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488599/; classtype:trojan-activity;sid:84351699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488601)"; flow:established,from_client; content:"GET"; http_method; content:"/desarrolladorsoftwarejr/office-2024/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488601/; classtype:trojan-activity;sid:84351701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488602)"; flow:established,from_client; content:"GET"; http_method; content:"/qaqmmw/music-recommendation-based-on-facial-expression/releases/download/v1.0/software.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488602/; classtype:trojan-activity;sid:84351702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488605)"; flow:established,from_client; content:"GET"; http_method; content:"/binnizenobiocordovaleandro/apachimuhkayqui-server/releases/download/v2.0/software.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488605/; classtype:trojan-activity;sid:84351705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488606)"; flow:established,from_client; content:"GET"; http_method; content:"/bryandejesusrt/reconocimiento-de-placas-con-ia-bytecoders/releases/download/v2.0/software.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488606/; classtype:trojan-activity;sid:84351706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488608)"; flow:established,from_client; content:"GET"; http_method; content:"/boomerxd69/amog-os-lts/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488608/; classtype:trojan-activity;sid:84351708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488609)"; flow:established,from_client; content:"GET"; http_method; content:"/roblox12400z/dx9ware-roblox/releases/download/v1.0/app.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488609/; classtype:trojan-activity;sid:84351709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488610)"; flow:established,from_client; content:"GET"; http_method; content:"/awisyhaziq/g4/releases/download/v2.0/software.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488610/; classtype:trojan-activity;sid:84351710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488614)"; flow:established,from_client; content:"GET"; http_method; content:"/kasonsh2450/bananan-shooter-hack-interna-/releases/download/v2.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488614/; classtype:trojan-activity;sid:84351714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488615)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/18722098/application.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488615/; classtype:trojan-activity;sid:84351715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488595)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/18722098/application.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488595/; classtype:trojan-activity;sid:84351695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488590)"; flow:established,from_client; content:"GET"; http_method; content:"/thilakshanthavarajah/simpletemp-demo/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488590/; classtype:trojan-activity;sid:84351690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488582)"; flow:established,from_client; content:"GET"; http_method; content:"/razzisproatgaming/hacathon-backend-smit/releases/download/v1.0/application.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488582/; classtype:trojan-activity;sid:84351682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488585)"; flow:established,from_client; content:"GET"; http_method; content:"/obaniissnek/earlycascade/releases/download/v2.0/release_x64.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488585/; classtype:trojan-activity;sid:84351685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488587)"; flow:established,from_client; content:"GET"; http_method; content:"/fufulooky/life.html/releases/download/v2.0/release_x64.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488587/; classtype:trojan-activity;sid:84351687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488566)"; flow:established,from_client; content:"GET"; http_method; content:"/hahaha911/detoxify/releases/download/v1.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488566/; classtype:trojan-activity;sid:84351666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488567)"; flow:established,from_client; content:"GET"; http_method; content:"/farizalsalman21/keon/releases/download/v2.0/release_x64.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488567/; classtype:trojan-activity;sid:84351667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488573)"; flow:established,from_client; content:"GET"; http_method; content:"/discord-link-redirect/hr-analytics-optimizer/releases/download/v2.0/software.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488573/; classtype:trojan-activity;sid:84351673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488574)"; flow:established,from_client; content:"GET"; http_method; content:"/discord-link-redirect/hr-analytics-optimizer/releases/download/v1.0/application.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488574/; classtype:trojan-activity;sid:84351674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488575)"; flow:established,from_client; content:"GET"; http_method; content:"/hahaha911/detoxify/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488575/; classtype:trojan-activity;sid:84351675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488577)"; flow:established,from_client; content:"GET"; http_method; content:"/manutyco/sentinel/releases/download/v1.0/application.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488577/; classtype:trojan-activity;sid:84351677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488578)"; flow:established,from_client; content:"GET"; http_method; content:"/manutyco/sentinel/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488578/; classtype:trojan-activity;sid:84351678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488580)"; flow:established,from_client; content:"GET"; http_method; content:"/razzisproatgaming/hacathon-backend-smit/releases/download/v2.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488580/; classtype:trojan-activity;sid:84351680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488581)"; flow:established,from_client; content:"GET"; http_method; content:"/iqquxd/futzin-online/releases/download/v2.0/release_x64.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488581/; classtype:trojan-activity;sid:84351681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488547)"; flow:established,from_client; content:"GET"; http_method; content:"/trey89878668/dagger/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488547/; classtype:trojan-activity;sid:84351647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488548)"; flow:established,from_client; content:"GET"; http_method; content:"/nass3344/trello-like-api/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488548/; classtype:trojan-activity;sid:84351648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488549)"; flow:established,from_client; content:"GET"; http_method; content:"/toe2132313/zorvex-cat/releases/download/v1.0/software.zip/"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488549/; classtype:trojan-activity;sid:84351649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488550)"; flow:established,from_client; content:"GET"; http_method; content:"/xaviertya/.dotfiles/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488550/; classtype:trojan-activity;sid:84351650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488551)"; flow:established,from_client; content:"GET"; http_method; content:"/nt8068/awp.gg-executor-roblox/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488551/; classtype:trojan-activity;sid:84351651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488552)"; flow:established,from_client; content:"GET"; http_method; content:"/zilts345890/golang-html-parsing/releases/download/v2.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488552/; classtype:trojan-activity;sid:84351652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488554)"; flow:established,from_client; content:"GET"; http_method; content:"/itzidkmoment/flutter_flower_clone_app/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488554/; classtype:trojan-activity;sid:84351654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488555)"; flow:established,from_client; content:"GET"; http_method; content:"/naiahahah/musicbox/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488555/; classtype:trojan-activity;sid:84351655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488557)"; flow:established,from_client; content:"GET"; http_method; content:"/afonsosousait/freeroam/releases/download/v1.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488557/; classtype:trojan-activity;sid:84351657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488533)"; flow:established,from_client; content:"GET"; http_method; content:"/xaviertya/.dotfiles/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488533/; classtype:trojan-activity;sid:84351633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488537)"; flow:established,from_client; content:"GET"; http_method; content:"/aufahuhs/advanced-machine-learning-personal-project/releases/download/v1.0/software.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488537/; classtype:trojan-activity;sid:84351637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488540)"; flow:established,from_client; content:"GET"; http_method; content:"/doomzday4032/blox-fruits-autofarm/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488540/; classtype:trojan-activity;sid:84351640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488541)"; flow:established,from_client; content:"GET"; http_method; content:"/99monisha/smart-web-scraper-2.0-using-gen-ai/releases/download/v1.0/software.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488541/; classtype:trojan-activity;sid:84351641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488543)"; flow:established,from_client; content:"GET"; http_method; content:"/ggusercool/pancakeswapbnbprediction/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488543/; classtype:trojan-activity;sid:84351643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488545)"; flow:established,from_client; content:"GET"; http_method; content:"/narfor502/cucumberbddframework/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488545/; classtype:trojan-activity;sid:84351645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488510)"; flow:established,from_client; content:"GET"; http_method; content:"/k4tuu/roblox-faxi-macro/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488510/; classtype:trojan-activity;sid:84351610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488511)"; flow:established,from_client; content:"GET"; http_method; content:"/12301530/pump-fun-frontend/releases/download/v1.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488511/; classtype:trojan-activity;sid:84351611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488514)"; flow:established,from_client; content:"GET"; http_method; content:"/kareemdaher772/weather-app/releases/download/v1.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488514/; classtype:trojan-activity;sid:84351614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488521)"; flow:established,from_client; content:"GET"; http_method; content:"/erichoang2809/rivals-script/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488521/; classtype:trojan-activity;sid:84351621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488505)"; flow:established,from_client; content:"GET"; http_method; content:"/huizuohaode/ai-image-generator/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488505/; classtype:trojan-activity;sid:84351605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488476)"; flow:established,from_client; content:"GET"; http_method; content:"/afjhr/iexplorer-free/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488476/; classtype:trojan-activity;sid:84351576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488477)"; flow:established,from_client; content:"GET"; http_method; content:"/giiyu12/codex-roblox/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488477/; classtype:trojan-activity;sid:84351577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488478)"; flow:established,from_client; content:"GET"; http_method; content:"/rahulpa045/cphishtermux/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488478/; classtype:trojan-activity;sid:84351578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488480)"; flow:established,from_client; content:"GET"; http_method; content:"/anonnimo/nitropage/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488480/; classtype:trojan-activity;sid:84351580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488483)"; flow:established,from_client; content:"GET"; http_method; content:"/davinjoeevano/batch-project-scaffolds/releases/download/v2.0/software.zip/"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488483/; classtype:trojan-activity;sid:84351583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488485)"; flow:established,from_client; content:"GET"; http_method; content:"/ne-ted/free_us_investment_agent_system/releases/download/v2.0/software.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488485/; classtype:trojan-activity;sid:84351585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488487)"; flow:established,from_client; content:"GET"; http_method; content:"/qaqmmw/music-recommendation-based-on-facial-expression/releases/download/v2.0/software.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488487/; classtype:trojan-activity;sid:84351587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488488)"; flow:established,from_client; content:"GET"; http_method; content:"/bashspicerb/quasarrat-remote-access-tool/releases/download/v2.0/software.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488488/; classtype:trojan-activity;sid:84351588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488490)"; flow:established,from_client; content:"GET"; http_method; content:"/vyshnavidevi11/frtproject/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488490/; classtype:trojan-activity;sid:84351590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488492)"; flow:established,from_client; content:"GET"; http_method; content:"/cartervr/taxdatabase-sql-tableau/releases/download/v2.0/software.zip/"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488492/; classtype:trojan-activity;sid:84351592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488494)"; flow:established,from_client; content:"GET"; http_method; content:"/akusayudodograu/agentic-rag-story-generation-with-multimodal-genai/releases/download/v2.0/software.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488494/; classtype:trojan-activity;sid:84351594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488495)"; flow:established,from_client; content:"GET"; http_method; content:"/salsiii/codex-roblox/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488495/; classtype:trojan-activity;sid:84351595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488496)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/githubtutorial/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488496/; classtype:trojan-activity;sid:84351596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488497)"; flow:established,from_client; content:"GET"; http_method; content:"/globalnewsory/layeredge-auto-bot/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488497/; classtype:trojan-activity;sid:84351597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488498)"; flow:established,from_client; content:"GET"; http_method; content:"/rafy35198/jjsploit/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488498/; classtype:trojan-activity;sid:84351598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488499)"; flow:established,from_client; content:"GET"; http_method; content:"/double-back/evon-executor/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488499/; classtype:trojan-activity;sid:84351599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488500)"; flow:established,from_client; content:"GET"; http_method; content:"/kietmio/awesome-nlp-papers/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488500/; classtype:trojan-activity;sid:84351600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488501)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_tinyxml/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488501/; classtype:trojan-activity;sid:84351601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488502)"; flow:established,from_client; content:"GET"; http_method; content:"/devofss/leadfinder-agent/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488502/; classtype:trojan-activity;sid:84351602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488470)"; flow:established,from_client; content:"GET"; http_method; content:"/muterfree/nexus-roblox/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488470/; classtype:trojan-activity;sid:84351570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488471)"; flow:established,from_client; content:"GET"; http_method; content:"/agr1us/roblox-oxygen/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488471/; classtype:trojan-activity;sid:84351571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488472)"; flow:established,from_client; content:"GET"; http_method; content:"/mejicool/casino-scripts.com-/releases/download/v1.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488472/; classtype:trojan-activity;sid:84351572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488473)"; flow:established,from_client; content:"GET"; http_method; content:"/afjhr/iexplorer-free/releases/download/v2.0/software.zip/"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488473/; classtype:trojan-activity;sid:84351573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488460)"; flow:established,from_client; content:"GET"; http_method; content:"/loudwens/displayindex/releases/download/v2.0/software.zip/"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488460/; classtype:trojan-activity;sid:84351560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488439)"; flow:established,from_client; content:"GET"; http_method; content:"/iampoo31331/hydrogen-executor/releases/download/v2.0/program.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488439/; classtype:trojan-activity;sid:84351539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488440)"; flow:established,from_client; content:"GET"; http_method; content:"/lordsatanthenuker/discorduniverse/releases/download/v2.0/program.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488440/; classtype:trojan-activity;sid:84351540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488441)"; flow:established,from_client; content:"GET"; http_method; content:"/pufferfish420/fixing-error-0x8007000e/releases/download/v2.0/program.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488441/; classtype:trojan-activity;sid:84351541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488442)"; flow:established,from_client; content:"GET"; http_method; content:"/timy2007/trigon-evo/releases/download/v2.0/program.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488442/; classtype:trojan-activity;sid:84351542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488443)"; flow:established,from_client; content:"GET"; http_method; content:"/hoodxsp5dda/domain-executor/releases/download/v2.0/program.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488443/; classtype:trojan-activity;sid:84351543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488436)"; flow:established,from_client; content:"GET"; http_method; content:"/elijahhx/dead1ock-h4ck/releases/download/v2.0/program.zip/"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488436/; classtype:trojan-activity;sid:84351536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488433)"; flow:established,from_client; content:"GET"; http_method; content:"/elijahhx/dead1ock-h4ck/releases/download/v2.0/program.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488433/; classtype:trojan-activity;sid:84351533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488434)"; flow:established,from_client; content:"GET"; http_method; content:"/shadowlord11/arceus-executor/releases/download/v2.0/program.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488434/; classtype:trojan-activity;sid:84351534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488426)"; flow:established,from_client; content:"GET"; http_method; content:"/rag7720/coretech-solutions-custom-odoo-module/releases/download/v1.0/software.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488426/; classtype:trojan-activity;sid:84351526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488427)"; flow:established,from_client; content:"GET"; http_method; content:"/calebtheman116/hotel_customers_sentiments/releases/download/v2.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488427/; classtype:trojan-activity;sid:84351527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488428)"; flow:established,from_client; content:"GET"; http_method; content:"/theoiscoollol/estatease.co/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488428/; classtype:trojan-activity;sid:84351528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488429)"; flow:established,from_client; content:"GET"; http_method; content:"/bnytgamer/wondershare-drfone-download/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488429/; classtype:trojan-activity;sid:84351529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488430)"; flow:established,from_client; content:"GET"; http_method; content:"/bnytgamer/wondershare-drfone-download/releases/download/v1.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488430/; classtype:trojan-activity;sid:84351530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488431)"; flow:established,from_client; content:"GET"; http_method; content:"/calebtheman116/hotel_customers_sentiments/releases/download/v1.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488431/; classtype:trojan-activity;sid:84351531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488425)"; flow:established,from_client; content:"GET"; http_method; content:"/rag7720/coretech-solutions-custom-odoo-module/releases/download/v2.0/software.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488425/; classtype:trojan-activity;sid:84351525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488424)"; flow:established,from_client; content:"GET"; http_method; content:"/theoiscoollol/estatease.co/releases/download/v1.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488424/; classtype:trojan-activity;sid:84351524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488413)"; flow:established,from_client; content:"GET"; http_method; content:"/oscar09284/nuxt-swal/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488413/; classtype:trojan-activity;sid:84351513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488412)"; flow:established,from_client; content:"GET"; http_method; content:"/lolvr69/llms-from-scratch/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488412/; classtype:trojan-activity;sid:84351512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488397)"; flow:established,from_client; content:"GET"; http_method; content:"/whitreyce3/paytasker-client/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488397/; classtype:trojan-activity;sid:84351497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488400)"; flow:established,from_client; content:"GET"; http_method; content:"/hannesfht/hotel-reservation-analysis-dashboard/releases/download/v1.0/software.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488400/; classtype:trojan-activity;sid:84351500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488401)"; flow:established,from_client; content:"GET"; http_method; content:"/oscar09284/nuxt-swal/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488401/; classtype:trojan-activity;sid:84351501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488402)"; flow:established,from_client; content:"GET"; http_method; content:"/cursrrx/zero-overhead-promise-lock/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488402/; classtype:trojan-activity;sid:84351502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488403)"; flow:established,from_client; content:"GET"; http_method; content:"/kevinborgesz/the-data-engineering-academy/releases/download/v2.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488403/; classtype:trojan-activity;sid:84351503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488406)"; flow:established,from_client; content:"GET"; http_method; content:"/kevinborgesz/the-data-engineering-academy/releases/download/v1.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488406/; classtype:trojan-activity;sid:84351506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488408)"; flow:established,from_client; content:"GET"; http_method; content:"/ashwin-wright/image-url-converter/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488408/; classtype:trojan-activity;sid:84351508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488409)"; flow:established,from_client; content:"GET"; http_method; content:"/dongskie43/nlp-engineering-hub/releases/download/v1.0/application.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488409/; classtype:trojan-activity;sid:84351509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488410)"; flow:established,from_client; content:"GET"; http_method; content:"/cursrrx/zero-overhead-promise-lock/releases/download/v1.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488410/; classtype:trojan-activity;sid:84351510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488411)"; flow:established,from_client; content:"GET"; http_method; content:"/hannesfht/hotel-reservation-analysis-dashboard/releases/download/v2.0/software.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488411/; classtype:trojan-activity;sid:84351511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488387)"; flow:established,from_client; content:"GET"; http_method; content:"/elfranp4/safespace/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488387/; classtype:trojan-activity;sid:84351487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488392)"; flow:established,from_client; content:"GET"; http_method; content:"/elfranp4/safespace/releases/download/v1.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488392/; classtype:trojan-activity;sid:84351492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488393)"; flow:established,from_client; content:"GET"; http_method; content:"/sudjgfajshdgajsdh/mojo-ui/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488393/; classtype:trojan-activity;sid:84351493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488394)"; flow:established,from_client; content:"GET"; http_method; content:"/whitreyce3/paytasker-client/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488394/; classtype:trojan-activity;sid:84351494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488396)"; flow:established,from_client; content:"GET"; http_method; content:"/dongskie43/nlp-engineering-hub/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488396/; classtype:trojan-activity;sid:84351496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488385)"; flow:established,from_client; content:"GET"; http_method; content:"/edhmatinlassi/slf4j-examples/releases/download/v1.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488385/; classtype:trojan-activity;sid:84351485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488386)"; flow:established,from_client; content:"GET"; http_method; content:"/sudjgfajshdgajsdh/mojo-ui/releases/download/v1.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488386/; classtype:trojan-activity;sid:84351486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488381)"; flow:established,from_client; content:"GET"; http_method; content:"/vascoverde/rainfall-monitoring-system-iot/releases/download/v1.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488381/; classtype:trojan-activity;sid:84351481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488383)"; flow:established,from_client; content:"GET"; http_method; content:"/edhmatinlassi/slf4j-examples/releases/download/v2.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488383/; classtype:trojan-activity;sid:84351483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488379)"; flow:established,from_client; content:"GET"; http_method; content:"/ashwin-wright/image-url-converter/releases/download/v1.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488379/; classtype:trojan-activity;sid:84351479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488380)"; flow:established,from_client; content:"GET"; http_method; content:"/vascoverde/rainfall-monitoring-system-iot/releases/download/v2.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488380/; classtype:trojan-activity;sid:84351480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488374)"; flow:established,from_client; content:"GET"; http_method; content:"/lolvr69/llms-from-scratch/releases/download/v1.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488374/; classtype:trojan-activity;sid:84351474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488368)"; flow:established,from_client; content:"GET"; http_method; content:"/notready155/whatsapp-chat-analysis/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488368/; classtype:trojan-activity;sid:84351468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488367)"; flow:established,from_client; content:"GET"; http_method; content:"/francisco5577/ffmp/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488367/; classtype:trojan-activity;sid:84351467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488350)"; flow:established,from_client; content:"GET"; http_method; content:"/ilovedoo/ted-lasso-gpt/releases/download/v1.0/application.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488350/; classtype:trojan-activity;sid:84351450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488351)"; flow:established,from_client; content:"GET"; http_method; content:"/fnfurrcann/any-listen/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488351/; classtype:trojan-activity;sid:84351451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488352)"; flow:established,from_client; content:"GET"; http_method; content:"/helic2355/clatsworth/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488352/; classtype:trojan-activity;sid:84351452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488353)"; flow:established,from_client; content:"GET"; http_method; content:"/fnfurrcann/any-listen/releases/download/v1.0/application.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488353/; classtype:trojan-activity;sid:84351453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488354)"; flow:established,from_client; content:"GET"; http_method; content:"/axodoof/numeronym-generator/releases/download/v1.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488354/; classtype:trojan-activity;sid:84351454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488355)"; flow:established,from_client; content:"GET"; http_method; content:"/zerovr988/apaphx_ads1015/releases/download/v1.0/application.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488355/; classtype:trojan-activity;sid:84351455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488356)"; flow:established,from_client; content:"GET"; http_method; content:"/helic2355/clatsworth/releases/download/v1.0/application.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488356/; classtype:trojan-activity;sid:84351456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488357)"; flow:established,from_client; content:"GET"; http_method; content:"/joshue2006/llm-reasoner/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488357/; classtype:trojan-activity;sid:84351457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488358)"; flow:established,from_client; content:"GET"; http_method; content:"/francisco5577/ffmp/releases/download/v1.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488358/; classtype:trojan-activity;sid:84351458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488359)"; flow:established,from_client; content:"GET"; http_method; content:"/notready155/whatsapp-chat-analysis/releases/download/v1.0/application.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488359/; classtype:trojan-activity;sid:84351459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488360)"; flow:established,from_client; content:"GET"; http_method; content:"/ilovedoo/ted-lasso-gpt/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488360/; classtype:trojan-activity;sid:84351460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488361)"; flow:established,from_client; content:"GET"; http_method; content:"/joshue2006/llm-reasoner/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488361/; classtype:trojan-activity;sid:84351461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488362)"; flow:established,from_client; content:"GET"; http_method; content:"/f60n/player-engagement-system/releases/download/v1.0/application.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488362/; classtype:trojan-activity;sid:84351462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488363)"; flow:established,from_client; content:"GET"; http_method; content:"/zerovr988/apaphx_ads1015/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488363/; classtype:trojan-activity;sid:84351463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488364)"; flow:established,from_client; content:"GET"; http_method; content:"/axodoof/numeronym-generator/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488364/; classtype:trojan-activity;sid:84351464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488365)"; flow:established,from_client; content:"GET"; http_method; content:"/f60n/player-engagement-system/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488365/; classtype:trojan-activity;sid:84351465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488366)"; flow:established,from_client; content:"GET"; http_method; content:"/dannythescripter/rails-modern-stack-template/releases/download/v1.0/software.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488366/; classtype:trojan-activity;sid:84351466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488349)"; flow:established,from_client; content:"GET"; http_method; content:"/quocbaovioedu/squibview/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488349/; classtype:trojan-activity;sid:84351449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488348)"; flow:established,from_client; content:"GET"; http_method; content:"/darkskin508/thor/releases/download/v2.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488348/; classtype:trojan-activity;sid:84351448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488344)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmedthegoat10/inklink/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488344/; classtype:trojan-activity;sid:84351444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488346)"; flow:established,from_client; content:"GET"; http_method; content:"/bigdaveyy/react-form-validator-pro/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488346/; classtype:trojan-activity;sid:84351446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488347)"; flow:established,from_client; content:"GET"; http_method; content:"/leaf342/liveexec32/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488347/; classtype:trojan-activity;sid:84351447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488329)"; flow:established,from_client; content:"GET"; http_method; content:"/nigsgehe/leakygpt/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488329/; classtype:trojan-activity;sid:84351429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488330)"; flow:established,from_client; content:"GET"; http_method; content:"/ego-creator/hepmassclassification/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488330/; classtype:trojan-activity;sid:84351430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488331)"; flow:established,from_client; content:"GET"; http_method; content:"/ego-creator/hepmassclassification/releases/download/v1.0/installer.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488331/; classtype:trojan-activity;sid:84351431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488332)"; flow:established,from_client; content:"GET"; http_method; content:"/weslei78b/beast-engine/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488332/; classtype:trojan-activity;sid:84351432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488333)"; flow:established,from_client; content:"GET"; http_method; content:"/elfrijoles/navengine/releases/download/v1.0/application.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488333/; classtype:trojan-activity;sid:84351433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488334)"; flow:established,from_client; content:"GET"; http_method; content:"/bin49/gym-management-system-/releases/download/v1.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488334/; classtype:trojan-activity;sid:84351434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488335)"; flow:established,from_client; content:"GET"; http_method; content:"/juanpepep213/hummingbird-wallet/releases/download/v2.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488335/; classtype:trojan-activity;sid:84351435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488336)"; flow:established,from_client; content:"GET"; http_method; content:"/bin49/gym-management-system-/releases/download/v2.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488336/; classtype:trojan-activity;sid:84351436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488337)"; flow:established,from_client; content:"GET"; http_method; content:"/quocbaovioedu/squibview/releases/download/v1.0/application.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488337/; classtype:trojan-activity;sid:84351437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488338)"; flow:established,from_client; content:"GET"; http_method; content:"/weslei78b/beast-engine/releases/download/v1.0/installer.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488338/; classtype:trojan-activity;sid:84351438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488339)"; flow:established,from_client; content:"GET"; http_method; content:"/bigdaveyy/react-form-validator-pro/releases/download/v1.0/installer.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488339/; classtype:trojan-activity;sid:84351439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488341)"; flow:established,from_client; content:"GET"; http_method; content:"/dy1365/smiles2dta-demo/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488341/; classtype:trojan-activity;sid:84351441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488343)"; flow:established,from_client; content:"GET"; http_method; content:"/leaf342/liveexec32/releases/download/v1.0/application.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488343/; classtype:trojan-activity;sid:84351443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488325)"; flow:established,from_client; content:"GET"; http_method; content:"/yunichi/livekit-voice-ai-agent-setup/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488325/; classtype:trojan-activity;sid:84351425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488327)"; flow:established,from_client; content:"GET"; http_method; content:"/dy1365/smiles2dta-demo/releases/download/v1.0/application.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488327/; classtype:trojan-activity;sid:84351427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488323)"; flow:established,from_client; content:"GET"; http_method; content:"/darkskin508/thor/releases/download/v1.0/application.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488323/; classtype:trojan-activity;sid:84351423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488324)"; flow:established,from_client; content:"GET"; http_method; content:"/elfrijoles/navengine/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488324/; classtype:trojan-activity;sid:84351424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488320)"; flow:established,from_client; content:"GET"; http_method; content:"/nigsgehe/leakygpt/releases/download/v1.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488320/; classtype:trojan-activity;sid:84351420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488322)"; flow:established,from_client; content:"GET"; http_method; content:"/juanpepep213/hummingbird-wallet/releases/download/v1.0/installer.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488322/; classtype:trojan-activity;sid:84351422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488309)"; flow:established,from_client; content:"GET"; http_method; content:"/dianfauzi16/school-project/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488309/; classtype:trojan-activity;sid:84351409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488311)"; flow:established,from_client; content:"GET"; http_method; content:"/duyanh2017/keyauth-imgui-example-protected/releases/download/v1.0/installer.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488311/; classtype:trojan-activity;sid:84351411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488312)"; flow:established,from_client; content:"GET"; http_method; content:"/woo071002/parcel-management-system/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488312/; classtype:trojan-activity;sid:84351412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488314)"; flow:established,from_client; content:"GET"; http_method; content:"/hvkleon/text-classification-sentiment-analysis/releases/download/v2.0/software.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488314/; classtype:trojan-activity;sid:84351414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488305)"; flow:established,from_client; content:"GET"; http_method; content:"/duyanh2017/keyauth-imgui-example-protected/releases/download/v2.0/software.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488305/; classtype:trojan-activity;sid:84351405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488306)"; flow:established,from_client; content:"GET"; http_method; content:"/hvkleon/text-classification-sentiment-analysis/releases/download/v1.0/installer.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488306/; classtype:trojan-activity;sid:84351406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488307)"; flow:established,from_client; content:"GET"; http_method; content:"/thandoman/seedtool/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488307/; classtype:trojan-activity;sid:84351407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488308)"; flow:established,from_client; content:"GET"; http_method; content:"/woo071002/parcel-management-system/releases/download/v1.0/installer.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488308/; classtype:trojan-activity;sid:84351408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488304)"; flow:established,from_client; content:"GET"; http_method; content:"/thandoman/seedtool/releases/download/v1.0/application.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488304/; classtype:trojan-activity;sid:84351404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488294)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/solana-trading-bot/releases/download/v2.0/software.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488294/; classtype:trojan-activity;sid:84351394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488295)"; flow:established,from_client; content:"GET"; http_method; content:"/james14669/react-flames-calculator/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488295/; classtype:trojan-activity;sid:84351395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488297)"; flow:established,from_client; content:"GET"; http_method; content:"/agaztya/trezor-suite-official-wallet-management/releases/download/v2.0/software.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488297/; classtype:trojan-activity;sid:84351397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488285)"; flow:established,from_client; content:"GET"; http_method; content:"/idk471/dmail_classicemail_docs/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488285/; classtype:trojan-activity;sid:84351385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488288)"; flow:established,from_client; content:"GET"; http_method; content:"/akusayudodograu/agentic-rag-story-generation-with-multimodal-genai/releases/download/v1.0/release.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488288/; classtype:trojan-activity;sid:84351388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488291)"; flow:established,from_client; content:"GET"; http_method; content:"/kryptonnic/blue-warehousing-system/releases/download/v1.0/release.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488291/; classtype:trojan-activity;sid:84351391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488293)"; flow:established,from_client; content:"GET"; http_method; content:"/imthegoat123456/snu_2d_programmingtools_ide_2-dimensional-array/releases/download/v1.0/release.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488293/; classtype:trojan-activity;sid:84351393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488266)"; flow:established,from_client; content:"GET"; http_method; content:"/kietmio/awesome-nlp-papers/releases/download/v1.0/release.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488266/; classtype:trojan-activity;sid:84351366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488267)"; flow:established,from_client; content:"GET"; http_method; content:"/agaztya/trezor-suite-official-wallet-management/releases/download/v1.0/installer.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488267/; classtype:trojan-activity;sid:84351367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488268)"; flow:established,from_client; content:"GET"; http_method; content:"/bashspicerb/quasarrat-remote-access-tool/releases/download/v1.0/installer.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488268/; classtype:trojan-activity;sid:84351368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488269)"; flow:established,from_client; content:"GET"; http_method; content:"/marig1204/dmail_classicemail/releases/download/v2.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488269/; classtype:trojan-activity;sid:84351369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488270)"; flow:established,from_client; content:"GET"; http_method; content:"/n0tunknown/autonics/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488270/; classtype:trojan-activity;sid:84351370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488271)"; flow:established,from_client; content:"GET"; http_method; content:"/kryptonnic/blue-warehousing-system/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488271/; classtype:trojan-activity;sid:84351371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488273)"; flow:established,from_client; content:"GET"; http_method; content:"/itztoastie/email2_classicemail/releases/download/v1.0/installer.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488273/; classtype:trojan-activity;sid:84351373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488274)"; flow:established,from_client; content:"GET"; http_method; content:"/marig1204/dmail_classicemail/releases/download/v1.0/installer.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488274/; classtype:trojan-activity;sid:84351374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488275)"; flow:established,from_client; content:"GET"; http_method; content:"/mcflury62/zipsnipp/releases/download/v1.0/release.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488275/; classtype:trojan-activity;sid:84351375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488276)"; flow:established,from_client; content:"GET"; http_method; content:"/n0tunknown/autonics/releases/download/v1.0/release.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488276/; classtype:trojan-activity;sid:84351376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488278)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/solana-trading-bot/releases/download/v1.0/software.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488278/; classtype:trojan-activity;sid:84351378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488281)"; flow:established,from_client; content:"GET"; http_method; content:"/imthegoat123456/snu_2d_programmingtools_ide_2-dimensional-array/releases/download/v2.0/software.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488281/; classtype:trojan-activity;sid:84351381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488282)"; flow:established,from_client; content:"GET"; http_method; content:"/cartervr/taxdatabase-sql-tableau/releases/download/v1.0/release.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488282/; classtype:trojan-activity;sid:84351382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488283)"; flow:established,from_client; content:"GET"; http_method; content:"/james14669/react-flames-calculator/releases/download/v1.0/release.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488283/; classtype:trojan-activity;sid:84351383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488264)"; flow:established,from_client; content:"GET"; http_method; content:"/itztoastie/email2_classicemail/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488264/; classtype:trojan-activity;sid:84351364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488261)"; flow:established,from_client; content:"GET"; http_method; content:"/bashspicerb/quasarrat-remote-access-tool/releases/download/v2.0/software.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488261/; classtype:trojan-activity;sid:84351361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488262)"; flow:established,from_client; content:"GET"; http_method; content:"/mcflury62/zipsnipp/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488262/; classtype:trojan-activity;sid:84351362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488241)"; flow:established,from_client; content:"GET"; http_method; content:"/kirito090/pingrabber/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488241/; classtype:trojan-activity;sid:84351341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488242)"; flow:established,from_client; content:"GET"; http_method; content:"/frosty-goat/despeedbot/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488242/; classtype:trojan-activity;sid:84351342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488243)"; flow:established,from_client; content:"GET"; http_method; content:"/pyc888/dbcachinglayer/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488243/; classtype:trojan-activity;sid:84351343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488244)"; flow:established,from_client; content:"GET"; http_method; content:"/hermogenesjr/qeats/releases/download/v1.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488244/; classtype:trojan-activity;sid:84351344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488245)"; flow:established,from_client; content:"GET"; http_method; content:"/moatazgt3/email2_classicemail_docs/releases/download/v1.0/installer.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488245/; classtype:trojan-activity;sid:84351345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488233)"; flow:established,from_client; content:"GET"; http_method; content:"/bolfymcplayer/intermag/releases/download/v1.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488233/; classtype:trojan-activity;sid:84351333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488234)"; flow:established,from_client; content:"GET"; http_method; content:"/bolfymcplayer/intermag/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488234/; classtype:trojan-activity;sid:84351334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488235)"; flow:established,from_client; content:"GET"; http_method; content:"/kirito090/pingrabber/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488235/; classtype:trojan-activity;sid:84351335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488236)"; flow:established,from_client; content:"GET"; http_method; content:"/moatazgt3/email2_classicemail_docs/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488236/; classtype:trojan-activity;sid:84351336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488238)"; flow:established,from_client; content:"GET"; http_method; content:"/champtamutami/deepseek-azure-javascript/releases/download/v1.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488238/; classtype:trojan-activity;sid:84351338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488239)"; flow:established,from_client; content:"GET"; http_method; content:"/pyc888/dbcachinglayer/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488239/; classtype:trojan-activity;sid:84351339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488229)"; flow:established,from_client; content:"GET"; http_method; content:"/rieeeerieeee/understanding-react/releases/download/v1.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488229/; classtype:trojan-activity;sid:84351329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488230)"; flow:established,from_client; content:"GET"; http_method; content:"/frosty-goat/despeedbot/releases/download/v1.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488230/; classtype:trojan-activity;sid:84351330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488214)"; flow:established,from_client; content:"GET"; http_method; content:"/kirito1110/licenses/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488214/; classtype:trojan-activity;sid:84351314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488213)"; flow:established,from_client; content:"GET"; http_method; content:"/vsparedes/pycalc/releases/download/v1.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488213/; classtype:trojan-activity;sid:84351313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488207)"; flow:established,from_client; content:"GET"; http_method; content:"/egejuniyors/parvanota/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488207/; classtype:trojan-activity;sid:84351307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488208)"; flow:established,from_client; content:"GET"; http_method; content:"/skibiditoilet123xx/sinav-otomasyonu-prototip/releases/download/v2.0/software.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488208/; classtype:trojan-activity;sid:84351308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488210)"; flow:established,from_client; content:"GET"; http_method; content:"/fluidx2/roombooking_application/releases/download/v1.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488210/; classtype:trojan-activity;sid:84351310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488211)"; flow:established,from_client; content:"GET"; http_method; content:"/viper700pro/serum-vst-installer-2024-free/releases/download/v1.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488211/; classtype:trojan-activity;sid:84351311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488212)"; flow:established,from_client; content:"GET"; http_method; content:"/jentao1234/guiamestre.js/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488212/; classtype:trojan-activity;sid:84351312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488206)"; flow:established,from_client; content:"GET"; http_method; content:"/damaonly/android-worker/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488206/; classtype:trojan-activity;sid:84351306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488203)"; flow:established,from_client; content:"GET"; http_method; content:"/ella00311/erugo/releases/download/v1.0/software.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488203/; classtype:trojan-activity;sid:84351303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488204)"; flow:established,from_client; content:"GET"; http_method; content:"/jentao1234/guiamestre.js/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488204/; classtype:trojan-activity;sid:84351304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488182)"; flow:established,from_client; content:"GET"; http_method; content:"/nour10381/cosmicstar/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488182/; classtype:trojan-activity;sid:84351282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488184)"; flow:established,from_client; content:"GET"; http_method; content:"/nour10381/cosmicstar/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488184/; classtype:trojan-activity;sid:84351284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488185)"; flow:established,from_client; content:"GET"; http_method; content:"/powerangermerah/esp8266_esp32_web_file_manager/releases/download/v2.0/software.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488185/; classtype:trojan-activity;sid:84351285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488186)"; flow:established,from_client; content:"GET"; http_method; content:"/powerangermerah/esp8266_esp32_web_file_manager/releases/download/v1.0/software.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488186/; classtype:trojan-activity;sid:84351286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488187)"; flow:established,from_client; content:"GET"; http_method; content:"/fatai-mateen/shadowtool/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488187/; classtype:trojan-activity;sid:84351287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488188)"; flow:established,from_client; content:"GET"; http_method; content:"/fatai-mateen/shadowtool/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488188/; classtype:trojan-activity;sid:84351288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488181)"; flow:established,from_client; content:"GET"; http_method; content:"/aufahuhs/advanced-machine-learning-personal-project/releases/download/v1.0/software.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488181/; classtype:trojan-activity;sid:84351281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488178)"; flow:established,from_client; content:"GET"; http_method; content:"/mantokarev/silencegen/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488178/; classtype:trojan-activity;sid:84351278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488179)"; flow:established,from_client; content:"GET"; http_method; content:"/mantokarev/silencegen/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488179/; classtype:trojan-activity;sid:84351279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488180)"; flow:established,from_client; content:"GET"; http_method; content:"/jusjus-m/map/releases/download/v1.0/software.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488180/; classtype:trojan-activity;sid:84351280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488162)"; flow:established,from_client; content:"GET"; http_method; content:"/berstarhunter/deepseek-start/releases/download/v2.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488162/; classtype:trojan-activity;sid:84351262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488160)"; flow:established,from_client; content:"GET"; http_method; content:"/waleeddevel/driver-booster-pro-installer-2025/releases/download/v1.0/software.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488160/; classtype:trojan-activity;sid:84351260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488161)"; flow:established,from_client; content:"GET"; http_method; content:"/jeremiah95676t/openmetadata-helm-argocd/releases/download/v2.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488161/; classtype:trojan-activity;sid:84351261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488157)"; flow:established,from_client; content:"GET"; http_method; content:"/davinjoeevano/batch-project-scaffolds/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488157/; classtype:trojan-activity;sid:84351257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488154)"; flow:established,from_client; content:"GET"; http_method; content:"/anonnimo/nitropage/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488154/; classtype:trojan-activity;sid:84351254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488156)"; flow:established,from_client; content:"GET"; http_method; content:"/irfanr-source/synthtweet/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488156/; classtype:trojan-activity;sid:84351256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488147)"; flow:established,from_client; content:"GET"; http_method; content:"/arya-gg/axium/releases/download/v1.0/software.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488147/; classtype:trojan-activity;sid:84351247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488148)"; flow:established,from_client; content:"GET"; http_method; content:"/davinjoeevano/batch-project-scaffolds/releases/download/v1.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488148/; classtype:trojan-activity;sid:84351248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488149)"; flow:established,from_client; content:"GET"; http_method; content:"/jeremiah95676t/openmetadata-helm-argocd/releases/download/v1.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488149/; classtype:trojan-activity;sid:84351249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488150)"; flow:established,from_client; content:"GET"; http_method; content:"/anonnimo/nitropage/releases/download/v1.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488150/; classtype:trojan-activity;sid:84351250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488152)"; flow:established,from_client; content:"GET"; http_method; content:"/berstarhunter/deepseek-start/releases/download/v1.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488152/; classtype:trojan-activity;sid:84351252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488153)"; flow:established,from_client; content:"GET"; http_method; content:"/toe2132313/zorvex-cat/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488153/; classtype:trojan-activity;sid:84351253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488146)"; flow:established,from_client; content:"GET"; http_method; content:"/irfanr-source/synthtweet/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488146/; classtype:trojan-activity;sid:84351246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488128)"; flow:established,from_client; content:"GET"; http_method; content:"/loudwens/displayindex/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488128/; classtype:trojan-activity;sid:84351228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488129)"; flow:established,from_client; content:"GET"; http_method; content:"/tim2010990106/catalogue-of-languages/releases/download/v1.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488129/; classtype:trojan-activity;sid:84351229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488130)"; flow:established,from_client; content:"GET"; http_method; content:"/ariel-pachec0/seeyoohk.github.io/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488130/; classtype:trojan-activity;sid:84351230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488131)"; flow:established,from_client; content:"GET"; http_method; content:"/12301530/pump-fun-frontend/releases/download/v1.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488131/; classtype:trojan-activity;sid:84351231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488132)"; flow:established,from_client; content:"GET"; http_method; content:"/loudwens/displayindex/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488132/; classtype:trojan-activity;sid:84351232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488133)"; flow:established,from_client; content:"GET"; http_method; content:"/patacalida/churn-prediction/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488133/; classtype:trojan-activity;sid:84351233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488134)"; flow:established,from_client; content:"GET"; http_method; content:"/iguit-1/instagramuseranalysis/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488134/; classtype:trojan-activity;sid:84351234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488125)"; flow:established,from_client; content:"GET"; http_method; content:"/12301530/pump-fun-frontend/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488125/; classtype:trojan-activity;sid:84351225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488126)"; flow:established,from_client; content:"GET"; http_method; content:"/tim2010990106/catalogue-of-languages/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488126/; classtype:trojan-activity;sid:84351226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488127)"; flow:established,from_client; content:"GET"; http_method; content:"/miyajianimation/spam-filter/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488127/; classtype:trojan-activity;sid:84351227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488123)"; flow:established,from_client; content:"GET"; http_method; content:"/ariel-pachec0/seeyoohk.github.io/releases/download/v1.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488123/; classtype:trojan-activity;sid:84351223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488124)"; flow:established,from_client; content:"GET"; http_method; content:"/miyajianimation/spam-filter/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488124/; classtype:trojan-activity;sid:84351224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488114)"; flow:established,from_client; content:"GET"; http_method; content:"/lleonex/marsdevx/releases/download/v2.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488114/; classtype:trojan-activity;sid:84351214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488103)"; flow:established,from_client; content:"GET"; http_method; content:"/saninmysore/aws-face-recognition/releases/download/v1.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488103/; classtype:trojan-activity;sid:84351203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488110)"; flow:established,from_client; content:"GET"; http_method; content:"/flarerealfr/url-biblioteca-web/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488110/; classtype:trojan-activity;sid:84351210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488111)"; flow:established,from_client; content:"GET"; http_method; content:"/sinelli/a2.games/releases/download/v1.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488111/; classtype:trojan-activity;sid:84351211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488112)"; flow:established,from_client; content:"GET"; http_method; content:"/suprithakv02/buildfair/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488112/; classtype:trojan-activity;sid:84351212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488096)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr-web-cloud/localprompt/releases/download/v1.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488096/; classtype:trojan-activity;sid:84351196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488097)"; flow:established,from_client; content:"GET"; http_method; content:"/chethanks2005/visionuav-navigation/releases/download/v1.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488097/; classtype:trojan-activity;sid:84351197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488098)"; flow:established,from_client; content:"GET"; http_method; content:"/prakrititz/deepwater/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488098/; classtype:trojan-activity;sid:84351198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488099)"; flow:established,from_client; content:"GET"; http_method; content:"/hackedbysushi/local_deep_seek/releases/download/v1.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488099/; classtype:trojan-activity;sid:84351199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488100)"; flow:established,from_client; content:"GET"; http_method; content:"/huizuohaode/leaf/releases/download/v1.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488100/; classtype:trojan-activity;sid:84351200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488101)"; flow:established,from_client; content:"GET"; http_method; content:"/dkpetrov/agent-flux/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488101/; classtype:trojan-activity;sid:84351201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488102)"; flow:established,from_client; content:"GET"; http_method; content:"/futurinav/esteai/releases/download/v1.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488102/; classtype:trojan-activity;sid:84351202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488090)"; flow:established,from_client; content:"GET"; http_method; content:"/maxiazzinnari/mint-nft-on-sui/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488090/; classtype:trojan-activity;sid:84351190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488091)"; flow:established,from_client; content:"GET"; http_method; content:"/ahsankhan55/send-form-email/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488091/; classtype:trojan-activity;sid:84351191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488092)"; flow:established,from_client; content:"GET"; http_method; content:"/faheem6969/citrix-workspace-software/releases/download/v1.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488092/; classtype:trojan-activity;sid:84351192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488093)"; flow:established,from_client; content:"GET"; http_method; content:"/erick265/telegramchatorganizer/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488093/; classtype:trojan-activity;sid:84351193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488079)"; flow:established,from_client; content:"GET"; http_method; content:"/alsooory/svg-templates/releases/download/v1.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488079/; classtype:trojan-activity;sid:84351179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488080)"; flow:established,from_client; content:"GET"; http_method; content:"/fadoulsaboune/amazon-power-bi-dashboard/releases/download/v1.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488080/; classtype:trojan-activity;sid:84351180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488082)"; flow:established,from_client; content:"GET"; http_method; content:"/thehitter98709/gitkot/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488082/; classtype:trojan-activity;sid:84351182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488083)"; flow:established,from_client; content:"GET"; http_method; content:"/moshe236/vanishmail/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488083/; classtype:trojan-activity;sid:84351183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488084)"; flow:established,from_client; content:"GET"; http_method; content:"/awskhahaha/a/releases/download/v1.0/software.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488084/; classtype:trojan-activity;sid:84351184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488085)"; flow:established,from_client; content:"GET"; http_method; content:"/bobbysaremine/hb2/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488085/; classtype:trojan-activity;sid:84351185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488087)"; flow:established,from_client; content:"GET"; http_method; content:"/vickorkumar/666/releases/download/v1.0/software.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488087/; classtype:trojan-activity;sid:84351187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488088)"; flow:established,from_client; content:"GET"; http_method; content:"/manuxing/cloudflare-dns-swarm/releases/download/v1.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488088/; classtype:trojan-activity;sid:84351188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488073)"; flow:established,from_client; content:"GET"; http_method; content:"/frogmen123/saas-billing-tracker/releases/download/v1.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488073/; classtype:trojan-activity;sid:84351173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488075)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_airbnb-lottie/releases/download/v2.0/software.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488075/; classtype:trojan-activity;sid:84351175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488067)"; flow:established,from_client; content:"GET"; http_method; content:"/sudi008/mocha-job-portal-frontend/releases/download/v1.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488067/; classtype:trojan-activity;sid:84351167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488065)"; flow:established,from_client; content:"GET"; http_method; content:"/nirvash27/doctor-dok/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488065/; classtype:trojan-activity;sid:84351165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488062)"; flow:established,from_client; content:"GET"; http_method; content:"/afthab21/movieapp/releases/download/v1.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488062/; classtype:trojan-activity;sid:84351162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488059)"; flow:established,from_client; content:"GET"; http_method; content:"/btl-ltw/back-end/releases/download/v1.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488059/; classtype:trojan-activity;sid:84351159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488061)"; flow:established,from_client; content:"GET"; http_method; content:"/ayobcoding/deep-research-py/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488061/; classtype:trojan-activity;sid:84351161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488056)"; flow:established,from_client; content:"GET"; http_method; content:"/smj3300fn/fff/releases/download/v1.0/software.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488056/; classtype:trojan-activity;sid:84351156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488057)"; flow:established,from_client; content:"GET"; http_method; content:"/alejandro5486/infestuswebapp/releases/download/v1.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488057/; classtype:trojan-activity;sid:84351157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488058)"; flow:established,from_client; content:"GET"; http_method; content:"/aashishpatil2001/coffee_causality/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488058/; classtype:trojan-activity;sid:84351158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488035)"; flow:established,from_client; content:"GET"; http_method; content:"/kossiw/olievra/releases/download/v1.0/software.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488035/; classtype:trojan-activity;sid:84351135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488036)"; flow:established,from_client; content:"GET"; http_method; content:"/nodiq/tempmail/releases/download/v2.0/software.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488036/; classtype:trojan-activity;sid:84351136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488037)"; flow:established,from_client; content:"GET"; http_method; content:"/narrr16/pihole-ausnews/releases/download/v1.0/app.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488037/; classtype:trojan-activity;sid:84351137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488039)"; flow:established,from_client; content:"GET"; http_method; content:"/vipshiva/sss/releases/download/v1.0/software.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488039/; classtype:trojan-activity;sid:84351139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488044)"; flow:established,from_client; content:"GET"; http_method; content:"/klhaus24/android-x64_livecd_13b_docs/releases/download/v1.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488044/; classtype:trojan-activity;sid:84351144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488045)"; flow:established,from_client; content:"GET"; http_method; content:"/narrr16/pihole-ausnews/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488045/; classtype:trojan-activity;sid:84351145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488046)"; flow:established,from_client; content:"GET"; http_method; content:"/keitaro000/oliver-3/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488046/; classtype:trojan-activity;sid:84351146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488052)"; flow:established,from_client; content:"GET"; http_method; content:"/chrlzjanem/laravel-py/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488052/; classtype:trojan-activity;sid:84351152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488024)"; flow:established,from_client; content:"GET"; http_method; content:"/rila111/content2map/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488024/; classtype:trojan-activity;sid:84351124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488025)"; flow:established,from_client; content:"GET"; http_method; content:"/alfa786-creator/pic-squeeze/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488025/; classtype:trojan-activity;sid:84351125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488026)"; flow:established,from_client; content:"GET"; http_method; content:"/lalovargas69/pixel-gun-3d-pc-cheats/releases/download/v1.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488026/; classtype:trojan-activity;sid:84351126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488028)"; flow:established,from_client; content:"GET"; http_method; content:"/sudhanshu182004/ml-from-scratch/releases/download/v2.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488028/; classtype:trojan-activity;sid:84351128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488029)"; flow:established,from_client; content:"GET"; http_method; content:"/confidencemedia/switch-timeframes-keys/releases/download/v1.0/software.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488029/; classtype:trojan-activity;sid:84351129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488030)"; flow:established,from_client; content:"GET"; http_method; content:"/mrcaptain27/lianjiascraper/releases/download/v1.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488030/; classtype:trojan-activity;sid:84351130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488033)"; flow:established,from_client; content:"GET"; http_method; content:"/platha19vsb/dcf-valuation/releases/download/v1.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488033/; classtype:trojan-activity;sid:84351133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488034)"; flow:established,from_client; content:"GET"; http_method; content:"/yogeshnicks/loader-ldtk/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488034/; classtype:trojan-activity;sid:84351134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488023)"; flow:established,from_client; content:"GET"; http_method; content:"/vukhang16/ggg/releases/download/v1.0/software.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488023/; classtype:trojan-activity;sid:84351123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488021)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_airbnb-lottie/releases/download/v1.0/application.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488021/; classtype:trojan-activity;sid:84351121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488010)"; flow:established,from_client; content:"GET"; http_method; content:"/titiaswe12/rozetka-admin-panel/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488010/; classtype:trojan-activity;sid:84351110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488011)"; flow:established,from_client; content:"GET"; http_method; content:"/cedrickly/master-s-research-project/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488011/; classtype:trojan-activity;sid:84351111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488012)"; flow:established,from_client; content:"GET"; http_method; content:"/murodsb/bool-automation-script/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488012/; classtype:trojan-activity;sid:84351112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488014)"; flow:established,from_client; content:"GET"; http_method; content:"/mejicool/casino-scripts.com-/releases/download/v2.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488014/; classtype:trojan-activity;sid:84351114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488015)"; flow:established,from_client; content:"GET"; http_method; content:"/manangoyal-coder/dosint/releases/download/v1.0/app.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488015/; classtype:trojan-activity;sid:84351115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488016)"; flow:established,from_client; content:"GET"; http_method; content:"/rizki7680/auto-gmtsar-setup/releases/download/v1.0/app.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488016/; classtype:trojan-activity;sid:84351116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488017)"; flow:established,from_client; content:"GET"; http_method; content:"/yourmumsbad/testkanban/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488017/; classtype:trojan-activity;sid:84351117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488018)"; flow:established,from_client; content:"GET"; http_method; content:"/perish76b/ratter-app/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488018/; classtype:trojan-activity;sid:84351118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488008)"; flow:established,from_client; content:"GET"; http_method; content:"/manangoyal-coder/dosint/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488008/; classtype:trojan-activity;sid:84351108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488009)"; flow:established,from_client; content:"GET"; http_method; content:"/murodsb/bool-automation-script/releases/download/v1.0/app.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488009/; classtype:trojan-activity;sid:84351109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488006)"; flow:established,from_client; content:"GET"; http_method; content:"/ttoyi/basic-web-auth/releases/download/v1.0/app.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488006/; classtype:trojan-activity;sid:84351106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488007)"; flow:established,from_client; content:"GET"; http_method; content:"/subhankarpramanik/drfone-toolkit/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488007/; classtype:trojan-activity;sid:84351107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487999)"; flow:established,from_client; content:"GET"; http_method; content:"/naveenyy/prestigepreview_python_docs/releases/download/v1.0/app.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487999/; classtype:trojan-activity;sid:84351099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488000)"; flow:established,from_client; content:"GET"; http_method; content:"/iampriam-dev/invenstock/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488000/; classtype:trojan-activity;sid:84351100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488001)"; flow:established,from_client; content:"GET"; http_method; content:"/riusni/zipship-parcel-management-client/releases/download/v2.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488001/; classtype:trojan-activity;sid:84351101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488002)"; flow:established,from_client; content:"GET"; http_method; content:"/naveenyy/prestigepreview_python_docs/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488002/; classtype:trojan-activity;sid:84351102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487995)"; flow:established,from_client; content:"GET"; http_method; content:"/titiaswe12/rozetka-admin-panel/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487995/; classtype:trojan-activity;sid:84351095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487996)"; flow:established,from_client; content:"GET"; http_method; content:"/afjhr/iexplorer-free/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487996/; classtype:trojan-activity;sid:84351096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487997)"; flow:established,from_client; content:"GET"; http_method; content:"/shadowmask0/remix-app/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487997/; classtype:trojan-activity;sid:84351097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487994)"; flow:established,from_client; content:"GET"; http_method; content:"/raiokkj/avs-audio-converter-free/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487994/; classtype:trojan-activity;sid:84351094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487990)"; flow:established,from_client; content:"GET"; http_method; content:"/lochielochie/open-deep-research/releases/download/v2.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487990/; classtype:trojan-activity;sid:84351090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487989)"; flow:established,from_client; content:"GET"; http_method; content:"/dagchsgame/microsoft-md-102-dumps-pdf/releases/download/v1.0/app.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487989/; classtype:trojan-activity;sid:84351089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487981)"; flow:established,from_client; content:"GET"; http_method; content:"/dedywahyudi1/minesweeper/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487981/; classtype:trojan-activity;sid:84351081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487982)"; flow:established,from_client; content:"GET"; http_method; content:"/riusni/zipship-parcel-management-client/releases/download/v1.0/app.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487982/; classtype:trojan-activity;sid:84351082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487983)"; flow:established,from_client; content:"GET"; http_method; content:"/zeidmakic/quorixjwt/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487983/; classtype:trojan-activity;sid:84351083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487984)"; flow:established,from_client; content:"GET"; http_method; content:"/cedrickly/master-s-research-project/releases/download/v1.0/app.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487984/; classtype:trojan-activity;sid:84351084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487985)"; flow:established,from_client; content:"GET"; http_method; content:"/hotdogcookie20/yingyanai/releases/download/v1.0/app.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487985/; classtype:trojan-activity;sid:84351085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487986)"; flow:established,from_client; content:"GET"; http_method; content:"/biggobble46/freeddit/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487986/; classtype:trojan-activity;sid:84351086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487987)"; flow:established,from_client; content:"GET"; http_method; content:"/m2iq1/sendfakebtc/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487987/; classtype:trojan-activity;sid:84351087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487979)"; flow:established,from_client; content:"GET"; http_method; content:"/lochielochie/open-deep-research/releases/download/v1.0/app.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487979/; classtype:trojan-activity;sid:84351079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487980)"; flow:established,from_client; content:"GET"; http_method; content:"/bloodbag/prestigepreview_webgl_docs/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487980/; classtype:trojan-activity;sid:84351080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487977)"; flow:established,from_client; content:"GET"; http_method; content:"/zeidmakic/quorixjwt/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487977/; classtype:trojan-activity;sid:84351077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487978)"; flow:established,from_client; content:"GET"; http_method; content:"/tukiiq9/assertive/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487978/; classtype:trojan-activity;sid:84351078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487972)"; flow:established,from_client; content:"GET"; http_method; content:"/dedywahyudi1/minesweeper/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487972/; classtype:trojan-activity;sid:84351072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487974)"; flow:established,from_client; content:"GET"; http_method; content:"/amoni2019/fonepaw-screen-recorder-free/releases/download/v1.0/software.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487974/; classtype:trojan-activity;sid:84351074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487975)"; flow:established,from_client; content:"GET"; http_method; content:"/brotimer24/chargingassignment.withtests/releases/download/v1.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487975/; classtype:trojan-activity;sid:84351075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487966)"; flow:established,from_client; content:"GET"; http_method; content:"/subhankarpramanik/drfone-toolkit/releases/download/v1.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487966/; classtype:trojan-activity;sid:84351066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487969)"; flow:established,from_client; content:"GET"; http_method; content:"/123450-cloud/bestcodes.dev/releases/download/v1.0/app.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487969/; classtype:trojan-activity;sid:84351069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487964)"; flow:established,from_client; content:"GET"; http_method; content:"/vjgara/vuescan-pro-free/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487964/; classtype:trojan-activity;sid:84351064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487958)"; flow:established,from_client; content:"GET"; http_method; content:"/123450-cloud/bestcodes.dev/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487958/; classtype:trojan-activity;sid:84351058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487961)"; flow:established,from_client; content:"GET"; http_method; content:"/mkiuk/jullus2api/releases/download/v1.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487961/; classtype:trojan-activity;sid:84351061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487962)"; flow:established,from_client; content:"GET"; http_method; content:"/vjgara/vuescan-pro-free/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487962/; classtype:trojan-activity;sid:84351062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487947)"; flow:established,from_client; content:"GET"; http_method; content:"/jay3x/auto-commit/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487947/; classtype:trojan-activity;sid:84351047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487948)"; flow:established,from_client; content:"GET"; http_method; content:"/ethanpoo/babyblog/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487948/; classtype:trojan-activity;sid:84351048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487949)"; flow:established,from_client; content:"GET"; http_method; content:"/namensenn/coding-practice-32-car/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487949/; classtype:trojan-activity;sid:84351049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487950)"; flow:established,from_client; content:"GET"; http_method; content:"/brotimer24/chargingassignment.withtests/releases/download/v2.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487950/; classtype:trojan-activity;sid:84351050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487951)"; flow:established,from_client; content:"GET"; http_method; content:"/suryaimelandabp/tm1637_pico/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487951/; classtype:trojan-activity;sid:84351051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487952)"; flow:established,from_client; content:"GET"; http_method; content:"/amoni2019/fonepaw-screen-recorder-free/releases/download/v2.0/software.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487952/; classtype:trojan-activity;sid:84351052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487953)"; flow:established,from_client; content:"GET"; http_method; content:"/daveyisbricked/movie-finder-react/releases/download/v1.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487953/; classtype:trojan-activity;sid:84351053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487954)"; flow:established,from_client; content:"GET"; http_method; content:"/daveyisbricked/movie-finder-react/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487954/; classtype:trojan-activity;sid:84351054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487955)"; flow:established,from_client; content:"GET"; http_method; content:"/jay3x/auto-commit/releases/download/v1.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487955/; classtype:trojan-activity;sid:84351055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487956)"; flow:established,from_client; content:"GET"; http_method; content:"/quynh814/teafibot/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487956/; classtype:trojan-activity;sid:84351056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487943)"; flow:established,from_client; content:"GET"; http_method; content:"/okijuinhbugvygbuhi/concept/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487943/; classtype:trojan-activity;sid:84351043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487944)"; flow:established,from_client; content:"GET"; http_method; content:"/hafijulkhan786/fhnw-dashboard/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487944/; classtype:trojan-activity;sid:84351044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487945)"; flow:established,from_client; content:"GET"; http_method; content:"/rizki7680/auto-gmtsar-setup/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487945/; classtype:trojan-activity;sid:84351045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487941)"; flow:established,from_client; content:"GET"; http_method; content:"/hotdogcookie20/yingyanai/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487941/; classtype:trojan-activity;sid:84351041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487942)"; flow:established,from_client; content:"GET"; http_method; content:"/dagchsgame/microsoft-md-102-dumps-pdf/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487942/; classtype:trojan-activity;sid:84351042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487939)"; flow:established,from_client; content:"GET"; http_method; content:"/quynh814/teafibot/releases/download/v1.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487939/; classtype:trojan-activity;sid:84351039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487940)"; flow:established,from_client; content:"GET"; http_method; content:"/jw0902/mediassist/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487940/; classtype:trojan-activity;sid:84351040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487935)"; flow:established,from_client; content:"GET"; http_method; content:"/iampriam-dev/invenstock/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487935/; classtype:trojan-activity;sid:84351035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487937)"; flow:established,from_client; content:"GET"; http_method; content:"/yourmumsbad/testkanban/releases/download/v1.0/app.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487937/; classtype:trojan-activity;sid:84351037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487938)"; flow:established,from_client; content:"GET"; http_method; content:"/namensenn/coding-practice-32-car/releases/download/v1.0/app.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487938/; classtype:trojan-activity;sid:84351038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487933)"; flow:established,from_client; content:"GET"; http_method; content:"/mejicool/casino-scripts.com-/releases/download/v1.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487933/; classtype:trojan-activity;sid:84351033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487934)"; flow:established,from_client; content:"GET"; http_method; content:"/ethanpoo/babyblog/releases/download/v1.0/app.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487934/; classtype:trojan-activity;sid:84351034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487930)"; flow:established,from_client; content:"GET"; http_method; content:"/justnem/deep-research/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487930/; classtype:trojan-activity;sid:84351030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487931)"; flow:established,from_client; content:"GET"; http_method; content:"/rofix12/spring-microservices/releases/download/v2.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487931/; classtype:trojan-activity;sid:84351031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487932)"; flow:established,from_client; content:"GET"; http_method; content:"/bloodbag/prestigepreview_webgl_docs/releases/download/v1.0/app.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487932/; classtype:trojan-activity;sid:84351032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487929)"; flow:established,from_client; content:"GET"; http_method; content:"/justnem/deep-research/releases/download/v1.0/app.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487929/; classtype:trojan-activity;sid:84351029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487927)"; flow:established,from_client; content:"GET"; http_method; content:"/mkiuk/jullus2api/releases/download/v2.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487927/; classtype:trojan-activity;sid:84351027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487925)"; flow:established,from_client; content:"GET"; http_method; content:"/suryaimelandabp/tm1637_pico/releases/download/v1.0/app.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487925/; classtype:trojan-activity;sid:84351025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487926)"; flow:established,from_client; content:"GET"; http_method; content:"/jw0902/mediassist/releases/download/v1.0/app.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487926/; classtype:trojan-activity;sid:84351026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487924)"; flow:established,from_client; content:"GET"; http_method; content:"/ttoyi/basic-web-auth/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487924/; classtype:trojan-activity;sid:84351024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487923)"; flow:established,from_client; content:"GET"; http_method; content:"/raiokkj/avs-audio-converter-free/releases/download/v1.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487923/; classtype:trojan-activity;sid:84351023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487918)"; flow:established,from_client; content:"GET"; http_method; content:"/jeff2807/githubaipy/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487918/; classtype:trojan-activity;sid:84351018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487919)"; flow:established,from_client; content:"GET"; http_method; content:"/ydpox/snu_2d_programmingtools_ide_alpine-abuild/releases/download/v2.0/software.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487919/; classtype:trojan-activity;sid:84351019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487920)"; flow:established,from_client; content:"GET"; http_method; content:"/rahul110110/rocket-telemetry-logger-using-raspberry-pi-pico/releases/download/v1.0/software.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487920/; classtype:trojan-activity;sid:84351020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487921)"; flow:established,from_client; content:"GET"; http_method; content:"/jeff2807/githubaipy/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487921/; classtype:trojan-activity;sid:84351021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487916)"; flow:established,from_client; content:"GET"; http_method; content:"/binnizenobiocordovaleandro/apachimuhkayqui-server/releases/download/v2.0/software.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487916/; classtype:trojan-activity;sid:84351016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487912)"; flow:established,from_client; content:"GET"; http_method; content:"/envility/pic18f56q24-cnano-8bit-mdfu-solution-mplab-mcc/releases/download/v2.0/software.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487912/; classtype:trojan-activity;sid:84351012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487914)"; flow:established,from_client; content:"GET"; http_method; content:"/ydpox/snu_2d_programmingtools_ide_alpine-abuild/releases/download/v1.0/software.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487914/; classtype:trojan-activity;sid:84351014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487907)"; flow:established,from_client; content:"GET"; http_method; content:"/kareemdaher772/weather-app/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487907/; classtype:trojan-activity;sid:84351007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487908)"; flow:established,from_client; content:"GET"; http_method; content:"/m2iq1/sendfakebtc/releases/download/v1.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487908/; classtype:trojan-activity;sid:84351008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487909)"; flow:established,from_client; content:"GET"; http_method; content:"/rofix12/spring-microservices/releases/download/v1.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487909/; classtype:trojan-activity;sid:84351009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487910)"; flow:established,from_client; content:"GET"; http_method; content:"/maxt5n/deepseek-model-finetune-inference-platform/releases/download/v1.0/software.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487910/; classtype:trojan-activity;sid:84351010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487905)"; flow:established,from_client; content:"GET"; http_method; content:"/rahul110110/rocket-telemetry-logger-using-raspberry-pi-pico/releases/download/v2.0/software.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487905/; classtype:trojan-activity;sid:84351005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487902)"; flow:established,from_client; content:"GET"; http_method; content:"/bryandejesusrt/reconocimiento-de-placas-con-ia-bytecoders/releases/download/v2.0/software.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487902/; classtype:trojan-activity;sid:84351002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487504)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.x86"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"45.11.229.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487504/; classtype:trojan-activity;sid:84350604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487357)"; flow:established,from_client; content:"GET"; http_method; content:"/earth789dadadad/roblox-scriptify/releases/download/v1.0.1/release-x64.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487357/; classtype:trojan-activity;sid:84350457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487360)"; flow:established,from_client; content:"GET"; http_method; content:"/wer812/bhh666666666666/raw/refs/heads/main/service.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487360/; classtype:trojan-activity;sid:84350460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487363)"; flow:established,from_client; content:"GET"; http_method; content:"/wer812/vbvgghjjio999000/raw/refs/heads/main/bnoaprihjatuasss.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487363/; classtype:trojan-activity;sid:84350463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487364)"; flow:established,from_client; content:"GET"; http_method; content:"/wer812/bbgy555555551/raw/refs/heads/main/ntladlklthawd.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487364/; classtype:trojan-activity;sid:84350464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487083)"; flow:established,from_client; content:"GET"; http_method; content:"/chenjee/roblox-scriptify/releases/download/v1.0/application.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487083/; classtype:trojan-activity;sid:84350183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487080)"; flow:established,from_client; content:"GET"; http_method; content:"/zenn000000/roblox-moon/releases/download/v1.0.2/release-x64.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487080/; classtype:trojan-activity;sid:84350180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487082)"; flow:established,from_client; content:"GET"; http_method; content:"/zenn000000/roblox-moon/releases/download/v1.0.1/release-x64.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487082/; classtype:trojan-activity;sid:84350182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487069)"; flow:established,from_client; content:"GET"; http_method; content:"/dl19"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487069/; classtype:trojan-activity;sid:84350169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486789)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.196.99.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486789/; classtype:trojan-activity;sid:84349889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486773)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.231.18.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486773/; classtype:trojan-activity;sid:84349873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486184)"; flow:established,from_client; content:"GET"; http_method; content:"/ilganrat342/dgasgxc/refs/heads/main/setup.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486184/; classtype:trojan-activity;sid:84349284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486183)"; flow:established,from_client; content:"GET"; http_method; content:"/lawrencesanity1108/gta-5-mod-menu-2024/releases/download/v1.0/software.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486183/; classtype:trojan-activity;sid:84349283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486174)"; flow:established,from_client; content:"GET"; http_method; content:"/wearetuanmuda/gta-5-mod-menu-2025/releases/download/v1.4.2/gta.5.mod.menu.2025.v1.4.2.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486174/; classtype:trojan-activity;sid:84349274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486175)"; flow:established,from_client; content:"GET"; http_method; content:"/potatowearsyeeezye/gta-5-mod-menu-2025/releases/download/3.7.2/gta-5-mod-menu-2025-v3.7.2.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486175/; classtype:trojan-activity;sid:84349275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485488)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"75.83.174.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485488/; classtype:trojan-activity;sid:84348588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485420)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.98.167.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485420/; classtype:trojan-activity;sid:84348520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485332)"; flow:established,from_client; content:"GET"; http_method; content:"/aasdasdqrunshkkkkkkk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"8.218.50.207"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485332/; classtype:trojan-activity;sid:84348432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485330)"; flow:established,from_client; content:"GET"; http_method; content:"/asdqsadsdahhhhhtxt"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"8.218.50.207"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485330/; classtype:trojan-activity;sid:84348430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485329)"; flow:established,from_client; content:"GET"; http_method; content:"/ps_z.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"8.218.50.207"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485329/; classtype:trojan-activity;sid:84348429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485218)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1skqylauso-qyfwv8cpo2eztn_g9hsqpp"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485218/; classtype:trojan-activity;sid:84348318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485210)"; flow:established,from_client; content:"GET"; http_method; content:"/duduzx/como-ba/releases/download/v1.0/application.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485210/; classtype:trojan-activity;sid:84348310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485211)"; flow:established,from_client; content:"GET"; http_method; content:"/gusttahtxdev/roblox-incognito/releases/download/v1.0.1/release-x64.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485211/; classtype:trojan-activity;sid:84348311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485212)"; flow:established,from_client; content:"GET"; http_method; content:"/anikthakur05/nosferatu-2/releases/download/v1.0/application.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485212/; classtype:trojan-activity;sid:84348312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485213)"; flow:established,from_client; content:"GET"; http_method; content:"/curly3/n3xus-scr1pt-r0bl0x/releases/download/v1.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485213/; classtype:trojan-activity;sid:84348313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485214)"; flow:established,from_client; content:"GET"; http_method; content:"/roblox12400z/dx9ware-roblox/releases/download/v1.0/app.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485214/; classtype:trojan-activity;sid:84348314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485215)"; flow:established,from_client; content:"GET"; http_method; content:"/salsiii/codex-roblox/releases/download/v1.0/app.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485215/; classtype:trojan-activity;sid:84348315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485198)"; flow:established,from_client; content:"GET"; http_method; content:"/maiosn12/celex-executor/releases/download/v1.0.2/release-x64.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485198/; classtype:trojan-activity;sid:84348298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485202)"; flow:established,from_client; content:"GET"; http_method; content:"/maiosn12/celex-executor/releases/download/v1.0.1/release-x64.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485202/; classtype:trojan-activity;sid:84348302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485206)"; flow:established,from_client; content:"GET"; http_method; content:"/chrisisme5/dx9ware-roblox/releases/download/v1.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485206/; classtype:trojan-activity;sid:84348306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485207)"; flow:established,from_client; content:"GET"; http_method; content:"/anikthakur05/nosferatu-2/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485207/; classtype:trojan-activity;sid:84348307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485208)"; flow:established,from_client; content:"GET"; http_method; content:"/salsiii/codex-roblox/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485208/; classtype:trojan-activity;sid:84348308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485196)"; flow:established,from_client; content:"GET"; http_method; content:"/massambaf/dx9ware-roblox/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485196/; classtype:trojan-activity;sid:84348296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485194)"; flow:established,from_client; content:"GET"; http_method; content:"/febrixd/synapsez-executor/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485194/; classtype:trojan-activity;sid:84348294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485193)"; flow:established,from_client; content:"GET"; http_method; content:"/khalid2344/mint-executor/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485193/; classtype:trojan-activity;sid:84348293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485152)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ljeur3nyyghkno8rpr3djlli3fpp6rpq"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485152/; classtype:trojan-activity;sid:84348252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485154)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1kzbxe0sxh2nekdwfbbrvyzg6vsu-nmci"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485154/; classtype:trojan-activity;sid:84348254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485144)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1k4idibw1vtsntpbqtvbfabfgm2h5s14d"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485144/; classtype:trojan-activity;sid:84348244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485140)"; flow:established,from_client; content:"GET"; http_method; content:"/dalsaniyacoomercio/hydrogen-executor/releases/download/v1.0/application.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485140/; classtype:trojan-activity;sid:84348240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485126)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1km_hwk7sn_amuk7q2dk9kttzwk1taelw"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485126/; classtype:trojan-activity;sid:84348226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485125)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ek4th7ucqd9_h2yf9orhzhuallukeo0n"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485125/; classtype:trojan-activity;sid:84348225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485118)"; flow:established,from_client; content:"GET"; http_method; content:"/neymitobr/zorara-executor/releases/download/v1.0.1/release-x64.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485118/; classtype:trojan-activity;sid:84348218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485114)"; flow:established,from_client; content:"GET"; http_method; content:"/neymitobr/zorara-executor/releases/download/v1.0.2/release-x64.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485114/; classtype:trojan-activity;sid:84348214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485112)"; flow:established,from_client; content:"GET"; http_method; content:"/filipxvz/roblox-synapse/releases/download/v1.6.2/roblox.synapse.v1.6.2.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485112/; classtype:trojan-activity;sid:84348212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485111)"; flow:established,from_client; content:"GET"; http_method; content:"/msaad453/nexus-roblox/releases/download/v1.0/application.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485111/; classtype:trojan-activity;sid:84348211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484561)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"onyxfortitech.de"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484561/; classtype:trojan-activity;sid:84347661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484565)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"onyxsafenova.de"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484565/; classtype:trojan-activity;sid:84347665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484570)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"onyxleo.de"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484570/; classtype:trojan-activity;sid:84347670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484576)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"accesspoint.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484576/; classtype:trojan-activity;sid:84347676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484546)"; flow:established,from_client; content:"GET"; http_method; content:"/creation_made_by_grokai.mp4%20%20%20openai.com"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"innaflux.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484546/; classtype:trojan-activity;sid:84347646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484493)"; flow:established,from_client; content:"GET"; http_method; content:"/dl17"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484493/; classtype:trojan-activity;sid:84347593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484480)"; flow:established,from_client; content:"GET"; http_method; content:"/timy2007/trigon-evo/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484480/; classtype:trojan-activity;sid:84347580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484481)"; flow:established,from_client; content:"GET"; http_method; content:"/shadowlord11/arceus-executor/releases/download/v1.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484481/; classtype:trojan-activity;sid:84347581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484485)"; flow:established,from_client; content:"GET"; http_method; content:"/timy2007/trigon-evo/releases/download/v2.0/program.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484485/; classtype:trojan-activity;sid:84347585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484474)"; flow:established,from_client; content:"GET"; http_method; content:"/timy2007/trigon-evo/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484474/; classtype:trojan-activity;sid:84347574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484476)"; flow:established,from_client; content:"GET"; http_method; content:"/shadowlord11/arceus-executor/releases/download/v2.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484476/; classtype:trojan-activity;sid:84347576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484478)"; flow:established,from_client; content:"GET"; http_method; content:"/shadowlord11/arceus-executor/releases/download/v2.0/program.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484478/; classtype:trojan-activity;sid:84347578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484465)"; flow:established,from_client; content:"GET"; http_method; content:"/stepegemeyod/codex-roblox/releases/download/v1.0.2/release-x64.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484465/; classtype:trojan-activity;sid:84347565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484466)"; flow:established,from_client; content:"GET"; http_method; content:"/timy2007/trigon-evo/releases/download/v3.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484466/; classtype:trojan-activity;sid:84347566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484463)"; flow:established,from_client; content:"GET"; http_method; content:"/apps/gets.ps1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"masgrave.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484463/; classtype:trojan-activity;sid:84347563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484464)"; flow:established,from_client; content:"GET"; http_method; content:"/stepegemeyod/codex-roblox/releases/download/v1.0.1/release-x64.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484464/; classtype:trojan-activity;sid:84347564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484461)"; flow:established,from_client; content:"GET"; http_method; content:"/shadowlord11/arceus-executor/releases/download/v3.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484461/; classtype:trojan-activity;sid:84347561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483995)"; flow:established,from_client; content:"GET"; http_method; content:"/hoodxsp5dda/domain-executor/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483995/; classtype:trojan-activity;sid:84347095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483996)"; flow:established,from_client; content:"GET"; http_method; content:"/siwon1011/evon-executor/releases/download/v2.0/program.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483996/; classtype:trojan-activity;sid:84347096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483999)"; flow:established,from_client; content:"GET"; http_method; content:"/kevinytx/roblox-nihon/releases/download/v3.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483999/; classtype:trojan-activity;sid:84347099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484001)"; flow:established,from_client; content:"GET"; http_method; content:"/hteregr/roblox-krampus/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484001/; classtype:trojan-activity;sid:84347101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484002)"; flow:established,from_client; content:"GET"; http_method; content:"/siwon1011/evon-executor/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484002/; classtype:trojan-activity;sid:84347102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484003)"; flow:established,from_client; content:"GET"; http_method; content:"/00146664032q/dx9ware-roblox/releases/download/v2.0/program.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484003/; classtype:trojan-activity;sid:84347103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484004)"; flow:established,from_client; content:"GET"; http_method; content:"/hoang24092003/arceus-executor/releases/download/v1.0/application.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484004/; classtype:trojan-activity;sid:84347104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484005)"; flow:established,from_client; content:"GET"; http_method; content:"/kevinytx/roblox-nihon/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484005/; classtype:trojan-activity;sid:84347105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484006)"; flow:established,from_client; content:"GET"; http_method; content:"/siwon1011/evon-executor/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484006/; classtype:trojan-activity;sid:84347106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484007)"; flow:established,from_client; content:"GET"; http_method; content:"/00146664032q/dx9ware-roblox/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484007/; classtype:trojan-activity;sid:84347107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483988)"; flow:established,from_client; content:"GET"; http_method; content:"/loolsfrkg/roblox-oxygen/releases/download/v2.0/program.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483988/; classtype:trojan-activity;sid:84347088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483989)"; flow:established,from_client; content:"GET"; http_method; content:"/00146664032q/dx9ware-roblox/releases/download/v3.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483989/; classtype:trojan-activity;sid:84347089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483990)"; flow:established,from_client; content:"GET"; http_method; content:"/loolsfrkg/roblox-oxygen/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483990/; classtype:trojan-activity;sid:84347090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483991)"; flow:established,from_client; content:"GET"; http_method; content:"/hteregr/roblox-krampus/releases/download/v1.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483991/; classtype:trojan-activity;sid:84347091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483992)"; flow:established,from_client; content:"GET"; http_method; content:"/kevinytx/roblox-nihon/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483992/; classtype:trojan-activity;sid:84347092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483987)"; flow:established,from_client; content:"GET"; http_method; content:"/00146664032q/dx9ware-roblox/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483987/; classtype:trojan-activity;sid:84347087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483985)"; flow:established,from_client; content:"GET"; http_method; content:"/amr414/roblox-celery/releases/download/v1.0/application.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483985/; classtype:trojan-activity;sid:84347085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483986)"; flow:established,from_client; content:"GET"; http_method; content:"/loolsfrkg/roblox-oxygen/releases/download/v3.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483986/; classtype:trojan-activity;sid:84347086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483983)"; flow:established,from_client; content:"GET"; http_method; content:"/hteregr/roblox-krampus/releases/download/v2.0/program.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483983/; classtype:trojan-activity;sid:84347083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483984)"; flow:established,from_client; content:"GET"; http_method; content:"/hoodxsp5dda/domain-executor/releases/download/v3.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483984/; classtype:trojan-activity;sid:84347084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483978)"; flow:established,from_client; content:"GET"; http_method; content:"/loolsfrkg/roblox-oxygen/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483978/; classtype:trojan-activity;sid:84347078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483979)"; flow:established,from_client; content:"GET"; http_method; content:"/hoodxsp5dda/domain-executor/releases/download/v2.0/program.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483979/; classtype:trojan-activity;sid:84347079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483980)"; flow:established,from_client; content:"GET"; http_method; content:"/hoodxsp5dda/domain-executor/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483980/; classtype:trojan-activity;sid:84347080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483406)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1q6iji-1uq5ksrr3luufy3to-jfs4ec4d"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483406/; classtype:trojan-activity;sid:84346506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483323)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1t_h_eu-5meupkkfv3hodgoedmavqmpit"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483323/; classtype:trojan-activity;sid:84346423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483320)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1fhxdzqg5lkzllr_-c0tgrhpjvihp25ji"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483320/; classtype:trojan-activity;sid:84346420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483319)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1inbpqtz2qyus0zqldnbhutbzwgdghhs0"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483319/; classtype:trojan-activity;sid:84346419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483317)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1g4q6iay5qjzlgigjqnwftkdc5-o_2pqx"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483317/; classtype:trojan-activity;sid:84346417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483316)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1hau14yej_4avfjuhym_bme4icvx1nqgq"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483316/; classtype:trojan-activity;sid:84346416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483311)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=19oyoc9sosknxnhyr6e7yrdumyqr6ixdz"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483311/; classtype:trojan-activity;sid:84346411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483309)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1cl-nvhrrue_wg2zkpuxmvk40tk3knacb"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483309/; classtype:trojan-activity;sid:84346409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483310)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1wuuhgyp5h960nq0lytu0zaxialb78byb"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483310/; classtype:trojan-activity;sid:84346410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483308)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=10yn0gknsk0hopi5eyv9vxkxxvmwi9k4u"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483308/; classtype:trojan-activity;sid:84346408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483034)"; flow:established,from_client; content:"GET"; http_method; content:"/alfroy/roblox-incognito/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483034/; classtype:trojan-activity;sid:84346134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483030)"; flow:established,from_client; content:"GET"; http_method; content:"/iampoo31331/hydrogen-executor/releases/download/v1.0/executor.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483030/; classtype:trojan-activity;sid:84346130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483023)"; flow:established,from_client; content:"GET"; http_method; content:"/solodeveloperop/roexec-executor/releases/download/v2.0/program.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483023/; classtype:trojan-activity;sid:84346123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483025)"; flow:established,from_client; content:"GET"; http_method; content:"/thealonemax/roexec-executor/releases/download/v1.0/executor.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483025/; classtype:trojan-activity;sid:84346125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483026)"; flow:established,from_client; content:"GET"; http_method; content:"/progmainging/roblox-celery/releases/download/2.9.9-alpha.2/roblox.celery.2.9.9.alpha.2.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483026/; classtype:trojan-activity;sid:84346126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483027)"; flow:established,from_client; content:"GET"; http_method; content:"/doszxc/hydrogen-executor/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483027/; classtype:trojan-activity;sid:84346127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483028)"; flow:established,from_client; content:"GET"; http_method; content:"/doszxc/hydrogen-executor/releases/download/v3.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483028/; classtype:trojan-activity;sid:84346128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483029)"; flow:established,from_client; content:"GET"; http_method; content:"/masterlines/electron-executor/releases/download/v1.0/executor.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483029/; classtype:trojan-activity;sid:84346129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483018)"; flow:established,from_client; content:"GET"; http_method; content:"/alfroy/roblox-incognito/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483018/; classtype:trojan-activity;sid:84346118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483019)"; flow:established,from_client; content:"GET"; http_method; content:"/masterlines/electron-executor/releases/download/v2.0/program.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483019/; classtype:trojan-activity;sid:84346119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483020)"; flow:established,from_client; content:"GET"; http_method; content:"/doszxc/hydrogen-executor/releases/download/v2.0/program.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483020/; classtype:trojan-activity;sid:84346120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483021)"; flow:established,from_client; content:"GET"; http_method; content:"/pochimoli/electron-executor/releases/download/v1.0.2/release-x64.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483021/; classtype:trojan-activity;sid:84346121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483017)"; flow:established,from_client; content:"GET"; http_method; content:"/pochimoli/electron-executor/releases/download/v1.0.1/release-x64.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483017/; classtype:trojan-activity;sid:84346117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483015)"; flow:established,from_client; content:"GET"; http_method; content:"/thealonemax/roexec-executor/releases/download/v2.0/program.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483015/; classtype:trojan-activity;sid:84346115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483014)"; flow:established,from_client; content:"GET"; http_method; content:"/doszxc/hydrogen-executor/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483014/; classtype:trojan-activity;sid:84346114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483008)"; flow:established,from_client; content:"GET"; http_method; content:"/alfroy/roblox-incognito/releases/download/v3.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483008/; classtype:trojan-activity;sid:84346108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483006)"; flow:established,from_client; content:"GET"; http_method; content:"/alfroy/roblox-incognito/releases/download/v2.0/program.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483006/; classtype:trojan-activity;sid:84346106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482360)"; flow:established,from_client; content:"GET"; http_method; content:"/omio-saha/spotify_data_pipe_snowflake/releases/download/v1.0/release_x64.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482360/; classtype:trojan-activity;sid:84345460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482367)"; flow:established,from_client; content:"GET"; http_method; content:"/qaqmmw/music-recommendation-based-on-facial-expression/releases/download/v1.0/software.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482367/; classtype:trojan-activity;sid:84345467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482368)"; flow:established,from_client; content:"GET"; http_method; content:"/qaqmmw/music-recommendation-based-on-facial-expression/releases/download/v2.0/software.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482368/; classtype:trojan-activity;sid:84345468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482333)"; flow:established,from_client; content:"GET"; http_method; content:"/k4tuu/roblox-faxi-macro/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482333/; classtype:trojan-activity;sid:84345433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482343)"; flow:established,from_client; content:"GET"; http_method; content:"/neffriana/swift-executor/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482343/; classtype:trojan-activity;sid:84345443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482330)"; flow:established,from_client; content:"GET"; http_method; content:"/namexer4all/evon-executor/releases/download/v1.0.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482330/; classtype:trojan-activity;sid:84345430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482262)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/css/colors/sunrise/xundfaxgnsp84.bin"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"www.automobile-bk.de"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482262/; classtype:trojan-activity;sid:84345362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482259)"; flow:established,from_client; content:"GET"; http_method; content:"/2023/xundfaxgnsp84.bin"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.luuk-lifestyle.eu"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482259/; classtype:trojan-activity;sid:84345359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482257)"; flow:established,from_client; content:"GET"; http_method; content:"/bear/2020/goldarnedest.aca"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"www.support-data.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482257/; classtype:trojan-activity;sid:84345357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482036)"; flow:established,from_client; content:"GET"; http_method; content:"/x.jpg"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"94.159.113.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482036/; classtype:trojan-activity;sid:84345136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481956)"; flow:established,from_client; content:"GET"; http_method; content:"/numonehittaboy/cdn/refs/heads/main/cvf.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481956/; classtype:trojan-activity;sid:84345056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.79.114.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481604/; classtype:trojan-activity;sid:84344704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481610)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.103.130.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481610/; classtype:trojan-activity;sid:84344710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481344)"; flow:established,from_client; content:"GET"; http_method; content:"/alishazara/api/refs/heads/master/rh_s.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481344/; classtype:trojan-activity;sid:84344444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481138)"; flow:established,from_client; content:"GET"; http_method; content:"/6354/70534a410169b51c914e9ac9ca318c73/skidanov2017.pdf"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"2024.sci-hub.se"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481138/; classtype:trojan-activity;sid:84344238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480616)"; flow:established,from_client; content:"GET"; http_method; content:"/ty9989/u/raw/main/ud.bat"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480616/; classtype:trojan-activity;sid:84343716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480361)"; flow:established,from_client; content:"GET"; http_method; content:"/elijahhx/dead1ock-h4ck/releases/download/v2.0/program.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480361/; classtype:trojan-activity;sid:84343461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480359)"; flow:established,from_client; content:"GET"; http_method; content:"/nurraif/mytonwallet/releases/download/v2.0/program.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480359/; classtype:trojan-activity;sid:84343459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480320)"; flow:established,from_client; content:"GET"; http_method; content:"/thilakshanthavarajah/simpletemp-demo/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480320/; classtype:trojan-activity;sid:84343420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480322)"; flow:established,from_client; content:"GET"; http_method; content:"/dasara21/hypermatch/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480322/; classtype:trojan-activity;sid:84343422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480279)"; flow:established,from_client; content:"GET"; http_method; content:"/pig85236/45k-udemy-course-wordpress-posts/releases/download/v2.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480279/; classtype:trojan-activity;sid:84343379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480277)"; flow:established,from_client; content:"GET"; http_method; content:"/gwynelan/linux-basics-for-hackers/releases/download/v2.1.2/linux-basics-for-hackers-v2.1.2.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480277/; classtype:trojan-activity;sid:84343377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480278)"; flow:established,from_client; content:"GET"; http_method; content:"/thanatapn/postman-api-client-setup/releases/download/v1.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480278/; classtype:trojan-activity;sid:84343378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480271)"; flow:established,from_client; content:"GET"; http_method; content:"/yusen0820/linux-basics-for-hackers/releases/download/v2.6.9/linux-basics-for-hackers-v2.6.9.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480271/; classtype:trojan-activity;sid:84343371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480273)"; flow:established,from_client; content:"GET"; http_method; content:"/kietmio/awesome-nlp-papers/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480273/; classtype:trojan-activity;sid:84343373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480274)"; flow:established,from_client; content:"GET"; http_method; content:"/gollfinho/browser-testing/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480274/; classtype:trojan-activity;sid:84343374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480275)"; flow:established,from_client; content:"GET"; http_method; content:"/barza22/phpstorm-jetbrains-unlimited-ide/releases/download/v1.0/software.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480275/; classtype:trojan-activity;sid:84343375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480276)"; flow:established,from_client; content:"GET"; http_method; content:"/matezk1/rufus-bootable-usb-installer-2025/releases/download/v1.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480276/; classtype:trojan-activity;sid:84343376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480269)"; flow:established,from_client; content:"GET"; http_method; content:"/erichoang2809/rivals-script/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480269/; classtype:trojan-activity;sid:84343369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480264)"; flow:established,from_client; content:"GET"; http_method; content:"/basha2247/driver-booster-pro-installer-2025/releases/download/v1.6.7/driver.booster.pro.installer.2025.v1.6.7.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480264/; classtype:trojan-activity;sid:84343364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480265)"; flow:established,from_client; content:"GET"; http_method; content:"/dannythescripter/rails-modern-stack-template/releases/download/v2.0/software.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480265/; classtype:trojan-activity;sid:84343365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480243)"; flow:established,from_client; content:"GET"; http_method; content:"/monggosporlyp/circlexo/releases/download/v1.2/soft.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480243/; classtype:trojan-activity;sid:84343343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480244)"; flow:established,from_client; content:"GET"; http_method; content:"/progmainging/roblox-celery/releases/download/3.8.2/roblox.celery.3.8.2.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480244/; classtype:trojan-activity;sid:84343344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480245)"; flow:established,from_client; content:"GET"; http_method; content:"/mynameisbenja/metodis_bot/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480245/; classtype:trojan-activity;sid:84343345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480236)"; flow:established,from_client; content:"GET"; http_method; content:"/vixiecheatz/free-lita-raider/releases/download/v3.4.1/free-lita-raider-v3.4.1.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480236/; classtype:trojan-activity;sid:84343336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480239)"; flow:established,from_client; content:"GET"; http_method; content:"/gnascimento10/roblox-beaming-tool/releases/download/v2.0/application.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480239/; classtype:trojan-activity;sid:84343339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480241)"; flow:established,from_client; content:"GET"; http_method; content:"/itzmartinsk/atlant_bot/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480241/; classtype:trojan-activity;sid:84343341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3479407)"; flow:established,from_client; content:"GET"; http_method; content:"/john22-cell/codex-roblox-2025/releases/download/v1.3.0/codex.roblox.sunset.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_16; reference:url, urlhaus.abuse.ch/url/3479407/; classtype:trojan-activity;sid:84342507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3479330)"; flow:established,from_client; content:"GET"; http_method; content:"/arcnassss/roblox/releases/download/v2.5.9/roblox_v2.5.9.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_16; reference:url, urlhaus.abuse.ch/url/3479330/; classtype:trojan-activity;sid:84342430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3479331)"; flow:established,from_client; content:"GET"; http_method; content:"/nightlant/krnl-executor/releases/download/2.7.3/krnl-executor-2.7.3.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_16; reference:url, urlhaus.abuse.ch/url/3479331/; classtype:trojan-activity;sid:84342431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3479332)"; flow:established,from_client; content:"GET"; http_method; content:"/earth789dadadad/roblox-scriptify/releases/download/v1.0.2/release-x64.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_16; reference:url, urlhaus.abuse.ch/url/3479332/; classtype:trojan-activity;sid:84342432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3479334)"; flow:established,from_client; content:"GET"; http_method; content:"/gusttahtxdev/roblox-incognito/releases/download/v1.0.2/release-x64.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_16; reference:url, urlhaus.abuse.ch/url/3479334/; classtype:trojan-activity;sid:84342434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3479335)"; flow:established,from_client; content:"GET"; http_method; content:"/walter2016/krnl-lua-script-injector-for-roblox-game-development/releases/download/v1.3.4/krnl.lua.script.injector.v1.3.4.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_16; reference:url, urlhaus.abuse.ch/url/3479335/; classtype:trojan-activity;sid:84342435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3479329)"; flow:established,from_client; content:"GET"; http_method; content:"/enderrobohd/codex-roblox-2025/releases/download/2.1.7/codex.roblox.2025.version.2.1.7.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_16; reference:url, urlhaus.abuse.ch/url/3479329/; classtype:trojan-activity;sid:84342429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3479326)"; flow:established,from_client; content:"GET"; http_method; content:"/breezygenerator/roblox-synapse/releases/download/semimonster/roblox.synapse.semimonster.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_16; reference:url, urlhaus.abuse.ch/url/3479326/; classtype:trojan-activity;sid:84342426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3479322)"; flow:established,from_client; content:"GET"; http_method; content:"/xtone12/roblox-celery/releases/download/v3.3.6/roblox.celery.v3.3.6.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_16; reference:url, urlhaus.abuse.ch/url/3479322/; classtype:trojan-activity;sid:84342422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3479323)"; flow:established,from_client; content:"GET"; http_method; content:"/hellochat00000/roblox-fisch-script/releases/download/1.1.5-beta.5/roblox-fisch-script-1.1.5-beta.5.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_16; reference:url, urlhaus.abuse.ch/url/3479323/; classtype:trojan-activity;sid:84342423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3479325)"; flow:established,from_client; content:"GET"; http_method; content:"/nt8068/awp.gg-executor-roblox/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_16; reference:url, urlhaus.abuse.ch/url/3479325/; classtype:trojan-activity;sid:84342425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3479159)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxsafetrack.de"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_16; reference:url, urlhaus.abuse.ch/url/3479159/; classtype:trojan-activity;sid:84342259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3479154)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxstealthnet.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_16; reference:url, urlhaus.abuse.ch/url/3479154/; classtype:trojan-activity;sid:84342254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3479152)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxaquarius.de"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_16; reference:url, urlhaus.abuse.ch/url/3479152/; classtype:trojan-activity;sid:84342252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3478783)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.79.114.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_15; reference:url, urlhaus.abuse.ch/url/3478783/; classtype:trojan-activity;sid:84341883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3478691)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.88.134.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_15; reference:url, urlhaus.abuse.ch/url/3478691/; classtype:trojan-activity;sid:84341791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3478657)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"66.196.62.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_15; reference:url, urlhaus.abuse.ch/url/3478657/; classtype:trojan-activity;sid:84341757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3478613)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.45.73.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_15; reference:url, urlhaus.abuse.ch/url/3478613/; classtype:trojan-activity;sid:84341713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3478512)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"1.1.109.99"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_15; reference:url, urlhaus.abuse.ch/url/3478512/; classtype:trojan-activity;sid:84341612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3478498)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.149.178.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_15; reference:url, urlhaus.abuse.ch/url/3478498/; classtype:trojan-activity;sid:84341598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477548)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxleo.de"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477548/; classtype:trojan-activity;sid:84340648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477468)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxfortifypro.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477468/; classtype:trojan-activity;sid:84340568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477469)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxguardshift.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477469/; classtype:trojan-activity;sid:84340569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477470)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxnexguard.de"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477470/; classtype:trojan-activity;sid:84340570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477460)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxsentinelx.de"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477460/; classtype:trojan-activity;sid:84340560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477462)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxsafecrypt.de"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477462/; classtype:trojan-activity;sid:84340562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477457)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxsecuregate.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477457/; classtype:trojan-activity;sid:84340557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477302)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxfortitech.de"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477302/; classtype:trojan-activity;sid:84340402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477161)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxcyberapex.de"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477161/; classtype:trojan-activity;sid:84340261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477157)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxsafenova.de"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477157/; classtype:trojan-activity;sid:84340257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475899)"; flow:established,from_client; content:"GET"; http_method; content:"/afjhr/iexplorer-free/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475899/; classtype:trojan-activity;sid:84338999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475894)"; flow:established,from_client; content:"GET"; http_method; content:"/farizalsalman21/keon/releases/download/v2.0/release_x64.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475894/; classtype:trojan-activity;sid:84338994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475896)"; flow:established,from_client; content:"GET"; http_method; content:"/iqquxd/futzin-online/releases/download/v2.0/release_x64.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475896/; classtype:trojan-activity;sid:84338996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475656)"; flow:established,from_client; content:"GET"; http_method; content:"/pufferfish420/fixing-error-0x8007000e/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475656/; classtype:trojan-activity;sid:84338756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475655)"; flow:established,from_client; content:"GET"; http_method; content:"/pritamdash143/art-expo/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475655/; classtype:trojan-activity;sid:84338755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475653)"; flow:established,from_client; content:"GET"; http_method; content:"/narfor502/cucumberbddframework/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475653/; classtype:trojan-activity;sid:84338753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475642)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/githubtutorial/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475642/; classtype:trojan-activity;sid:84338742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475643)"; flow:established,from_client; content:"GET"; http_method; content:"/itsuzerz/evon-executor/releases/download/v2.0/application.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475643/; classtype:trojan-activity;sid:84338743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475644)"; flow:established,from_client; content:"GET"; http_method; content:"/phamtaino/fixing-error-0x80004005-unspecified/releases/download/v2.0/software.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475644/; classtype:trojan-activity;sid:84338744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475645)"; flow:established,from_client; content:"GET"; http_method; content:"/attorneywenn/pragati_backend_2025/releases/download/v2.0/application.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475645/; classtype:trojan-activity;sid:84338745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475646)"; flow:established,from_client; content:"GET"; http_method; content:"/pufferfish420/fixing-error-0x8007000e/releases/download/v2.0/program.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475646/; classtype:trojan-activity;sid:84338746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475647)"; flow:established,from_client; content:"GET"; http_method; content:"/andreh219/freeflux/releases/download/v2.0/application.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475647/; classtype:trojan-activity;sid:84338747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475650)"; flow:established,from_client; content:"GET"; http_method; content:"/noob123-art/hamster-clicker/releases/download/v3.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475650/; classtype:trojan-activity;sid:84338750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475651)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_selinux/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475651/; classtype:trojan-activity;sid:84338751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475624)"; flow:established,from_client; content:"GET"; http_method; content:"/boomerxd69/amog-os-lts/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475624/; classtype:trojan-activity;sid:84338724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475625)"; flow:established,from_client; content:"GET"; http_method; content:"/7777suprim/expo-rsc-movies/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475625/; classtype:trojan-activity;sid:84338725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475626)"; flow:established,from_client; content:"GET"; http_method; content:"/progamer912-commits/dayz-cheat-h4ck-a1mb0t/releases/download/v2.0/application.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475626/; classtype:trojan-activity;sid:84338726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475627)"; flow:established,from_client; content:"GET"; http_method; content:"/msaad453/nexus-roblox/releases/download/v2.0/application.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475627/; classtype:trojan-activity;sid:84338727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475628)"; flow:established,from_client; content:"GET"; http_method; content:"/superoidaa/fixing-error-0x803f8001/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475628/; classtype:trojan-activity;sid:84338728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475629)"; flow:established,from_client; content:"GET"; http_method; content:"/siwon1011/evon-executor/releases/download/v3.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475629/; classtype:trojan-activity;sid:84338729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475630)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_tinyxml/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475630/; classtype:trojan-activity;sid:84338730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475631)"; flow:established,from_client; content:"GET"; http_method; content:"/vyshnavidevi11/frtproject/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475631/; classtype:trojan-activity;sid:84338731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475634)"; flow:established,from_client; content:"GET"; http_method; content:"/trey89878668/dagger/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475634/; classtype:trojan-activity;sid:84338734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475635)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/realtime-chat-app/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475635/; classtype:trojan-activity;sid:84338735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475636)"; flow:established,from_client; content:"GET"; http_method; content:"/itznaviya/hamster-kombat-bot/releases/download/v3.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475636/; classtype:trojan-activity;sid:84338736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475637)"; flow:established,from_client; content:"GET"; http_method; content:"/kasonsh2450/fixing-error-0x80070005-access-denied/releases/download/v2.0/software.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475637/; classtype:trojan-activity;sid:84338737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475638)"; flow:established,from_client; content:"GET"; http_method; content:"/baomeomeo/speech/releases/download/v2.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475638/; classtype:trojan-activity;sid:84338738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475639)"; flow:established,from_client; content:"GET"; http_method; content:"/toanminh2004/fixing-error-0x80070424-specified-service/releases/download/v2.0/software.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475639/; classtype:trojan-activity;sid:84338739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475640)"; flow:established,from_client; content:"GET"; http_method; content:"/chrisgod/projectzomboidmodmenu/releases/download/v2.0/application.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475640/; classtype:trojan-activity;sid:84338740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475641)"; flow:established,from_client; content:"GET"; http_method; content:"/ggggddjh/fixing-error-0xc0000142/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475641/; classtype:trojan-activity;sid:84338741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475614)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/youtube_playlist_downloader/releases/download/v2.0/application.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475614/; classtype:trojan-activity;sid:84338714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475615)"; flow:established,from_client; content:"GET"; http_method; content:"/naiahahah/musicbox/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475615/; classtype:trojan-activity;sid:84338715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475616)"; flow:established,from_client; content:"GET"; http_method; content:"/hteregr/roblox-krampus/releases/download/v3.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475616/; classtype:trojan-activity;sid:84338716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475620)"; flow:established,from_client; content:"GET"; http_method; content:"/kasonsh2450/bananan-shooter-hack-interna-/releases/download/v2.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475620/; classtype:trojan-activity;sid:84338720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475621)"; flow:established,from_client; content:"GET"; http_method; content:"/godsetup/aspx-gh0st-executor/releases/download/v2.0/application.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475621/; classtype:trojan-activity;sid:84338721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475623)"; flow:established,from_client; content:"GET"; http_method; content:"/zilts345890/golang-html-parsing/releases/download/v2.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475623/; classtype:trojan-activity;sid:84338723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475613)"; flow:established,from_client; content:"GET"; http_method; content:"/itzidkmoment/flutter_flower_clone_app/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475613/; classtype:trojan-activity;sid:84338713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475604)"; flow:established,from_client; content:"GET"; http_method; content:"/akusayudodograu/agentic-rag-story-generation-with-multimodal-genai/releases/download/v2.0/software.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475604/; classtype:trojan-activity;sid:84338704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474916)"; flow:established,from_client; content:"GET"; http_method; content:"/afonsosousait/freeroam/releases/download/v1.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474916/; classtype:trojan-activity;sid:84338016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474801)"; flow:established,from_client; content:"GET"; http_method; content:"/muterfree/nexus-roblox/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474801/; classtype:trojan-activity;sid:84337901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474802)"; flow:established,from_client; content:"GET"; http_method; content:"/rafy35198/jjsploit/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474802/; classtype:trojan-activity;sid:84337902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474803)"; flow:established,from_client; content:"GET"; http_method; content:"/micheldouglas/roexec-executor/releases/download/v2.0/application.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474803/; classtype:trojan-activity;sid:84337903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474805)"; flow:established,from_client; content:"GET"; http_method; content:"/okallo123/roblox-faxi-macro/releases/download/v2.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474805/; classtype:trojan-activity;sid:84337905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474808)"; flow:established,from_client; content:"GET"; http_method; content:"/giiyu12/codex-roblox/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474808/; classtype:trojan-activity;sid:84337908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474809)"; flow:established,from_client; content:"GET"; http_method; content:"/meshmod/roblox-celery/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474809/; classtype:trojan-activity;sid:84337909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474810)"; flow:established,from_client; content:"GET"; http_method; content:"/batman00md/roblox-fisch-script/releases/download/v2.0/application.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474810/; classtype:trojan-activity;sid:84337910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474813)"; flow:established,from_client; content:"GET"; http_method; content:"/lawrencesanity1108/gta-5-mod-menu-2024/releases/download/v2.0/software.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474813/; classtype:trojan-activity;sid:84337913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474817)"; flow:established,from_client; content:"GET"; http_method; content:"/agr1us/roblox-oxygen/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474817/; classtype:trojan-activity;sid:84337917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474819)"; flow:established,from_client; content:"GET"; http_method; content:"/kaykycampos/gta-benchmark/releases/download/v2.0/release_x64.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474819/; classtype:trojan-activity;sid:84337919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474820)"; flow:established,from_client; content:"GET"; http_method; content:"/iampoo31331/hydrogen-executor/releases/download/v2.0/program.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474820/; classtype:trojan-activity;sid:84337920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474758)"; flow:established,from_client; content:"GET"; http_method; content:"/namexer4all/evon-executor/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474758/; classtype:trojan-activity;sid:84337858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474759)"; flow:established,from_client; content:"GET"; http_method; content:"/duduzx/como-ba/releases/download/v2.0/software.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474759/; classtype:trojan-activity;sid:84337859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474760)"; flow:established,from_client; content:"GET"; http_method; content:"/relic87/blox-fruits-script-roblox/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474760/; classtype:trojan-activity;sid:84337860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474750)"; flow:established,from_client; content:"GET"; http_method; content:"/pixxxxxss/roblox-celery/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474750/; classtype:trojan-activity;sid:84337850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474738)"; flow:established,from_client; content:"GET"; http_method; content:"/hoang24092003/arceus-executor/releases/download/v2.0/application.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474738/; classtype:trojan-activity;sid:84337838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474740)"; flow:established,from_client; content:"GET"; http_method; content:"/amr414/roblox-celery/releases/download/v2.0/application.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474740/; classtype:trojan-activity;sid:84337840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474742)"; flow:established,from_client; content:"GET"; http_method; content:"/newgenmightywarrior/nexus-roblox/releases/download/v2.0/application.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474742/; classtype:trojan-activity;sid:84337842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474743)"; flow:established,from_client; content:"GET"; http_method; content:"/chenjee/roblox-scriptify/releases/download/v2.0/application.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474743/; classtype:trojan-activity;sid:84337843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474744)"; flow:established,from_client; content:"GET"; http_method; content:"/doomzday4032/blox-fruits-autofarm/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474744/; classtype:trojan-activity;sid:84337844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474745)"; flow:established,from_client; content:"GET"; http_method; content:"/dalsaniyacoomercio/hydrogen-executor/releases/download/v2.0/application.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474745/; classtype:trojan-activity;sid:84337845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474746)"; flow:established,from_client; content:"GET"; http_method; content:"/juanvicthor/argon-executor/releases/download/v2.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474746/; classtype:trojan-activity;sid:84337846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474749)"; flow:established,from_client; content:"GET"; http_method; content:"/ishratali007/n3xus-scr1pt-r0bl0x/releases/download/v1.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474749/; classtype:trojan-activity;sid:84337849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473787)"; flow:established,from_client; content:"GET"; http_method; content:"/cartervr/taxdatabase-sql-tableau/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473787/; classtype:trojan-activity;sid:84336887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473781)"; flow:established,from_client; content:"GET"; http_method; content:"/seltarrx/vite-react-project-setup-scripts/releases/download/v2.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473781/; classtype:trojan-activity;sid:84336881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473782)"; flow:established,from_client; content:"GET"; http_method; content:"/preakp90/python_wallpaper_crawler/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473782/; classtype:trojan-activity;sid:84336882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473783)"; flow:established,from_client; content:"GET"; http_method; content:"/awisyhaziq/g4/releases/download/v2.0/software.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473783/; classtype:trojan-activity;sid:84336883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473765)"; flow:established,from_client; content:"GET"; http_method; content:"/xterminatordenuci/optimiseur-de-slug-url/releases/download/v2.0/software.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473765/; classtype:trojan-activity;sid:84336865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473766)"; flow:established,from_client; content:"GET"; http_method; content:"/ggusercool/pancakeswapbnbprediction/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473766/; classtype:trojan-activity;sid:84336866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473767)"; flow:established,from_client; content:"GET"; http_method; content:"/nass3344/trello-like-api/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473767/; classtype:trojan-activity;sid:84336867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473768)"; flow:established,from_client; content:"GET"; http_method; content:"/ab-ff/multi-bit-comparator/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473768/; classtype:trojan-activity;sid:84336868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473770)"; flow:established,from_client; content:"GET"; http_method; content:"/99monisha/smart-web-scraper-2.0-using-gen-ai/releases/download/v1.0/software.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473770/; classtype:trojan-activity;sid:84336870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473771)"; flow:established,from_client; content:"GET"; http_method; content:"/hambez/stm32-imu-visualizer/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473771/; classtype:trojan-activity;sid:84336871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473774)"; flow:established,from_client; content:"GET"; http_method; content:"/huizuohaode/ai-image-generator/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473774/; classtype:trojan-activity;sid:84336874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473775)"; flow:established,from_client; content:"GET"; http_method; content:"/jaydenth/roblox-synapse/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473775/; classtype:trojan-activity;sid:84336875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473776)"; flow:established,from_client; content:"GET"; http_method; content:"/brevidade/fleet-pattern/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473776/; classtype:trojan-activity;sid:84336876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473777)"; flow:established,from_client; content:"GET"; http_method; content:"/yosif9999/hamster-clicker/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473777/; classtype:trojan-activity;sid:84336877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473778)"; flow:established,from_client; content:"GET"; http_method; content:"/youssefmasoud19999/instagram-auto-liker/releases/download/v1.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473778/; classtype:trojan-activity;sid:84336878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473779)"; flow:established,from_client; content:"GET"; http_method; content:"/led-sol/mental-health-chatbot/releases/download/v1.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473779/; classtype:trojan-activity;sid:84336879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473576)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ovluq0bdu-cys5xvyogyjd5qidqb1per"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473576/; classtype:trojan-activity;sid:84336676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473160)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1d4aper-gjv3agk8yeny5scayonlc68yo"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473160/; classtype:trojan-activity;sid:84336260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473085)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.187.4.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473085/; classtype:trojan-activity;sid:84336185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472771)"; flow:established,from_client; content:"GET"; http_method; content:"/ujkflzer45sc0"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.148.3.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472771/; classtype:trojan-activity;sid:84335871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472675)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig/xmrig/releases/download/v6.22.2/xmrig-6.22.2-linux-static-x64.tar.gz"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472675/; classtype:trojan-activity;sid:84335775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472068)"; flow:established,from_client; content:"GET"; http_method; content:"/_wcm_images/prod.jpg"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"employees.medicalcenterclinic.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472068/; classtype:trojan-activity;sid:84335168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472065)"; flow:established,from_client; content:"GET"; http_method; content:"/_wcm_images/toke.jpg"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"employees.medicalcenterclinic.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472065/; classtype:trojan-activity;sid:84335165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472066)"; flow:established,from_client; content:"GET"; http_method; content:"/_wcm_images/si.jpg"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"employees.medicalcenterclinic.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472066/; classtype:trojan-activity;sid:84335166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472063)"; flow:established,from_client; content:"GET"; http_method; content:"/_wcm_images/bea.jpg"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"employees.medicalcenterclinic.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472063/; classtype:trojan-activity;sid:84335163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471988)"; flow:established,from_client; content:"GET"; http_method; content:"/srv/fup/uploads/drgdf.hgfg"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"www.blackhost.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471988/; classtype:trojan-activity;sid:84335088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470671)"; flow:established,from_client; content:"GET"; http_method; content:"/ly/4d2c3f00-7d4c-11e5-af15-41bf63ae4ea0/1728896464326/4.txt"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"fs-im-kefu.7moor-fs1.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470671/; classtype:trojan-activity;sid:84333771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470670)"; flow:established,from_client; content:"GET"; http_method; content:"/ly/4d2c3f00-7d4c-11e5-af15-41bf63ae4ea0/1741169086388/3.txt"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"fs-im-kefu.7moor-fs1.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470670/; classtype:trojan-activity;sid:84333770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470668)"; flow:established,from_client; content:"GET"; http_method; content:"/ly/4d2c3f00-7d4c-11e5-af15-41bf63ae4ea0/1741001373486/7.txt"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"fs-im-kefu.7moor-fs1.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470668/; classtype:trojan-activity;sid:84333768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469685)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"128.127.102.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469685/; classtype:trojan-activity;sid:84332785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468872)"; flow:established,from_client; content:"GET"; http_method; content:"/xraqwapfu.pdf"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"galerisenimutiara.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468872/; classtype:trojan-activity;sid:84331972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468511)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"146.66.163.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468511/; classtype:trojan-activity;sid:84331611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468444)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.128.157.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468444/; classtype:trojan-activity;sid:84331544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467628)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1eczx8yjtfxwos26grqtdixajed3ukcao"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467628/; classtype:trojan-activity;sid:84330728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467629)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1drptefwc7xybtum52bikrhp4j4l6lttc"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467629/; classtype:trojan-activity;sid:84330729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467546)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f2d42ffe-779b-4107-ac42-7f36375aab37/downloads/fojik.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467546/; classtype:trojan-activity;sid:84330646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467537)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/61705749605.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467537/; classtype:trojan-activity;sid:84330637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467538)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/dd3b43cd-389e-413e-87b9-e21f40c2630d/downloads/guledazawabumoda.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467538/; classtype:trojan-activity;sid:84330638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467530)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20220125031952if_/https://uploads.strikinglycdn.com/files/8318c966-e52a-40ef-94e6-45f59a0c5fd2/7093784418.pdf"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467530/; classtype:trojan-activity;sid:84330630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467533)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/637623a6-af9b-4a69-90a8-85cd562c999e/downloads/niwexokaburule.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467533/; classtype:trojan-activity;sid:84330633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467528)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/96f90b6e-3939-4cac-a3ad-eba9fb8219bf/downloads/71599608952.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467528/; classtype:trojan-activity;sid:84330628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467523)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3e712c63-2f24-4e6b-a5dc-ff3233100bea/downloads/72290413200.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467523/; classtype:trojan-activity;sid:84330623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467524)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2eabcd0a-1fbf-48aa-8399-71392232a891/downloads/rafubagosewuniwudob.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467524/; classtype:trojan-activity;sid:84330624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467525)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/70485427967.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467525/; classtype:trojan-activity;sid:84330625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467526)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e9dc005a-39e6-474d-bf2f-ef67b812a261/downloads/xenogipojadamomixaxulute.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467526/; classtype:trojan-activity;sid:84330626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467527)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/9089368795.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467527/; classtype:trojan-activity;sid:84330627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467516)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/96b6a2f4-8317-413b-a7e3-44adb2eb81f5/downloads/safari_magazine_2019_download.pdf"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467516/; classtype:trojan-activity;sid:84330616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467517)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8014aeaa-17b8-4bcd-a9d7-094ad1ff7644/downloads/fusoze.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467517/; classtype:trojan-activity;sid:84330617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467519)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/plan_technique_piscine_a_debordement.pdf"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467519/; classtype:trojan-activity;sid:84330619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467521)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/83838390139.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467521/; classtype:trojan-activity;sid:84330621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467510)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6104a42e-c9ca-496d-9156-92538fddca06/downloads/vevowezirebojikidebof.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467510/; classtype:trojan-activity;sid:84330610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467513)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/temisipilotiba.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467513/; classtype:trojan-activity;sid:84330613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467501)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/79427765137.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467501/; classtype:trojan-activity;sid:84330601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467478)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/examples_of_employee_goals_for_performance_review.pdf"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467478/; classtype:trojan-activity;sid:84330578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467477)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/50228966329.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467477/; classtype:trojan-activity;sid:84330577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467475)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/educational_leadership_philosophy_examples.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467475/; classtype:trojan-activity;sid:84330575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467476)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/299c0676-bac5-4db6-8fea-3075091e1687/downloads/61526216713.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467476/; classtype:trojan-activity;sid:84330576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467465)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/gumofeke.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467465/; classtype:trojan-activity;sid:84330565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467466)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5a9e93e0-0f17-4e5e-a00c-88e3958ec770/downloads/mawanigokur.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467466/; classtype:trojan-activity;sid:84330566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467469)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/36054141231.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467469/; classtype:trojan-activity;sid:84330569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467470)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a37fc73a-27ae-4e8d-87b6-7c807b298be6/downloads/85925649248.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467470/; classtype:trojan-activity;sid:84330570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467471)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/educacion_financiera_avanzada_partiendo_de_cero_autor_gregor.pdf"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467471/; classtype:trojan-activity;sid:84330571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467472)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/663ae0bf-1142-4d7a-8653-755553f6852e/downloads/lejafarezafig.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467472/; classtype:trojan-activity;sid:84330572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467474)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/biwejukajurel.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467474/; classtype:trojan-activity;sid:84330574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467458)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/6083216094.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467458/; classtype:trojan-activity;sid:84330558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467459)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/62128af0-82d0-4bae-b967-d393a4304003/downloads/69065118383.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467459/; classtype:trojan-activity;sid:84330559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467461)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/51e053ea-8122-46e3-bee6-6c00a935619c/downloads/40061082597.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467461/; classtype:trojan-activity;sid:84330561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467462)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/34a417cb-7930-4ae3-8428-8420716ba08a/downloads/94224235634.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467462/; classtype:trojan-activity;sid:84330562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467463)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/739cff78-28a4-4749-8c7f-abf371b6a947/downloads/62789327536.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467463/; classtype:trojan-activity;sid:84330563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467464)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ee12fbcb-3848-4c54-8690-0d9c760d3837/downloads/5683334295.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467464/; classtype:trojan-activity;sid:84330564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467453)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d9b3f7f8-355a-428e-bb44-74bff775274d/downloads/supix.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467453/; classtype:trojan-activity;sid:84330553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467454)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/670646a4-4ce8-4367-bccc-c52d2083c9a3/downloads/chronogramme_dune_these_de_doctorat.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467454/; classtype:trojan-activity;sid:84330554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467455)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1e222df8-d197-4254-b90b-be3d3b023ef4/downloads/zopawakabubijipek.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467455/; classtype:trojan-activity;sid:84330555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467456)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/27590969755.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467456/; classtype:trojan-activity;sid:84330556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467457)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/kudokexogikekuporeso.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467457/; classtype:trojan-activity;sid:84330557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467452)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/48255006417.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467452/; classtype:trojan-activity;sid:84330552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467448)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/09540d0c-1db9-4e3c-a32d-6eed7b48ae00/downloads/3841723103.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467448/; classtype:trojan-activity;sid:84330548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467443)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/exemple_de_dossier_raep_redige.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467443/; classtype:trojan-activity;sid:84330543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467444)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3007465f-aa28-4ea8-964e-00ec10d6daef/downloads/reinforced_concrete_wall_design_examples.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467444/; classtype:trojan-activity;sid:84330544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467445)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/munich_tourist_attractions_map.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467445/; classtype:trojan-activity;sid:84330545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467438)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c4a17de4-bdbb-4d1a-aaee-49990939d4cf/downloads/problue_7_nordson_manual.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467438/; classtype:trojan-activity;sid:84330538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467440)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/34a417cb-7930-4ae3-8428-8420716ba08a/downloads/30229793875.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467440/; classtype:trojan-activity;sid:84330540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467433)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/cooling_tower_working.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467433/; classtype:trojan-activity;sid:84330533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467434)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/corporate_signature_authority_matrix_template_printable.pdf"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467434/; classtype:trojan-activity;sid:84330534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467425)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bb45e14d-29c5-4287-b67f-843105f3b091/downloads/continental_online_assessment_test_answers.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467425/; classtype:trojan-activity;sid:84330525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467426)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/465f36af-7a24-4906-9c2a-986dcb6b15f8/downloads/where_can_i_get_edo_state_of_origin_certificate_in_lagos.pdf"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467426/; classtype:trojan-activity;sid:84330526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467427)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/sample_testimonials_for_employees.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467427/; classtype:trojan-activity;sid:84330527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467428)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bf8d6b31-0867-4cc2-b138-2d2dbb23ec3a/downloads/bawananulufobomoderawulen.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467428/; classtype:trojan-activity;sid:84330528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467429)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/90dc87b4-fd7e-4412-9a6a-76e20db16dbd/downloads/23425133870.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467429/; classtype:trojan-activity;sid:84330529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467422)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a37fc73a-27ae-4e8d-87b6-7c807b298be6/downloads/86119351354.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467422/; classtype:trojan-activity;sid:84330522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467423)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/kagoferoxotopelabalim.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467423/; classtype:trojan-activity;sid:84330523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467411)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/657a2269-1311-41bc-be7f-365fba299599/downloads/how_to_write_letter_against_show_cause_notice.pdf"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467411/; classtype:trojan-activity;sid:84330511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467412)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/bevakabopodo.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467412/; classtype:trojan-activity;sid:84330512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467416)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/55669141050.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467416/; classtype:trojan-activity;sid:84330516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467417)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/fb13673c-7b10-403f-be9e-1b04622101d6/downloads/61656569082.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467417/; classtype:trojan-activity;sid:84330517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467418)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/98264302577.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467418/; classtype:trojan-activity;sid:84330518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467408)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/grammar_plus_class_8.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467408/; classtype:trojan-activity;sid:84330508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467409)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98e3e4d1-65d1-414f-a2f4-24701527da4a/downloads/32575227287.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467409/; classtype:trojan-activity;sid:84330509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467410)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/xavibow.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467410/; classtype:trojan-activity;sid:84330510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467400)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b566d4a5-149a-4042-a2b5-fa837a998781/downloads/62246613540.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467400/; classtype:trojan-activity;sid:84330500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467401)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a5d43283-67be-4a3b-9041-1427b691166f/downloads/dotadaxokokimidupoz.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467401/; classtype:trojan-activity;sid:84330501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467403)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a19a3dcf-f832-45fe-91ff-ed566d492286/downloads/31803450103.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467403/; classtype:trojan-activity;sid:84330503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467404)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/710760ab-5054-4fd2-86ee-e72953d604bd/downloads/26449761459.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467404/; classtype:trojan-activity;sid:84330504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467395)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/manual_de_uso_cummins_insite.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467395/; classtype:trojan-activity;sid:84330495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467397)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/83127272265.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467397/; classtype:trojan-activity;sid:84330497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467389)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/990799bc-d23a-46ce-a09a-3161937bf907/downloads/50013116393.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467389/; classtype:trojan-activity;sid:84330489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467391)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/sowuluxoranevoxivobu.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467391/; classtype:trojan-activity;sid:84330491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467392)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/jw_public_talk_outlines.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467392/; classtype:trojan-activity;sid:84330492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467386)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/muxem.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467386/; classtype:trojan-activity;sid:84330486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467381)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aa930190-2e12-4ce7-8bd7-0454f2ef6721/downloads/remonstration_visum_ablehnung_muster.pdf"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467381/; classtype:trojan-activity;sid:84330481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467382)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1cd14ca4-3aaa-4349-a92b-5919cb2c71ee/downloads/37493963429.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467382/; classtype:trojan-activity;sid:84330482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467383)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b298ce5b-3c11-48f0-9704-0e059e7cfa1a/downloads/26417869572.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467383/; classtype:trojan-activity;sid:84330483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467384)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/zutufukatozoxogunubikok.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467384/; classtype:trojan-activity;sid:84330484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467385)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/vawazu.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467385/; classtype:trojan-activity;sid:84330485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467370)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c4240411-5b76-4ebe-95b9-c00242399cf6/downloads/libevisuxalozusofaze.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467370/; classtype:trojan-activity;sid:84330470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467371)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d07e2353-3643-42fe-ba11-ffa772b1a28d/downloads/61695596025.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467371/; classtype:trojan-activity;sid:84330471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467372)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/remebemakuvomurixulat.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467372/; classtype:trojan-activity;sid:84330472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467377)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/35713869772.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467377/; classtype:trojan-activity;sid:84330477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467363)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/657a2269-1311-41bc-be7f-365fba299599/downloads/popezefere.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467363/; classtype:trojan-activity;sid:84330463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467365)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3131d044-1bdb-4fdc-8ed0-764e724b86a8/downloads/57373027197.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467365/; classtype:trojan-activity;sid:84330465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467367)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1e00f0b9-c207-4cb1-9a9a-c11d057e31a3/downloads/request_letter_for_hold_amount_release.pdf"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467367/; classtype:trojan-activity;sid:84330467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467369)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9569c183-65dc-4f14-a45e-e7944584cb65/downloads/58650400832.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467369/; classtype:trojan-activity;sid:84330469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467358)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0684881f-11f6-455b-9188-fb070acdb368/downloads/you_too_can_be_prosperous.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467358/; classtype:trojan-activity;sid:84330458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467359)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e51c42a2-48a1-43ea-b124-a034de3679a6/downloads/sizusobimemitu.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467359/; classtype:trojan-activity;sid:84330459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467360)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/fosodevo.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467360/; classtype:trojan-activity;sid:84330460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467353)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/her_yonuyle_modern_almanca_dursun_zengin.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467353/; classtype:trojan-activity;sid:84330453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467354)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/towedokunorazageleside.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467354/; classtype:trojan-activity;sid:84330454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467355)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/65604431763.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467355/; classtype:trojan-activity;sid:84330455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467357)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/ruwuxa.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467357/; classtype:trojan-activity;sid:84330457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467347)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c725aa89-ce3b-4b0b-861e-e7c40702153d/downloads/sulupob.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467347/; classtype:trojan-activity;sid:84330447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467348)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0a2e88a7-385b-4aed-a81e-123c037cba5d/downloads/57067255053.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467348/; classtype:trojan-activity;sid:84330448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467350)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2ad58263-1b5c-4da7-bc4a-7b8f99e22218/downloads/2544897802.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467350/; classtype:trojan-activity;sid:84330450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467352)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/66812037618.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467352/; classtype:trojan-activity;sid:84330452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467344)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b4da0e1a-7caf-4ed8-aaa9-0949952990f3/downloads/49347806429.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467344/; classtype:trojan-activity;sid:84330444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467339)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7399f648-106b-4174-b8c0-6d6694895ad3/downloads/vakoxumem.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467339/; classtype:trojan-activity;sid:84330439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467340)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/gununemedusotojipime.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467340/; classtype:trojan-activity;sid:84330440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467334)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/92c7bb30-769c-4722-92cc-8b01b59910e0/downloads/36512394005.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467334/; classtype:trojan-activity;sid:84330434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467337)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7592d1e2-3dca-48f2-9f42-bb08c23dfb67/downloads/zutav.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467337/; classtype:trojan-activity;sid:84330437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467326)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8f97cb07-1cfa-4fca-b6d8-3f1bf47f56b3/downloads/dulerugufep.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467326/; classtype:trojan-activity;sid:84330426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467328)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/nopurumonufulelu.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467328/; classtype:trojan-activity;sid:84330428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467329)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2b44aaa8-926a-4cbd-9774-e30385fa65ac/downloads/zexesotusipedelew.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467329/; classtype:trojan-activity;sid:84330429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467321)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/security_daily_activity_report_template.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467321/; classtype:trojan-activity;sid:84330421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467312)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a3d7189d-efc6-47e1-bbe5-dc5eeaf610a0/downloads/rtca_do-160g.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467312/; classtype:trojan-activity;sid:84330412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467313)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ac66f4da-754b-4df9-b080-4728fb201349/downloads/nimoma.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467313/; classtype:trojan-activity;sid:84330413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467314)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c877865a-29ce-446f-b8f8-42c8a2318eff/downloads/personal_loan_closure_letter_format_in_word.pdf"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467314/; classtype:trojan-activity;sid:84330414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467317)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/11677680583.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467317/; classtype:trojan-activity;sid:84330417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467318)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/elkonin_boxes_word_list.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467318/; classtype:trojan-activity;sid:84330418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467320)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f4482b02-adbc-4511-a01d-8f5a32444a75/downloads/zudelejanegine.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467320/; classtype:trojan-activity;sid:84330420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467307)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c3d6560-d229-4015-8af2-a70ad89bde0a/downloads/80071621679.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467307/; classtype:trojan-activity;sid:84330407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467305)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/lapeke.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467305/; classtype:trojan-activity;sid:84330405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467303)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7219dffe-e0ab-4b31-b3e7-77acd35b52f5/downloads/kapabemirowajuzaxadirokef.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467303/; classtype:trojan-activity;sid:84330403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467304)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5a9e93e0-0f17-4e5e-a00c-88e3958ec770/downloads/modexad.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467304/; classtype:trojan-activity;sid:84330404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467298)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0bdc9896-149c-4815-8e37-9e55432c4120/downloads/bofugesugipufibutunida.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467298/; classtype:trojan-activity;sid:84330398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467300)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9c30937d-c8da-4e7b-9f7a-432344b46400/downloads/xuguxupevubitutuzoju.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467300/; classtype:trojan-activity;sid:84330400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467301)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/rubejemi.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467301/; classtype:trojan-activity;sid:84330401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467286)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/atividades_de_concordancia_verbal_5o_ano_com_gabarito.pdf"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467286/; classtype:trojan-activity;sid:84330386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467287)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/78c14b69-39ed-4d94-8d63-a7b29776e43c/downloads/45524925955.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467287/; classtype:trojan-activity;sid:84330387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467292)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/cyberark_psmp_admin_guide.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467292/; classtype:trojan-activity;sid:84330392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467295)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/kitab_shams_al_maarif.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467295/; classtype:trojan-activity;sid:84330395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467283)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3298be68-ecf2-4e6e-8fa7-1bf1d7657489/downloads/xagoje.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467283/; classtype:trojan-activity;sid:84330383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467279)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/83df8ca9-16c2-4244-8f9e-8be918c4b8a3/downloads/86611585002.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467279/; classtype:trojan-activity;sid:84330379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467280)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/41138401642.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467280/; classtype:trojan-activity;sid:84330380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467281)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ddc49093-0792-428b-8073-6170b30113a2/downloads/hepatorenales_syndrom.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467281/; classtype:trojan-activity;sid:84330381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467271)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/fae029f6-27b1-4578-94bc-ae0bbaeebde4/downloads/53744052149.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467271/; classtype:trojan-activity;sid:84330371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467274)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9927c1c5-c61c-4f5e-807e-67bd1833b3e4/downloads/nijalox.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467274/; classtype:trojan-activity;sid:84330374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467275)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/how_to_change_font_size_in_xchange_editor.pdf"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467275/; classtype:trojan-activity;sid:84330375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467277)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/limitorque_mx_ordering_guide.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467277/; classtype:trojan-activity;sid:84330377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467266)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/710760ab-5054-4fd2-86ee-e72953d604bd/downloads/timex_expedition_indiglo_wr50m_manual.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467266/; classtype:trojan-activity;sid:84330366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467269)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7a3b63b5-3e6a-48ac-8e49-14ed0037cbc4/downloads/hitachi_cd_sem_operation_manual.pdf"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467269/; classtype:trojan-activity;sid:84330369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467264)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/87483152555.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467264/; classtype:trojan-activity;sid:84330364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467259)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/36672004653.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467259/; classtype:trojan-activity;sid:84330359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467260)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9dc6fd8e-b629-406d-be34-231dfc94d5e9/downloads/catia_v5_simulation_tutorial.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467260/; classtype:trojan-activity;sid:84330360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467262)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/80e9e7c7-d97b-4b5a-96c4-9a83854a3065/downloads/vuzabovamipavowaseke.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467262/; classtype:trojan-activity;sid:84330362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467254)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/09077edc-9c07-4d95-9708-b2f62b12ca6a/downloads/jikiluwuruwewomurenix.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467254/; classtype:trojan-activity;sid:84330354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467258)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/weguma.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467258/; classtype:trojan-activity;sid:84330358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467246)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/119d5b03-e78f-4725-87b7-ed496b267f6d/downloads/attributes_of_a_good_research_topic_ppt.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467246/; classtype:trojan-activity;sid:84330346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467249)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1663535d-289f-4a17-902d-0bb53881ce69/downloads/kurupojofuxerixutalo.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467249/; classtype:trojan-activity;sid:84330349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467250)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/mizibatazikitawejubidodog.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467250/; classtype:trojan-activity;sid:84330350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467251)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/gibabasakofalulizuwa.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467251/; classtype:trojan-activity;sid:84330351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467240)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/meravinuvisudome.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467240/; classtype:trojan-activity;sid:84330340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467241)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/64114a94-94a3-4f5d-866a-beee254b955f/downloads/70815730326.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467241/; classtype:trojan-activity;sid:84330341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467235)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/86649529175.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467235/; classtype:trojan-activity;sid:84330335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467236)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/nims_703_b_answers.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467236/; classtype:trojan-activity;sid:84330336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467237)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cf660a09-f805-468d-bb57-fa3593615f41/downloads/tojanigawexulametuzuk.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467237/; classtype:trojan-activity;sid:84330337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467230)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bc2ad79b-5832-4a2d-a335-92537db54849/downloads/pinestars_choice.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467230/; classtype:trojan-activity;sid:84330330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467231)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/vupegazezo.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467231/; classtype:trojan-activity;sid:84330331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467221)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/18985117210.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467221/; classtype:trojan-activity;sid:84330321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467223)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/03167ecf-a61c-49ea-b541-7a074a81e1da/downloads/6655537579.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467223/; classtype:trojan-activity;sid:84330323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467225)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/41957679215.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467225/; classtype:trojan-activity;sid:84330325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467226)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/exemple_de_livret_2_vae_rempli.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467226/; classtype:trojan-activity;sid:84330326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467228)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f569f34e-b7af-41eb-9a21-0f9939c54b3f/downloads/64195657437.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467228/; classtype:trojan-activity;sid:84330328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467220)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/aspen_pims_manual.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467220/; classtype:trojan-activity;sid:84330320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467219)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7219dffe-e0ab-4b31-b3e7-77acd35b52f5/downloads/fivojudu.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467219/; classtype:trojan-activity;sid:84330319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467210)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/20019605198.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467210/; classtype:trojan-activity;sid:84330310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467212)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d258c0c8-b9d9-4d64-b965-01378617d9c6/downloads/45706940387.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467212/; classtype:trojan-activity;sid:84330312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467213)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/xajuxe.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467213/; classtype:trojan-activity;sid:84330313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467214)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/81f7a7ad-d4fe-4147-943f-584c2d1e9bf5/downloads/because_of_mr_terupt_online.pdf"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467214/; classtype:trojan-activity;sid:84330314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467205)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/minetest_wiki_commands.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467205/; classtype:trojan-activity;sid:84330305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467206)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/ohanian_physics_volume_1.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467206/; classtype:trojan-activity;sid:84330306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467207)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1c97d706-1093-417b-afec-0c60fc1d8547/downloads/74906999263.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467207/; classtype:trojan-activity;sid:84330307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467208)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/900d123a-2557-4fa9-92f6-1446b602b979/downloads/deporiramuga.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467208/; classtype:trojan-activity;sid:84330308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467209)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/traffic_light_risk_assessment_template_mental_health.pdf"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467209/; classtype:trojan-activity;sid:84330309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467202)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7219dffe-e0ab-4b31-b3e7-77acd35b52f5/downloads/suritotowid.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467202/; classtype:trojan-activity;sid:84330302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467196)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/41821413009.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467196/; classtype:trojan-activity;sid:84330296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467200)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/804274b4-5f10-4c26-9de6-df56f38aac7c/downloads/14312384720.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467200/; classtype:trojan-activity;sid:84330300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467187)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/37654458598.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467187/; classtype:trojan-activity;sid:84330287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467188)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/23776368177.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467188/; classtype:trojan-activity;sid:84330288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467190)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/eb8ff9f7-37bb-4420-bfa0-f018b38dcfa6/downloads/17065535031.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467190/; classtype:trojan-activity;sid:84330290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467191)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/432a6cf0-f63b-4132-8b03-52615cd2c1c3/downloads/41591669011.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467191/; classtype:trojan-activity;sid:84330291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467193)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/2634956565.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467193/; classtype:trojan-activity;sid:84330293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467177)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/437a989b-0a84-4105-b8c7-1870eb56af29/downloads/sbi_disbursement_request_form.pdf"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467177/; classtype:trojan-activity;sid:84330277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467180)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/27f26436-44ad-4647-8929-a76a4ea0ea67/downloads/sample_query_letter_for_negligence_of_duty.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467180/; classtype:trojan-activity;sid:84330280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467181)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/sapebufuj.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467181/; classtype:trojan-activity;sid:84330281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467184)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4365da4a-8d29-4708-8e67-b3b566794d83/downloads/fovizijazobupukototofosop.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467184/; classtype:trojan-activity;sid:84330284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467186)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/93759555539.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467186/; classtype:trojan-activity;sid:84330286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467175)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/ligitove.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467175/; classtype:trojan-activity;sid:84330275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467176)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/62404701972.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467176/; classtype:trojan-activity;sid:84330276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467171)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/069f5eef-b21d-41b6-aaa6-569b53af1c5a/downloads/rawidesukusutalunug.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467171/; classtype:trojan-activity;sid:84330271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467172)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d102a54e-7197-4308-a937-d70c58240642/downloads/26442784020.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467172/; classtype:trojan-activity;sid:84330272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467167)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/83882971503.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467167/; classtype:trojan-activity;sid:84330267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467168)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/modelo_carta_entrega_de_inmueble_word.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467168/; classtype:trojan-activity;sid:84330268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467163)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/61905f2a-55dd-4144-8c7c-fce5e91063a8/downloads/british_army_all_arms_tactical_aide_memoire.pdf"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467163/; classtype:trojan-activity;sid:84330263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467166)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/rakotojifodonosanilorefa.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467166/; classtype:trojan-activity;sid:84330266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467157)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1ec2f808-78a9-4c99-aa80-be96e23bf450/downloads/gewikunobapizati.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467157/; classtype:trojan-activity;sid:84330257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467158)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7dda8154-e680-4c60-8651-19cf13768d49/downloads/jadol.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467158/; classtype:trojan-activity;sid:84330258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467154)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/nojivurajojirezizi.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467154/; classtype:trojan-activity;sid:84330254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467156)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98571e96-4bd9-4ee2-bb76-481ac550907e/downloads/genebugutisevijuk.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467156/; classtype:trojan-activity;sid:84330256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467148)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ddc49093-0792-428b-8073-6170b30113a2/downloads/jiwekonuwokesarejibezan.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467148/; classtype:trojan-activity;sid:84330248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467149)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/159e5f7b-5078-45c9-9b36-63f21684101f/downloads/94962104148.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467149/; classtype:trojan-activity;sid:84330249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467150)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9483bc30-bb1c-4c04-9cf3-38d205924dab/downloads/jugilususosu.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467150/; classtype:trojan-activity;sid:84330250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467151)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/virapajoridubibakoxofa.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467151/; classtype:trojan-activity;sid:84330251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467152)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/319984769.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467152/; classtype:trojan-activity;sid:84330252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467142)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/makusikarubikowaxosop.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467142/; classtype:trojan-activity;sid:84330242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467143)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/gikuxuze.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467143/; classtype:trojan-activity;sid:84330243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467146)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/voxuba.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467146/; classtype:trojan-activity;sid:84330246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467147)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/wokaselu.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467147/; classtype:trojan-activity;sid:84330247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467135)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/963d457e-5dea-4a7e-aae8-47aada2a7cc0/downloads/velafeke.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467135/; classtype:trojan-activity;sid:84330235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467137)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/97fcff61-ad1b-4591-bfda-ed7d6d6690f0/downloads/49593663309.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467137/; classtype:trojan-activity;sid:84330237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467138)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5e489076-b026-43ca-95da-8c6fe49f6d00/downloads/49103789197.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467138/; classtype:trojan-activity;sid:84330238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467132)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/zafekupegagasaza.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467132/; classtype:trojan-activity;sid:84330232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467133)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/55585429936.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467133/; classtype:trojan-activity;sid:84330233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467125)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/siwevewedelo.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467125/; classtype:trojan-activity;sid:84330225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467126)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/fedex_air_waybill_form.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467126/; classtype:trojan-activity;sid:84330226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467127)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d567d1b9-5a9f-4b97-a387-65a7c02f8ff4/downloads/barapinawowaja.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467127/; classtype:trojan-activity;sid:84330227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467114)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/44443741873.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467114/; classtype:trojan-activity;sid:84330214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467115)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/ravibopegaxipodek.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467115/; classtype:trojan-activity;sid:84330215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467116)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/haojue_chopper_road_150_manual.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467116/; classtype:trojan-activity;sid:84330216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467117)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/23c146af-6c5b-426f-944d-9bf55106e4d8/downloads/de_quien_es_hija_elisa_salinas.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467117/; classtype:trojan-activity;sid:84330217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467118)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/rewekawejujawidubekafebur.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467118/; classtype:trojan-activity;sid:84330218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467121)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3425f1f9-2741-4cdd-9a85-f51cd8a77838/downloads/pyidaungsu_font_keyboard_layout.pdf"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467121/; classtype:trojan-activity;sid:84330221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467123)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/carte_du_voyage_d_ulysse.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467123/; classtype:trojan-activity;sid:84330223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467109)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9f11cc6f-a645-4f71-bee4-e3848f35abf2/downloads/livro_domain_driven_design_portugues.pdf"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467109/; classtype:trojan-activity;sid:84330209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467110)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/kulefenev.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467110/; classtype:trojan-activity;sid:84330210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467111)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/lobola_letter_example.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467111/; classtype:trojan-activity;sid:84330211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467108)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/657a2269-1311-41bc-be7f-365fba299599/downloads/acquisition_value_negative_in_area_01_aa617.pdf"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467108/; classtype:trojan-activity;sid:84330208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467101)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d8f5bd9b-2c75-4c1f-8d4d-84a7de1d3443/downloads/widavizuxorig.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467101/; classtype:trojan-activity;sid:84330201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467102)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/chris_mccandless_travel_route.pdf"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467102/; classtype:trojan-activity;sid:84330202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467103)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/17ef1a7d-be6f-43bc-ac3a-a9c4fb65005e/downloads/powejavatunepoxaj.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467103/; classtype:trojan-activity;sid:84330203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467106)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/937a3a5d-28a9-4a6d-983b-63f9d4fe1460/downloads/90328489234.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467106/; classtype:trojan-activity;sid:84330206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467098)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0319bbe-78e1-4446-90fc-2b4b4cc85a3e/downloads/wurowujezodabod.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467098/; classtype:trojan-activity;sid:84330198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467099)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/pubobagawu.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467099/; classtype:trojan-activity;sid:84330199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467100)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/forest_fire_causes_and_effects.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467100/; classtype:trojan-activity;sid:84330200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467086)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6b07c7a9-24ea-41b4-835a-7daa4871c250/downloads/16_personality_factors_by_cattell.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467086/; classtype:trojan-activity;sid:84330186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467087)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/725aea16-586d-4b26-8216-cd50b4981a76/downloads/wiley_organic_chemistry_solutions_manual.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467087/; classtype:trojan-activity;sid:84330187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467088)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2224247e-29ce-4f8d-b838-abfcbdf269c0/downloads/psicoweb_respuestas_2019.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467088/; classtype:trojan-activity;sid:84330188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467091)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8e32f5a5-6a1a-4ade-b57e-fa54871724ef/downloads/2040244551.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467091/; classtype:trojan-activity;sid:84330191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467092)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/koxisiranarigavod.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467092/; classtype:trojan-activity;sid:84330192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467093)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59d4bc6c-1e33-45d9-a430-f89e52f3f795/downloads/subazituwa.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467093/; classtype:trojan-activity;sid:84330193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467094)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b6f72d87-e560-495a-a5bd-684e976b53e4/downloads/lettre_promesse_dembauche.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467094/; classtype:trojan-activity;sid:84330194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467080)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/971e893d-d96e-4c35-b8d0-897850ea3ce6/downloads/ice_quarterly_development_report_example.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467080/; classtype:trojan-activity;sid:84330180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467081)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/552d21dd-b338-4bf6-8541-a1e81cff5ed8/downloads/testigos_tablero_foton.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467081/; classtype:trojan-activity;sid:84330181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467082)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/how_to_get_gst_invoice_for_amazon_purchase.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467082/; classtype:trojan-activity;sid:84330182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467083)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8df58291-e0db-425a-9cda-a9882386ada6/downloads/24365322622.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467083/; classtype:trojan-activity;sid:84330183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467085)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4831e354-44dc-4759-9d14-0dd6cfda589f/downloads/91284214985.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467085/; classtype:trojan-activity;sid:84330185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467078)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c5dd25fc-7740-402b-aa70-862b15f3342c/downloads/8958005659.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467078/; classtype:trojan-activity;sid:84330178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467079)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/wewofolivofometu.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467079/; classtype:trojan-activity;sid:84330179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467072)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9e5b6b40-f934-4273-a65f-cbaee9aa4b00/downloads/9665669589.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467072/; classtype:trojan-activity;sid:84330172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467073)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/konibaxixim.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467073/; classtype:trojan-activity;sid:84330173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467074)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/20a6346a-1701-43f8-be7d-6426912a09c2/downloads/self_introduction_during_interview_example.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467074/; classtype:trojan-activity;sid:84330174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467075)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ff494cbe-9d2a-4ae4-802e-f50cfad48f0a/downloads/74334894285.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467075/; classtype:trojan-activity;sid:84330175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467077)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/55534301355.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467077/; classtype:trojan-activity;sid:84330177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467065)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/tevolutirasuvujivol.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467065/; classtype:trojan-activity;sid:84330165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467066)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3f5ecf8d-ba74-430f-ac11-9eb6ace92d02/downloads/73100246338.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467066/; classtype:trojan-activity;sid:84330166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467067)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b6f72d87-e560-495a-a5bd-684e976b53e4/downloads/earth_making_of_a_planet_national_geographic_worksheet.pdf"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467067/; classtype:trojan-activity;sid:84330167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467069)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/rapport_de_stage_3eme_agence_immobiliere.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467069/; classtype:trojan-activity;sid:84330169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467070)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/bisebinalujivefiwugagabu.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467070/; classtype:trojan-activity;sid:84330170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467064)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/miludafat.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467064/; classtype:trojan-activity;sid:84330164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467061)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ea6e6a77-ad86-47ad-bec1-a500695628d4/downloads/66906319004.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467061/; classtype:trojan-activity;sid:84330161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467062)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b77102f9-1066-4a92-8a14-af011902d081/downloads/75162502331.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467062/; classtype:trojan-activity;sid:84330162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467063)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/mapisirukuw.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467063/; classtype:trojan-activity;sid:84330163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467058)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/guzupuzuradadutov.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467058/; classtype:trojan-activity;sid:84330158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467059)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/081e0348-3bf0-4a3e-a723-749adc1aa630/downloads/teks_ratib_al_attas.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467059/; classtype:trojan-activity;sid:84330159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467060)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d07e2353-3643-42fe-ba11-ffa772b1a28d/downloads/49693757117.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467060/; classtype:trojan-activity;sid:84330160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467050)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/800cff82-04ba-4c47-9f8b-d21367acb04d/downloads/sabre_red_workspace_commands.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467050/; classtype:trojan-activity;sid:84330150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467051)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6702c9de-d943-4d22-b78e-7985c91f7713/downloads/84525111813.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467051/; classtype:trojan-activity;sid:84330151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467052)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/26bbb7e6-2f83-462e-b1a0-c9b7b5a50d38/downloads/training_needs_assessment_questionnaire_for_sales.pdf"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467052/; classtype:trojan-activity;sid:84330152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467053)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5a9e93e0-0f17-4e5e-a00c-88e3958ec770/downloads/najovozulubameto.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467053/; classtype:trojan-activity;sid:84330153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467054)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/225bb15f-2915-4639-a3a1-bcedb142b1ef/downloads/letter_format_for_reply_to_show_cause_notice.pdf"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467054/; classtype:trojan-activity;sid:84330154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467055)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c718f9e1-28ba-4c02-b434-4456f7af09a8/downloads/masizaz.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467055/; classtype:trojan-activity;sid:84330155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467049)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/34a417cb-7930-4ae3-8428-8420716ba08a/downloads/51274200809.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467049/; classtype:trojan-activity;sid:84330149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467044)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/990799bc-d23a-46ce-a09a-3161937bf907/downloads/rolinejagogid.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467044/; classtype:trojan-activity;sid:84330144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467042)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/buxam.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467042/; classtype:trojan-activity;sid:84330142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467032)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6be9a470-c465-4776-ab76-53713c51537a/downloads/nokura.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467032/; classtype:trojan-activity;sid:84330132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467033)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/69da2f53-c229-4dc7-a889-7b67b52b1a78/downloads/nokejafowikazuvojoj.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467033/; classtype:trojan-activity;sid:84330133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467035)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e43067a0-6374-4a70-a00d-00ee3b01ce8d/downloads/93917384180.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467035/; classtype:trojan-activity;sid:84330135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467037)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0336533-680f-4ead-a55e-7e292796b70a/downloads/veteluruxoge.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467037/; classtype:trojan-activity;sid:84330137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467024)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/sirijega.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467024/; classtype:trojan-activity;sid:84330124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467025)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5c2804a6-aa9c-48a0-92fa-b4e2830d3e94/downloads/ladakh_tourist_map.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467025/; classtype:trojan-activity;sid:84330125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467027)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cc5e3c0a-70ce-48cf-a48d-87f83c6b3256/downloads/major_problems_in_african_american_history.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467027/; classtype:trojan-activity;sid:84330127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467029)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d38d43db-37ad-45ec-b237-63ac8c84a196/downloads/latovin.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467029/; classtype:trojan-activity;sid:84330129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467018)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c10f3982-2d8c-41ef-9c88-95b9c7e0984b/downloads/exagrid_admin_guide.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467018/; classtype:trojan-activity;sid:84330118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467019)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/2880955338.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467019/; classtype:trojan-activity;sid:84330119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467020)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9f4350e3-635b-45ba-b69f-b1a7e95f309e/downloads/24638138520.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467020/; classtype:trojan-activity;sid:84330120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467022)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/54349718441.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467022/; classtype:trojan-activity;sid:84330122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467023)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/satyanarayan_puja_vidhi_in_sanskrit.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467023/; classtype:trojan-activity;sid:84330123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467016)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/sample_letter_to_be_excused_from_jury_service.pdf"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467016/; classtype:trojan-activity;sid:84330116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467011)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cf660a09-f805-468d-bb57-fa3593615f41/downloads/vumemaxexepemetesa.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467011/; classtype:trojan-activity;sid:84330111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467012)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/93a7eb93-9eef-4244-8f20-7f48de1f8294/downloads/95493308607.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467012/; classtype:trojan-activity;sid:84330112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467013)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/91589198920.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467013/; classtype:trojan-activity;sid:84330113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467014)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/learn_korean_language_in_30_days.pdf"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467014/; classtype:trojan-activity;sid:84330114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467015)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5a9e93e0-0f17-4e5e-a00c-88e3958ec770/downloads/right_to_information_act_application_form_malayalam.pdf"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467015/; classtype:trojan-activity;sid:84330115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467006)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/zesowafasunufezef.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467006/; classtype:trojan-activity;sid:84330106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467008)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8e46fb0c-8d21-4b8c-82fc-88315c96ddde/downloads/bevurusip.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467008/; classtype:trojan-activity;sid:84330108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467002)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/09d72da9-ee58-43de-9ce0-8696fa874a10/downloads/zanozibiwakixubunifelok.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467002/; classtype:trojan-activity;sid:84330102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467003)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5d8bfe2e-b91e-431f-9bdc-3f0ea97e388e/downloads/hbc_radiomatic_fse_727_manual.pdf"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467003/; classtype:trojan-activity;sid:84330103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466999)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e4335d81-d2e5-4638-9638-30640b1be91f/downloads/sofipidegib.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466999/; classtype:trojan-activity;sid:84330099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467000)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/54040f30-acd4-4a4c-a314-5c4c261b537d/downloads/printable_foods_high_in_uric_acid_chart.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467000/; classtype:trojan-activity;sid:84330100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466992)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/15318963311.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466992/; classtype:trojan-activity;sid:84330092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466993)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c0f7f4ed-2d7c-4134-aa94-503b1eb6600b/downloads/pagulabomezex.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466993/; classtype:trojan-activity;sid:84330093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466996)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/katisugenifikipevas.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466996/; classtype:trojan-activity;sid:84330096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466997)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/xowawetavudazinomo.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466997/; classtype:trojan-activity;sid:84330097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466985)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7662afb9-5d02-4eb9-bd3b-6426a66215ee/downloads/2312138967.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466985/; classtype:trojan-activity;sid:84330085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466986)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98e3e4d1-65d1-414f-a2f4-24701527da4a/downloads/evaluation_geographie_6eme_habiter_une_metropole.pdf"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466986/; classtype:trojan-activity;sid:84330086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466987)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9441f8ad-6e79-4d4a-9602-3585b1269b7e/downloads/kobumedigudopixemevuwef.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466987/; classtype:trojan-activity;sid:84330087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466989)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8fc62093-f93e-447d-8e21-b1e235f4d9cc/downloads/vadigoxevujo.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466989/; classtype:trojan-activity;sid:84330089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466991)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/64414313920.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466991/; classtype:trojan-activity;sid:84330091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466979)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/710760ab-5054-4fd2-86ee-e72953d604bd/downloads/mizoxuloniwi.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466979/; classtype:trojan-activity;sid:84330079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466984)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/66244318284.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466984/; classtype:trojan-activity;sid:84330084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466971)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6cdacb6d-7fbf-4d09-a986-56cdfa4edeb2/downloads/15247939327.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466971/; classtype:trojan-activity;sid:84330071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466972)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b298ce5b-3c11-48f0-9704-0e059e7cfa1a/downloads/example_of_a_lobola_letter_in_zulu.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466972/; classtype:trojan-activity;sid:84330072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466973)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ea25ddad-ebb0-4880-b714-a3f2cdadcbd9/downloads/notas_de_dinheiro_para_imprimir.pdf"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466973/; classtype:trojan-activity;sid:84330073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466975)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/606585da-2917-4da6-a9df-810ae6e7fbc1/downloads/asme_sec_8_div_1_appendix_8.pdf"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466975/; classtype:trojan-activity;sid:84330075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466976)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/segaxifalawanevake.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466976/; classtype:trojan-activity;sid:84330076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466968)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/047c717c-7bd8-4cec-b09f-8a9648ff740c/downloads/3d_converter_for_autodesk_navisworks.pdf"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466968/; classtype:trojan-activity;sid:84330068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466969)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2c827e54-9a2c-449a-9d97-e20f9555c87a/downloads/pearson_iit_foundation_class_9_maths.pdf"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466969/; classtype:trojan-activity;sid:84330069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466970)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3d2c6212-591e-450b-b673-947709e569a9/downloads/jidikegegudafipi.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466970/; classtype:trojan-activity;sid:84330070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466966)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/62bebe3a-24c2-4a56-9b26-65d7a4a8233d/downloads/gupira.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466966/; classtype:trojan-activity;sid:84330066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466958)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7219dffe-e0ab-4b31-b3e7-77acd35b52f5/downloads/79599984772.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466958/; classtype:trojan-activity;sid:84330058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466957)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/actaris_meter_manual.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466957/; classtype:trojan-activity;sid:84330057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466946)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/passaic_county_technical_institute_salary_guide.pdf"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466946/; classtype:trojan-activity;sid:84330046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466950)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0c2227e9-a807-4022-9307-9c68c8629142/downloads/59021495355.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466950/; classtype:trojan-activity;sid:84330050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466951)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3abea8f6-1776-4586-b4e6-47b414d29e30/downloads/mozosadoboligemuwisuwet.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466951/; classtype:trojan-activity;sid:84330051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466952)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/malaysia_company_employee_handbook.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466952/; classtype:trojan-activity;sid:84330052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466937)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/988c0021-e131-496b-8725-ae310052894b/downloads/berakigevep.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466937/; classtype:trojan-activity;sid:84330037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466938)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c0325f5e-ab4f-48af-8631-8757a310624e/downloads/87631223928.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466938/; classtype:trojan-activity;sid:84330038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466941)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/majisumilorenanevivo.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466941/; classtype:trojan-activity;sid:84330041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466944)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/risukepidupapa.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466944/; classtype:trojan-activity;sid:84330044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466933)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c272bee0-a4e4-45f4-a8ce-0b066973e0cb/downloads/gateman_wk_20_english_manual.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466933/; classtype:trojan-activity;sid:84330033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466934)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/koxid.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466934/; classtype:trojan-activity;sid:84330034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466935)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98e3e4d1-65d1-414f-a2f4-24701527da4a/downloads/sasufazovosonufowam.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466935/; classtype:trojan-activity;sid:84330035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466929)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/6554737977.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466929/; classtype:trojan-activity;sid:84330029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466931)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4b7c63a1-8c4d-413e-83dc-2db6954011c6/downloads/42942412664.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466931/; classtype:trojan-activity;sid:84330031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466928)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/43589756342.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466928/; classtype:trojan-activity;sid:84330028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466923)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/juporuko.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466923/; classtype:trojan-activity;sid:84330023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466924)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1d231bc1-15b8-4d3d-b451-c05909392126/downloads/71014366481.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466924/; classtype:trojan-activity;sid:84330024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466920)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/29389545569.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466920/; classtype:trojan-activity;sid:84330020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466915)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/fbb7d95c-19ce-4e6b-832c-1ccce7746b31/downloads/jebagokapinezax.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466915/; classtype:trojan-activity;sid:84330015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466916)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cb46680e-64d4-4308-8a44-9926381d0750/downloads/85747587751.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466916/; classtype:trojan-activity;sid:84330016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466919)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/ending_a_lease_letter_to_landlord.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466919/; classtype:trojan-activity;sid:84330019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466909)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/710760ab-5054-4fd2-86ee-e72953d604bd/downloads/possession_letter_format_from_builder.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466909/; classtype:trojan-activity;sid:84330009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466910)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b298ce5b-3c11-48f0-9704-0e059e7cfa1a/downloads/mopuma.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466910/; classtype:trojan-activity;sid:84330010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466911)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a618ca0f-2608-47c2-ab22-bbc2ca127bb7/downloads/saziva.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466911/; classtype:trojan-activity;sid:84330011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466912)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/229e00b6-6232-4273-bd27-55f919ca28b8/downloads/financas_corporativas_teoria_e_pratica.pdf"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466912/; classtype:trojan-activity;sid:84330012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466913)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/76c40511-888a-4b14-bb65-87429974a9ff/downloads/gemotukuwitawusagulobez.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466913/; classtype:trojan-activity;sid:84330013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466903)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/vupenamubow.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466903/; classtype:trojan-activity;sid:84330003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466904)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/10269055308.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466904/; classtype:trojan-activity;sid:84330004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466905)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6ab86f22-a419-4e4f-91d4-5a654823f744/downloads/21711123451.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466905/; classtype:trojan-activity;sid:84330005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466900)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9e5b6b40-f934-4273-a65f-cbaee9aa4b00/downloads/14203617612.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466900/; classtype:trojan-activity;sid:84330000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466902)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e4ad6e04-69d1-4aa9-ba9f-c194e0ac5eef/downloads/lotavawofasopupe.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466902/; classtype:trojan-activity;sid:84330002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466898)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/mental_state_examination_checklist.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466898/; classtype:trojan-activity;sid:84329998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466893)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e5728c18-e5b3-4c69-bf59-a4be42aea8ac/downloads/22515332125.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466893/; classtype:trojan-activity;sid:84329993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466894)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/metso_neles_positioner_manual.pdf"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466894/; classtype:trojan-activity;sid:84329994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466895)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/9840498620.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466895/; classtype:trojan-activity;sid:84329995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466897)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3fffd8a4-4d1d-42f8-a3e8-f124f6724c06/downloads/kejawisenukasi.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466897/; classtype:trojan-activity;sid:84329997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466885)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/72065953692.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466885/; classtype:trojan-activity;sid:84329985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466890)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1ecb10a4-49e9-4fe5-a6bc-f0f227949dd2/downloads/60627448414.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466890/; classtype:trojan-activity;sid:84329990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466881)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/ramevedasap.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466881/; classtype:trojan-activity;sid:84329981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466882)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/fbb7d95c-19ce-4e6b-832c-1ccce7746b31/downloads/67882203250.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466882/; classtype:trojan-activity;sid:84329982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466877)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/df312c7d-f650-4c0e-a98f-02aee1a43694/downloads/77125885812.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466877/; classtype:trojan-activity;sid:84329977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466864)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a37e9011-77af-43eb-9e7b-dd6853450512/downloads/27721436213.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466864/; classtype:trojan-activity;sid:84329964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466866)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6abf7f7e-d12c-48f3-aa9a-703f4ccff8d7/downloads/81403469667.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466866/; classtype:trojan-activity;sid:84329966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466869)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/zikirifusotuxusomel.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466869/; classtype:trojan-activity;sid:84329969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466870)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/antibiotic_sensitivity_chart_sanford_guide.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466870/; classtype:trojan-activity;sid:84329970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466872)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9c8a6489-894f-4446-8722-19ef31b6a173/downloads/26803015720.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466872/; classtype:trojan-activity;sid:84329972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466873)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4d2b55bf-cda3-4071-bf2e-8c27282b789f/downloads/chambre_de_tirage_telecom.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466873/; classtype:trojan-activity;sid:84329973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466875)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/48283c5b-b198-4860-9bf9-7f30a2f8146b/downloads/10387443769.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466875/; classtype:trojan-activity;sid:84329975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466876)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/zasuporuxumuza.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466876/; classtype:trojan-activity;sid:84329976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466861)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3d0a6e54-c95b-4e67-871e-882f39f9c203/downloads/77235011630.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466861/; classtype:trojan-activity;sid:84329961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466863)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c7a293a1-0904-42a6-9de6-afc19e585d66/downloads/luvuges.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466863/; classtype:trojan-activity;sid:84329963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466858)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/tovidesukowoxam.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466858/; classtype:trojan-activity;sid:84329958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466859)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a5a93100-d349-4291-8bce-18547efeb268/downloads/14773335318.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466859/; classtype:trojan-activity;sid:84329959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466845)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/62bebe3a-24c2-4a56-9b26-65d7a4a8233d/downloads/xijawef.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466845/; classtype:trojan-activity;sid:84329945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466846)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a6301bc9-fbf1-4861-936b-8ce401d46d09/downloads/non_renewal_of_contract_letter_sample.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466846/; classtype:trojan-activity;sid:84329946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466847)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98fd26ea-5c50-4ebf-945e-7ed158ebe1b6/downloads/75925905792.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466847/; classtype:trojan-activity;sid:84329947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466848)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/561eb1da-cbac-4811-84b8-e841d63e56cb/downloads/fomogivazugararux.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466848/; classtype:trojan-activity;sid:84329948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466849)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3ccd9234-721c-480b-91a1-84bae34c2069/downloads/votudomafuze.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466849/; classtype:trojan-activity;sid:84329949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466851)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ed3e7e73-6deb-4ec1-95e4-868a6659fe93/downloads/manning_guide_hotel_sample.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466851/; classtype:trojan-activity;sid:84329951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466852)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/45596981954.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466852/; classtype:trojan-activity;sid:84329952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466853)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/tilovapexof.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466853/; classtype:trojan-activity;sid:84329953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466838)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/najufijirubedejalu.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466838/; classtype:trojan-activity;sid:84329938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466839)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d89879dd-a0f6-4cd8-8b66-99c2d6e48b2c/downloads/ludejawirusoxodofe.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466839/; classtype:trojan-activity;sid:84329939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466843)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/4959938645.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466843/; classtype:trojan-activity;sid:84329943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466832)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/52e9408f-c536-4a35-bd81-6078a5dce549/downloads/98085965001.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466832/; classtype:trojan-activity;sid:84329932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466833)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/dasuxugolod.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466833/; classtype:trojan-activity;sid:84329933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466827)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/804274b4-5f10-4c26-9de6-df56f38aac7c/downloads/attestation_de_non_affiliation_cnas_algerie.pdf"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466827/; classtype:trojan-activity;sid:84329927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466828)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/72502959-bd3f-431c-9582-055fb0eb9e9d/downloads/vw_gehaltstabelle_2022.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466828/; classtype:trojan-activity;sid:84329928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466830)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/nidugapageru.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466830/; classtype:trojan-activity;sid:84329930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466831)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f6f33080-7dde-4e51-88ef-59c9fd931fca/downloads/latoletevuwogerovug.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466831/; classtype:trojan-activity;sid:84329931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466818)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/40119004199.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466818/; classtype:trojan-activity;sid:84329918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466822)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d128fcda-7fcc-4d89-85b3-e79c54d4414e/downloads/talivejo.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466822/; classtype:trojan-activity;sid:84329922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466824)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5a9e93e0-0f17-4e5e-a00c-88e3958ec770/downloads/ansul_piranha_system_installation_manual.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466824/; classtype:trojan-activity;sid:84329924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466813)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/scada_system_architecture.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466813/; classtype:trojan-activity;sid:84329913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466814)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/82f97436-460c-45aa-bd9b-74a87c48e9b0/downloads/63541235931.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466814/; classtype:trojan-activity;sid:84329914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466802)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bd6582d9-c54a-4b0b-ad89-3fd92efb45aa/downloads/gaylord_texan_hotel_map.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466802/; classtype:trojan-activity;sid:84329902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466803)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/laxokuzigurebudisinatonu.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466803/; classtype:trojan-activity;sid:84329903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466805)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/09d72da9-ee58-43de-9ce0-8696fa874a10/downloads/kojutaz.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466805/; classtype:trojan-activity;sid:84329905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466808)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/civil_engineer_experience_certificate_word_format.pdf"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466808/; classtype:trojan-activity;sid:84329908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466799)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/55d28ff0-9d0b-42b4-8190-887f90038148/downloads/gimisomogaro.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466799/; classtype:trojan-activity;sid:84329899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466800)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/950f7924-fa6b-44be-bda3-22eaf526f43f/downloads/how_to_write_a_letter_to_society_for_car_parking.pdf"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466800/; classtype:trojan-activity;sid:84329900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466801)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/78dac1c1-e6f9-4066-ad39-7cbcdc39e651/downloads/93448099882.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466801/; classtype:trojan-activity;sid:84329901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466794)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/payment_under_protest_letter_sample.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466794/; classtype:trojan-activity;sid:84329894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466797)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/43447829480.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466797/; classtype:trojan-activity;sid:84329897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466798)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/97374790135.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466798/; classtype:trojan-activity;sid:84329898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466788)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b298ce5b-3c11-48f0-9704-0e059e7cfa1a/downloads/71423402684.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466788/; classtype:trojan-activity;sid:84329888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466790)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5c9ed0ab-abf7-4895-9a79-d81e87aed60a/downloads/nezumizegorazulamalit.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466790/; classtype:trojan-activity;sid:84329890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466791)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a4c519f1-5301-485e-9e9c-56d1397df289/downloads/79371210580.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466791/; classtype:trojan-activity;sid:84329891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466792)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/kekososiwixokaz.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466792/; classtype:trojan-activity;sid:84329892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466778)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/657a2269-1311-41bc-be7f-365fba299599/downloads/14889765830.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466778/; classtype:trojan-activity;sid:84329878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466779)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/rikisiwudepelapopazi.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466779/; classtype:trojan-activity;sid:84329879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466781)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/boriwivamafegujiser.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466781/; classtype:trojan-activity;sid:84329881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466782)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/seaworld_donation_request_orlando.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466782/; classtype:trojan-activity;sid:84329882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466786)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/schumacher_battery_charger_parts_se-4022.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466786/; classtype:trojan-activity;sid:84329886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466787)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d83328cf-50de-409a-9bf6-de7a48f66ed6/downloads/40650293844.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466787/; classtype:trojan-activity;sid:84329887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466777)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/ap_cm_relief_fund_application_process.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466777/; classtype:trojan-activity;sid:84329877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466768)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/82f97436-460c-45aa-bd9b-74a87c48e9b0/downloads/narigokukeminozitema.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466768/; classtype:trojan-activity;sid:84329868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466770)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/32231114245.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466770/; classtype:trojan-activity;sid:84329870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466771)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/fa0b65d5-8cfc-4875-922a-b490488b42be/downloads/schmersal_de-_42279_datasheet.pdf"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466771/; classtype:trojan-activity;sid:84329871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466772)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/checklist_format_for_housekeeping_in_hospital.pdf"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466772/; classtype:trojan-activity;sid:84329872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466773)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/91812224211.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466773/; classtype:trojan-activity;sid:84329873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466774)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b298ce5b-3c11-48f0-9704-0e059e7cfa1a/downloads/rizepigarebovubugebo.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466774/; classtype:trojan-activity;sid:84329874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466775)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/kawopixar.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466775/; classtype:trojan-activity;sid:84329875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466767)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/58311665155.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466767/; classtype:trojan-activity;sid:84329867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466763)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c0325f5e-ab4f-48af-8631-8757a310624e/downloads/93503353547.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466763/; classtype:trojan-activity;sid:84329863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466764)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6974f1eb-71bf-4f90-8572-d8ac4e4f765d/downloads/wazakovefonetak.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466764/; classtype:trojan-activity;sid:84329864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466758)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9978fe41-dbcb-4b88-8a80-a839de3f86b5/downloads/42576721881.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466758/; classtype:trojan-activity;sid:84329858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466759)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7219dffe-e0ab-4b31-b3e7-77acd35b52f5/downloads/73769466656.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466759/; classtype:trojan-activity;sid:84329859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466761)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/suvuraxelikubok.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466761/; classtype:trojan-activity;sid:84329861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466762)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3e09336e-0817-489c-96db-d43d5fd51fc4/downloads/i9_birth_certificate_example.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466762/; classtype:trojan-activity;sid:84329862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466750)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3131d044-1bdb-4fdc-8ed0-764e724b86a8/downloads/stromer_st1_owners_manual.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466750/; classtype:trojan-activity;sid:84329850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466753)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/7215421885.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466753/; classtype:trojan-activity;sid:84329853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466754)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/37979647215.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466754/; classtype:trojan-activity;sid:84329854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466755)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/af0be9d0-b995-4f2a-8f66-25f04f50db42/downloads/tejovejujepotobafoba.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466755/; classtype:trojan-activity;sid:84329855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466756)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/43947647531.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466756/; classtype:trojan-activity;sid:84329856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466747)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/97640682614.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466747/; classtype:trojan-activity;sid:84329847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466748)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2ec5b631-127b-4a5e-84ff-7de19674a208/downloads/daxukipavibipukoj.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466748/; classtype:trojan-activity;sid:84329848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466740)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/66a9f463-0ae0-4403-bef2-3061bb9e36ef/downloads/rate_list_of_test_in_dr.lal_pathlabs.pdf"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466740/; classtype:trojan-activity;sid:84329840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466742)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c8939508-8a93-4f90-8b11-ddca3342e83a/downloads/4803379677.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466742/; classtype:trojan-activity;sid:84329842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466745)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ddc49093-0792-428b-8073-6170b30113a2/downloads/taski_procarpet_45_manual.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466745/; classtype:trojan-activity;sid:84329845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466738)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/gomik.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466738/; classtype:trojan-activity;sid:84329838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466736)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ef27ce0e-c911-4d37-baad-bea065e796b8/downloads/kirekafusofo.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466736/; classtype:trojan-activity;sid:84329836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466732)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/wiremabodopigotaf.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466732/; classtype:trojan-activity;sid:84329832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466733)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/67856105857.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466733/; classtype:trojan-activity;sid:84329833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466734)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/af0be9d0-b995-4f2a-8f66-25f04f50db42/downloads/rubetugetafapojopodibom.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466734/; classtype:trojan-activity;sid:84329834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466724)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/3048437595.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466724/; classtype:trojan-activity;sid:84329824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466726)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cc370600-8080-4216-8e6c-52a7f34eeccf/downloads/iso_weld_symbols_chart.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466726/; classtype:trojan-activity;sid:84329826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466728)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/47b969d8-0664-43a5-a1cb-4ec8411e9eef/downloads/powerflex_755_user_manual_espanol.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466728/; classtype:trojan-activity;sid:84329828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466729)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7539d3e4-198a-4c91-addc-38e6066bfe55/downloads/2305786492.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466729/; classtype:trojan-activity;sid:84329829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466730)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/kangwon_land_inc_annual_report.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466730/; classtype:trojan-activity;sid:84329830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466731)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4c0bdcf4-6f9c-40c3-8219-8cbbbcfb4026/downloads/wanigukanewalew.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466731/; classtype:trojan-activity;sid:84329831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466715)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/watiwime.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466715/; classtype:trojan-activity;sid:84329815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466716)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/638993752.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466716/; classtype:trojan-activity;sid:84329816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466717)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98e3e4d1-65d1-414f-a2f4-24701527da4a/downloads/milagetuxinofu.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466717/; classtype:trojan-activity;sid:84329817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466719)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7eafcf9d-33bd-4fd4-8489-654d240ab2f3/downloads/51295545026.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466719/; classtype:trojan-activity;sid:84329819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466720)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/xezumiriruko.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466720/; classtype:trojan-activity;sid:84329820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466721)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/657a2269-1311-41bc-be7f-365fba299599/downloads/cleavage_front_row_amy_measurements.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466721/; classtype:trojan-activity;sid:84329821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466708)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/diamond_sieve_chart.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466708/; classtype:trojan-activity;sid:84329808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466710)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/09b152c4-bf66-44a7-8224-2992cea3ed0a/downloads/sample_indian_renunciation_form.pdf"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466710/; classtype:trojan-activity;sid:84329810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466711)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/pelebesepasirokirefukew.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466711/; classtype:trojan-activity;sid:84329811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466713)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e262bb3c-3205-4bb6-954b-f565479d59e0/downloads/50787175728.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466713/; classtype:trojan-activity;sid:84329813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466706)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d89879dd-a0f6-4cd8-8b66-99c2d6e48b2c/downloads/rotem_sigma_user_manual.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466706/; classtype:trojan-activity;sid:84329806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466705)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/lista_de_verbos_em_italiano.pdf"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466705/; classtype:trojan-activity;sid:84329805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466702)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a580c741-29a0-435a-a011-6aa538a5edae/downloads/25870917787.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466702/; classtype:trojan-activity;sid:84329802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466694)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/siwetofulugo.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466694/; classtype:trojan-activity;sid:84329794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466695)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0739216d-b619-42bb-83b4-7432b4331862/downloads/26798739628.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466695/; classtype:trojan-activity;sid:84329795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466696)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f36019eb-f077-446f-b5b6-39b8eacedf97/downloads/23513409250.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466696/; classtype:trojan-activity;sid:84329796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466697)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/the_long_dark_crumbling_highway_map.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466697/; classtype:trojan-activity;sid:84329797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466698)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2eabcd0a-1fbf-48aa-8399-71392232a891/downloads/92332863676.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466698/; classtype:trojan-activity;sid:84329798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466682)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4c633c3b-7c73-43a9-a161-0e7459f617b4/downloads/popajuzokovuluboz.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466682/; classtype:trojan-activity;sid:84329782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466684)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4b7c63a1-8c4d-413e-83dc-2db6954011c6/downloads/6759358871.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466684/; classtype:trojan-activity;sid:84329784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466686)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/41809607-5bd4-4a52-8a62-530dfb6fcdd7/downloads/gelumoxosudasikaxo.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466686/; classtype:trojan-activity;sid:84329786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466687)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cb46680e-64d4-4308-8a44-9926381d0750/downloads/47722224691.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466687/; classtype:trojan-activity;sid:84329787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466689)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/57326063662.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466689/; classtype:trojan-activity;sid:84329789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466691)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/porebejotenojudud.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466691/; classtype:trojan-activity;sid:84329791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466681)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/72502959-bd3f-431c-9582-055fb0eb9e9d/downloads/duff_and_phelps_size_premium_2022.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466681/; classtype:trojan-activity;sid:84329781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466674)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/pass_the_pigs_scoring_sheet.pdf"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466674/; classtype:trojan-activity;sid:84329774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466679)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6ae40ccb-f0fa-4b6b-bfcc-06032a30498c/downloads/logical_thinking_worksheets_for_kindergarten.pdf"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466679/; classtype:trojan-activity;sid:84329779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466670)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cb46680e-64d4-4308-8a44-9926381d0750/downloads/151743582.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466670/; classtype:trojan-activity;sid:84329770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466671)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/13792310994.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466671/; classtype:trojan-activity;sid:84329771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466666)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/cessna_172_instrument_panel_layout.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466666/; classtype:trojan-activity;sid:84329766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466667)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/24459864622.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466667/; classtype:trojan-activity;sid:84329767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466658)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4c0bdcf4-6f9c-40c3-8219-8cbbbcfb4026/downloads/10451479360.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466658/; classtype:trojan-activity;sid:84329758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466659)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/sap_fico_cutover_activities.pdf"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466659/; classtype:trojan-activity;sid:84329759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466662)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/98444125074.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466662/; classtype:trojan-activity;sid:84329762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466663)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/686c0a2e-9a90-4936-9f96-7d72f3c65f03/downloads/54960661120.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466663/; classtype:trojan-activity;sid:84329763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466664)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9c30937d-c8da-4e7b-9f7a-432344b46400/downloads/3262231356.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466664/; classtype:trojan-activity;sid:84329764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466648)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d89879dd-a0f6-4cd8-8b66-99c2d6e48b2c/downloads/livro_pesquisa_bibliografica.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466648/; classtype:trojan-activity;sid:84329748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466650)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/37ff6e83-e399-4f09-b7f3-13b9438039c2/downloads/54456550535.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466650/; classtype:trojan-activity;sid:84329750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466652)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/41780010-2245-4f59-96ea-abe2bb04704f/downloads/request_letter_format_in_marathi_language.pdf"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466652/; classtype:trojan-activity;sid:84329752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466645)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5809a244-7d90-46f4-9de4-ee86dda3a2de/downloads/evaluation_emc_6eme_devenir_collegien.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466645/; classtype:trojan-activity;sid:84329745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466640)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/dd809168-aa55-4437-9a0e-42447fbc16fd/downloads/22731947285.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466640/; classtype:trojan-activity;sid:84329740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466641)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/41780010-2245-4f59-96ea-abe2bb04704f/downloads/hypothecation_cancellation_request_letter_format.pdf"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466641/; classtype:trojan-activity;sid:84329741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466642)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/182ae1b8-0b64-4790-be7b-698d5e8b3d57/downloads/gidatigexapufalumiwolagad.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466642/; classtype:trojan-activity;sid:84329742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466634)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bd6582d9-c54a-4b0b-ad89-3fd92efb45aa/downloads/aocs_official_method_ce_1b_89.pdf"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466634/; classtype:trojan-activity;sid:84329734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466635)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/pigogini.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466635/; classtype:trojan-activity;sid:84329735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466639)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ab158387-fd14-4136-be83-18d2feafd209/downloads/regonadafufosofujerijasur.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466639/; classtype:trojan-activity;sid:84329739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466625)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/xewegemodigu.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466625/; classtype:trojan-activity;sid:84329725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466626)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f9b61407-e9a0-4bfb-ac42-6ba811f07eed/downloads/daycare_reference_letter_template.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466626/; classtype:trojan-activity;sid:84329726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466629)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/displayport_1.4_spec.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466629/; classtype:trojan-activity;sid:84329729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466632)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0a49e03e-1cf9-44ed-ac44-c378f90fa5f8/downloads/63521883486.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466632/; classtype:trojan-activity;sid:84329732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466633)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/262ea410-a887-458b-b5ec-65748ef01e57/downloads/75258476975.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466633/; classtype:trojan-activity;sid:84329733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466619)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9441f8ad-6e79-4d4a-9602-3585b1269b7e/downloads/dajagunowe.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466619/; classtype:trojan-activity;sid:84329719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466620)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/432a6cf0-f63b-4132-8b03-52615cd2c1c3/downloads/hypochondria_ielts_reading_answers.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466620/; classtype:trojan-activity;sid:84329720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466622)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/migolijidawononavez.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466622/; classtype:trojan-activity;sid:84329722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466623)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6286d8b4-6ffa-4d84-aeea-f2a9bc58a594/downloads/hotel_courtesy_call_template.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466623/; classtype:trojan-activity;sid:84329723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466617)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/48cf8ef6-fe89-47b6-9b8e-43119a3d3833/downloads/89759746182.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466617/; classtype:trojan-activity;sid:84329717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466613)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/poquito_mas_nutrition_facts.pdf"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466613/; classtype:trojan-activity;sid:84329713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466610)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9a32841c-0d54-4ad0-8acd-a5b15c41cae1/downloads/luxutevosevuke.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466610/; classtype:trojan-activity;sid:84329710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466611)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/vamiralu.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466611/; classtype:trojan-activity;sid:84329711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466605)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/bonunorovekofa.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466605/; classtype:trojan-activity;sid:84329705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466606)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/657a2269-1311-41bc-be7f-365fba299599/downloads/36407415595.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466606/; classtype:trojan-activity;sid:84329706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466607)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/82707682561.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466607/; classtype:trojan-activity;sid:84329707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466608)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a0620227-6f33-427f-8ac7-1fb80d24bd78/downloads/loxabafefomukewizirefa.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466608/; classtype:trojan-activity;sid:84329708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466609)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/metric_bolt_specification_chart.pdf"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466609/; classtype:trojan-activity;sid:84329709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466597)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b6875802-d83d-45fa-a01c-dd9f30c53739/downloads/22305465780.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466597/; classtype:trojan-activity;sid:84329697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466598)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/efeaa59e-2423-41d8-b482-9a37e80979c7/downloads/ge_disconnect_switch.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466598/; classtype:trojan-activity;sid:84329698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466600)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7518eff6-349e-4445-8380-e1c43aacea7b/downloads/gemudewefedevovep.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466600/; classtype:trojan-activity;sid:84329700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466601)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/41809607-5bd4-4a52-8a62-530dfb6fcdd7/downloads/tugojokuru.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466601/; classtype:trojan-activity;sid:84329701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466602)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/82f97436-460c-45aa-bd9b-74a87c48e9b0/downloads/hadoop_notes_by_durgasoft_ramakrishna.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466602/; classtype:trojan-activity;sid:84329702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466603)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/compassionate_leave_letter_examples.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466603/; classtype:trojan-activity;sid:84329703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466604)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2294c0f6-d737-4b16-8fca-94076227dda5/downloads/garrison_carbon_monoxide_and_gas_detector_manual.pdf"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466604/; classtype:trojan-activity;sid:84329704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466593)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/kuradorug.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466593/; classtype:trojan-activity;sid:84329693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466594)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7eafcf9d-33bd-4fd4-8489-654d240ab2f3/downloads/38053692779.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466594/; classtype:trojan-activity;sid:84329694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466595)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c4240411-5b76-4ebe-95b9-c00242399cf6/downloads/26107131918.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466595/; classtype:trojan-activity;sid:84329695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466587)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/tozivagal.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466587/; classtype:trojan-activity;sid:84329687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466591)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1b026e03-5af6-461d-a832-b5e23f93b19f/downloads/rojumedevunez.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466591/; classtype:trojan-activity;sid:84329691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466585)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/nefusajoxepisajejod.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466585/; classtype:trojan-activity;sid:84329685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466581)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/tubewerapip.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466581/; classtype:trojan-activity;sid:84329681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466583)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5a9e93e0-0f17-4e5e-a00c-88e3958ec770/downloads/18645484853.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466583/; classtype:trojan-activity;sid:84329683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466584)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/50ab7773-f1d2-4be6-a8e2-1065b2477787/downloads/4850921377.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466584/; classtype:trojan-activity;sid:84329684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466567)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/990799bc-d23a-46ce-a09a-3161937bf907/downloads/basimonuje.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466567/; classtype:trojan-activity;sid:84329667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466568)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4490da21-0774-43c2-8f10-26fe1384ffab/downloads/convention_collective_ucanss_mutatio.pdf"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466568/; classtype:trojan-activity;sid:84329668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466569)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2f6bcf3c-4b23-42e7-95db-7e5e3070b630/downloads/29680644903.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466569/; classtype:trojan-activity;sid:84329669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466571)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e297ab99-26f3-4763-8aa9-4b5ba8336826/downloads/61556440139.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466571/; classtype:trojan-activity;sid:84329671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466572)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/93a7eb93-9eef-4244-8f20-7f48de1f8294/downloads/rikeleneliteta.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466572/; classtype:trojan-activity;sid:84329672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466559)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/dupibutemuxubezukexe.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466559/; classtype:trojan-activity;sid:84329659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466561)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/58f82e37-5723-4fc5-be87-1ca34da7fc9c/downloads/ladovarudugusujo.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466561/; classtype:trojan-activity;sid:84329661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466562)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/93623530863.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466562/; classtype:trojan-activity;sid:84329662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466563)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f4482b02-adbc-4511-a01d-8f5a32444a75/downloads/31982364803.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466563/; classtype:trojan-activity;sid:84329663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466564)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c29905cb-cab1-47d6-9263-d073f5bcab67/downloads/manually_update_officescan_server.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466564/; classtype:trojan-activity;sid:84329664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466565)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/meligofat.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466565/; classtype:trojan-activity;sid:84329665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466566)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/pibajusapasadasizuvabo.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466566/; classtype:trojan-activity;sid:84329666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466552)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5a9e93e0-0f17-4e5e-a00c-88e3958ec770/downloads/vuguvukopipokimukunoju.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466552/; classtype:trojan-activity;sid:84329652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466553)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/82f97436-460c-45aa-bd9b-74a87c48e9b0/downloads/vmware_horizon_not_loading.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466553/; classtype:trojan-activity;sid:84329653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466556)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/gekepozokenaxaketojakoj.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466556/; classtype:trojan-activity;sid:84329656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466557)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/xekinozu.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466557/; classtype:trojan-activity;sid:84329657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466558)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d258c0c8-b9d9-4d64-b965-01378617d9c6/downloads/tanaber.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466558/; classtype:trojan-activity;sid:84329658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466546)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/lokodemerukezabakexa.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466546/; classtype:trojan-activity;sid:84329646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466547)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/wijigezafububofelib.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466547/; classtype:trojan-activity;sid:84329647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466548)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1a64ed17-85a2-4cee-b266-878ed957a17a/downloads/wezixipusafa.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466548/; classtype:trojan-activity;sid:84329648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466551)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6ed9a7df-8325-4b88-b206-4975011bd8d3/downloads/73303046927.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466551/; classtype:trojan-activity;sid:84329651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466544)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/vafibezesixura.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466544/; classtype:trojan-activity;sid:84329644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466542)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cdf9b72e-240a-4a41-ac28-e187be75db3e/downloads/10008295817.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466542/; classtype:trojan-activity;sid:84329642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466539)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/35017680871.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466539/; classtype:trojan-activity;sid:84329639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466534)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b5346c1d-c474-4a92-9b4c-cbf0eee37189/downloads/jamupipenimewuroveg.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466534/; classtype:trojan-activity;sid:84329634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466523)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ddc49093-0792-428b-8073-6170b30113a2/downloads/ritiwuga.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466523/; classtype:trojan-activity;sid:84329623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466524)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/697088a1-6c9a-496e-9a4d-922308cd97be/downloads/98558988287.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466524/; classtype:trojan-activity;sid:84329624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466525)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3d8c405e-d09a-43e6-b2b9-f8bbfe0e4b05/downloads/japifitakudisudupuweb.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466525/; classtype:trojan-activity;sid:84329625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466527)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b7519557-5091-4de7-b104-8e86c3953c5d/downloads/66697702965.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466527/; classtype:trojan-activity;sid:84329627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466528)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c4d8863b-da23-437d-86ed-df2351a23265/downloads/sazodaxorega.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466528/; classtype:trojan-activity;sid:84329628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466512)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/36655168913.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466512/; classtype:trojan-activity;sid:84329612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466513)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/wevularaboxurewugawe.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466513/; classtype:trojan-activity;sid:84329613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466514)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/rubizegelolulagexarunup.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466514/; classtype:trojan-activity;sid:84329614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466515)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c29905cb-cab1-47d6-9263-d073f5bcab67/downloads/pipe_fittings_surface_area_chart.pdf"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466515/; classtype:trojan-activity;sid:84329615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466517)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/ludirov.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466517/; classtype:trojan-activity;sid:84329617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466521)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/jedibam.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466521/; classtype:trojan-activity;sid:84329621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466522)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c2f5ec0b-52d8-40cb-8fa6-a66f6f891fa9/downloads/64630520522.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466522/; classtype:trojan-activity;sid:84329622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466506)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/19f0e93a-8f01-4f21-8964-dcc990dea571/downloads/honeywell_dc3002_manual.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466506/; classtype:trojan-activity;sid:84329606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466507)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/30963207670.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466507/; classtype:trojan-activity;sid:84329607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466508)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/963d457e-5dea-4a7e-aae8-47aada2a7cc0/downloads/36202936872.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466508/; classtype:trojan-activity;sid:84329608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466509)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/738cd3ca-10f0-4f1e-865e-c0932904fbb2/downloads/28412734415.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466509/; classtype:trojan-activity;sid:84329609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466510)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/af067739-2dfe-40f3-ae00-a758e587d7d3/downloads/wepepuv.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466510/; classtype:trojan-activity;sid:84329610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466503)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/atpco_fare_filing_manual_s.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466503/; classtype:trojan-activity;sid:84329603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466504)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/gartner_magic_quadrant_ips.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466504/; classtype:trojan-activity;sid:84329604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466505)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f2215a6c-0436-4d82-8033-c5d079398259/downloads/xawegifurixikinixi.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466505/; classtype:trojan-activity;sid:84329605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466501)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/nolovafitavire.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466501/; classtype:trojan-activity;sid:84329601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466495)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9f11cc6f-a645-4f71-bee4-e3848f35abf2/downloads/mojijodexiv.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466495/; classtype:trojan-activity;sid:84329595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466497)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/64114a94-94a3-4f5d-866a-beee254b955f/downloads/xipefodefanotare.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466497/; classtype:trojan-activity;sid:84329597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466498)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/gekulafemidafalijuw.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466498/; classtype:trojan-activity;sid:84329598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466489)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98e3e4d1-65d1-414f-a2f4-24701527da4a/downloads/types_of_lines_in_construction_drawings.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466489/; classtype:trojan-activity;sid:84329589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466490)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/psa_birth_certificate_authorization_letter.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466490/; classtype:trojan-activity;sid:84329590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466492)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/53202951-38c7-4c35-8280-6cefaf47915f/downloads/libububodanusakamarad.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466492/; classtype:trojan-activity;sid:84329592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466480)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/41202776349.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466480/; classtype:trojan-activity;sid:84329580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466481)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/dc583f51-62de-45fb-b9c6-f152dd4c2594/downloads/combining_like_terms_pyramid_worksheet_answers.pdf"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466481/; classtype:trojan-activity;sid:84329581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466482)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1dc2c198-09f6-4966-96bb-2e160c7d78e2/downloads/55840145977.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466482/; classtype:trojan-activity;sid:84329582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466484)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/puzenesariwalez.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466484/; classtype:trojan-activity;sid:84329584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466485)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c0eb552d-3ccf-4b3e-a340-0e3717106147/downloads/kalozarisi.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466485/; classtype:trojan-activity;sid:84329585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466486)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bb45e14d-29c5-4287-b67f-843105f3b091/downloads/wilikof.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466486/; classtype:trojan-activity;sid:84329586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466487)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/geruzirejexexani.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466487/; classtype:trojan-activity;sid:84329587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466488)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20220120151100if_/https://uploads.strikinglycdn.com/files/88fe4363-1198-45e6-9226-8b94f28355d4/biwuzu.pdf"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466488/; classtype:trojan-activity;sid:84329588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466476)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/de9d9f96-a289-4877-85d4-e6d2d4cc419c/downloads/minerva_t2000_manual.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466476/; classtype:trojan-activity;sid:84329576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466474)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/710760ab-5054-4fd2-86ee-e72953d604bd/downloads/siemens_pcs_7_full_training_manual.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466474/; classtype:trojan-activity;sid:84329574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466472)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/sojawamiluredowad.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466472/; classtype:trojan-activity;sid:84329572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466462)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/add57eeb-0480-4d3e-871c-79d9b8fe2772/downloads/lozataroziwukurejigax.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466462/; classtype:trojan-activity;sid:84329562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466463)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/capacitor_bank_preventive_maintenance_checklist.pdf"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466463/; classtype:trojan-activity;sid:84329563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466464)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/jesafi.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466464/; classtype:trojan-activity;sid:84329564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466465)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/wofewipawo.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466465/; classtype:trojan-activity;sid:84329565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466468)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/58423586845.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466468/; classtype:trojan-activity;sid:84329568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466469)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/89849145142.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466469/; classtype:trojan-activity;sid:84329569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466460)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4c26a93a-50bb-4104-895b-059e3fc9a02c/downloads/zoxinigexozojadidara.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466460/; classtype:trojan-activity;sid:84329560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466454)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/96b6a2f4-8317-413b-a7e3-44adb2eb81f5/downloads/demande_d_allocation_chomage_pole_emploi.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466454/; classtype:trojan-activity;sid:84329554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466459)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/tutorialspoint_sap_pp.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466459/; classtype:trojan-activity;sid:84329559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466449)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/34a417cb-7930-4ae3-8428-8420716ba08a/downloads/lafebokoz.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466449/; classtype:trojan-activity;sid:84329549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466450)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c7a293a1-0904-42a6-9de6-afc19e585d66/downloads/advance_payment_request_letter_format_word.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466450/; classtype:trojan-activity;sid:84329550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466452)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0a0c7596-8583-4967-abed-67d8d1ffd610/downloads/boilermaker_drawings_and_developments.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466452/; classtype:trojan-activity;sid:84329552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466453)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8532eb1d-13c2-4756-9d41-225750b056f4/downloads/litimuwabu.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466453/; classtype:trojan-activity;sid:84329553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466444)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/telcordia_sr_332_issue_4.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466444/; classtype:trojan-activity;sid:84329544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466445)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d89879dd-a0f6-4cd8-8b66-99c2d6e48b2c/downloads/stopaq_application_manual_2018.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466445/; classtype:trojan-activity;sid:84329545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466447)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3daad7b2-98c5-4dc1-b37a-5570afcba267/downloads/40472163846.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466447/; classtype:trojan-activity;sid:84329547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466439)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/89247847196.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466439/; classtype:trojan-activity;sid:84329539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466440)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d258c0c8-b9d9-4d64-b965-01378617d9c6/downloads/72993487295.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466440/; classtype:trojan-activity;sid:84329540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466441)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/de9155fa-7173-4766-94c3-9e400d4aed58/downloads/def_stan_91-91.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466441/; classtype:trojan-activity;sid:84329541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466443)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/42d6a3b4-bbc0-47ab-bf86-c3ddb806b2ed/downloads/rafadaduveputev.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466443/; classtype:trojan-activity;sid:84329543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466429)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3924d65b-e08d-4f21-8d71-a0b15eb654bb/downloads/63720952596.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466429/; classtype:trojan-activity;sid:84329529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466417)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/woleb.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466417/; classtype:trojan-activity;sid:84329517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466418)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/dururotilonid.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466418/; classtype:trojan-activity;sid:84329518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466419)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/150_dialogues_en_francais.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466419/; classtype:trojan-activity;sid:84329519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466420)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/88031585580.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466420/; classtype:trojan-activity;sid:84329520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466423)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/dollar_general_cbl_answers_robbery_prevention.pdf"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466423/; classtype:trojan-activity;sid:84329523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466424)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4e8158-a082-4b1f-960e-1d82a946a72b/downloads/76239393989.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466424/; classtype:trojan-activity;sid:84329524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466414)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/51c1105d-a687-468d-b1aa-293ca9578a34/downloads/giwuroganapedokozijave.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466414/; classtype:trojan-activity;sid:84329514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466406)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/50e5aae7-a15c-4d74-a4ed-a8edfca980c4/downloads/atividades_adaptadas_de_ingles_para_deficientes_intelectuais.pdf"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466406/; classtype:trojan-activity;sid:84329506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466407)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/697088a1-6c9a-496e-9a4d-922308cd97be/downloads/24465842333.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466407/; classtype:trojan-activity;sid:84329507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466409)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2d664301-7b5e-474d-97a1-1305c7ece601/downloads/35905190672.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466409/; classtype:trojan-activity;sid:84329509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466410)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/12922543008.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466410/; classtype:trojan-activity;sid:84329510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466412)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/804274b4-5f10-4c26-9de6-df56f38aac7c/downloads/20643132370.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466412/; classtype:trojan-activity;sid:84329512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466413)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/95435099570.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466413/; classtype:trojan-activity;sid:84329513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466401)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2bb4e8cb-ec7e-44c1-a645-d94d4534f3a4/downloads/far_from_you_tess_sharpe.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466401/; classtype:trojan-activity;sid:84329501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466403)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/87076889980.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466403/; classtype:trojan-activity;sid:84329503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466395)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20220120151100/https://uploads.strikinglycdn.com/files/88fe4363-1198-45e6-9226-8b94f28355d4/biwuzu.pdf"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466395/; classtype:trojan-activity;sid:84329495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466396)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/40331451843.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466396/; classtype:trojan-activity;sid:84329496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466397)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/71d9f42f-0bad-4406-8a48-95c698e57e68/downloads/sumitomo_f50_compressor_manual.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466397/; classtype:trojan-activity;sid:84329497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466398)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/tusosexukitut.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466398/; classtype:trojan-activity;sid:84329498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466387)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/chambre_de_tirage_telecom.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466387/; classtype:trojan-activity;sid:84329487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466389)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d45c0d9d-8581-471d-bee0-51d1b9891f05/downloads/nisisot.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466389/; classtype:trojan-activity;sid:84329489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466390)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/tojabuka.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466390/; classtype:trojan-activity;sid:84329490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466391)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bb45e14d-29c5-4287-b67f-843105f3b091/downloads/16219919996.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466391/; classtype:trojan-activity;sid:84329491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466392)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/famous_athletes_banned_for_drug_use.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466392/; classtype:trojan-activity;sid:84329492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466393)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/31075581028.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466393/; classtype:trojan-activity;sid:84329493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466394)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/990799bc-d23a-46ce-a09a-3161937bf907/downloads/table_trigonometrique_complet.pdf"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466394/; classtype:trojan-activity;sid:84329494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466385)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f20719e2-319c-4f10-aabc-5dffb4a98912/downloads/45233279752.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466385/; classtype:trojan-activity;sid:84329485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466376)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/10e01255-b324-4a54-ae63-f4e28a319147/downloads/how_to_make_authorization_letter_to_claim_money_in_palawan.pdf"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466376/; classtype:trojan-activity;sid:84329476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466378)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7a69ed85-566a-4d22-8bd3-47a8a314b3bf/downloads/baropuzijavalerivotenujop.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466378/; classtype:trojan-activity;sid:84329478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466379)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/15135097712.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466379/; classtype:trojan-activity;sid:84329479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466366)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4831e354-44dc-4759-9d14-0dd6cfda589f/downloads/demag_ac_350_dwg.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466366/; classtype:trojan-activity;sid:84329466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466370)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f6479094-5bf7-4b46-9ced-d0f3d0d49751/downloads/63982701040.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466370/; classtype:trojan-activity;sid:84329470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466371)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e35dded4-68df-49bc-a9b0-aad8c63628c2/downloads/polipuzikiwelines.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466371/; classtype:trojan-activity;sid:84329471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466372)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/jakirezimukixinirivuvizuw.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466372/; classtype:trojan-activity;sid:84329472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466373)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c4bf44b4-a39c-49f8-89f5-4b487ef61751/downloads/safety_precautions_during_rainy_season_ppt.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466373/; classtype:trojan-activity;sid:84329473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466358)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/gasanon.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466358/; classtype:trojan-activity;sid:84329458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466359)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/87218120165.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466359/; classtype:trojan-activity;sid:84329459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466364)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6c9fdcec-b167-4620-b064-54b8917c32b8/downloads/57211354597.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466364/; classtype:trojan-activity;sid:84329464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466355)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9927c1c5-c61c-4f5e-807e-67bd1833b3e4/downloads/2687436544.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466355/; classtype:trojan-activity;sid:84329455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466356)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/astonishment_report_example_template_free.pdf"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466356/; classtype:trojan-activity;sid:84329456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466353)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4454ad30-3f6f-488a-b5e6-19e7bcca2146/downloads/duzinijilufixikedaluw.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466353/; classtype:trojan-activity;sid:84329453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466340)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/47a03532-4838-4d3f-b185-a29c87fa882c/downloads/24511080679.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466340/; classtype:trojan-activity;sid:84329440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466341)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/35512569741.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466341/; classtype:trojan-activity;sid:84329441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466344)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/fiselarodinolapin.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466344/; classtype:trojan-activity;sid:84329444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466348)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c7a293a1-0904-42a6-9de6-afc19e585d66/downloads/fonuferin.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466348/; classtype:trojan-activity;sid:84329448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466349)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/59681288373.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466349/; classtype:trojan-activity;sid:84329449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466350)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9db526fb-d62a-447a-9766-8665158ad47a/downloads/skf_linear_bearing_catalogue.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466350/; classtype:trojan-activity;sid:84329450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466351)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/552d21dd-b338-4bf6-8541-a1e81cff5ed8/downloads/45838770375.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466351/; classtype:trojan-activity;sid:84329451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466336)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98a1791f-f3a9-4ef2-ac34-41b3393c3d1d/downloads/original_documents_handover_letter_format.pdf"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466336/; classtype:trojan-activity;sid:84329436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466337)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/60272662631.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466337/; classtype:trojan-activity;sid:84329437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466338)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aa44ab49-4d64-4d64-8bfd-2dfce545052f/downloads/limitations_act_2004_nigeria.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466338/; classtype:trojan-activity;sid:84329438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466331)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/72cc53f9-3bf4-447c-963a-353f48ad8500/downloads/puwutokok.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466331/; classtype:trojan-activity;sid:84329431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466333)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2224247e-29ce-4f8d-b838-abfcbdf269c0/downloads/emdr_cognitive_interweaves.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466333/; classtype:trojan-activity;sid:84329433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466325)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/15715958975.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466325/; classtype:trojan-activity;sid:84329425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466326)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/sanugesijeviwo.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466326/; classtype:trojan-activity;sid:84329426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466327)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/167862b3-31e9-4984-90e5-30766e3a7fa8/downloads/20740408467.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466327/; classtype:trojan-activity;sid:84329427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466316)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f36019eb-f077-446f-b5b6-39b8eacedf97/downloads/22914289512.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466316/; classtype:trojan-activity;sid:84329416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466317)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f842cd9f-c67c-4749-ba01-22d7c1ea502c/downloads/93070455772.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466317/; classtype:trojan-activity;sid:84329417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466319)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/61240910211.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466319/; classtype:trojan-activity;sid:84329419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466320)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/33251318472.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466320/; classtype:trojan-activity;sid:84329420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466321)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/800cff82-04ba-4c47-9f8b-d21367acb04d/downloads/84098559127.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466321/; classtype:trojan-activity;sid:84329421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466322)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/kaxajopisojurivo.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466322/; classtype:trojan-activity;sid:84329422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466324)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/vehicle_sale_agreement_format_in_word_kerala_online_applicat.pdf"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466324/; classtype:trojan-activity;sid:84329424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466312)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/everstart_750_amp_jump_starter_manual.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466312/; classtype:trojan-activity;sid:84329412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466313)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/424b0398-579a-4717-a17a-ffb972bf5819/downloads/manual_ppap_4_edicao.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466313/; classtype:trojan-activity;sid:84329413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466314)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b2a026b5-555a-437c-867f-3969f62b48d7/downloads/3703775959.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466314/; classtype:trojan-activity;sid:84329414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466305)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3f5ecf8d-ba74-430f-ac11-9eb6ace92d02/downloads/womirojepu.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466305/; classtype:trojan-activity;sid:84329405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466307)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/lord_of_the_flies_script.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466307/; classtype:trojan-activity;sid:84329407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466309)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3d0a6e54-c95b-4e67-871e-882f39f9c203/downloads/38102271043.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466309/; classtype:trojan-activity;sid:84329409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466304)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/depo_provera_osteoporosis_guidelines.pdf"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466304/; classtype:trojan-activity;sid:84329404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466301)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/397fbc33-145f-44ec-a774-e1fa1b866d82/downloads/fekesijurada.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466301/; classtype:trojan-activity;sid:84329401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466293)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1e222df8-d197-4254-b90b-be3d3b023ef4/downloads/78299826683.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466293/; classtype:trojan-activity;sid:84329393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466294)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bc2da57a-5cad-4b1e-b658-8efa7e30bee5/downloads/como_transferir_saldo_de_dados_unitel.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466294/; classtype:trojan-activity;sid:84329394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466283)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/billetes_didacticos_mexicanos_para_imprimir.pdf"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466283/; classtype:trojan-activity;sid:84329383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466284)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/34a417cb-7930-4ae3-8428-8420716ba08a/downloads/xutodorimalibavexididoson.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466284/; classtype:trojan-activity;sid:84329384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466285)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/vatalikuxigepiwu.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466285/; classtype:trojan-activity;sid:84329385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466286)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2fda8269-9b7e-4008-b093-ed7dc0bde9d7/downloads/zinivegosejuriwevagowu.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466286/; classtype:trojan-activity;sid:84329386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466288)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/dotuxomolomorapitome.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466288/; classtype:trojan-activity;sid:84329388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466289)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/541a1d8b-7a21-4c1f-8013-03406bd1a8ad/downloads/mevuxurike.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466289/; classtype:trojan-activity;sid:84329389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466291)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9c30937d-c8da-4e7b-9f7a-432344b46400/downloads/jubomumifekomu.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466291/; classtype:trojan-activity;sid:84329391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466279)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aa25c895-a966-4265-aeb1-bc094284554e/downloads/jifig.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466279/; classtype:trojan-activity;sid:84329379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466280)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3131d044-1bdb-4fdc-8ed0-764e724b86a8/downloads/90378982159.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466280/; classtype:trojan-activity;sid:84329380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466268)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/46578941429.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466268/; classtype:trojan-activity;sid:84329368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466269)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/elenco_corsi_vam_viterbo.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466269/; classtype:trojan-activity;sid:84329369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466259)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/552d21dd-b338-4bf6-8541-a1e81cff5ed8/downloads/17714436684.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466259/; classtype:trojan-activity;sid:84329359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466260)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/planet_fitness_membership_cancellation_letter.pdf"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466260/; classtype:trojan-activity;sid:84329360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466261)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/af067739-2dfe-40f3-ae00-a758e587d7d3/downloads/61105974714.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466261/; classtype:trojan-activity;sid:84329361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466266)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/933c3405-1572-4648-b39e-d98567eb5bee/downloads/for_your_kind_perusal_and_necessary_action_meaning.pdf"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466266/; classtype:trojan-activity;sid:84329366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466267)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/119d5b03-e78f-4725-87b7-ed496b267f6d/downloads/scrubber_design_calculation_excel.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466267/; classtype:trojan-activity;sid:84329367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466249)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6787db73-833d-4393-867e-1b786eb5e101/downloads/60859753638.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466249/; classtype:trojan-activity;sid:84329349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466252)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/62a7895e-5f81-4049-920b-e70e38d29e37/downloads/why_is_annexure_d_required_for_minor_passport.pdf"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466252/; classtype:trojan-activity;sid:84329352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466253)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/574284889.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466253/; classtype:trojan-activity;sid:84329353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466254)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9e5b6b40-f934-4273-a65f-cbaee9aa4b00/downloads/xikapataxofako.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466254/; classtype:trojan-activity;sid:84329354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466255)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/lobigexapi.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466255/; classtype:trojan-activity;sid:84329355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466256)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2470d53e-fef7-4646-9c8b-919894e66d18/downloads/72646482584.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466256/; classtype:trojan-activity;sid:84329356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466257)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8c16f145-4fc0-4af7-a4db-de4acd818fe4/downloads/46429707192.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466257/; classtype:trojan-activity;sid:84329357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466245)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7153ec40-cd7f-411a-a08b-66d173a33455/downloads/standards_australia_handbook_197.pdf"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466245/; classtype:trojan-activity;sid:84329345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466247)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/55745505506.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466247/; classtype:trojan-activity;sid:84329347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466241)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/43311556781.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466241/; classtype:trojan-activity;sid:84329341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466244)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/552d21dd-b338-4bf6-8541-a1e81cff5ed8/downloads/80691091889.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466244/; classtype:trojan-activity;sid:84329344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466238)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/sewuxazomuwara.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466238/; classtype:trojan-activity;sid:84329338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466231)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ce549e8-3051-428a-a71b-b48f204ac3cd/downloads/rapid_router_level_43_solution.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466231/; classtype:trojan-activity;sid:84329331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466232)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0620bed2-a9d8-4f06-ab8c-173ea1a60a70/downloads/jijegarazomimubusawogam.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466232/; classtype:trojan-activity;sid:84329332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466233)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/matunekuv.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466233/; classtype:trojan-activity;sid:84329333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466230)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/53202951-38c7-4c35-8280-6cefaf47915f/downloads/statsafe_3000_msds.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466230/; classtype:trojan-activity;sid:84329330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466221)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/82647770508.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466221/; classtype:trojan-activity;sid:84329321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466222)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ee3e2894-0337-41f6-9371-caecf7034a22/downloads/26991821255.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466222/; classtype:trojan-activity;sid:84329322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466226)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/gesuzodekutiz.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466226/; classtype:trojan-activity;sid:84329326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466227)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/62a7895e-5f81-4049-920b-e70e38d29e37/downloads/how_to_register_in_upstox.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466227/; classtype:trojan-activity;sid:84329327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466228)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/exercises_for_trigger_thumb.pdf"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466228/; classtype:trojan-activity;sid:84329328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466229)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/132d13c5-3f89-41bf-85b4-d1a24ddcf61c/downloads/nosiwevixina.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466229/; classtype:trojan-activity;sid:84329329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466215)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a56a106f-21b9-46c2-b5bc-12461919334c/downloads/vurarufa.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466215/; classtype:trojan-activity;sid:84329315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466217)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/how_to_get_a_wire_transfer_receipt_chase.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466217/; classtype:trojan-activity;sid:84329317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466219)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/3175972790.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466219/; classtype:trojan-activity;sid:84329319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466213)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/62128af0-82d0-4bae-b967-d393a4304003/downloads/apex_sl_vibration_controller_manual.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466213/; classtype:trojan-activity;sid:84329313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466214)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/nakozixuwelafi.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466214/; classtype:trojan-activity;sid:84329314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466205)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/mobesapovasag.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466205/; classtype:trojan-activity;sid:84329305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466206)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/fae029f6-27b1-4578-94bc-ae0bbaeebde4/downloads/imperial_vernier_caliper_worksheet.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466206/; classtype:trojan-activity;sid:84329306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466207)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e2ab423c-1813-4cd0-becb-6a8adbf01641/downloads/ribafimimeriledok.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466207/; classtype:trojan-activity;sid:84329307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466208)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/62228929609.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466208/; classtype:trojan-activity;sid:84329308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466209)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/91a706e9-d066-47d7-89af-69535d865c3d/downloads/carteirinha_de_estudante_falsa_em.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466209/; classtype:trojan-activity;sid:84329309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466196)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/80e9e7c7-d97b-4b5a-96c4-9a83854a3065/downloads/35740879646.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466196/; classtype:trojan-activity;sid:84329296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466201)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f2d42ffe-779b-4107-ac42-7f36375aab37/downloads/zeneliginuboripiriza.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466201/; classtype:trojan-activity;sid:84329301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466202)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6bb5c8cf-e89d-49c0-aeeb-7278d39f6b32/downloads/fiche_grcf_bts_gpme.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466202/; classtype:trojan-activity;sid:84329302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466193)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/77724997403.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466193/; classtype:trojan-activity;sid:84329293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466181)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/xinunivigaxelifujukedo.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466181/; classtype:trojan-activity;sid:84329281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466182)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/pidipaxiworoguvosifap.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466182/; classtype:trojan-activity;sid:84329282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466183)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/rent_receipt_format_in_ms_word.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466183/; classtype:trojan-activity;sid:84329283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466184)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/nipipuk.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466184/; classtype:trojan-activity;sid:84329284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466185)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/081e0348-3bf0-4a3e-a723-749adc1aa630/downloads/67271829455.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466185/; classtype:trojan-activity;sid:84329285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466186)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c0325f5e-ab4f-48af-8631-8757a310624e/downloads/57390845107.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466186/; classtype:trojan-activity;sid:84329286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466187)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/45659404876.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466187/; classtype:trojan-activity;sid:84329287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466189)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/80200009732.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466189/; classtype:trojan-activity;sid:84329289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466190)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3a657e0c-a872-4028-94b8-811aea249c49/downloads/shl_general_ability_test_answers_reddit.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466190/; classtype:trojan-activity;sid:84329290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466175)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06823f9b-45c4-43cb-a44f-1f9f645cebcf/downloads/32406777299.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466175/; classtype:trojan-activity;sid:84329275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466177)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/7694747911.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466177/; classtype:trojan-activity;sid:84329277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466178)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98e3e4d1-65d1-414f-a2f4-24701527da4a/downloads/danokubiwen.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466178/; classtype:trojan-activity;sid:84329278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466179)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/62128af0-82d0-4bae-b967-d393a4304003/downloads/xibuvajuxaluvotom.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466179/; classtype:trojan-activity;sid:84329279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466180)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0a0c7596-8583-4967-abed-67d8d1ffd610/downloads/8393439781.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466180/; classtype:trojan-activity;sid:84329280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466170)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/redoripedigi.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466170/; classtype:trojan-activity;sid:84329270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466172)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/how_to_cancel_print_job_on_zebra_gk420d.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466172/; classtype:trojan-activity;sid:84329272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466169)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b83dcfc0-bbe6-4498-b356-e365ec2ed396/downloads/zofafiba.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466169/; classtype:trojan-activity;sid:84329269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466161)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a37e9011-77af-43eb-9e7b-dd6853450512/downloads/les_jours_de_la_semaine_exercices.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466161/; classtype:trojan-activity;sid:84329261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466162)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/90213521835.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466162/; classtype:trojan-activity;sid:84329262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466154)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/28725733968.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466154/; classtype:trojan-activity;sid:84329254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466149)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7aa15cc-b2d1-4fef-8a47-8d7810090a9c/downloads/jenuwegipujodunoj.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466149/; classtype:trojan-activity;sid:84329249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466151)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/dowuvibatekijutajuvavu.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466151/; classtype:trojan-activity;sid:84329251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466152)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/14196656823.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466152/; classtype:trojan-activity;sid:84329252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466153)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/44a9091e-2134-47ec-8037-250483142ad3/downloads/kenmore_elite_665.12783_k311_service_manual.pdf"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466153/; classtype:trojan-activity;sid:84329253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466144)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bd6582d9-c54a-4b0b-ad89-3fd92efb45aa/downloads/50362295282.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466144/; classtype:trojan-activity;sid:84329244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466145)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/navy_uic_code_list.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466145/; classtype:trojan-activity;sid:84329245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466147)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9f2acd38-413e-47a5-ac42-d6305581bfab/downloads/logerafanekox.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466147/; classtype:trojan-activity;sid:84329247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466140)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/zakojamoderuvovu.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466140/; classtype:trojan-activity;sid:84329240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466133)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b2a026b5-555a-437c-867f-3969f62b48d7/downloads/successfactors_recruiting_implementation_guide.pdf"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466133/; classtype:trojan-activity;sid:84329233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466134)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/97474238027.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466134/; classtype:trojan-activity;sid:84329234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466135)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ddcbbbab-f8a6-4067-a450-a2f971a66e79/downloads/daikin_ac_remote_control_guide.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466135/; classtype:trojan-activity;sid:84329235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466138)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/lebuk.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466138/; classtype:trojan-activity;sid:84329238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466139)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/71642361311.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466139/; classtype:trojan-activity;sid:84329239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466128)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/kumujadirifokekikivexe.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466128/; classtype:trojan-activity;sid:84329228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466130)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/2818265442.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466130/; classtype:trojan-activity;sid:84329230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466132)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e262bb3c-3205-4bb6-954b-f565479d59e0/downloads/examenes_psicometricos_pruebas_psicometricas_gratis_para_imp.pdf"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466132/; classtype:trojan-activity;sid:84329232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466122)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4252a31f-7a57-4ac8-a31e-ee71b2361194/downloads/61162239689.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466122/; classtype:trojan-activity;sid:84329222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466125)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/43b3ecff-25d4-4371-99a8-6df485cf4fd5/downloads/amoeba_sisters_classification_worksheet.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466125/; classtype:trojan-activity;sid:84329225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466115)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/fundamentals_of_power_supply_design_book.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466115/; classtype:trojan-activity;sid:84329215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466116)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/her_yonuyle_modern_almanca_dursun_zengin.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466116/; classtype:trojan-activity;sid:84329216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466107)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d5271715-d4c2-447f-bd8c-804dbc17722c/downloads/experience_certificate_format_for_quality_control_engineer.pdf"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466107/; classtype:trojan-activity;sid:84329207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466109)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1b7f80b5-fb34-497d-8072-447feb44da09/downloads/lewamagoromizesa.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466109/; classtype:trojan-activity;sid:84329209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466110)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/047c717c-7bd8-4cec-b09f-8a9648ff740c/downloads/courier_declaration_format.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466110/; classtype:trojan-activity;sid:84329210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466104)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/ruripumefenezalizaf.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466104/; classtype:trojan-activity;sid:84329204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466101)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/32a18e69-8d9d-488c-b50f-45023ca24343/downloads/87353354077.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466101/; classtype:trojan-activity;sid:84329201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466092)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/20305303180.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466092/; classtype:trojan-activity;sid:84329192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466099)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/kutapodisub.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466099/; classtype:trojan-activity;sid:84329199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466100)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0919b7e4-2541-44dd-b945-9d5e6d22eaf1/downloads/xibegakibojonabawaz.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466100/; classtype:trojan-activity;sid:84329200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466083)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/doxuwiponubagexotabos.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466083/; classtype:trojan-activity;sid:84329183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466084)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/990799bc-d23a-46ce-a09a-3161937bf907/downloads/54308720858.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466084/; classtype:trojan-activity;sid:84329184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466085)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3131d044-1bdb-4fdc-8ed0-764e724b86a8/downloads/gomanelakog.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466085/; classtype:trojan-activity;sid:84329185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466088)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20220120190836if_/https://uploads.strikinglycdn.com/files/b0540ac5-815e-4909-8298-84c9806edce8/9652748319.pdf"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466088/; classtype:trojan-activity;sid:84329188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466089)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/nx_nastran_element_library_reference_manual.pdf"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466089/; classtype:trojan-activity;sid:84329189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466074)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/collibra_expert_i_certification_answers_sheet_download_2017.pdf"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466074/; classtype:trojan-activity;sid:84329174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466075)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4ec11559-69c0-4903-84a6-3240babfcfe7/downloads/lapagikevipewijumodoru.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466075/; classtype:trojan-activity;sid:84329175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466076)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1bfc168f-d0df-43cb-a73e-d0c80e42fe5c/downloads/formulaire_virement_international_banque_postale.pdf"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466076/; classtype:trojan-activity;sid:84329176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466078)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/96273346643.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466078/; classtype:trojan-activity;sid:84329178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466079)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1feaf4a2-3a85-48bd-b975-ab8d5bcee640/downloads/30816276176.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466079/; classtype:trojan-activity;sid:84329179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466070)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d8f5bd9b-2c75-4c1f-8d4d-84a7de1d3443/downloads/rent_brokerage_receipt_format_word.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466070/; classtype:trojan-activity;sid:84329170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466071)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8439ca10-a5ac-4299-aa09-54ab615a2090/downloads/bozagororaxurivir.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466071/; classtype:trojan-activity;sid:84329171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466072)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/54016191818.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466072/; classtype:trojan-activity;sid:84329172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466073)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f0d27cad-ce96-47a4-a6b6-d00149677212/downloads/87562723190.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466073/; classtype:trojan-activity;sid:84329173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466066)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/swot_analysis_for_poultry_farming.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466066/; classtype:trojan-activity;sid:84329166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466067)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/552d21dd-b338-4bf6-8541-a1e81cff5ed8/downloads/bosokoxa.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466067/; classtype:trojan-activity;sid:84329167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466063)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/69034861186.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466063/; classtype:trojan-activity;sid:84329163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466065)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/14962502915.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466065/; classtype:trojan-activity;sid:84329165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466060)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/42589334771.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466060/; classtype:trojan-activity;sid:84329160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466054)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/banksman_hand_signals.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466054/; classtype:trojan-activity;sid:84329154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466055)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6cdacb6d-7fbf-4d09-a986-56cdfa4edeb2/downloads/5985868832.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466055/; classtype:trojan-activity;sid:84329155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466056)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d258c0c8-b9d9-4d64-b965-01378617d9c6/downloads/voter_list_delhi_2018.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466056/; classtype:trojan-activity;sid:84329156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466058)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/99737319160.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466058/; classtype:trojan-activity;sid:84329158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466045)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1bfc168f-d0df-43cb-a73e-d0c80e42fe5c/downloads/71653623394.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466045/; classtype:trojan-activity;sid:84329145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466047)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/testing_and_commissioning_of_electrical_equipment.pdf"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466047/; classtype:trojan-activity;sid:84329147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466048)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1ffc09a0-c9a4-4762-8145-43798f2fda71/downloads/back_to_work_from_maternity_leave_email.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466048/; classtype:trojan-activity;sid:84329148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466049)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/xepaxijaniwitofoxipoja.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466049/; classtype:trojan-activity;sid:84329149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466051)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/de43da9e-bc77-4e56-a909-0e72ba746cf9/downloads/electricity_bill_name_change_noc_format.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466051/; classtype:trojan-activity;sid:84329151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466052)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2ad58263-1b5c-4da7-bc4a-7b8f99e22218/downloads/formulaire_ordre_de_virement_banque_postale.pdf"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466052/; classtype:trojan-activity;sid:84329152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466053)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/76135669664.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466053/; classtype:trojan-activity;sid:84329153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466039)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/23ec0b56-0ae7-4e41-8565-08e517b0b386/downloads/gatamalepuberik.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466039/; classtype:trojan-activity;sid:84329139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466040)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/97106569323.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466040/; classtype:trojan-activity;sid:84329140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466041)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3e3d230e-4918-4f4b-8a10-8ee933aabcaf/downloads/99772344048.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466041/; classtype:trojan-activity;sid:84329141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466037)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/wapurexep.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466037/; classtype:trojan-activity;sid:84329137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466032)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/19668bf7-0111-4cbb-8050-06562ac08bba/downloads/steps_to_create_template_instance_in_tosca.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466032/; classtype:trojan-activity;sid:84329132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466033)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/bidoxefemoduxunirez.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466033/; classtype:trojan-activity;sid:84329133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466034)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/88817028453.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466034/; classtype:trojan-activity;sid:84329134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466027)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/job_work_challan_format_in_excel.pdf"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466027/; classtype:trojan-activity;sid:84329127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466028)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/34794329-fa5b-49f8-8f60-fb0720b1e556/downloads/14476765670.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466028/; classtype:trojan-activity;sid:84329128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466015)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/resignation_letter_template_family_reasons.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466015/; classtype:trojan-activity;sid:84329115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466016)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8c16f145-4fc0-4af7-a4db-de4acd818fe4/downloads/14431999044.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466016/; classtype:trojan-activity;sid:84329116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466017)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/21303726077.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466017/; classtype:trojan-activity;sid:84329117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466018)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/minupawuferogu.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466018/; classtype:trojan-activity;sid:84329118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466020)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b071d266-376f-40c9-bb70-11ca77d8051b/downloads/36008974689.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466020/; classtype:trojan-activity;sid:84329120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466021)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/60919645191.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466021/; classtype:trojan-activity;sid:84329121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466022)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/424b0398-579a-4717-a17a-ffb972bf5819/downloads/audit_professional_clearance_letter_template.pdf"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466022/; classtype:trojan-activity;sid:84329122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466023)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/30072850819.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466023/; classtype:trojan-activity;sid:84329123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466024)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/990799bc-d23a-46ce-a09a-3161937bf907/downloads/75213021290.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466024/; classtype:trojan-activity;sid:84329124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466025)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/law-making_process_in_zimbabwe.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466025/; classtype:trojan-activity;sid:84329125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466011)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/363b8b8c-bdd6-4ad7-ac6c-ba65cd60171b/downloads/abaqus_user_subroutine_reference_guide.pdf"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466011/; classtype:trojan-activity;sid:84329111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466014)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/85845004614.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466014/; classtype:trojan-activity;sid:84329114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466005)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/genuwafazapibiwinowafal.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466005/; classtype:trojan-activity;sid:84329105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466006)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/20322886839.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466006/; classtype:trojan-activity;sid:84329106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466008)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/gagibipawuzepakan.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466008/; classtype:trojan-activity;sid:84329108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466002)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/sample_authorization_letter_to_get_psa_marriage_certificate.pdf"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466002/; classtype:trojan-activity;sid:84329102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465993)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/8517821794.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465993/; classtype:trojan-activity;sid:84329093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465994)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/padanad.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465994/; classtype:trojan-activity;sid:84329094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465995)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9971747c-d991-46ae-b932-5ba73958e604/downloads/fojajexuretimototatoles.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465995/; classtype:trojan-activity;sid:84329095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465996)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/mosodekasaxozebopajebibe.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465996/; classtype:trojan-activity;sid:84329096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465997)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6be9a470-c465-4776-ab76-53713c51537a/downloads/30164245456.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465997/; classtype:trojan-activity;sid:84329097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465999)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f264223f-22e7-47f1-947d-9e365a75e217/downloads/96358679127.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465999/; classtype:trojan-activity;sid:84329099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466000)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f65856df-6ee2-426f-901a-fbcb5106e767/downloads/22057173676.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466000/; classtype:trojan-activity;sid:84329100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465984)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/butterfly_roof_construction_detail.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465984/; classtype:trojan-activity;sid:84329084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465985)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/baxejatoxenidomixidedax.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465985/; classtype:trojan-activity;sid:84329085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465986)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/17465496427.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465986/; classtype:trojan-activity;sid:84329086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465989)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/zabefenakozevopesomewazi.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465989/; classtype:trojan-activity;sid:84329089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465990)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/48283c5b-b198-4860-9bf9-7f30a2f8146b/downloads/zoromipubadijivonexon.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465990/; classtype:trojan-activity;sid:84329090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465991)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8df58291-e0db-425a-9cda-a9882386ada6/downloads/jaladimurefasetuzukiwaxit.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465991/; classtype:trojan-activity;sid:84329091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465992)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/wofalobomosotanavuze.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465992/; classtype:trojan-activity;sid:84329092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465980)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0d21a9d5-01df-4a9e-9327-883996b2f71d/downloads/ansi_electrical_symbols_standards.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465980/; classtype:trojan-activity;sid:84329080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465974)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a435afa7-bc93-481f-8a35-ce503cc8a972/downloads/sri_rudram_namakam_chamakam_tamil.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465974/; classtype:trojan-activity;sid:84329074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465975)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/tumiwujuluxuwaxi.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465975/; classtype:trojan-activity;sid:84329075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465977)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/denutetoraditut.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465977/; classtype:trojan-activity;sid:84329077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465961)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9569c183-65dc-4f14-a45e-e7944584cb65/downloads/bifidetogatovotuwideki.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465961/; classtype:trojan-activity;sid:84329061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465962)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/baroque_guitar_tab.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465962/; classtype:trojan-activity;sid:84329062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465963)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7f34267e-2563-449a-82e3-60f19988c45d/downloads/lic_jeevan_saral_plan_165_chart.pdf"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465963/; classtype:trojan-activity;sid:84329063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465965)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f36019eb-f077-446f-b5b6-39b8eacedf97/downloads/69187265192.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465965/; classtype:trojan-activity;sid:84329065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465968)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d551812a-3c47-48f1-bc1d-3ac42c3f246c/downloads/rigumudusogepivana.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465968/; classtype:trojan-activity;sid:84329068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465969)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/5528845131.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465969/; classtype:trojan-activity;sid:84329069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465971)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/34a417cb-7930-4ae3-8428-8420716ba08a/downloads/74129229699.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465971/; classtype:trojan-activity;sid:84329071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465972)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/cancionero_catolico_jesed.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465972/; classtype:trojan-activity;sid:84329072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465957)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7a3b63b5-3e6a-48ac-8e49-14ed0037cbc4/downloads/historietas_del_medio_ambiente_largas.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465957/; classtype:trojan-activity;sid:84329057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465955)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/62049175170.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465955/; classtype:trojan-activity;sid:84329055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465949)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/10908647555.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465949/; classtype:trojan-activity;sid:84329049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465951)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/maxabamuxixotabevifutiw.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465951/; classtype:trojan-activity;sid:84329051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465953)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/downgrade_oracle_database_from_19c_to_11g.pdf"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465953/; classtype:trojan-activity;sid:84329053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465942)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ba9b549d-a804-4d13-a818-3c55b3524acd/downloads/75189909272.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465942/; classtype:trojan-activity;sid:84329042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465945)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/individual_development_plan_powerpoint_template.pdf"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465945/; classtype:trojan-activity;sid:84329045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465946)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/64954946228.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465946/; classtype:trojan-activity;sid:84329046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465939)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/bapozujipo.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465939/; classtype:trojan-activity;sid:84329039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465931)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4872c6d8-aa46-4e32-b809-43d741337793/downloads/74841624584.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465931/; classtype:trojan-activity;sid:84329031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465932)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3a90d4c9-f215-49ec-8178-8e50febf5250/downloads/tedutogonisijetinikiw.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465932/; classtype:trojan-activity;sid:84329032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465933)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/wipofuta.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465933/; classtype:trojan-activity;sid:84329033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465935)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4cb1e8a7-0f1a-4c3a-ae4d-65ac09f78b80/downloads/fenekipejivatoxeni.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465935/; classtype:trojan-activity;sid:84329035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465937)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/wolarodipuxusisug.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465937/; classtype:trojan-activity;sid:84329037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465938)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c3be0091-4534-4191-a72e-570acc745d3e/downloads/attestation_de_prise_en_charge_tlscontact.pdf"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465938/; classtype:trojan-activity;sid:84329038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465924)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/fa4295b9-8c98-4187-bbf8-91c9d7ce5f9e/downloads/89606848887.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465924/; classtype:trojan-activity;sid:84329024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465926)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/44d0963d-ba71-4620-abdb-e3c6631b392b/downloads/balance_confirmation_letter_format_in_word.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465926/; classtype:trojan-activity;sid:84329026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465912)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/rollo_tomassi_the_rational_male_turkce.pdf"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465912/; classtype:trojan-activity;sid:84329012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465914)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/800bda9c-ed1b-45a1-a7d5-702e4e14f980/downloads/pmp_42_processes_chart.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465914/; classtype:trojan-activity;sid:84329014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465915)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/86917927693.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465915/; classtype:trojan-activity;sid:84329015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465916)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/methodologie_du_commentaire_compose_francais.pdf"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465916/; classtype:trojan-activity;sid:84329016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465919)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/gauss_elimination_method_example_with_solution.pdf"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465919/; classtype:trojan-activity;sid:84329019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465910)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5f03ee03-a319-4a1e-a052-a99710c59365/downloads/bujulodipesotixugakujup.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465910/; classtype:trojan-activity;sid:84329010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465906)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/047c717c-7bd8-4cec-b09f-8a9648ff740c/downloads/hsbc_bank_statement.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465906/; classtype:trojan-activity;sid:84329006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465909)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/94e1955e-c7d2-4e11-a6ac-7a5ec652d6cd/downloads/suzuki_dt4_owners_manual.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465909/; classtype:trojan-activity;sid:84329009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465903)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8f5eeb54-04ec-4a30-bb55-41e413d1f3ed/downloads/open_pit_mine_planning_and_design.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465903/; classtype:trojan-activity;sid:84329003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465904)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ceb9a026-f6c4-4e26-a968-d8e0e8d06aaa/downloads/tevedowopalugafaxoro.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465904/; classtype:trojan-activity;sid:84329004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465905)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/adb32098-1c7a-4519-9e53-ced990fc5d88/downloads/kuniwuzujujurejovewo.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465905/; classtype:trojan-activity;sid:84329005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465896)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/76236294804.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465896/; classtype:trojan-activity;sid:84328996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465897)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6ab86f22-a419-4e4f-91d4-5a654823f744/downloads/pamolitix.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465897/; classtype:trojan-activity;sid:84328997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465898)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/697088a1-6c9a-496e-9a4d-922308cd97be/downloads/42508658220.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465898/; classtype:trojan-activity;sid:84328998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465885)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/sotax_at_xtend_user_manual.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465885/; classtype:trojan-activity;sid:84328985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465886)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5d8bfe2e-b91e-431f-9bdc-3f0ea97e388e/downloads/wovivesapo.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465886/; classtype:trojan-activity;sid:84328986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465888)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/sample_consent_letter_from_husband_for_wife_to_travel.pdf"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465888/; classtype:trojan-activity;sid:84328988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465889)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/formulaire_renouvellement_titre_de_sejour_yvelines.pdf"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465889/; classtype:trojan-activity;sid:84328989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465891)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/71d9f42f-0bad-4406-8a48-95c698e57e68/downloads/98599689697.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465891/; classtype:trojan-activity;sid:84328991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465892)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/92007305293.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465892/; classtype:trojan-activity;sid:84328992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465893)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d07e2353-3643-42fe-ba11-ffa772b1a28d/downloads/duff_phelps_size_premium.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465893/; classtype:trojan-activity;sid:84328993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465881)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9213334f-b8c6-41b2-903d-dc8cc5791a0a/downloads/49429599069.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465881/; classtype:trojan-activity;sid:84328981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465882)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/552d21dd-b338-4bf6-8541-a1e81cff5ed8/downloads/22187922858.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465882/; classtype:trojan-activity;sid:84328982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465876)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d5e97205-d745-471d-94c2-4bc94f943a29/downloads/nafexasu.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465876/; classtype:trojan-activity;sid:84328976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465878)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/99401481523.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465878/; classtype:trojan-activity;sid:84328978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465879)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/harry_potter_ea_camara_secreta_ilustrado.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465879/; classtype:trojan-activity;sid:84328979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465870)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/800cff82-04ba-4c47-9f8b-d21367acb04d/downloads/all_gujarati_magazine.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465870/; classtype:trojan-activity;sid:84328970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465871)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/34103705134.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465871/; classtype:trojan-activity;sid:84328971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465872)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9a32841c-0d54-4ad0-8acd-a5b15c41cae1/downloads/nagpur_metro_phase_2_dpr.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465872/; classtype:trojan-activity;sid:84328972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465873)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/99406712648.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465873/; classtype:trojan-activity;sid:84328973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465874)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/96d7062c-715f-4c9e-82c2-ac322bf04d1a/downloads/fawafep.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465874/; classtype:trojan-activity;sid:84328974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465875)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/51e053ea-8122-46e3-bee6-6c00a935619c/downloads/28185631859.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465875/; classtype:trojan-activity;sid:84328975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465865)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/renamotoxuxesike.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465865/; classtype:trojan-activity;sid:84328965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465866)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/wixutazavadupiruzani.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465866/; classtype:trojan-activity;sid:84328966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465864)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/vixodamev.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465864/; classtype:trojan-activity;sid:84328964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465852)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/pulse_secure_network_error_1329.pdf"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465852/; classtype:trojan-activity;sid:84328952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465853)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8fc62093-f93e-447d-8e21-b1e235f4d9cc/downloads/cibse_psychrometric_chart.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465853/; classtype:trojan-activity;sid:84328953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465857)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/citrix_adc_vpx_datasheet.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465857/; classtype:trojan-activity;sid:84328957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465847)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cac64821-2205-4248-abd9-55e775312c94/downloads/rosigamosusen.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465847/; classtype:trojan-activity;sid:84328947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465848)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/fosofiboma.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465848/; classtype:trojan-activity;sid:84328948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465850)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/600b6853-9b14-40c4-b9d1-c0a10f9ad1eb/downloads/mathematics_core_topics_sl.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465850/; classtype:trojan-activity;sid:84328950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465843)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6e0acf5f-e652-447e-8a3a-90dcb81c48ee/downloads/loan_cancellation_letter.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465843/; classtype:trojan-activity;sid:84328943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465844)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98fd26ea-5c50-4ebf-945e-7ed158ebe1b6/downloads/workplace_printable_hurt_feelings_report.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465844/; classtype:trojan-activity;sid:84328944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465845)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/zalekebi.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465845/; classtype:trojan-activity;sid:84328945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465833)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5a9e93e0-0f17-4e5e-a00c-88e3958ec770/downloads/58616986475.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465833/; classtype:trojan-activity;sid:84328933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465835)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/one_of_us_is_lying_character_quotes.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465835/; classtype:trojan-activity;sid:84328935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465839)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0e65d320-97ed-47cb-9ca0-bcd7400824c9/downloads/jewuzikilodejosowar.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465839/; classtype:trojan-activity;sid:84328939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465825)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/72fc6eb8-20de-4439-bced-6bfc7eecaa8e/downloads/bogev.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465825/; classtype:trojan-activity;sid:84328925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465826)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/58b13a51-176b-4b7e-ab1e-a0c84e7a5487/downloads/currency_market_mechanics_bmc_answers.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465826/; classtype:trojan-activity;sid:84328926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465827)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/018aefd4-3541-4598-a5c3-d0911ca60a82/downloads/asce_7-05_espanol_gratis.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465827/; classtype:trojan-activity;sid:84328927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465828)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/tifunakarexefeguwitoda.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465828/; classtype:trojan-activity;sid:84328928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465829)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06a2cc2e-f4bb-4ca4-a0d9-71e2fc8b7812/downloads/molaxoxekex.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465829/; classtype:trojan-activity;sid:84328929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465830)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/iata_airport_handling_manual_2019_full.pdf"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465830/; classtype:trojan-activity;sid:84328930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465831)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c1bf3ae2-f6cc-4078-b639-2ff1ca0b62be/downloads/1172286111.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465831/; classtype:trojan-activity;sid:84328931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465832)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/euchre_score_sheets_for_16_players.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465832/; classtype:trojan-activity;sid:84328932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465820)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/dungeon_crawl_classics.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465820/; classtype:trojan-activity;sid:84328920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465804)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bb45e14d-29c5-4287-b67f-843105f3b091/downloads/69904656893.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465804/; classtype:trojan-activity;sid:84328904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465806)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/emmaus_walk_letters_of_encouragement.pdf"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465806/; classtype:trojan-activity;sid:84328906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465809)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/fc635392-61de-40bc-86f0-c9844fcf30fd/downloads/gramatica_portugues_brasil.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465809/; classtype:trojan-activity;sid:84328909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465811)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20231202090504if_/https://img1.wsimg.com/blobby/go/26fc9bcf-ab3e-485a-9229-f4b5ff23d9d8/downloads/55556666332.pdf"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465811/; classtype:trojan-activity;sid:84328911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465814)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/647bfca3-c5f6-48a0-9ec3-35afde17c6e3/downloads/gamokul.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465814/; classtype:trojan-activity;sid:84328914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465815)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/fa284320-69aa-45db-92e2-86468d4beaf0/downloads/53174458267.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465815/; classtype:trojan-activity;sid:84328915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465795)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/72502959-bd3f-431c-9582-055fb0eb9e9d/downloads/nike_employee_benefits.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465795/; classtype:trojan-activity;sid:84328895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465798)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/047c717c-7bd8-4cec-b09f-8a9648ff740c/downloads/97767745983.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465798/; classtype:trojan-activity;sid:84328898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465799)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/country_of_origin_letter_template.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465799/; classtype:trojan-activity;sid:84328899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465802)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/39834772333.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465802/; classtype:trojan-activity;sid:84328902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465790)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/rofaruzev.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465790/; classtype:trojan-activity;sid:84328890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465791)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/990799bc-d23a-46ce-a09a-3161937bf907/downloads/verismo_701_service_manual.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465791/; classtype:trojan-activity;sid:84328891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465792)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/rodudiniruzawame.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465792/; classtype:trojan-activity;sid:84328892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465785)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3c8f7a45-f68c-4369-8f63-be6429599400/downloads/butulanimirovubeve.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465785/; classtype:trojan-activity;sid:84328885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465786)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c725aa89-ce3b-4b0b-861e-e7c40702153d/downloads/gisewonivikamadoliwozuv.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465786/; classtype:trojan-activity;sid:84328886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465787)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d1335ae9-6401-4997-a89d-ffce5d766eb7/downloads/44332900662.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465787/; classtype:trojan-activity;sid:84328887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465779)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b6f72d87-e560-495a-a5bd-684e976b53e4/downloads/nagano_keiki_km10.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465779/; classtype:trojan-activity;sid:84328879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465781)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/76488986948.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465781/; classtype:trojan-activity;sid:84328881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465782)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ac62f849-5623-435a-93ad-86e4d8edc83e/downloads/90625111849.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465782/; classtype:trojan-activity;sid:84328882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465772)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/72445144906.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465772/; classtype:trojan-activity;sid:84328872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465773)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0e65d320-97ed-47cb-9ca0-bcd7400824c9/downloads/wrightbus_streetlite_manual.pdf"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465773/; classtype:trojan-activity;sid:84328873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465776)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5a9e93e0-0f17-4e5e-a00c-88e3958ec770/downloads/waste_management_in_dubai.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465776/; classtype:trojan-activity;sid:84328876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465777)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/chevening_scholarship_reference_letter_sample.pdf"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465777/; classtype:trojan-activity;sid:84328877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465778)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/552d21dd-b338-4bf6-8541-a1e81cff5ed8/downloads/14409296375.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465778/; classtype:trojan-activity;sid:84328878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465766)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d128fcda-7fcc-4d89-85b3-e79c54d4414e/downloads/unit_conversion_practice_problems.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465766/; classtype:trojan-activity;sid:84328866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465768)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c7a293a1-0904-42a6-9de6-afc19e585d66/downloads/11197801286.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465768/; classtype:trojan-activity;sid:84328868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465769)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/50ab7773-f1d2-4be6-a8e2-1065b2477787/downloads/41229957036.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465769/; classtype:trojan-activity;sid:84328869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465771)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/950f7924-fa6b-44be-bda3-22eaf526f43f/downloads/konujidav.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465771/; classtype:trojan-activity;sid:84328871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465760)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/burijuterapudupelirebi.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465760/; classtype:trojan-activity;sid:84328860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465761)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a85f54ee-11f7-4ab3-9970-dabd8f52d583/downloads/vowivovabafases.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465761/; classtype:trojan-activity;sid:84328861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465762)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/acb19439-02ad-48ae-a6e4-8c3bfce04694/downloads/32470708569.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465762/; classtype:trojan-activity;sid:84328862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465763)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/xikesoxabafubuwepof.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465763/; classtype:trojan-activity;sid:84328863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465764)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/2251478862.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465764/; classtype:trojan-activity;sid:84328864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465765)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9d0d7648-4006-4e9a-bf4e-cd4f5c534844/downloads/socomec_ups_service_manual.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465765/; classtype:trojan-activity;sid:84328865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465757)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/6098867423.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465757/; classtype:trojan-activity;sid:84328857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465758)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2b383d2d-2b5a-4b4f-949f-124c21f71183/downloads/how_to_write_an_introduction_letter_to_an_embassy.pdf"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465758/; classtype:trojan-activity;sid:84328858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465755)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/41780010-2245-4f59-96ea-abe2bb04704f/downloads/38265042738.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465755/; classtype:trojan-activity;sid:84328855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465747)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/183feb73-c001-4172-a9c4-8aedcbb9c085/downloads/nosasasoxanuxoxazefuz.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465747/; classtype:trojan-activity;sid:84328847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465749)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/gibekewelodi.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465749/; classtype:trojan-activity;sid:84328849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465752)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/16395777837.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465752/; classtype:trojan-activity;sid:84328852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465753)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/710760ab-5054-4fd2-86ee-e72953d604bd/downloads/jspdf_autotable_x_position.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465753/; classtype:trojan-activity;sid:84328853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465739)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a0b0ee5f-47ab-407d-8f2e-b86a71eb1b80/downloads/cerere_demisie_fara_preaviz.pdf"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465739/; classtype:trojan-activity;sid:84328839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465740)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0fde6049-38a2-402e-8604-5a56fc977486/downloads/request_letter_for_construction_bond_refund.pdf"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465740/; classtype:trojan-activity;sid:84328840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465741)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cdd5ea6e-1f6b-4417-9fad-928f6d1c8a68/downloads/50_verbes_irreguliers_en_anglais.pdf"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465741/; classtype:trojan-activity;sid:84328841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465742)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7a69ed85-566a-4d22-8bd3-47a8a314b3bf/downloads/molecular_mass_of_elements_list.pdf"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465742/; classtype:trojan-activity;sid:84328842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465744)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/69278806631.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465744/; classtype:trojan-activity;sid:84328844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465735)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/nonisenokedevesuxumuk.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465735/; classtype:trojan-activity;sid:84328835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465729)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/mesoduwegotujowokikurixo.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465729/; classtype:trojan-activity;sid:84328829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465731)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2b383d2d-2b5a-4b4f-949f-124c21f71183/downloads/how_to_fill_up_deed_of_sale_of_motor_vehicle.pdf"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465731/; classtype:trojan-activity;sid:84328831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465724)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/33d2c907-2bf6-4426-875f-30dcfdd2ea6c/downloads/takeshi_amemiya_advanced_econometrics.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465724/; classtype:trojan-activity;sid:84328824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465725)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/paxakuvenu.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465725/; classtype:trojan-activity;sid:84328825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465715)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/51d0d552-51a2-4187-835e-597cbad426c9/downloads/astm_e2500.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465715/; classtype:trojan-activity;sid:84328815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465716)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/16407212514.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465716/; classtype:trojan-activity;sid:84328816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465717)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f2215a6c-0436-4d82-8033-c5d079398259/downloads/mewivisonixapolivifit.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465717/; classtype:trojan-activity;sid:84328817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465718)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5778216d-14df-4dd7-ac4c-aefbb7c07c24/downloads/kugaduvekujewotaz.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465718/; classtype:trojan-activity;sid:84328818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465719)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/tafanavevimewom.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465719/; classtype:trojan-activity;sid:84328819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465721)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/lemowegigusazisalelupo.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465721/; classtype:trojan-activity;sid:84328821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465722)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5add4dbc-ec7d-4010-9077-0d95eef82ba1/downloads/64293794102.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465722/; classtype:trojan-activity;sid:84328822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465723)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a7c970be-6487-407b-ae67-0318aa6bed96/downloads/19932307165.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465723/; classtype:trojan-activity;sid:84328823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465709)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/82f97436-460c-45aa-bd9b-74a87c48e9b0/downloads/lowasa.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465709/; classtype:trojan-activity;sid:84328809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465710)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8014aeaa-17b8-4bcd-a9d7-094ad1ff7644/downloads/19999334835.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465710/; classtype:trojan-activity;sid:84328810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465711)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/921a43a6-1495-4d95-bdb1-69b79162b826/downloads/13397059696.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465711/; classtype:trojan-activity;sid:84328811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465714)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b3cb2fd2-80cf-4497-9966-46f7699e136d/downloads/kovajive.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465714/; classtype:trojan-activity;sid:84328814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465707)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/49bbfdeb-576f-4f20-b756-96ff9c705013/downloads/96422280236.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465707/; classtype:trojan-activity;sid:84328807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465708)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c7a293a1-0904-42a6-9de6-afc19e585d66/downloads/imo_dangerous_goods_declaration_example.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465708/; classtype:trojan-activity;sid:84328808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465703)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bd6582d9-c54a-4b0b-ad89-3fd92efb45aa/downloads/88847399269.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465703/; classtype:trojan-activity;sid:84328803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465704)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cdb9e382-acbe-48dd-9722-c531572d81a1/downloads/pugalisamelifakebage.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465704/; classtype:trojan-activity;sid:84328804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465697)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/89463890604.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465697/; classtype:trojan-activity;sid:84328797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465699)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/lotumajufinunixine.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465699/; classtype:trojan-activity;sid:84328799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465701)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d9951c46-77aa-4ac5-b843-be02d4be2067/downloads/50826134191.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465701/; classtype:trojan-activity;sid:84328801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465702)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/kasupobuwomubafujos.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465702/; classtype:trojan-activity;sid:84328802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465688)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20230531145313if_/http://img1.wsimg.com/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/zalekebi.pdf"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465688/; classtype:trojan-activity;sid:84328788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465691)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7219dffe-e0ab-4b31-b3e7-77acd35b52f5/downloads/jotepebuzixulelomizo.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465691/; classtype:trojan-activity;sid:84328791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465692)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e51c42a2-48a1-43ea-b124-a034de3679a6/downloads/83320615193.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465692/; classtype:trojan-activity;sid:84328792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465693)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/78c14b69-39ed-4d94-8d63-a7b29776e43c/downloads/radix_temperature_controller_x_48_manual.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465693/; classtype:trojan-activity;sid:84328793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465694)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/24a9af23-a9c8-45b6-80f8-335651f17510/downloads/96094090900.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465694/; classtype:trojan-activity;sid:84328794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465695)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/22a15b49-22b8-4edf-a855-4e76194b4aaf/downloads/97812412729.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465695/; classtype:trojan-activity;sid:84328795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465685)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/lizaputasu.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465685/; classtype:trojan-activity;sid:84328785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465679)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/boxikijefedajexufesibul.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465679/; classtype:trojan-activity;sid:84328779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465680)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/11012613986.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465680/; classtype:trojan-activity;sid:84328780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465682)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/bucharest_grill_nutrition_information.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465682/; classtype:trojan-activity;sid:84328782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465683)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3844a76d-a274-4a3a-ad7f-2943a29e37b3/downloads/lezopidigusaraten.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465683/; classtype:trojan-activity;sid:84328783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465675)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e9dc005a-39e6-474d-bf2f-ef67b812a261/downloads/guia_para_ingresar_al_bachillerato_conamat.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465675/; classtype:trojan-activity;sid:84328775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465678)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/robaziromumeborumapix.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465678/; classtype:trojan-activity;sid:84328778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465671)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/52e9408f-c536-4a35-bd81-6078a5dce549/downloads/5252998215.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465671/; classtype:trojan-activity;sid:84328771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465672)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/36758652154.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465672/; classtype:trojan-activity;sid:84328772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465673)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/82f97436-460c-45aa-bd9b-74a87c48e9b0/downloads/73577237968.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465673/; classtype:trojan-activity;sid:84328773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465657)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/louison_et_monsieur_moliere_resume.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465657/; classtype:trojan-activity;sid:84328757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465660)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a03fd264-622c-49da-819e-92c49cdd5e2b/downloads/xovifubakuforij.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465660/; classtype:trojan-activity;sid:84328760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465663)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/rupesiduvunimekesozo.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465663/; classtype:trojan-activity;sid:84328763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465664)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/special_forces_knife_techniques.pdf"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465664/; classtype:trojan-activity;sid:84328764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465665)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b298ce5b-3c11-48f0-9704-0e059e7cfa1a/downloads/90645579432.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465665/; classtype:trojan-activity;sid:84328765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465666)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7eafcf9d-33bd-4fd4-8489-654d240ab2f3/downloads/6130931006.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465666/; classtype:trojan-activity;sid:84328766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465667)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0319bbe-78e1-4446-90fc-2b4b4cc85a3e/downloads/camp_green_lake.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465667/; classtype:trojan-activity;sid:84328767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465668)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/478a916a-56a8-445d-9eb0-b1a280ba537b/downloads/27628335796.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465668/; classtype:trojan-activity;sid:84328768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465655)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98e3e4d1-65d1-414f-a2f4-24701527da4a/downloads/eating_questionnaire-_a_ede-a_scoring.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465655/; classtype:trojan-activity;sid:84328755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465652)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/myer_victor_sewing_machine_manual.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465652/; classtype:trojan-activity;sid:84328752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465647)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3131d044-1bdb-4fdc-8ed0-764e724b86a8/downloads/jorejujavupu.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465647/; classtype:trojan-activity;sid:84328747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465648)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/41fa09f3-79bd-43c0-909a-d1a20c3cb7f6/downloads/attestation_sur_l_honneur_de_non_ressources.pdf"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465648/; classtype:trojan-activity;sid:84328748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465649)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/eb7f2f0c-e896-4e47-abeb-a05a47b6dcff/downloads/37569138292.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465649/; classtype:trojan-activity;sid:84328749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465630)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f36019eb-f077-446f-b5b6-39b8eacedf97/downloads/98482064700.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465630/; classtype:trojan-activity;sid:84328730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465631)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/83364999300.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465631/; classtype:trojan-activity;sid:84328731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465632)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/records_of_declaration_disbursements_division.pdf"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465632/; classtype:trojan-activity;sid:84328732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465633)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f6084bd9-50ce-4d5f-82c5-bb685cd57a0d/downloads/mdsap_audit_checklist.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465633/; classtype:trojan-activity;sid:84328733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465635)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/jaziz.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465635/; classtype:trojan-activity;sid:84328735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465636)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a74441e7-424c-4454-9bc5-28c3682f6c16/downloads/jupifevaperoziput.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465636/; classtype:trojan-activity;sid:84328736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465637)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f778edfd-e481-47d7-9553-9364d433dcaf/downloads/morningstar_andex_chart_2022.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465637/; classtype:trojan-activity;sid:84328737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465638)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cabcb3ce-a861-487f-a172-56f4b47cbc63/downloads/nilefovidigutozezosanuz.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465638/; classtype:trojan-activity;sid:84328738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465640)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/39892598323.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465640/; classtype:trojan-activity;sid:84328740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465641)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/00810c7d-a901-42bd-b2e3-20945a4ad8cb/downloads/wimorawezabizu.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465641/; classtype:trojan-activity;sid:84328741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465642)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/552d21dd-b338-4bf6-8541-a1e81cff5ed8/downloads/viduwe.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465642/; classtype:trojan-activity;sid:84328742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465643)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a1b48068-f219-4487-b633-0ea4f25dfa5f/downloads/57025089155.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465643/; classtype:trojan-activity;sid:84328743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465625)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/00490ec0-0f24-4e25-91e3-8e5bedec5e60/downloads/woxudinawonetunogidubi.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465625/; classtype:trojan-activity;sid:84328725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465626)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2224247e-29ce-4f8d-b838-abfcbdf269c0/downloads/16984198490.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465626/; classtype:trojan-activity;sid:84328726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465622)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/33bb6cfc-294d-4317-8afb-5d34ed60ffe6/downloads/20222176664.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465622/; classtype:trojan-activity;sid:84328722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465618)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/72454635563.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465618/; classtype:trojan-activity;sid:84328718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465621)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/pisaxafubavofi.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465621/; classtype:trojan-activity;sid:84328721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465613)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/catastrophic_disaster_area_property_inspection_report.pdf"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465613/; classtype:trojan-activity;sid:84328713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465615)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/citadel_document_solutions_lawsuit.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465615/; classtype:trojan-activity;sid:84328715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465607)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/fumaxogufav.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465607/; classtype:trojan-activity;sid:84328707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465610)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/kigepobesewizijipakusafal.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465610/; classtype:trojan-activity;sid:84328710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465603)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/17054728623.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465603/; classtype:trojan-activity;sid:84328703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465604)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/678cd2ef-32fa-4621-9c35-e4f34096b4ea/downloads/airbus_cml.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465604/; classtype:trojan-activity;sid:84328704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465605)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/3730146334.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465605/; classtype:trojan-activity;sid:84328705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465606)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/36770579775.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465606/; classtype:trojan-activity;sid:84328706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465594)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a0b0ee5f-47ab-407d-8f2e-b86a71eb1b80/downloads/luxodebapiruwuneragomugef.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465594/; classtype:trojan-activity;sid:84328694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465598)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/87554570559.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465598/; classtype:trojan-activity;sid:84328698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465599)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/fff11fc4-91ee-4c26-ab94-6b71630d2bb1/downloads/resignation_letter_sample_for_bpo_company.pdf"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465599/; classtype:trojan-activity;sid:84328699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465586)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/84675915071.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465586/; classtype:trojan-activity;sid:84328686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465588)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/17a8127f-1a20-4f1c-a234-ba1b1a8873f5/downloads/90572854820.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465588/; classtype:trojan-activity;sid:84328688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465589)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/78534035283.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465589/; classtype:trojan-activity;sid:84328689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465590)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/wudofe.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465590/; classtype:trojan-activity;sid:84328690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465592)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/glassman_high_voltage_series_eq_manual.pdf"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465592/; classtype:trojan-activity;sid:84328692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465593)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/57653563602.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465593/; classtype:trojan-activity;sid:84328693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465585)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/343166b6-b38d-45a3-a768-806295759a1d/downloads/vatemunubiserotogurozem.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465585/; classtype:trojan-activity;sid:84328685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465582)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/simamutozudolejezeze.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465582/; classtype:trojan-activity;sid:84328682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465583)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a8a7b266-73df-492a-af50-f7d9f90e0e6d/downloads/salesforce_community_developer_guide.pdf"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465583/; classtype:trojan-activity;sid:84328683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465572)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/047c717c-7bd8-4cec-b09f-8a9648ff740c/downloads/zepojekowokevi.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465572/; classtype:trojan-activity;sid:84328672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465573)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2cd8ef37-3f02-4d83-b132-5400b0b21173/downloads/can_sins_be_forgiven_in_hinduism.pdf"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465573/; classtype:trojan-activity;sid:84328673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465574)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9390f2de-e8f5-48e5-8f1b-3aa5affb2913/downloads/ra_to_surface_finish.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465574/; classtype:trojan-activity;sid:84328674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465577)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/holman_enterprises_annual_report.pdf"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465577/; classtype:trojan-activity;sid:84328677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465551)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/chiller_factory_acceptance_test_checklist_template.pdf"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465551/; classtype:trojan-activity;sid:84328651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465552)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7913e2d4-0776-44f0-af91-53eb35e22f50/downloads/broken_sous_ta_peau_2_ekladata.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465552/; classtype:trojan-activity;sid:84328652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465553)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/lujipipatemajipurozurile.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465553/; classtype:trojan-activity;sid:84328653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465554)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/20a6346a-1701-43f8-be7d-6426912a09c2/downloads/sottoindicato_o_sotto_indicato_treccani.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465554/; classtype:trojan-activity;sid:84328654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465555)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/62fde782-5483-4905-a6da-12e04ab1250b/downloads/38559734752.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465555/; classtype:trojan-activity;sid:84328655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465556)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/dfa50dfd-b675-4866-b542-d79684ac1045/downloads/28769720040.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465556/; classtype:trojan-activity;sid:84328656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465557)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/formato_st-4_imss_para_imprimir.pdf"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465557/; classtype:trojan-activity;sid:84328657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465558)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/adfd48e6-08dc-41dd-a2a1-45489e329c75/downloads/attestation_de_non_affiliation_cnas.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465558/; classtype:trojan-activity;sid:84328658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465559)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/tosca_automation_specialist_level_2_certification_questions_.pdf"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465559/; classtype:trojan-activity;sid:84328659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465560)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/how_to_factory_reset_verifone_mx915.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465560/; classtype:trojan-activity;sid:84328660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465561)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5e489076-b026-43ca-95da-8c6fe49f6d00/downloads/frm_part_2_schweser_quicksheet.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465561/; classtype:trojan-activity;sid:84328661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465562)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/incucyte_s3_user_guide.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465562/; classtype:trojan-activity;sid:84328662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465563)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/lean_visual_management_board_examples.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465563/; classtype:trojan-activity;sid:84328663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465564)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98e3e4d1-65d1-414f-a2f4-24701527da4a/downloads/1567746722.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465564/; classtype:trojan-activity;sid:84328664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465565)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b6875802-d83d-45fa-a01c-dd9f30c53739/downloads/xujudodavudejeb.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465565/; classtype:trojan-activity;sid:84328665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465566)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/situation_denonciation_coupe_ou_ancre_exercices_corriges.pdf"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465566/; classtype:trojan-activity;sid:84328666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465567)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/wikuzidip.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465567/; classtype:trojan-activity;sid:84328667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465568)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d5e97205-d745-471d-94c2-4bc94f943a29/downloads/87185669225.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465568/; classtype:trojan-activity;sid:84328668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465569)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/likibixeve.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465569/; classtype:trojan-activity;sid:84328669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465570)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/exsilentia_4._0_user_guide.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465570/; classtype:trojan-activity;sid:84328670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465571)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/586b3ef6-c9db-4d1a-a9eb-303f942e21fa/downloads/55359157176.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465571/; classtype:trojan-activity;sid:84328671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465210)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1kjjvh1muhjrkrzbajjlzjfawyi0zvxc1"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_04; reference:url, urlhaus.abuse.ch/url/3465210/; classtype:trojan-activity;sid:84328310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465211)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1e2jdrds0cimrw3ypjrguvfl-cfsu0vkv"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_04; reference:url, urlhaus.abuse.ch/url/3465211/; classtype:trojan-activity;sid:84328311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3464706)"; flow:established,from_client; content:"GET"; http_method; content:"/down/wupiao.3987.com.rar"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"forspeed.onlinedown.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_03; reference:url, urlhaus.abuse.ch/url/3464706/; classtype:trojan-activity;sid:84327806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463509)"; flow:established,from_client; content:"GET"; http_method; content:"/up/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"blessdayservices.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463509/; classtype:trojan-activity;sid:84326609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463480)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"admin.gestroom.it"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463480/; classtype:trojan-activity;sid:84326580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463481)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"test.peperoncinochepassione.it"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463481/; classtype:trojan-activity;sid:84326581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463482)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"first-security-verden.de"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463482/; classtype:trojan-activity;sid:84326582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463470)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"www.first-security-verden.de"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463470/; classtype:trojan-activity;sid:84326570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463472)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"zamilgroups.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463472/; classtype:trojan-activity;sid:84326572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463459)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"www.website.mypetapp.co.za"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463459/; classtype:trojan-activity;sid:84326559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463446)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"www.bratusferramentas.grupomoltz.com.br"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463446/; classtype:trojan-activity;sid:84326546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463437)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"website.mypetapp.co.za"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463437/; classtype:trojan-activity;sid:84326537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463426)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"bmdcompany.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463426/; classtype:trojan-activity;sid:84326526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463430)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"www.zamilgroups.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463430/; classtype:trojan-activity;sid:84326530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463422)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"www.test.peperoncinochepassione.it"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463422/; classtype:trojan-activity;sid:84326522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463367)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"82.146.62.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463367/; classtype:trojan-activity;sid:84326467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462395)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.mips64n32"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462395/; classtype:trojan-activity;sid:84325495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462396)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.powerpce500mc"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462396/; classtype:trojan-activity;sid:84325496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462397)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.i686"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462397/; classtype:trojan-activity;sid:84325497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462398)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.powerpc440fp"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462398/; classtype:trojan-activity;sid:84325498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462399)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.arcle750d"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462399/; classtype:trojan-activity;sid:84325499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462400)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.powerpc64e5500"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462400/; classtype:trojan-activity;sid:84325500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462401)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.powerpce300c3"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462401/; classtype:trojan-activity;sid:84325501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462402)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.arclehs38"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462402/; classtype:trojan-activity;sid:84325502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462403)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.armv7"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462403/; classtype:trojan-activity;sid:84325503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462404)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.riscv32"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462404/; classtype:trojan-activity;sid:84325504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462405)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.powerpc64power8"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462405/; classtype:trojan-activity;sid:84325505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462406)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.powerpc64lepower8"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462406/; classtype:trojan-activity;sid:84325506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462407)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462407/; classtype:trojan-activity;sid:84325507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462408)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.sparc64"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462408/; classtype:trojan-activity;sid:84325508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462409)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.aarch64"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462409/; classtype:trojan-activity;sid:84325509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462410)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.riscv64"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462410/; classtype:trojan-activity;sid:84325510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462411)"; flow:established,from_client; content:"GET"; http_method; content:"/dl1001"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462411/; classtype:trojan-activity;sid:84325511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462412)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.sparc"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462412/; classtype:trojan-activity;sid:84325512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462413)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.armv6"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462413/; classtype:trojan-activity;sid:84325513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462414)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.armv4"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462414/; classtype:trojan-activity;sid:84325514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462415)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.powerpc64e6500"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462415/; classtype:trojan-activity;sid:84325515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462416)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.aarch64be"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462416/; classtype:trojan-activity;sid:84325516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462417)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.mips64len32"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462417/; classtype:trojan-activity;sid:84325517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462418)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462418/; classtype:trojan-activity;sid:84325518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462419)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.armv5"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462419/; classtype:trojan-activity;sid:84325519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461771)"; flow:established,from_client; content:"GET"; http_method; content:"/new/plugin2.plg"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461771/; classtype:trojan-activity;sid:84324871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461769)"; flow:established,from_client; content:"GET"; http_method; content:"/new/plugin1.plg"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461769/; classtype:trojan-activity;sid:84324869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461770)"; flow:established,from_client; content:"GET"; http_method; content:"/new/plugin2.dll"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461770/; classtype:trojan-activity;sid:84324870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461768)"; flow:established,from_client; content:"GET"; http_method; content:"/new/plugin3.plg"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461768/; classtype:trojan-activity;sid:84324868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461767)"; flow:established,from_client; content:"GET"; http_method; content:"/new/plugin1.dll"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461767/; classtype:trojan-activity;sid:84324867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461763)"; flow:established,from_client; content:"GET"; http_method; content:"/new/plugin3.dll"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461763/; classtype:trojan-activity;sid:84324863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461663)"; flow:established,from_client; content:"GET"; http_method; content:"/robertdavidgraham/masscan/zip/refs/heads/master"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461663/; classtype:trojan-activity;sid:84324763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461661)"; flow:established,from_client; content:"GET"; http_method; content:"/robertdavidgraham/masscan/archive/refs/heads/master.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461661/; classtype:trojan-activity;sid:84324761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461597)"; flow:established,from_client; content:"GET"; http_method; content:"/x/irq2"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.215.151.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461597/; classtype:trojan-activity;sid:84324697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461595)"; flow:established,from_client; content:"GET"; http_method; content:"/x/irq0"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.215.151.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461595/; classtype:trojan-activity;sid:84324695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461596)"; flow:established,from_client; content:"GET"; http_method; content:"/x/irq1"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.215.151.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461596/; classtype:trojan-activity;sid:84324696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461590)"; flow:established,from_client; content:"GET"; http_method; content:"/x/2sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"61.215.151.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461590/; classtype:trojan-activity;sid:84324690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461591)"; flow:established,from_client; content:"GET"; http_method; content:"/x/pty"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"61.215.151.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461591/; classtype:trojan-activity;sid:84324691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461592)"; flow:established,from_client; content:"GET"; http_method; content:"/x/1sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"61.215.151.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461592/; classtype:trojan-activity;sid:84324692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461593)"; flow:established,from_client; content:"GET"; http_method; content:"/x/3sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"61.215.151.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461593/; classtype:trojan-activity;sid:84324693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461342)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.236.65.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_28; reference:url, urlhaus.abuse.ch/url/3461342/; classtype:trojan-activity;sid:84324442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3460167)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"112.4.110.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3460167/; classtype:trojan-activity;sid:84323267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3460149)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.89.62.19"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3460149/; classtype:trojan-activity;sid:84323249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459999)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=137cjaklguy-0i0q542rpjxomty0o33ck"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3459999/; classtype:trojan-activity;sid:84323099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3460000)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1uxmu02r04iaslsrsh9quahzfsvq3tozm"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3460000/; classtype:trojan-activity;sid:84323100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459513)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"8.217.202.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3459513/; classtype:trojan-activity;sid:84322613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459512)"; flow:established,from_client; content:"GET"; http_method; content:"/bash"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"8.217.202.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3459512/; classtype:trojan-activity;sid:84322612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3453055)"; flow:established,from_client; content:"GET"; http_method; content:"/cet/aduna"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.80.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3453055/; classtype:trojan-activity;sid:84316155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3452200)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"95.62.202.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_25; reference:url, urlhaus.abuse.ch/url/3452200/; classtype:trojan-activity;sid:84315300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3451985)"; flow:established,from_client; content:"GET"; http_method; content:"/journal-article/a147182cc7fab317ca1d96d380f536cb/skidmore1987.pdf"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"dacemirror.sci-hub.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_02_25; reference:url, urlhaus.abuse.ch/url/3451985/; classtype:trojan-activity;sid:84315085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3451116)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.236.132.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_24; reference:url, urlhaus.abuse.ch/url/3451116/; classtype:trojan-activity;sid:84314216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3450176)"; flow:established,from_client; content:"GET"; http_method; content:"/temp/putty.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"book.rollingvideogames.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_02_23; reference:url, urlhaus.abuse.ch/url/3450176/; classtype:trojan-activity;sid:84313276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3450147)"; flow:established,from_client; content:"GET"; http_method; content:"/loveryajenja/lwafmwoafmw11/raw/refs/heads/main/install.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_23; reference:url, urlhaus.abuse.ch/url/3450147/; classtype:trojan-activity;sid:84313247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3449986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.225.248.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_23; reference:url, urlhaus.abuse.ch/url/3449986/; classtype:trojan-activity;sid:84313086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3448910)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.236.133.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_22; reference:url, urlhaus.abuse.ch/url/3448910/; classtype:trojan-activity;sid:84312010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3448167)"; flow:established,from_client; content:"GET"; http_method; content:"/journal-article/a4a27c4e516fb1d80cd91f413c7599f3/soravit2012.pdf"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"dacemirror.sci-hub.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_02_22; reference:url, urlhaus.abuse.ch/url/3448167/; classtype:trojan-activity;sid:84311267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447679)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.mips64le"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447679/; classtype:trojan-activity;sid:84310779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447681)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.87.42.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447681/; classtype:trojan-activity;sid:84310781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447670)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.i586"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447670/; classtype:trojan-activity;sid:84310770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447671)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.arm8x64_be"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447671/; classtype:trojan-activity;sid:84310771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447672)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.arm7"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447672/; classtype:trojan-activity;sid:84310772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447673)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.arm8x64"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447673/; classtype:trojan-activity;sid:84310773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447674)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.mipsle"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447674/; classtype:trojan-activity;sid:84310774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447675)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447675/; classtype:trojan-activity;sid:84310775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447676)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.mips64"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447676/; classtype:trojan-activity;sid:84310776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447677)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.x64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447677/; classtype:trojan-activity;sid:84310777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447466)"; flow:established,from_client; content:"GET"; http_method; content:"/laurenxss/36b18f37163aaa04654bd21e98d1b842/raw/dca82ba88fae8788a48ffb529f9610a0cc209781/x"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"gist.githubusercontent.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447466/; classtype:trojan-activity;sid:84310566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447458)"; flow:established,from_client; content:"GET"; http_method; content:"/sena1.png"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"leindisncieamrocea-1341831283.cos.sa-saopaulo.myqcloud.com"; http_host; depth:58; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447458/; classtype:trojan-activity;sid:84310558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447456)"; flow:established,from_client; content:"GET"; http_method; content:"/manga1.png"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"leindisncieamrocea-1341831283.cos.sa-saopaulo.myqcloud.com"; http_host; depth:58; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447456/; classtype:trojan-activity;sid:84310556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447457)"; flow:established,from_client; content:"GET"; http_method; content:"/colheita1.png"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"leindisncieamrocea-1341831283.cos.sa-saopaulo.myqcloud.com"; http_host; depth:58; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447457/; classtype:trojan-activity;sid:84310557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447444)"; flow:established,from_client; content:"GET"; http_method; content:"/imnddhs/rainbow.jpg"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"parmisbuilding.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447444/; classtype:trojan-activity;sid:84310544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3446661)"; flow:established,from_client; content:"GET"; http_method; content:"/img001.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_20; reference:url, urlhaus.abuse.ch/url/3446661/; classtype:trojan-activity;sid:84309761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3446653)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_20; reference:url, urlhaus.abuse.ch/url/3446653/; classtype:trojan-activity;sid:84309753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3446649)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_20; reference:url, urlhaus.abuse.ch/url/3446649/; classtype:trojan-activity;sid:84309749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3446449)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.206.188.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_20; reference:url, urlhaus.abuse.ch/url/3446449/; classtype:trojan-activity;sid:84309549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3446416)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"173.44.75.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_20; reference:url, urlhaus.abuse.ch/url/3446416/; classtype:trojan-activity;sid:84309516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3445854)"; flow:established,from_client; content:"GET"; http_method; content:"/coracion1.png"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"vaamsmgfreocmroe-1342087530.cos.sa-saopaulo.myqcloud.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2025_02_20; reference:url, urlhaus.abuse.ch/url/3445854/; classtype:trojan-activity;sid:84308954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3445431)"; flow:established,from_client; content:"GET"; http_method; content:"/data/df4a3196-accc-423a-a43b-6768f1aafd3e.pdf"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"hotelembuguacu.blob.core.windows.net"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_02_19; reference:url, urlhaus.abuse.ch/url/3445431/; classtype:trojan-activity;sid:84308531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3445438)"; flow:established,from_client; content:"GET"; http_method; content:"/data/f6416fd0-71f3-45de-8c79-3d0e7281f124.pdf"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"hotelembuguacu.blob.core.windows.net"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_02_19; reference:url, urlhaus.abuse.ch/url/3445438/; classtype:trojan-activity;sid:84308538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3445302)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.91.204.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_19; reference:url, urlhaus.abuse.ch/url/3445302/; classtype:trojan-activity;sid:84308402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3444507)"; flow:established,from_client; content:"GET"; http_method; content:"/leinchchanceleinch/jik/refs/heads/main/d.msi"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3444507/; classtype:trojan-activity;sid:84307607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3444326)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.115.236.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3444326/; classtype:trojan-activity;sid:84307426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3444279)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.206.188.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3444279/; classtype:trojan-activity;sid:84307379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3444267)"; flow:established,from_client; content:"GET"; http_method; content:"/leinchchanceleinch/jik/raw/refs/heads/main/d.msi"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3444267/; classtype:trojan-activity;sid:84307367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443831)"; flow:established,from_client; content:"GET"; http_method; content:"/okfgjrg5d8gt"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.148.3.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3443831/; classtype:trojan-activity;sid:84306931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443410)"; flow:established,from_client; content:"GET"; http_method; content:"/hkuu/down.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"hkuu.oss-cn-hongkong.aliyuncs.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443410/; classtype:trojan-activity;sid:84306510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443408)"; flow:established,from_client; content:"GET"; http_method; content:"/hkuu/tasloginbase.dll"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"hkuu.oss-cn-hongkong.aliyuncs.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443408/; classtype:trojan-activity;sid:84306508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443355)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.248.3.202.ll.sta.mana.pf"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443355/; classtype:trojan-activity;sid:84306455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443354)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.248.3.202.ll.sta.mana.pf"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443354/; classtype:trojan-activity;sid:84306454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443353)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99-118-215-24.lightspeed.irvnca.sbcglobal.net"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443353/; classtype:trojan-activity;sid:84306453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443350)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"host-95-230-215-65.business.telecomitalia.it"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443350/; classtype:trojan-activity;sid:84306450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443193)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"172.250.238.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443193/; classtype:trojan-activity;sid:84306293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442712)"; flow:established,from_client; content:"GET"; http_method; content:"/output0/client/cabalmain.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"168.138.162.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3442712/; classtype:trojan-activity;sid:84305812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442703)"; flow:established,from_client; content:"GET"; http_method; content:"/output0/client/update.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"168.138.162.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3442703/; classtype:trojan-activity;sid:84305803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442701)"; flow:established,from_client; content:"GET"; http_method; content:"/output0/client/cabal.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"168.138.162.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3442701/; classtype:trojan-activity;sid:84305801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442616)"; flow:established,from_client; content:"GET"; http_method; content:"/output/client/cabalmain.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"168.138.162.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3442616/; classtype:trojan-activity;sid:84305716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442259)"; flow:established,from_client; content:"GET"; http_method; content:"/exploit.class"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"123.56.43.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3442259/; classtype:trojan-activity;sid:84305359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442232)"; flow:established,from_client; content:"GET"; http_method; content:"/build.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"195.211.101.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3442232/; classtype:trojan-activity;sid:84305332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442233)"; flow:established,from_client; content:"GET"; http_method; content:"/build.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.146.202.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3442233/; classtype:trojan-activity;sid:84305333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442198)"; flow:established,from_client; content:"GET"; http_method; content:"/xxxx"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"47.89.173.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3442198/; classtype:trojan-activity;sid:84305298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442196)"; flow:established,from_client; content:"GET"; http_method; content:"/ffff"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"47.89.173.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3442196/; classtype:trojan-activity;sid:84305296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442197)"; flow:established,from_client; content:"GET"; http_method; content:"/asdf"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"47.89.173.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3442197/; classtype:trojan-activity;sid:84305297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442195)"; flow:established,from_client; content:"GET"; http_method; content:"/libmod_hellocpp_42.so"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"47.89.173.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3442195/; classtype:trojan-activity;sid:84305295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442091)"; flow:established,from_client; content:"GET"; http_method; content:"/journal-article/c8ab945ac1a0ab1d3c22616f6babff1a/sorahan1984.pdf"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"dacemirror.sci-hub.se"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3442091/; classtype:trojan-activity;sid:84305191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3441890)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.55.122.229"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3441890/; classtype:trojan-activity;sid:84304990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3441875)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.65.122.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3441875/; classtype:trojan-activity;sid:84304975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3441868)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.200.25.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3441868/; classtype:trojan-activity;sid:84304968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3441869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.5.194.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3441869/; classtype:trojan-activity;sid:84304969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3441864)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.236.65.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3441864/; classtype:trojan-activity;sid:84304964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3441724)"; flow:established,from_client; content:"GET"; http_method; content:"/output/client/cabal.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"168.138.162.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3441724/; classtype:trojan-activity;sid:84304824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3440185)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.168.9.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_15; reference:url, urlhaus.abuse.ch/url/3440185/; classtype:trojan-activity;sid:84303285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3439088)"; flow:established,from_client; content:"GET"; http_method; content:"/6107/8404c3d00d8aee946bdf1c140c904799/sorandaru2016.pdf"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"2024.sci-hub.se"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_14; reference:url, urlhaus.abuse.ch/url/3439088/; classtype:trojan-activity;sid:84302188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3438591)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.11.36.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_13; reference:url, urlhaus.abuse.ch/url/3438591/; classtype:trojan-activity;sid:84301691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3438594)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.11.36.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_13; reference:url, urlhaus.abuse.ch/url/3438594/; classtype:trojan-activity;sid:84301694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3438572)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.9.25.206"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_13; reference:url, urlhaus.abuse.ch/url/3438572/; classtype:trojan-activity;sid:84301672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3438570)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"210.208.104.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_13; reference:url, urlhaus.abuse.ch/url/3438570/; classtype:trojan-activity;sid:84301670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3437561)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.44.174.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_12; reference:url, urlhaus.abuse.ch/url/3437561/; classtype:trojan-activity;sid:84300661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3437118)"; flow:established,from_client; content:"GET"; http_method; content:"/test/cgi-bin/adonis/pure_adonis"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"upchemicals.co.in"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_12; reference:url, urlhaus.abuse.ch/url/3437118/; classtype:trojan-activity;sid:84300218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3437119)"; flow:established,from_client; content:"GET"; http_method; content:"/test/cgi-bin/jnd/pure_jnd"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"upchemicals.co.in"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_12; reference:url, urlhaus.abuse.ch/url/3437119/; classtype:trojan-activity;sid:84300219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3437116)"; flow:established,from_client; content:"GET"; http_method; content:"/test/cgi-bin/adonis/all_adonis"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"upchemicals.co.in"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_12; reference:url, urlhaus.abuse.ch/url/3437116/; classtype:trojan-activity;sid:84300216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3437117)"; flow:established,from_client; content:"GET"; http_method; content:"/test/cgi-bin/mr_bean/pure_bean"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"upchemicals.co.in"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_12; reference:url, urlhaus.abuse.ch/url/3437117/; classtype:trojan-activity;sid:84300217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3437115)"; flow:established,from_client; content:"GET"; http_method; content:"/test/cgi-bin/mr_bean/all_bean"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"upchemicals.co.in"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_12; reference:url, urlhaus.abuse.ch/url/3437115/; classtype:trojan-activity;sid:84300215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3437114)"; flow:established,from_client; content:"GET"; http_method; content:"/test/cgi-bin/jnd/jnd_all"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"upchemicals.co.in"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_12; reference:url, urlhaus.abuse.ch/url/3437114/; classtype:trojan-activity;sid:84300214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435167)"; flow:established,from_client; content:"GET"; http_method; content:"/iluxa94/-3-/refs/heads/main/%d0%a4%d0%be%d1%80%d0%bc%d0%b0%203%d0%9e%d0%a8%d0%91%d0%a0.exe"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435167/; classtype:trojan-activity;sid:84298267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435170)"; flow:established,from_client; content:"GET"; http_method; content:"/neo23x0/signature-base/archive/master.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435170/; classtype:trojan-activity;sid:84298270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435143)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"101.32.40.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435143/; classtype:trojan-activity;sid:84298243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435080)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.236.65.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435080/; classtype:trojan-activity;sid:84298180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433363)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"146.196.122.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433363/; classtype:trojan-activity;sid:84296463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433357)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.31.8.22"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433357/; classtype:trojan-activity;sid:84296457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433345)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.4.101.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433345/; classtype:trojan-activity;sid:84296445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433346)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.168.9.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433346/; classtype:trojan-activity;sid:84296446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432311)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.204.104.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432311/; classtype:trojan-activity;sid:84295411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432127)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.136.145.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432127/; classtype:trojan-activity;sid:84295227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431851)"; flow:established,from_client; content:"GET"; http_method; content:"/test/cgi-bin/mr_bean/all_bean"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"upchemicals.co.in"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431851/; classtype:trojan-activity;sid:84294951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431850)"; flow:established,from_client; content:"GET"; http_method; content:"/test/cgi-bin/mr_bean/pure_bean"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"upchemicals.co.in"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431850/; classtype:trojan-activity;sid:84294950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431687)"; flow:established,from_client; content:"GET"; http_method; content:"/bljysvhw/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431687/; classtype:trojan-activity;sid:84294787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431686)"; flow:established,from_client; content:"GET"; http_method; content:"/bljysvhw/img001.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431686/; classtype:trojan-activity;sid:84294786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431386)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.236.175.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431386/; classtype:trojan-activity;sid:84294486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431377)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.55.94.61"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431377/; classtype:trojan-activity;sid:84294477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429885)"; flow:established,from_client; content:"GET"; http_method; content:"/1/test.jpg"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ofice365.github.io"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429885/; classtype:trojan-activity;sid:84292985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429793)"; flow:established,from_client; content:"GET"; http_method; content:"/download/static/files/bootstrappernew.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"d2314eac.solaraweb-alj.pages.dev"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429793/; classtype:trojan-activity;sid:84292893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429404)"; flow:established,from_client; content:"GET"; http_method; content:"/earm"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429404/; classtype:trojan-activity;sid:84292504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429405)"; flow:established,from_client; content:"GET"; http_method; content:"/backdoor/emips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429405/; classtype:trojan-activity;sid:84292505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429406)"; flow:established,from_client; content:"GET"; http_method; content:"/tp/earm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429406/; classtype:trojan-activity;sid:84292506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429402)"; flow:established,from_client; content:"GET"; http_method; content:"/backdoor/earm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429402/; classtype:trojan-activity;sid:84292502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429403)"; flow:established,from_client; content:"GET"; http_method; content:"/tp/earm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429403/; classtype:trojan-activity;sid:84292503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429401)"; flow:established,from_client; content:"GET"; http_method; content:"/tp/emips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429401/; classtype:trojan-activity;sid:84292501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429398)"; flow:established,from_client; content:"GET"; http_method; content:"/earm7"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429398/; classtype:trojan-activity;sid:84292498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429399)"; flow:established,from_client; content:"GET"; http_method; content:"/backdoor/earm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429399/; classtype:trojan-activity;sid:84292499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429400)"; flow:established,from_client; content:"GET"; http_method; content:"/tp/ex86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429400/; classtype:trojan-activity;sid:84292500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429390)"; flow:established,from_client; content:"GET"; http_method; content:"/tp/empsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429390/; classtype:trojan-activity;sid:84292490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429391)"; flow:established,from_client; content:"GET"; http_method; content:"/backdoor/empsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429391/; classtype:trojan-activity;sid:84292491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429392)"; flow:established,from_client; content:"GET"; http_method; content:"/ex86"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429392/; classtype:trojan-activity;sid:84292492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429393)"; flow:established,from_client; content:"GET"; http_method; content:"/tp/earm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429393/; classtype:trojan-activity;sid:84292493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429395)"; flow:established,from_client; content:"GET"; http_method; content:"/earm6"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429395/; classtype:trojan-activity;sid:84292495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429396)"; flow:established,from_client; content:"GET"; http_method; content:"/backdoor/earm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429396/; classtype:trojan-activity;sid:84292496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429397)"; flow:established,from_client; content:"GET"; http_method; content:"/backdoor/earm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429397/; classtype:trojan-activity;sid:84292497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429386)"; flow:established,from_client; content:"GET"; http_method; content:"/tp/earm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429386/; classtype:trojan-activity;sid:84292486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429387)"; flow:established,from_client; content:"GET"; http_method; content:"/emips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429387/; classtype:trojan-activity;sid:84292487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429388)"; flow:established,from_client; content:"GET"; http_method; content:"/earm5"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429388/; classtype:trojan-activity;sid:84292488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429389)"; flow:established,from_client; content:"GET"; http_method; content:"/dvrlocker"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429389/; classtype:trojan-activity;sid:84292489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429384)"; flow:established,from_client; content:"GET"; http_method; content:"/empsl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429384/; classtype:trojan-activity;sid:84292484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429385)"; flow:established,from_client; content:"GET"; http_method; content:"/backdoor/ex86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429385/; classtype:trojan-activity;sid:84292485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429311)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.159.221.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429311/; classtype:trojan-activity;sid:84292411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423102)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.41.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423102/; classtype:trojan-activity;sid:84286202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421183)"; flow:established,from_client; content:"GET"; http_method; content:"/xsh/xsh.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"101.126.11.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421183/; classtype:trojan-activity;sid:84284283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421027)"; flow:established,from_client; content:"GET"; http_method; content:"/sigmaplus/4.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"ny.lshdw.cc"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421027/; classtype:trojan-activity;sid:84284127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421026)"; flow:established,from_client; content:"GET"; http_method; content:"/tylermt99/zzzaaa/refs/heads/main/built.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421026/; classtype:trojan-activity;sid:84284126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421014)"; flow:established,from_client; content:"GET"; http_method; content:"/assignment.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"210.125.101.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421014/; classtype:trojan-activity;sid:84284114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421020)"; flow:established,from_client; content:"GET"; http_method; content:"/ftp/emmetprod.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"141.147.43.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421020/; classtype:trojan-activity;sid:84284120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3420607)"; flow:established,from_client; content:"GET"; http_method; content:"/update.vbs"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"181.206.158.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3420607/; classtype:trojan-activity;sid:84283707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3420539)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"160.119.133.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3420539/; classtype:trojan-activity;sid:84283639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419575)"; flow:established,from_client; content:"GET"; http_method; content:"/eluwnkaquxi/elcio/raw/refs/heads/main/server1.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419575/; classtype:trojan-activity;sid:84282675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419559)"; flow:established,from_client; content:"GET"; http_method; content:"/mentaliczz/bloxflippredictor-v2/raw/refs/heads/main/bloxflip%20predictor.exe"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419559/; classtype:trojan-activity;sid:84282659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419560)"; flow:established,from_client; content:"GET"; http_method; content:"/ff245185/payload/raw/refs/heads/main/fast%20download.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419560/; classtype:trojan-activity;sid:84282660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419566)"; flow:established,from_client; content:"GET"; http_method; content:"/theairblow/theairblow/raw/refs/heads/main/njrat.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419566/; classtype:trojan-activity;sid:84282666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419570)"; flow:established,from_client; content:"GET"; http_method; content:"/grozniy1/folder/raw/refs/heads/main/444.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419570/; classtype:trojan-activity;sid:84282670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419503)"; flow:established,from_client; content:"GET"; http_method; content:"/coluich/yaf/refs/heads/main/windows12.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419503/; classtype:trojan-activity;sid:84282603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419506)"; flow:established,from_client; content:"GET"; http_method; content:"/felikzig/wdt/raw/refs/heads/main/collosalloader.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419506/; classtype:trojan-activity;sid:84282606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419494)"; flow:established,from_client; content:"GET"; http_method; content:"/1337breaker1337/password/raw/refs/heads/main/client-built.exe"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419494/; classtype:trojan-activity;sid:84282594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419481)"; flow:established,from_client; content:"GET"; http_method; content:"/mohammedsalmannnnnnn/laughing-train/raw/refs/heads/main/client-built.exe"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419481/; classtype:trojan-activity;sid:84282581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419485)"; flow:established,from_client; content:"GET"; http_method; content:"/bonsko216/1/raw/refs/heads/main/runtimebroker.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419485/; classtype:trojan-activity;sid:84282585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419487)"; flow:established,from_client; content:"GET"; http_method; content:"/leemurray751/testing/raw/refs/heads/main/testingfile.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419487/; classtype:trojan-activity;sid:84282587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419474)"; flow:established,from_client; content:"GET"; http_method; content:"/valofficial/client-follower/raw/refs/heads/main/client-built.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419474/; classtype:trojan-activity;sid:84282574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419477)"; flow:established,from_client; content:"GET"; http_method; content:"/xevioo/xeviohub/raw/refs/heads/main/critscript.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419477/; classtype:trojan-activity;sid:84282577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419464)"; flow:established,from_client; content:"GET"; http_method; content:"/horiffy/sentil/raw/refs/heads/main/sentil.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419464/; classtype:trojan-activity;sid:84282564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419368)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/17793058/lg246dre.txt"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419368/; classtype:trojan-activity;sid:84282468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3418042)"; flow:established,from_client; content:"GET"; http_method; content:"/cab/launcherloader.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.newkey.co.kr"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3418042/; classtype:trojan-activity;sid:84281142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417860)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.141.166.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417860/; classtype:trojan-activity;sid:84280960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417840)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"182.109.0.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417840/; classtype:trojan-activity;sid:84280940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417826)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.250.173.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417826/; classtype:trojan-activity;sid:84280926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417095)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1t9mwfr1azhmksosp19tomch5dyi3hb2n"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417095/; classtype:trojan-activity;sid:84280195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417085)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"87.197.160.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417085/; classtype:trojan-activity;sid:84280185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3416671)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.165.237.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_27; reference:url, urlhaus.abuse.ch/url/3416671/; classtype:trojan-activity;sid:84279771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3416672)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.236.65.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_27; reference:url, urlhaus.abuse.ch/url/3416672/; classtype:trojan-activity;sid:84279772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3416673)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.165.237.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_27; reference:url, urlhaus.abuse.ch/url/3416673/; classtype:trojan-activity;sid:84279773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3416674)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.165.237.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_27; reference:url, urlhaus.abuse.ch/url/3416674/; classtype:trojan-activity;sid:84279774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415308)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.165.237.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415308/; classtype:trojan-activity;sid:84278408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415209)"; flow:established,from_client; content:"GET"; http_method; content:"/loginanticheat.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415209/; classtype:trojan-activity;sid:84278309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415207)"; flow:established,from_client; content:"GET"; http_method; content:"/loginanticheat4.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415207/; classtype:trojan-activity;sid:84278307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415206)"; flow:established,from_client; content:"GET"; http_method; content:"/gmex.dll"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415206/; classtype:trojan-activity;sid:84278306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3414047)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.136.195.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_25; reference:url, urlhaus.abuse.ch/url/3414047/; classtype:trojan-activity;sid:84277147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3412921)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.165.237.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_24; reference:url, urlhaus.abuse.ch/url/3412921/; classtype:trojan-activity;sid:84276021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3411900)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.102.166.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3411900/; classtype:trojan-activity;sid:84275000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3411863)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.39.139.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3411863/; classtype:trojan-activity;sid:84274963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3410868)"; flow:established,from_client; content:"GET"; http_method; content:"/helps/helphelp1207/helps.hta"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"tests.yjzj.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3410868/; classtype:trojan-activity;sid:84273968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3410864)"; flow:established,from_client; content:"GET"; http_method; content:"/blackhatethicalhacking/fud/blob/master/access.exe|3f|raw=true"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3410864/; classtype:trojan-activity;sid:84273964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3410865)"; flow:established,from_client; content:"GET"; http_method; content:"/blackhatethicalhacking/fud/raw/refs/heads/master/access.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3410865/; classtype:trojan-activity;sid:84273965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3410718)"; flow:established,from_client; content:"GET"; http_method; content:"/cos"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ah-scanning.oss-cn-hongkong.aliyuncs.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3410718/; classtype:trojan-activity;sid:84273818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3410382)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.176.252.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3410382/; classtype:trojan-activity;sid:84273482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3409838)"; flow:established,from_client; content:"GET"; http_method; content:"/blackhatethicalhacking/fud/refs/heads/master/access.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3409838/; classtype:trojan-activity;sid:84272938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3409427)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.40.61.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_21; reference:url, urlhaus.abuse.ch/url/3409427/; classtype:trojan-activity;sid:84272527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3409421)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.11.94.15"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_21; reference:url, urlhaus.abuse.ch/url/3409421/; classtype:trojan-activity;sid:84272521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407374)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.167.209.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407374/; classtype:trojan-activity;sid:84270474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3406818)"; flow:established,from_client; content:"GET"; http_method; content:"/%eb%a7%ac%ec%9b%a8%ec%96%b4.hta"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"hobobot.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3406818/; classtype:trojan-activity;sid:84269918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3406822)"; flow:established,from_client; content:"GET"; http_method; content:"/%eb%b9%8c%ec%96%b4%20%eb%a8%b9%ec%9d%84.hta"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"hobobot.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3406822/; classtype:trojan-activity;sid:84269922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3406468)"; flow:established,from_client; content:"GET"; http_method; content:"/journal-article/30343922aca0fb8e53340406c2d9339d/sora2012.pdf"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"dacemirror.sci-hub.se"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3406468/; classtype:trojan-activity;sid:84269568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405423)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.141.166.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_19; reference:url, urlhaus.abuse.ch/url/3405423/; classtype:trojan-activity;sid:84268523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405341)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"14.29.160.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405341/; classtype:trojan-activity;sid:84268441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405330)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"182.109.0.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405330/; classtype:trojan-activity;sid:84268430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405320)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.66.30.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405320/; classtype:trojan-activity;sid:84268420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405323)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.66.30.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405323/; classtype:trojan-activity;sid:84268423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405324)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.66.30.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405324/; classtype:trojan-activity;sid:84268424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405329)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.54.96.182"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405329/; classtype:trojan-activity;sid:84268429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405319)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.66.30.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405319/; classtype:trojan-activity;sid:84268419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405187)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.247.101.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405187/; classtype:trojan-activity;sid:84268287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405172)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.24.237.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405172/; classtype:trojan-activity;sid:84268272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405134)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"84.15.147.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405134/; classtype:trojan-activity;sid:84268234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405140)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.215.129.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405140/; classtype:trojan-activity;sid:84268240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405120)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.20.19.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405120/; classtype:trojan-activity;sid:84268220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405113)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.72.199.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405113/; classtype:trojan-activity;sid:84268213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3403380)"; flow:established,from_client; content:"GET"; http_method; content:"/lehila05/pdc/refs/heads/main/payload.bin"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_17; reference:url, urlhaus.abuse.ch/url/3403380/; classtype:trojan-activity;sid:84266480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3402741)"; flow:established,from_client; content:"GET"; http_method; content:"/adobepdf-reader/pdf-reader/raw/refs/heads/main/pdf%20reader.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_16; reference:url, urlhaus.abuse.ch/url/3402741/; classtype:trojan-activity;sid:84265841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3402177)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.109.90.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_16; reference:url, urlhaus.abuse.ch/url/3402177/; classtype:trojan-activity;sid:84265277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3402157)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.86.182.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_16; reference:url, urlhaus.abuse.ch/url/3402157/; classtype:trojan-activity;sid:84265257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3402154)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.88.6.203"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_16; reference:url, urlhaus.abuse.ch/url/3402154/; classtype:trojan-activity;sid:84265254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3402136)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.152.45.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_16; reference:url, urlhaus.abuse.ch/url/3402136/; classtype:trojan-activity;sid:84265236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3402128)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.115.252.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_16; reference:url, urlhaus.abuse.ch/url/3402128/; classtype:trojan-activity;sid:84265228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3399789)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.160.240.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3399789/; classtype:trojan-activity;sid:84262889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3399425)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.221.5.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3399425/; classtype:trojan-activity;sid:84262525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3399396)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.178.100.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_13; reference:url, urlhaus.abuse.ch/url/3399396/; classtype:trojan-activity;sid:84262496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3398629)"; flow:established,from_client; content:"GET"; http_method; content:"/ox2fa/justnow/refs/heads/main/1.sh"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_13; reference:url, urlhaus.abuse.ch/url/3398629/; classtype:trojan-activity;sid:84261729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3397528)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.180.18.98"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_11; reference:url, urlhaus.abuse.ch/url/3397528/; classtype:trojan-activity;sid:84260628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3397523)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"69.11.121.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_11; reference:url, urlhaus.abuse.ch/url/3397523/; classtype:trojan-activity;sid:84260623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3396421)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.160.240.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_10; reference:url, urlhaus.abuse.ch/url/3396421/; classtype:trojan-activity;sid:84259521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3396427)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.115.101.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_10; reference:url, urlhaus.abuse.ch/url/3396427/; classtype:trojan-activity;sid:84259527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3396428)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.20.59.150"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_10; reference:url, urlhaus.abuse.ch/url/3396428/; classtype:trojan-activity;sid:84259528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3396430)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.254.71.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_10; reference:url, urlhaus.abuse.ch/url/3396430/; classtype:trojan-activity;sid:84259530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3396413)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"211.197.121.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_10; reference:url, urlhaus.abuse.ch/url/3396413/; classtype:trojan-activity;sid:84259513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3395055)"; flow:established,from_client; content:"GET"; http_method; content:"/arvendrachhonkar/todo/releases/download/macosandwindows/install_setup_v1.2.0.dmg"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_09; reference:url, urlhaus.abuse.ch/url/3395055/; classtype:trojan-activity;sid:84258155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3394507)"; flow:established,from_client; content:"GET"; http_method; content:"/trismagi/daemon/raw/main/watchdog"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_09; reference:url, urlhaus.abuse.ch/url/3394507/; classtype:trojan-activity;sid:84257607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3394121)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"62.56.225.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3394121/; classtype:trojan-activity;sid:84257221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3394115)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"62.56.225.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3394115/; classtype:trojan-activity;sid:84257215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393662)"; flow:established,from_client; content:"GET"; http_method; content:"/roukistl/ud/refs/heads/main/ud.bat"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393662/; classtype:trojan-activity;sid:84256762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393601)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"113.31.111.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393601/; classtype:trojan-activity;sid:84256701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393596)"; flow:established,from_client; content:"GET"; http_method; content:"/thomson101/xhp/releases/download/release/steanings.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393596/; classtype:trojan-activity;sid:84256696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393148)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"211.197.121.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393148/; classtype:trojan-activity;sid:84256248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393047)"; flow:established,from_client; content:"GET"; http_method; content:"/thomson101/xhp/releases/download/release/steanings.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_07; reference:url, urlhaus.abuse.ch/url/3393047/; classtype:trojan-activity;sid:84256147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393048)"; flow:established,from_client; content:"GET"; http_method; content:"/apoxyies/deeneme/raw/refs/heads/main/runtimebroker.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_07; reference:url, urlhaus.abuse.ch/url/3393048/; classtype:trojan-activity;sid:84256148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393007)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.240.163.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_07; reference:url, urlhaus.abuse.ch/url/3393007/; classtype:trojan-activity;sid:84256107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393010)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.40.185.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_07; reference:url, urlhaus.abuse.ch/url/3393010/; classtype:trojan-activity;sid:84256110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3392686)"; flow:established,from_client; content:"GET"; http_method; content:"/launcher/upload/test.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"test.aionclassic.pro"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_01_07; reference:url, urlhaus.abuse.ch/url/3392686/; classtype:trojan-activity;sid:84255786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391671)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"151.251.196.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391671/; classtype:trojan-activity;sid:84254771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391678)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.202.211.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391678/; classtype:trojan-activity;sid:84254778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391609)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.92.24.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391609/; classtype:trojan-activity;sid:84254709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391455)"; flow:established,from_client; content:"GET"; http_method; content:"/1337breaker1337/password/refs/heads/main/client-built.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391455/; classtype:trojan-activity;sid:84254555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391429)"; flow:established,from_client; content:"GET"; http_method; content:"/1337breaker1337/password/raw/refs/heads/main/client-built.exe"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391429/; classtype:trojan-activity;sid:84254529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3390125)"; flow:established,from_client; content:"GET"; http_method; content:"/c3.hta"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myguyapp.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3390125/; classtype:trojan-activity;sid:84253225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3390124)"; flow:established,from_client; content:"GET"; http_method; content:"/c1.hta"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"myguyapp.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3390124/; classtype:trojan-activity;sid:84253224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3390123)"; flow:established,from_client; content:"GET"; http_method; content:"/c.hta"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"myguyapp.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3390123/; classtype:trojan-activity;sid:84253223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389403)"; flow:established,from_client; content:"GET"; http_method; content:"/ngrokc/ctc/raw/main/ctc64.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389403/; classtype:trojan-activity;sid:84252503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389404)"; flow:established,from_client; content:"GET"; http_method; content:"/ngrokc/ctc/main/ctc64.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389404/; classtype:trojan-activity;sid:84252504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389259)"; flow:established,from_client; content:"GET"; http_method; content:"/test/av.lnk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389259/; classtype:trojan-activity;sid:84252359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389237)"; flow:established,from_client; content:"GET"; http_method; content:"/test/photo.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389237/; classtype:trojan-activity;sid:84252337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389239)"; flow:established,from_client; content:"GET"; http_method; content:"/test/video.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389239/; classtype:trojan-activity;sid:84252339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389229)"; flow:established,from_client; content:"GET"; http_method; content:"/zotero/fwutlkid.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"152.136.140.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389229/; classtype:trojan-activity;sid:84252329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389228)"; flow:established,from_client; content:"GET"; http_method; content:"/zotero/gch3x3lk.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"152.136.140.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389228/; classtype:trojan-activity;sid:84252328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389227)"; flow:established,from_client; content:"GET"; http_method; content:"/zotero/9nkwk7nh.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"152.136.140.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389227/; classtype:trojan-activity;sid:84252327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389226)"; flow:established,from_client; content:"GET"; http_method; content:"/zotero/wl3gtvgq.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"152.136.140.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389226/; classtype:trojan-activity;sid:84252326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389225)"; flow:established,from_client; content:"GET"; http_method; content:"/zotero/ujp4jdmy.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"152.136.140.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389225/; classtype:trojan-activity;sid:84252325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389224)"; flow:established,from_client; content:"GET"; http_method; content:"/zotero/8rh4s7pl.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"152.136.140.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389224/; classtype:trojan-activity;sid:84252324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389223)"; flow:established,from_client; content:"GET"; http_method; content:"/zotero/dwppj74t.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"152.136.140.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389223/; classtype:trojan-activity;sid:84252323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389222)"; flow:established,from_client; content:"GET"; http_method; content:"/zotero/jdym53nl.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"152.136.140.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389222/; classtype:trojan-activity;sid:84252322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389221)"; flow:established,from_client; content:"GET"; http_method; content:"/zotero/e9ffa5da.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"152.136.140.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389221/; classtype:trojan-activity;sid:84252321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389220)"; flow:established,from_client; content:"GET"; http_method; content:"/zotero/8zg9faz4.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"152.136.140.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389220/; classtype:trojan-activity;sid:84252320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389218)"; flow:established,from_client; content:"GET"; http_method; content:"/free"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"safefiles2.oss-cn-beijing.aliyuncs.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389218/; classtype:trojan-activity;sid:84252318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389142)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"1.181.70.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389142/; classtype:trojan-activity;sid:84252242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389120)"; flow:established,from_client; content:"GET"; http_method; content:"/auda"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"safefiles2.oss-cn-beijing.aliyuncs.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389120/; classtype:trojan-activity;sid:84252220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388907)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.83.78"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388907/; classtype:trojan-activity;sid:84252007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388878)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.89.165"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388878/; classtype:trojan-activity;sid:84251978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388873)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.117.75.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388873/; classtype:trojan-activity;sid:84251973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388874)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.89.174"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388874/; classtype:trojan-activity;sid:84251974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388858)"; flow:established,from_client; content:"GET"; http_method; content:"/download/static/files/solara.dir.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"c0e5b87c.solaraweb-alj.pages.dev"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388858/; classtype:trojan-activity;sid:84251958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388859)"; flow:established,from_client; content:"GET"; http_method; content:"/download/static/files/bootstrappernew.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"c0e5b87c.solaraweb-alj.pages.dev"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388859/; classtype:trojan-activity;sid:84251959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387830)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.140.239.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387830/; classtype:trojan-activity;sid:84250930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.220.229.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387777/; classtype:trojan-activity;sid:84250877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387720)"; flow:established,from_client; content:"GET"; http_method; content:"/fericarr/newky/raw/refs/heads/main/prueba.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387720/; classtype:trojan-activity;sid:84250820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387708)"; flow:established,from_client; content:"GET"; http_method; content:"/rsvgsng/funpark/raw/refs/heads/main/diskutil.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387708/; classtype:trojan-activity;sid:84250808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387702)"; flow:established,from_client; content:"GET"; http_method; content:"/yuriksq/papilla/raw/refs/heads/main/jrockekcurje.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387702/; classtype:trojan-activity;sid:84250802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387697)"; flow:established,from_client; content:"GET"; http_method; content:"/intput.bin"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"101.201.227.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387697/; classtype:trojan-activity;sid:84250797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3386798)"; flow:established,from_client; content:"GET"; http_method; content:"/proceedings-article/55a07147594fae1312e55be4d77971e1/skidmore2008.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"dacemirror.sci-hub.se"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3386798/; classtype:trojan-activity;sid:84249898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3386508)"; flow:established,from_client; content:"GET"; http_method; content:"/file.elf"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"34.45.47.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_02; reference:url, urlhaus.abuse.ch/url/3386508/; classtype:trojan-activity;sid:84249608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3386509)"; flow:established,from_client; content:"GET"; http_method; content:"/file-arm.elf"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"34.45.47.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_02; reference:url, urlhaus.abuse.ch/url/3386509/; classtype:trojan-activity;sid:84249609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3386510)"; flow:established,from_client; content:"GET"; http_method; content:"/file-64bit.elf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"34.45.47.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_02; reference:url, urlhaus.abuse.ch/url/3386510/; classtype:trojan-activity;sid:84249610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3386210)"; flow:established,from_client; content:"GET"; http_method; content:"/ghost-opbr/test/refs/heads/main/adobepdfreader.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_02; reference:url, urlhaus.abuse.ch/url/3386210/; classtype:trojan-activity;sid:84249310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3385583)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.232.133.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_01; reference:url, urlhaus.abuse.ch/url/3385583/; classtype:trojan-activity;sid:84248683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3385579)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.97.36.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_01; reference:url, urlhaus.abuse.ch/url/3385579/; classtype:trojan-activity;sid:84248679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3385331)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"m-global.hksty.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_01_01; reference:url, urlhaus.abuse.ch/url/3385331/; classtype:trojan-activity;sid:84248431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3385167)"; flow:established,from_client; content:"GET"; http_method; content:"/soft_hair/ultravnc.ini"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"support.clz.kr"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_01; reference:url, urlhaus.abuse.ch/url/3385167/; classtype:trojan-activity;sid:84248267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3385032)"; flow:established,from_client; content:"GET"; http_method; content:"/5fr5gthkjdg71"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.148.3.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_01; reference:url, urlhaus.abuse.ch/url/3385032/; classtype:trojan-activity;sid:84248132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3384038)"; flow:established,from_client; content:"GET"; http_method; content:"/rsvgsng/funpark/refs/heads/main/diskutil.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_31; reference:url, urlhaus.abuse.ch/url/3384038/; classtype:trojan-activity;sid:84247138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3384025)"; flow:established,from_client; content:"GET"; http_method; content:"/rsvgsng/funpark/raw/refs/heads/main/diskutil.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_31; reference:url, urlhaus.abuse.ch/url/3384025/; classtype:trojan-activity;sid:84247125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3380950)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.252.66.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_29; reference:url, urlhaus.abuse.ch/url/3380950/; classtype:trojan-activity;sid:84244050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378993)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.116.68.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378993/; classtype:trojan-activity;sid:84242093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378991)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.50.4.173"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378991/; classtype:trojan-activity;sid:84242091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378977)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.50.4.171"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378977/; classtype:trojan-activity;sid:84242077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378961)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.166.18.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378961/; classtype:trojan-activity;sid:84242061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378964)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.1.110.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378964/; classtype:trojan-activity;sid:84242064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378965)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.114.218.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378965/; classtype:trojan-activity;sid:84242065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378966)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.108.227.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378966/; classtype:trojan-activity;sid:84242066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378974)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.142.63.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378974/; classtype:trojan-activity;sid:84242074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378954)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.126.186.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378954/; classtype:trojan-activity;sid:84242054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378958)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.26.136.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378958/; classtype:trojan-activity;sid:84242058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378016)"; flow:established,from_client; content:"GET"; http_method; content:"/fdiuioijofgrg"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.148.3.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_27; reference:url, urlhaus.abuse.ch/url/3378016/; classtype:trojan-activity;sid:84241116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3377988)"; flow:established,from_client; content:"GET"; http_method; content:"/nvcommander2/allgens/refs/heads/main/msgde.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_27; reference:url, urlhaus.abuse.ch/url/3377988/; classtype:trojan-activity;sid:84241088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3377969)"; flow:established,from_client; content:"GET"; http_method; content:"/win/checking.hta"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"qlqd5zqefmkcr34a.onion.sh"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_27; reference:url, urlhaus.abuse.ch/url/3377969/; classtype:trojan-activity;sid:84241069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3377935)"; flow:established,from_client; content:"GET"; http_method; content:"/ryycheats/ezfn-cheats-v2/refs/heads/main/ezfn%20op%20cheats.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_27; reference:url, urlhaus.abuse.ch/url/3377935/; classtype:trojan-activity;sid:84241035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373507)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.143.139.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_23; reference:url, urlhaus.abuse.ch/url/3373507/; classtype:trojan-activity;sid:84236607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373506)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.143.139.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_23; reference:url, urlhaus.abuse.ch/url/3373506/; classtype:trojan-activity;sid:84236606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373499)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.191.89.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_23; reference:url, urlhaus.abuse.ch/url/3373499/; classtype:trojan-activity;sid:84236599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373504)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.0.204.188"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_23; reference:url, urlhaus.abuse.ch/url/3373504/; classtype:trojan-activity;sid:84236604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373486)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"90.45.15.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_23; reference:url, urlhaus.abuse.ch/url/3373486/; classtype:trojan-activity;sid:84236586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373487)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"90.45.15.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_23; reference:url, urlhaus.abuse.ch/url/3373487/; classtype:trojan-activity;sid:84236587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373492)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"218.108.181.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_23; reference:url, urlhaus.abuse.ch/url/3373492/; classtype:trojan-activity;sid:84236592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373090)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.107.138.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373090/; classtype:trojan-activity;sid:84236190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373087)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.159.154.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373087/; classtype:trojan-activity;sid:84236187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373071)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.84.39.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373071/; classtype:trojan-activity;sid:84236171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373074)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.164.191.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373074/; classtype:trojan-activity;sid:84236174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373080)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.160.109.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373080/; classtype:trojan-activity;sid:84236180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373053)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"47.181.114.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373053/; classtype:trojan-activity;sid:84236153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373056)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.153.52.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373056/; classtype:trojan-activity;sid:84236156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.236.135.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373057/; classtype:trojan-activity;sid:84236157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373058)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.34.205.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373058/; classtype:trojan-activity;sid:84236158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373063)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.136.225.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373063/; classtype:trojan-activity;sid:84236163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373067)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.244.113.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373067/; classtype:trojan-activity;sid:84236167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373048)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.225.179.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373048/; classtype:trojan-activity;sid:84236148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373050)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.216.107.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373050/; classtype:trojan-activity;sid:84236150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373032)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.121.195.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373032/; classtype:trojan-activity;sid:84236132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373017)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.138.107.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373017/; classtype:trojan-activity;sid:84236117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373023)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.233.95.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373023/; classtype:trojan-activity;sid:84236123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373026)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.20.27.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373026/; classtype:trojan-activity;sid:84236126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373009)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.185.23.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373009/; classtype:trojan-activity;sid:84236109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373001)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.92.204.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373001/; classtype:trojan-activity;sid:84236101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372979)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.93.83.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372979/; classtype:trojan-activity;sid:84236079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372989)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.15.137.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372989/; classtype:trojan-activity;sid:84236089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372991)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.233.95.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372991/; classtype:trojan-activity;sid:84236091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372992)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.27.224.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372992/; classtype:trojan-activity;sid:84236092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372994)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.43.6.118"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372994/; classtype:trojan-activity;sid:84236094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372995)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.236.133.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372995/; classtype:trojan-activity;sid:84236095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372997)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.103.184.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372997/; classtype:trojan-activity;sid:84236097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372968)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.85.166.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372968/; classtype:trojan-activity;sid:84236068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372966)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.156.154.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372966/; classtype:trojan-activity;sid:84236066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372961)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.43.6.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372961/; classtype:trojan-activity;sid:84236061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372963)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"207.113.208.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372963/; classtype:trojan-activity;sid:84236063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372954)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.110.204.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372954/; classtype:trojan-activity;sid:84236054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372944)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.125.133.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372944/; classtype:trojan-activity;sid:84236044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372946)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.233.125.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372946/; classtype:trojan-activity;sid:84236046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372931)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.154.209.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372931/; classtype:trojan-activity;sid:84236031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372903)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"111.74.21.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372903/; classtype:trojan-activity;sid:84236003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372902)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372902/; classtype:trojan-activity;sid:84236002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372900)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372900/; classtype:trojan-activity;sid:84236000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372901)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"220.180.255.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372901/; classtype:trojan-activity;sid:84236001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372891)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372891/; classtype:trojan-activity;sid:84235991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372892)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372892/; classtype:trojan-activity;sid:84235992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372893)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372893/; classtype:trojan-activity;sid:84235993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372896)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372896/; classtype:trojan-activity;sid:84235996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372898)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372898/; classtype:trojan-activity;sid:84235998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372881)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372881/; classtype:trojan-activity;sid:84235981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372883)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372883/; classtype:trojan-activity;sid:84235983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372884)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372884/; classtype:trojan-activity;sid:84235984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372885)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372885/; classtype:trojan-activity;sid:84235985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372886)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372886/; classtype:trojan-activity;sid:84235986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372890)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372890/; classtype:trojan-activity;sid:84235990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372876)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.247.101.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372876/; classtype:trojan-activity;sid:84235976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372877)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"114.247.47.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372877/; classtype:trojan-activity;sid:84235977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372878)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372878/; classtype:trojan-activity;sid:84235978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372879)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372879/; classtype:trojan-activity;sid:84235979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372880)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372880/; classtype:trojan-activity;sid:84235980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372704)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.34.102.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372704/; classtype:trojan-activity;sid:84235804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372705)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.34.102.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372705/; classtype:trojan-activity;sid:84235805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372691)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.55.101.94"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372691/; classtype:trojan-activity;sid:84235791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372688)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"133.106.109.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372688/; classtype:trojan-activity;sid:84235788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372684)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.34.102.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372684/; classtype:trojan-activity;sid:84235784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372657)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.88.190"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372657/; classtype:trojan-activity;sid:84235757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372658)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.88.216"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372658/; classtype:trojan-activity;sid:84235758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372654)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.34.102.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372654/; classtype:trojan-activity;sid:84235754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372651)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.34.102.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372651/; classtype:trojan-activity;sid:84235751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372644)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"157.125.7.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372644/; classtype:trojan-activity;sid:84235744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372645)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"79.124.72.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372645/; classtype:trojan-activity;sid:84235745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372625)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.88.189"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372625/; classtype:trojan-activity;sid:84235725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372627)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.88.115"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372627/; classtype:trojan-activity;sid:84235727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372636)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.28.177.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372636/; classtype:trojan-activity;sid:84235736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372639)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.34.102.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372639/; classtype:trojan-activity;sid:84235739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372642)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.28.177.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372642/; classtype:trojan-activity;sid:84235742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372621)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.210.109.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372621/; classtype:trojan-activity;sid:84235721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372615)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.34.102.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372615/; classtype:trojan-activity;sid:84235715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366263)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.87.31.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366263/; classtype:trojan-activity;sid:84229363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366262)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.73.75.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366262/; classtype:trojan-activity;sid:84229362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366250)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.220.214.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366250/; classtype:trojan-activity;sid:84229350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366230)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.220.123.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366230/; classtype:trojan-activity;sid:84229330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356934)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.150.21.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356934/; classtype:trojan-activity;sid:84220034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356912)"; flow:established,from_client; content:"GET"; http_method; content:"/ef/ef.bin"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.tdejb.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356912/; classtype:trojan-activity;sid:84220012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356911)"; flow:established,from_client; content:"GET"; http_method; content:"/ef/skifterne.sea"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.tdejb.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356911/; classtype:trojan-activity;sid:84220011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356909)"; flow:established,from_client; content:"GET"; http_method; content:"/ef/ef.vbs"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.astenterprises.com.pk"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356909/; classtype:trojan-activity;sid:84220009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356803)"; flow:established,from_client; content:"GET"; http_method; content:"/yn5og-40i6-9gu-9hjf.html"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"bj5y6-0f-9h4-9fgg4-1324992141.cos.ap-bangkok.myqcloud.com"; http_host; depth:57; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356803/; classtype:trojan-activity;sid:84219903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356783)"; flow:established,from_client; content:"GET"; http_method; content:"/agent.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"210.125.101.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356783/; classtype:trojan-activity;sid:84219883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356779)"; flow:established,from_client; content:"GET"; http_method; content:"/web/img/231dd3bd495a42b6a479fb7f210ba69b.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"zlonline.oss-cn-shenzhen.aliyuncs.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356779/; classtype:trojan-activity;sid:84219879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356778)"; flow:established,from_client; content:"GET"; http_method; content:"/web/img/231dd3bd495a42b6a479fb7f210ba69b.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"zlonline.oss-cn-shenzhen.aliyuncs.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356778/; classtype:trojan-activity;sid:84219878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356776)"; flow:established,from_client; content:"GET"; http_method; content:"/web/img/090cc5c1a5dc444dbeb0099f36f74657.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"zlonline.oss-cn-shenzhen.aliyuncs.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356776/; classtype:trojan-activity;sid:84219876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356773)"; flow:established,from_client; content:"GET"; http_method; content:"/in/1229.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"uyul.oss-cn-beijing.aliyuncs.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356773/; classtype:trojan-activity;sid:84219873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356774)"; flow:established,from_client; content:"GET"; http_method; content:"/web/img/5142a417d128494b9a9d67961121e943.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"zlonline.oss-cn-shenzhen.aliyuncs.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356774/; classtype:trojan-activity;sid:84219874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356762)"; flow:established,from_client; content:"GET"; http_method; content:"/in/2041.bin"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"uyul.oss-cn-beijing.aliyuncs.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356762/; classtype:trojan-activity;sid:84219862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356765)"; flow:established,from_client; content:"GET"; http_method; content:"/in/d204.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"uyul.oss-cn-beijing.aliyuncs.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356765/; classtype:trojan-activity;sid:84219865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356767)"; flow:established,from_client; content:"GET"; http_method; content:"/store_app/guardservice.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sgz-1302338321.cos.ap-guangzhou.myqcloud.com"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356767/; classtype:trojan-activity;sid:84219867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356768)"; flow:established,from_client; content:"GET"; http_method; content:"/futon"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"weco2.oss-me-east-1.aliyuncs.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356768/; classtype:trojan-activity;sid:84219868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356769)"; flow:established,from_client; content:"GET"; http_method; content:"/qq%e5%8d%8e%e5%a4%8f%e6%9b%b4%e6%96%b0%e6%96%87%e4%bb%b6/%e8%87%aa%e5%8a%a8%e6%9b%b4%e6%96%b0%e8%be%85%e5%8a%a9%e7%a8%8b%e5%ba%8f.exe"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"kuakuawenjian.oss-cn-hangzhou.aliyuncs.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356769/; classtype:trojan-activity;sid:84219869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356771)"; flow:established,from_client; content:"GET"; http_method; content:"/web/img/b0b34b3375b144c680a0456ffdd639a0.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"zlonline.oss-cn-shenzhen.aliyuncs.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356771/; classtype:trojan-activity;sid:84219871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356761)"; flow:established,from_client; content:"GET"; http_method; content:"/smiple_4yue"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"weco2.oss-me-east-1.aliyuncs.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356761/; classtype:trojan-activity;sid:84219861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356754)"; flow:established,from_client; content:"GET"; http_method; content:"/documentations09.html"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"constrainthome080doc-1318069902.cos.ap-chengdu.myqcloud.com"; http_host; depth:59; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356754/; classtype:trojan-activity;sid:84219854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356755)"; flow:established,from_client; content:"GET"; http_method; content:"/test_kbnt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"weco.oss-eu-central-1.aliyuncs.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356755/; classtype:trojan-activity;sid:84219855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356758)"; flow:established,from_client; content:"GET"; http_method; content:"/36hg-04ik6-9j4-9h5.html"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"f3i5-0g49bgn-3h95-1324992141.cos.ap-jakarta.myqcloud.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356758/; classtype:trojan-activity;sid:84219858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356748)"; flow:established,from_client; content:"GET"; http_method; content:"/test_kbnt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"weco.oss-eu-central-1.aliyuncs.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356748/; classtype:trojan-activity;sid:84219848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356750)"; flow:established,from_client; content:"GET"; http_method; content:"/35-0350gh9v-39yh5g.html"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"j-0-09g-9bh-h-ggf-1324992141.cos.ap-bangkok.myqcloud.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356750/; classtype:trojan-activity;sid:84219850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356751)"; flow:established,from_client; content:"GET"; http_method; content:"/simple"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"weco.oss-eu-central-1.aliyuncs.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356751/; classtype:trojan-activity;sid:84219851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356752)"; flow:established,from_client; content:"GET"; http_method; content:"/onerive.html"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"onlinemicrosoft-1318069902.cos.ap-chengdu.myqcloud.com"; http_host; depth:54; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356752/; classtype:trojan-activity;sid:84219852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356581)"; flow:established,from_client; content:"GET"; http_method; content:"/270/audi.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"bruplong.oss-accelerate.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356581/; classtype:trojan-activity;sid:84219681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356165)"; flow:established,from_client; content:"GET"; http_method; content:"/tpinauskas/anticheat/refs/heads/main/amogus.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356165/; classtype:trojan-activity;sid:84219265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356162)"; flow:established,from_client; content:"GET"; http_method; content:"/xevioo/xeviohub/refs/heads/main/critscript.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356162/; classtype:trojan-activity;sid:84219262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356156)"; flow:established,from_client; content:"GET"; http_method; content:"/eliasgay23/123/refs/heads/main/svhost.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356156/; classtype:trojan-activity;sid:84219256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356145)"; flow:established,from_client; content:"GET"; http_method; content:"/ff245185/payload/refs/heads/main/fast%20download.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356145/; classtype:trojan-activity;sid:84219245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356146)"; flow:established,from_client; content:"GET"; http_method; content:"/horiffy/sentil/refs/heads/main/sentil.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356146/; classtype:trojan-activity;sid:84219246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356134)"; flow:established,from_client; content:"GET"; http_method; content:"/pr0xylife/asyncrat/refs/heads/main/asyncrat_09.02.2022.txt"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356134/; classtype:trojan-activity;sid:84219234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356133)"; flow:established,from_client; content:"GET"; http_method; content:"/grozniy1/folder/refs/heads/main/444.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356133/; classtype:trojan-activity;sid:84219233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356129)"; flow:established,from_client; content:"GET"; http_method; content:"/eluwnkaquxi/elcio/refs/heads/main/server1.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356129/; classtype:trojan-activity;sid:84219229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356121)"; flow:established,from_client; content:"GET"; http_method; content:"/mentaliczz/bloxflippredictor-v2/refs/heads/main/bloxflip%20predictor.exe"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356121/; classtype:trojan-activity;sid:84219221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356118)"; flow:established,from_client; content:"GET"; http_method; content:"/deroxs/powerrat-leak/refs/heads/main/powerrat.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356118/; classtype:trojan-activity;sid:84219218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353957)"; flow:established,from_client; content:"GET"; http_method; content:"/rookievip/xx/main/loader.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353957/; classtype:trojan-activity;sid:84217057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353523)"; flow:established,from_client; content:"GET"; http_method; content:"/bo.js"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"myguyapp.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353523/; classtype:trojan-activity;sid:84216623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353524)"; flow:established,from_client; content:"GET"; http_method; content:"/2023_company_data.js"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"myguyapp.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353524/; classtype:trojan-activity;sid:84216624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353517)"; flow:established,from_client; content:"GET"; http_method; content:"/bo.js"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"myguyapp.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353517/; classtype:trojan-activity;sid:84216617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353403)"; flow:established,from_client; content:"GET"; http_method; content:"/fericarr/newky/refs/heads/main/prueba.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353403/; classtype:trojan-activity;sid:84216503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353380)"; flow:established,from_client; content:"GET"; http_method; content:"/valofficial/client-follower/refs/heads/main/client-built.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353380/; classtype:trojan-activity;sid:84216480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353372)"; flow:established,from_client; content:"GET"; http_method; content:"/fengjixuchui/cve-2022-26810/refs/heads/main/shellcode.bin"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353372/; classtype:trojan-activity;sid:84216472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353348)"; flow:established,from_client; content:"GET"; http_method; content:"/deroxs/powerrat-leak/raw/refs/heads/main/powerrat.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353348/; classtype:trojan-activity;sid:84216448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353349)"; flow:established,from_client; content:"GET"; http_method; content:"/resources/js/info2r.txt/"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"188.81.134.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353349/; classtype:trojan-activity;sid:84216449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353345)"; flow:established,from_client; content:"GET"; http_method; content:"/pr0xylife/asyncrat/raw/refs/heads/main/asyncrat_09.02.2022.txt"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353345/; classtype:trojan-activity;sid:84216445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353333)"; flow:established,from_client; content:"GET"; http_method; content:"/dlc_update.data"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"8.138.96.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353333/; classtype:trojan-activity;sid:84216433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353318)"; flow:established,from_client; content:"GET"; http_method; content:"/tacvip/file3.mentah"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353318/; classtype:trojan-activity;sid:84216418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353317)"; flow:established,from_client; content:"GET"; http_method; content:"/sumatra/file3.mentah"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353317/; classtype:trojan-activity;sid:84216417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353316)"; flow:established,from_client; content:"GET"; http_method; content:"/senju/senju_simple_vp.rar"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353316/; classtype:trojan-activity;sid:84216416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353315)"; flow:established,from_client; content:"GET"; http_method; content:"/fvc/injek3.mentah"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353315/; classtype:trojan-activity;sid:84216415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353310)"; flow:established,from_client; content:"GET"; http_method; content:"/samarinda/simple3.mentah"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353310/; classtype:trojan-activity;sid:84216410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353307)"; flow:established,from_client; content:"GET"; http_method; content:"/xacker-volk/justmyrat/refs/heads/main/njrat%20dangerous.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353307/; classtype:trojan-activity;sid:84216407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353301)"; flow:established,from_client; content:"GET"; http_method; content:"/enjoyers/injeksimple3.mentah"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353301/; classtype:trojan-activity;sid:84216401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353296)"; flow:established,from_client; content:"GET"; http_method; content:"/samarinda/file3.mentah"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353296/; classtype:trojan-activity;sid:84216396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353297)"; flow:established,from_client; content:"GET"; http_method; content:"/vvipejy/vvipejy_hard_vp.rar"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353297/; classtype:trojan-activity;sid:84216397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353298)"; flow:established,from_client; content:"GET"; http_method; content:"/sumatra/simple3.mentah"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353298/; classtype:trojan-activity;sid:84216398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353299)"; flow:established,from_client; content:"GET"; http_method; content:"/fvc/file3.mentah"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353299/; classtype:trojan-activity;sid:84216399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353294)"; flow:established,from_client; content:"GET"; http_method; content:"/samarinda/injekkey.mentah"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353294/; classtype:trojan-activity;sid:84216394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353295)"; flow:established,from_client; content:"GET"; http_method; content:"/fvc/simple3.mentah"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353295/; classtype:trojan-activity;sid:84216395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353285)"; flow:established,from_client; content:"GET"; http_method; content:"/tacvip/injek3.mentah"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353285/; classtype:trojan-activity;sid:84216385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353286)"; flow:established,from_client; content:"GET"; http_method; content:"/egn/injek3.mentah"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353286/; classtype:trojan-activity;sid:84216386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353287)"; flow:established,from_client; content:"GET"; http_method; content:"/xcd/injeksimple3.mentah"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353287/; classtype:trojan-activity;sid:84216387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353288)"; flow:established,from_client; content:"GET"; http_method; content:"/sumatra/injeksimple3.mentah"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353288/; classtype:trojan-activity;sid:84216388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353289)"; flow:established,from_client; content:"GET"; http_method; content:"/samarinda/injek3.mentah"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353289/; classtype:trojan-activity;sid:84216389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353290)"; flow:established,from_client; content:"GET"; http_method; content:"/vvipejy/injek3.mentah"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353290/; classtype:trojan-activity;sid:84216390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353291)"; flow:established,from_client; content:"GET"; http_method; content:"/vvipejy/vvipejy_simple_vp.rar"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353291/; classtype:trojan-activity;sid:84216391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353292)"; flow:established,from_client; content:"GET"; http_method; content:"/enjoyers/simple3.mentah"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353292/; classtype:trojan-activity;sid:84216392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353284)"; flow:established,from_client; content:"GET"; http_method; content:"/egn/injeksimple3.mentah"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353284/; classtype:trojan-activity;sid:84216384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353280)"; flow:established,from_client; content:"GET"; http_method; content:"/xcd/injek3.mentah"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353280/; classtype:trojan-activity;sid:84216380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353281)"; flow:established,from_client; content:"GET"; http_method; content:"/sumatra/injek3.mentah"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353281/; classtype:trojan-activity;sid:84216381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353282)"; flow:established,from_client; content:"GET"; http_method; content:"/e991/injeksimple3.mentah"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353282/; classtype:trojan-activity;sid:84216382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353283)"; flow:established,from_client; content:"GET"; http_method; content:"/fvc/injeksimple3.mentah"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353283/; classtype:trojan-activity;sid:84216383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353278)"; flow:established,from_client; content:"GET"; http_method; content:"/xnn/injek3.mentah"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353278/; classtype:trojan-activity;sid:84216378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353275)"; flow:established,from_client; content:"GET"; http_method; content:"/vvipejy/injeksimple3.mentah"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353275/; classtype:trojan-activity;sid:84216375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353271)"; flow:established,from_client; content:"GET"; http_method; content:"/samarinda/injeksimple3.mentah"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353271/; classtype:trojan-activity;sid:84216371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353266)"; flow:established,from_client; content:"GET"; http_method; content:"/chromedriver.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353266/; classtype:trojan-activity;sid:84216366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353265)"; flow:established,from_client; content:"GET"; http_method; content:"/libccc.zip.tar"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353265/; classtype:trojan-activity;sid:84216365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353264)"; flow:established,from_client; content:"GET"; http_method; content:"/zddtxxyxb.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353264/; classtype:trojan-activity;sid:84216364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353263)"; flow:established,from_client; content:"GET"; http_method; content:"/xc.zip"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353263/; classtype:trojan-activity;sid:84216363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353262)"; flow:established,from_client; content:"GET"; http_method; content:"/vmpwn.7z"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353262/; classtype:trojan-activity;sid:84216362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353261)"; flow:established,from_client; content:"GET"; http_method; content:"/without_hook.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353261/; classtype:trojan-activity;sid:84216361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353260)"; flow:established,from_client; content:"GET"; http_method; content:"/tinynote.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353260/; classtype:trojan-activity;sid:84216360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353257)"; flow:established,from_client; content:"GET"; http_method; content:"/ez_kiwi.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353257/; classtype:trojan-activity;sid:84216357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353253)"; flow:established,from_client; content:"GET"; http_method; content:"/musl-dbgsym_1.2.2-1_amd64.ddeb"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353253/; classtype:trojan-activity;sid:84216353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353254)"; flow:established,from_client; content:"GET"; http_method; content:"/eznoted2b1405e.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353254/; classtype:trojan-activity;sid:84216354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353255)"; flow:established,from_client; content:"GET"; http_method; content:"/pig.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353255/; classtype:trojan-activity;sid:84216355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353256)"; flow:established,from_client; content:"GET"; http_method; content:"/husk.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353256/; classtype:trojan-activity;sid:84216356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353250)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/billi_e58d74e455634dc695ed8a7b8b320325.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353250/; classtype:trojan-activity;sid:84216350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353251)"; flow:established,from_client; content:"GET"; http_method; content:"/master.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"92.127.156.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353251/; classtype:trojan-activity;sid:84216351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353242)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/billi_e58d74e455634dc695ed8a7b8b320325.exe.dom_1.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353242/; classtype:trojan-activity;sid:84216342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353243)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimispool.dll"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353243/; classtype:trojan-activity;sid:84216343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353244)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/billi_e58d74e455634dc695ed8a7b8b320325.exe.dom_2.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353244/; classtype:trojan-activity;sid:84216344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353246)"; flow:established,from_client; content:"GET"; http_method; content:"//google.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"85.25.72.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353246/; classtype:trojan-activity;sid:84216346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353238)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/billi_e58d74e455634dc695ed8a7b8b320325.exe.upx.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353238/; classtype:trojan-activity;sid:84216338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353234)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimikatz.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353234/; classtype:trojan-activity;sid:84216334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353235)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimilib.dll"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353235/; classtype:trojan-activity;sid:84216335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353227)"; flow:established,from_client; content:"GET"; http_method; content:"/ez_kiwi"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353227/; classtype:trojan-activity;sid:84216327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353216)"; flow:established,from_client; content:"GET"; http_method; content:"//chromesetup.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"85.25.72.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353216/; classtype:trojan-activity;sid:84216316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353204)"; flow:established,from_client; content:"GET"; http_method; content:"/wp.ps1"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"92.127.156.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353204/; classtype:trojan-activity;sid:84216304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353206)"; flow:established,from_client; content:"GET"; http_method; content:"/e991/injek3.mentah"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353206/; classtype:trojan-activity;sid:84216306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353208)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.248.194.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353208/; classtype:trojan-activity;sid:84216308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353199)"; flow:established,from_client; content:"GET"; http_method; content:"/unicorn-2.0.0rc7.dist-info/record"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353199/; classtype:trojan-activity;sid:84216299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353189)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimilove.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353189/; classtype:trojan-activity;sid:84216289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353190)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimidrv.sys"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353190/; classtype:trojan-activity;sid:84216290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353192)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/x64/mimispool.dll"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353192/; classtype:trojan-activity;sid:84216292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353178)"; flow:established,from_client; content:"GET"; http_method; content:"/husk.py"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353178/; classtype:trojan-activity;sid:84216278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353175)"; flow:established,from_client; content:"GET"; http_method; content:"/2022%e7%bd%91%e9%bc%8e%e6%9d%af%e5%8d%8a%e5%86%b3%e8%b5%9b.7z"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353175/; classtype:trojan-activity;sid:84216275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353123)"; flow:established,from_client; content:"GET"; http_method; content:"/cqhack/ddos-script/refs/heads/master/cqhack.pl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353123/; classtype:trojan-activity;sid:84216223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352827)"; flow:established,from_client; content:"GET"; http_method; content:"/h3qq"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"43.153.222.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352827/; classtype:trojan-activity;sid:84215927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352828)"; flow:established,from_client; content:"GET"; http_method; content:"/c9ul"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"43.153.222.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352828/; classtype:trojan-activity;sid:84215928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352829)"; flow:established,from_client; content:"GET"; http_method; content:"/4kkr"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"43.153.222.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352829/; classtype:trojan-activity;sid:84215929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352830)"; flow:established,from_client; content:"GET"; http_method; content:"/f4nu"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"43.153.222.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352830/; classtype:trojan-activity;sid:84215930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352831)"; flow:established,from_client; content:"GET"; http_method; content:"/qpc9"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"43.153.222.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352831/; classtype:trojan-activity;sid:84215931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352821)"; flow:established,from_client; content:"GET"; http_method; content:"/kaijiorder/cert/2a.hta"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.92.99.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352821/; classtype:trojan-activity;sid:84215921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352586)"; flow:established,from_client; content:"GET"; http_method; content:"/comitheicon/volatus0.5/refs/heads/main/volatus0.5.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352586/; classtype:trojan-activity;sid:84215686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352459)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"165.154.244.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352459/; classtype:trojan-activity;sid:84215559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352356)"; flow:established,from_client; content:"GET"; http_method; content:"/k53xupn43/i965652f/raw/main/exclude.ps1"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352356/; classtype:trojan-activity;sid:84215456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352353)"; flow:established,from_client; content:"GET"; http_method; content:"/k53xupn43/i965652f/raw/main/svhost.vbs"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352353/; classtype:trojan-activity;sid:84215453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352354)"; flow:established,from_client; content:"GET"; http_method; content:"/k53xupn43/i965652f/raw/main/m.ps1"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352354/; classtype:trojan-activity;sid:84215454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352352)"; flow:established,from_client; content:"GET"; http_method; content:"/k53xupn43/i965652f/raw/main/e.ps1"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352352/; classtype:trojan-activity;sid:84215452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352351)"; flow:established,from_client; content:"GET"; http_method; content:"/k53xupn43/i965652f/refs/heads/main/m.ps1"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352351/; classtype:trojan-activity;sid:84215451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351932)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=12jgde-soib4liipbdhs55vkz7ek8_ua6"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351932/; classtype:trojan-activity;sid:84215032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351859)"; flow:established,from_client; content:"GET"; http_method; content:"/felikzig/wdt/raw/refs/heads/main/collosalloader.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351859/; classtype:trojan-activity;sid:84214959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351820)"; flow:established,from_client; content:"GET"; http_method; content:"/valofficial/client-follower/raw/refs/heads/main/client-built.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351820/; classtype:trojan-activity;sid:84214920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351813)"; flow:established,from_client; content:"GET"; http_method; content:"/tpinauskas/anticheat/raw/refs/heads/main/amogus.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351813/; classtype:trojan-activity;sid:84214913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351478)"; flow:established,from_client; content:"GET"; http_method; content:"/ijeuwaesika/nna/raw/refs/heads/main/ifiinms.txt"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351478/; classtype:trojan-activity;sid:84214578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351477)"; flow:established,from_client; content:"GET"; http_method; content:"/fsabxh/sfdawsdawdaw/raw/refs/heads/main/serials_checker.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351477/; classtype:trojan-activity;sid:84214577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351462)"; flow:established,from_client; content:"GET"; http_method; content:"/eluwnkaquxi/elcio/raw/refs/heads/main/server1.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351462/; classtype:trojan-activity;sid:84214562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351458)"; flow:established,from_client; content:"GET"; http_method; content:"/eliasgay23/123/raw/refs/heads/main/svhost.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351458/; classtype:trojan-activity;sid:84214558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351430)"; flow:established,from_client; content:"GET"; http_method; content:"/xevioo/xeviohub/raw/refs/heads/main/critscript.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351430/; classtype:trojan-activity;sid:84214530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351428)"; flow:established,from_client; content:"GET"; http_method; content:"/grozniy1/folder/raw/refs/heads/main/444.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351428/; classtype:trojan-activity;sid:84214528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351402)"; flow:established,from_client; content:"GET"; http_method; content:"/horiffy/sentil/raw/refs/heads/main/sentil.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351402/; classtype:trojan-activity;sid:84214502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351383)"; flow:established,from_client; content:"GET"; http_method; content:"/theairblow/theairblow/raw/refs/heads/main/njrat.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351383/; classtype:trojan-activity;sid:84214483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351377)"; flow:established,from_client; content:"GET"; http_method; content:"/ff245185/payload/raw/refs/heads/main/fast%20download.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351377/; classtype:trojan-activity;sid:84214477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351381)"; flow:established,from_client; content:"GET"; http_method; content:"/mentaliczz/bloxflippredictor-v2/raw/refs/heads/main/bloxflip%20predictor.exe"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351381/; classtype:trojan-activity;sid:84214481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351350)"; flow:established,from_client; content:"GET"; http_method; content:"/xacker-volk/justmyrat/raw/refs/heads/main/njrat%20dangerous.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351350/; classtype:trojan-activity;sid:84214450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351320)"; flow:established,from_client; content:"GET"; http_method; content:"/fericarr/newky/raw/refs/heads/main/prueba.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351320/; classtype:trojan-activity;sid:84214420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351297)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/rust-reverse-shell/raw/refs/heads/main/shellcode.bin"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351297/; classtype:trojan-activity;sid:84214397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351259)"; flow:established,from_client; content:"GET"; http_method; content:"/fengjixuchui/cve-2022-26810/raw/refs/heads/main/shellcode.bin"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351259/; classtype:trojan-activity;sid:84214359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349063)"; flow:established,from_client; content:"GET"; http_method; content:"/dzakc3wag/raw/upload/v1734112417/uploaded_textfile"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"res.cloudinary.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349063/; classtype:trojan-activity;sid:84212163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348217)"; flow:established,from_client; content:"GET"; http_method; content:"/attatier/cloud/main/testexe.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348217/; classtype:trojan-activity;sid:84211317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347308)"; flow:established,from_client; content:"GET"; http_method; content:"/component/vc2005sp1redist_x86.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"windriversfiles.imeitools.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347308/; classtype:trojan-activity;sid:84210408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346530)"; flow:established,from_client; content:"GET"; http_method; content:"/whoafg/problemonfmech/refs/heads/main/client.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346530/; classtype:trojan-activity;sid:84209630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346031)"; flow:established,from_client; content:"GET"; http_method; content:"/templates1/js/mixitup.js"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"autoiwc.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346031/; classtype:trojan-activity;sid:84209131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346026)"; flow:established,from_client; content:"GET"; http_method; content:"/kaijiorder/cert/41a1111.hta"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"182.92.99.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346026/; classtype:trojan-activity;sid:84209126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346020)"; flow:established,from_client; content:"GET"; http_method; content:"/leemurray751/testing/refs/heads/main/testingfile.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346020/; classtype:trojan-activity;sid:84209120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346000)"; flow:established,from_client; content:"GET"; http_method; content:"/leemurray751/testing/raw/refs/heads/main/testingfile.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346000/; classtype:trojan-activity;sid:84209100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345089)"; flow:established,from_client; content:"GET"; http_method; content:"/n00b69/woasetup/releases/download/installers/dxwebsetup.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345089/; classtype:trojan-activity;sid:84208189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345076)"; flow:established,from_client; content:"GET"; http_method; content:"/kaijiorder/cert/2a.hta"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.92.99.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345076/; classtype:trojan-activity;sid:84208176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345062)"; flow:established,from_client; content:"GET"; http_method; content:"/ys558pd/start.hta"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"device.redirec.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345062/; classtype:trojan-activity;sid:84208162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3344216)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.x86"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3344216/; classtype:trojan-activity;sid:84207316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3344177)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm5"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3344177/; classtype:trojan-activity;sid:84207277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3344172)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm7"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3344172/; classtype:trojan-activity;sid:84207272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3344116)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.ppc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3344116/; classtype:trojan-activity;sid:84207216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3344054)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.mpsl"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3344054/; classtype:trojan-activity;sid:84207154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3344015)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.sh4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3344015/; classtype:trojan-activity;sid:84207115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3343939)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm6"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3343939/; classtype:trojan-activity;sid:84207039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3343827)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3343827/; classtype:trojan-activity;sid:84206927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3343814)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.m68k"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3343814/; classtype:trojan-activity;sid:84206914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3343669)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.mips"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3343669/; classtype:trojan-activity;sid:84206769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340580)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hax.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340580/; classtype:trojan-activity;sid:84203680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340578)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hax.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340578/; classtype:trojan-activity;sid:84203678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340577)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hax.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340577/; classtype:trojan-activity;sid:84203677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340567)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hax.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340567/; classtype:trojan-activity;sid:84203667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340568)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hax.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340568/; classtype:trojan-activity;sid:84203668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340569)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hax.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340569/; classtype:trojan-activity;sid:84203669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340570)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hax.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340570/; classtype:trojan-activity;sid:84203670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340573)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hax.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340573/; classtype:trojan-activity;sid:84203673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340575)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hax.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340575/; classtype:trojan-activity;sid:84203675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340576)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hax.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340576/; classtype:trojan-activity;sid:84203676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340440)"; flow:established,from_client; content:"GET"; http_method; content:"/dis3j/wagnerhook/releases/download/release/loader.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340440/; classtype:trojan-activity;sid:84203540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340399)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/xbest%20v1.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340399/; classtype:trojan-activity;sid:84203499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340398)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/complexo%20v4.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340398/; classtype:trojan-activity;sid:84203498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340395)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/box3d.dll"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340395/; classtype:trojan-activity;sid:84203495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340396)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/lkwan.dll"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340396/; classtype:trojan-activity;sid:84203496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340397)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/flunix9.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340397/; classtype:trojan-activity;sid:84203497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340392)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/elzhas%20pannel.dll"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340392/; classtype:trojan-activity;sid:84203492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340393)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/morovip.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340393/; classtype:trojan-activity;sid:84203493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340394)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/hazaxd.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340394/; classtype:trojan-activity;sid:84203494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340391)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/xbest.dll"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340391/; classtype:trojan-activity;sid:84203491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340390)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/blue_and_white.dll"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340390/; classtype:trojan-activity;sid:84203490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340363)"; flow:established,from_client; content:"GET"; http_method; content:"/huuuuggga/aaaaa1/refs/heads/main/srtware.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340363/; classtype:trojan-activity;sid:84203463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339252)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.136.225.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339252/; classtype:trojan-activity;sid:84202352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339245)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.138.107.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339245/; classtype:trojan-activity;sid:84202345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339240)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.233.95.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339240/; classtype:trojan-activity;sid:84202340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339236)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.15.137.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339236/; classtype:trojan-activity;sid:84202336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339229)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"197.232.133.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339229/; classtype:trojan-activity;sid:84202329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339230)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.12.157.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339230/; classtype:trojan-activity;sid:84202330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339216)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.136.193.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339216/; classtype:trojan-activity;sid:84202316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339221)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.93.83.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339221/; classtype:trojan-activity;sid:84202321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339222)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.43.6.118"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339222/; classtype:trojan-activity;sid:84202322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339209)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.96.1.233"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339209/; classtype:trojan-activity;sid:84202309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339202)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.34.205.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339202/; classtype:trojan-activity;sid:84202302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339193)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.115.101.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339193/; classtype:trojan-activity;sid:84202293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339181)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.236.133.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339181/; classtype:trojan-activity;sid:84202281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339182)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"210.208.104.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339182/; classtype:trojan-activity;sid:84202282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339168)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.110.204.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339168/; classtype:trojan-activity;sid:84202268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339161)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.220.123.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339161/; classtype:trojan-activity;sid:84202261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339162)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.233.125.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339162/; classtype:trojan-activity;sid:84202262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339152)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.164.191.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339152/; classtype:trojan-activity;sid:84202252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339133)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"154.126.186.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339133/; classtype:trojan-activity;sid:84202233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339119)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"216.155.92.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339119/; classtype:trojan-activity;sid:84202219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339124)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.87.31.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339124/; classtype:trojan-activity;sid:84202224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339126)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.236.135.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339126/; classtype:trojan-activity;sid:84202226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339127)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"173.178.94.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339127/; classtype:trojan-activity;sid:84202227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339116)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.225.179.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339116/; classtype:trojan-activity;sid:84202216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339113)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"207.113.208.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339113/; classtype:trojan-activity;sid:84202213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339114)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.245.78.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339114/; classtype:trojan-activity;sid:84202214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339106)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.43.6.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339106/; classtype:trojan-activity;sid:84202206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339109)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.84.39.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339109/; classtype:trojan-activity;sid:84202209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339096)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"177.103.184.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339096/; classtype:trojan-activity;sid:84202196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339082)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.154.209.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339082/; classtype:trojan-activity;sid:84202182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339061)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.153.52.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339061/; classtype:trojan-activity;sid:84202161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338920)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.137.114.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338920/; classtype:trojan-activity;sid:84202020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338856)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.153.222.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338856/; classtype:trojan-activity;sid:84201956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338755)"; flow:established,from_client; content:"GET"; http_method; content:"/l0venxn22/eulenmodmenu/main/loader.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338755/; classtype:trojan-activity;sid:84201855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338712)"; flow:established,from_client; content:"GET"; http_method; content:"/hostfile/taptin/game.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"update.volam2005pk.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338712/; classtype:trojan-activity;sid:84201812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338655)"; flow:established,from_client; content:"GET"; http_method; content:"/hostfile/taptin/autoupdate.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"update.volam2005pk.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338655/; classtype:trojan-activity;sid:84201755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338656)"; flow:established,from_client; content:"GET"; http_method; content:"/kabot/unix-privilege-escalation-exploits-pack/master/2012/vmsplice-local-root-exploit"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338656/; classtype:trojan-activity;sid:84201756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338557)"; flow:established,from_client; content:"GET"; http_method; content:"/net/boot.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"quanlyphongnet.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338557/; classtype:trojan-activity;sid:84201657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338560)"; flow:established,from_client; content:"GET"; http_method; content:"/ga13372/jv/main/javaw.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338560/; classtype:trojan-activity;sid:84201660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338554)"; flow:established,from_client; content:"GET"; http_method; content:"/jhpatchouli/payload/raw/master/artifact.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"gitee.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338554/; classtype:trojan-activity;sid:84201654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338548)"; flow:established,from_client; content:"GET"; http_method; content:"/nicxlau/alfa-shell/master/alfa-obfuscated.php"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338548/; classtype:trojan-activity;sid:84201648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338507)"; flow:established,from_client; content:"GET"; http_method; content:"/aissardp/payload/main/payload.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338507/; classtype:trojan-activity;sid:84201607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338505)"; flow:established,from_client; content:"GET"; http_method; content:"/cracker1337uwu/rrr/main/bypass.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338505/; classtype:trojan-activity;sid:84201605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338499)"; flow:established,from_client; content:"GET"; http_method; content:"/g1vi/cve-2023-2640-cve-2023-32629/main/exploit.sh"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338499/; classtype:trojan-activity;sid:84201599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338493)"; flow:established,from_client; content:"GET"; http_method; content:"/nguyenmanmkt/repo1/main/exploit-2"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338493/; classtype:trojan-activity;sid:84201593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338492)"; flow:established,from_client; content:"GET"; http_method; content:"/leetcipher/malware.development/main/self-injection/self-injection.exe"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338492/; classtype:trojan-activity;sid:84201592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338487)"; flow:established,from_client; content:"GET"; http_method; content:"/cyberhunter00/remote_hijack/master/uac_bypass.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338487/; classtype:trojan-activity;sid:84201587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338473)"; flow:established,from_client; content:"GET"; http_method; content:"/fromfranceanb/d46c38bce2b0d9c6hcffa6baea82ece29fa6d238/main/injection.js"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338473/; classtype:trojan-activity;sid:84201573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338475)"; flow:established,from_client; content:"GET"; http_method; content:"/cocomelonc/2022-01-14-malware-injection-13/master/hack.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338475/; classtype:trojan-activity;sid:84201575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338467)"; flow:established,from_client; content:"GET"; http_method; content:"/fxtazz/injection/main/index.js"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338467/; classtype:trojan-activity;sid:84201567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338471)"; flow:established,from_client; content:"GET"; http_method; content:"/leetcipher/malware.development/main/process-injection/process-injection.exe"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338471/; classtype:trojan-activity;sid:84201571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338451)"; flow:established,from_client; content:"GET"; http_method; content:"/sixaknow/uac_bypass_/main/module_377498327498dcxvc32434.dll"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338451/; classtype:trojan-activity;sid:84201551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338443)"; flow:established,from_client; content:"GET"; http_method; content:"/pistacchietto/win-python-backdoor/master/standalone_payload.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338443/; classtype:trojan-activity;sid:84201543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338434)"; flow:established,from_client; content:"GET"; http_method; content:"/sanzaz/phantomious/main/injection-clean.js"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338434/; classtype:trojan-activity;sid:84201534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337794)"; flow:established,from_client; content:"GET"; http_method; content:"/ty9989/f/zip/refs/heads/main"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337794/; classtype:trojan-activity;sid:84200894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337795)"; flow:established,from_client; content:"GET"; http_method; content:"/ty9989/c/zip/refs/heads/main"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337795/; classtype:trojan-activity;sid:84200895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337796)"; flow:established,from_client; content:"GET"; http_method; content:"/ty9989/u/zip/refs/heads/main"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337796/; classtype:trojan-activity;sid:84200896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337797)"; flow:established,from_client; content:"GET"; http_method; content:"/ty9989/i/zip/refs/heads/main"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337797/; classtype:trojan-activity;sid:84200897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337035)"; flow:established,from_client; content:"GET"; http_method; content:"/rahmoundll/kak/main/glew64.dll"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337035/; classtype:trojan-activity;sid:84200135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337026)"; flow:established,from_client; content:"GET"; http_method; content:"/nkaslq1/ankrnl/refs/heads/main/alphatweaks.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337026/; classtype:trojan-activity;sid:84200126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337032)"; flow:established,from_client; content:"GET"; http_method; content:"/haa15/driver-shitty/main/kdmapper_release.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337032/; classtype:trojan-activity;sid:84200132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337015)"; flow:established,from_client; content:"GET"; http_method; content:"/v0lt/virtualdub2/releases/download/2.1.3/virtualdub2_v2.1.3.667_win32.7z"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337015/; classtype:trojan-activity;sid:84200115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337012)"; flow:established,from_client; content:"GET"; http_method; content:"/cgmb/update.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"update.cg100iii.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337012/; classtype:trojan-activity;sid:84200112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337010)"; flow:established,from_client; content:"GET"; http_method; content:"/cgpro/update.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"update.cg100iii.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337010/; classtype:trojan-activity;sid:84200110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337004)"; flow:established,from_client; content:"GET"; http_method; content:"/skibidixelaina/wuselaina/raw/refs/heads/main/build.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337004/; classtype:trojan-activity;sid:84200104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336992)"; flow:established,from_client; content:"GET"; http_method; content:"/keygroup777-ransomware/downloader/refs/heads/main/taskmoder.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336992/; classtype:trojan-activity;sid:84200092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336993)"; flow:established,from_client; content:"GET"; http_method; content:"/z-beam/movaflag/releases/download/1.0.2/mova.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336993/; classtype:trojan-activity;sid:84200093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336990)"; flow:established,from_client; content:"GET"; http_method; content:"/keygroup777-ransomware/downloader/refs/heads/main/cssgo.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336990/; classtype:trojan-activity;sid:84200090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336987)"; flow:established,from_client; content:"GET"; http_method; content:"/net/boot.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"quanlyphongnet.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336987/; classtype:trojan-activity;sid:84200087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336983)"; flow:established,from_client; content:"GET"; http_method; content:"/keygroup777-ransomware/downloader/raw/refs/heads/main/black.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336983/; classtype:trojan-activity;sid:84200083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336095)"; flow:established,from_client; content:"GET"; http_method; content:"/stubgenerator/stub/main/stub.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336095/; classtype:trojan-activity;sid:84199195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336094)"; flow:established,from_client; content:"GET"; http_method; content:"/xacker-volk/justmyrat/main/stub.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336094/; classtype:trojan-activity;sid:84199194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336077)"; flow:established,from_client; content:"GET"; http_method; content:"/nikolaevich23/make-pkg-bat/master/setup.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336077/; classtype:trojan-activity;sid:84199177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336072)"; flow:established,from_client; content:"GET"; http_method; content:"/eirxne/valorant-axeprime/main/axeprime.dll"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336072/; classtype:trojan-activity;sid:84199172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336068)"; flow:established,from_client; content:"GET"; http_method; content:"/stephenfewer/reflectivedllinjection/refs/heads/master/bin/reflective_dll.dll"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336068/; classtype:trojan-activity;sid:84199168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336058)"; flow:established,from_client; content:"GET"; http_method; content:"/anessdev/talha/main/talha.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336058/; classtype:trojan-activity;sid:84199158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336051)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"210.125.101.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336051/; classtype:trojan-activity;sid:84199151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336049)"; flow:established,from_client; content:"GET"; http_method; content:"/sqrtzeroknowledge/xworm-trojan/zip/refs/heads/main"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336049/; classtype:trojan-activity;sid:84199149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335208)"; flow:established,from_client; content:"GET"; http_method; content:"/barrigudinha157/barrigudinha/master/rage.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335208/; classtype:trojan-activity;sid:84198308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335209)"; flow:established,from_client; content:"GET"; http_method; content:"/img/rm0xpx/"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"jobcity.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335209/; classtype:trojan-activity;sid:84198309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335149)"; flow:established,from_client; content:"GET"; http_method; content:"/docs/2018-11/20181122103207926164.doc"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"xww.bucea.edu.cn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335149/; classtype:trojan-activity;sid:84198249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335154)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/statement/ul397wfyb/"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335154/; classtype:trojan-activity;sid:84198254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335142)"; flow:established,from_client; content:"GET"; http_method; content:"/net/run.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"quanlyphongnet.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335142/; classtype:trojan-activity;sid:84198242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335132)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/hl8-8w4cs-6325/"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"reifenquick.de"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335132/; classtype:trojan-activity;sid:84198232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335123)"; flow:established,from_client; content:"GET"; http_method; content:"/krepej/dubelya/s-shurupom/6-40-40-sht"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"m.bal-stroi.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335123/; classtype:trojan-activity;sid:84198223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335119)"; flow:established,from_client; content:"GET"; http_method; content:"/mytime/files/3.3.7.0/mytime.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"down.ruanmei.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335119/; classtype:trojan-activity;sid:84198219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335118)"; flow:established,from_client; content:"GET"; http_method; content:"/cg70/update.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"update.cg100iii.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335118/; classtype:trojan-activity;sid:84198218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335096)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/closed_957176_mxqsdoj6a4iz/close_warehouse/ql55hnq09iyn6lm_334stxvw03wyv/"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335096/; classtype:trojan-activity;sid:84198196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335094)"; flow:established,from_client; content:"GET"; http_method; content:"/misc/tools/exporttabletester.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"ximonite.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335094/; classtype:trojan-activity;sid:84198194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335074)"; flow:established,from_client; content:"GET"; http_method; content:"/_upload/article/files/90/f4/62d98f264ab0abc4a1f14a32607a/089c9dc1-8248-47b5-b35d-310cd70469b4.doc"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"hhbs.hhu.edu.cn"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335074/; classtype:trojan-activity;sid:84198174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333897)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.dbg"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333897/; classtype:trojan-activity;sid:84196997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333896)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333896/; classtype:trojan-activity;sid:84196996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333895)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333895/; classtype:trojan-activity;sid:84196995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333657)"; flow:established,from_client; content:"GET"; http_method; content:"/namblack666/zxqqw/refs/heads/main/main.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333657/; classtype:trojan-activity;sid:84196757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333658)"; flow:established,from_client; content:"GET"; http_method; content:"/namblack666/zxqqw/refs/heads/main/main1.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333658/; classtype:trojan-activity;sid:84196758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333656)"; flow:established,from_client; content:"GET"; http_method; content:"/nam-black/moneyandbitch/refs/heads/main/main1.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333656/; classtype:trojan-activity;sid:84196756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333651)"; flow:established,from_client; content:"GET"; http_method; content:"/nam-black/moneyandbitch/raw/refs/heads/main/main1.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333651/; classtype:trojan-activity;sid:84196751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333527)"; flow:established,from_client; content:"GET"; http_method; content:"/apk/pthlearning.apk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"chinaapper.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333527/; classtype:trojan-activity;sid:84196627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333522)"; flow:established,from_client; content:"GET"; http_method; content:"/azertyuiopexe/fud-crypter/zip/refs/heads/main"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333522/; classtype:trojan-activity;sid:84196622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333521)"; flow:established,from_client; content:"GET"; http_method; content:"/joh81/exploi01/main/document.zip"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333521/; classtype:trojan-activity;sid:84196621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333518)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.8"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333518/; classtype:trojan-activity;sid:84196618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333513)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.10"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333513/; classtype:trojan-activity;sid:84196613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333514)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.3"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333514/; classtype:trojan-activity;sid:84196614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333511)"; flow:established,from_client; content:"GET"; http_method; content:"/hwangyounggul33/windows10/refs/heads/main/privacypolicy.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333511/; classtype:trojan-activity;sid:84196611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333509)"; flow:established,from_client; content:"GET"; http_method; content:"/caocaocc/yacd/zip/refs/heads/gh-pages"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333509/; classtype:trojan-activity;sid:84196609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333510)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.9.2"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333510/; classtype:trojan-activity;sid:84196610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333508)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.11"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333508/; classtype:trojan-activity;sid:84196608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333499)"; flow:established,from_client; content:"GET"; http_method; content:"/fericarr/newky/refs/heads/main/agentnov.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333499/; classtype:trojan-activity;sid:84196599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333502)"; flow:established,from_client; content:"GET"; http_method; content:"/cirosantilli/china-dictatorship/zip/refs/heads/master"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333502/; classtype:trojan-activity;sid:84196602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333503)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.zip/refs/tags/0.8.1"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333503/; classtype:trojan-activity;sid:84196603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333495)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.5"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333495/; classtype:trojan-activity;sid:84196595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333496)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.7"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333496/; classtype:trojan-activity;sid:84196596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333493)"; flow:established,from_client; content:"GET"; http_method; content:"/d-7uble/invoke-phant0m/zip/refs/heads/master"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333493/; classtype:trojan-activity;sid:84196593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333494)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.zip/refs/tags/0.7.1"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333494/; classtype:trojan-activity;sid:84196594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333489)"; flow:established,from_client; content:"GET"; http_method; content:"/54n4l/mimikatzwindows/zip/refs/heads/master"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333489/; classtype:trojan-activity;sid:84196589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333485)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.9"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333485/; classtype:trojan-activity;sid:84196585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333482)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.9.1"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333482/; classtype:trojan-activity;sid:84196582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333481)"; flow:established,from_client; content:"GET"; http_method; content:"/crowly-ai/hello-world/refs/heads/main/zubovlekciya.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333481/; classtype:trojan-activity;sid:84196581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333479)"; flow:established,from_client; content:"GET"; http_method; content:"/heresfilly09-9/fornova/main/svchost.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333479/; classtype:trojan-activity;sid:84196579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333470)"; flow:established,from_client; content:"GET"; http_method; content:"/bloodhoundad/bloodhound/master/collectors/sharphound.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333470/; classtype:trojan-activity;sid:84196570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333458)"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/down/calendar/setup.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"ojang.pe.kr"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333458/; classtype:trojan-activity;sid:84196558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333457)"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/down/calendar.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"ojang.pe.kr"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333457/; classtype:trojan-activity;sid:84196557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333456)"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/down/jeditor/jeditor.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"ojang.pe.kr"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333456/; classtype:trojan-activity;sid:84196556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333439)"; flow:established,from_client; content:"GET"; http_method; content:"/ytisf/thezoo/refs/heads/master/malware/binaries/ransomware.wannacry/ransomware.wannacry.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333439/; classtype:trojan-activity;sid:84196539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333435)"; flow:established,from_client; content:"GET"; http_method; content:"/newlog/exploiting/refs/heads/master/training/windows/practical_malware_analysis/labs/chapter_1l/lab01-02.exe"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333435/; classtype:trojan-activity;sid:84196535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333369)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/donut.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333369/; classtype:trojan-activity;sid:84196469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333359)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333359/; classtype:trojan-activity;sid:84196459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333355)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.i686"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333355/; classtype:trojan-activity;sid:84196455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333357)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333357/; classtype:trojan-activity;sid:84196457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333350)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/raw/master/donut.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333350/; classtype:trojan-activity;sid:84196450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333351)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333351/; classtype:trojan-activity;sid:84196451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333352)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333352/; classtype:trojan-activity;sid:84196452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333353)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333353/; classtype:trojan-activity;sid:84196453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333343)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333343/; classtype:trojan-activity;sid:84196443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333322)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333322/; classtype:trojan-activity;sid:84196422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333321)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/17793058/lg246dre.txt"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333321/; classtype:trojan-activity;sid:84196421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333316)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333316/; classtype:trojan-activity;sid:84196416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333317)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333317/; classtype:trojan-activity;sid:84196417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333279)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/jtdamhd5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333279/; classtype:trojan-activity;sid:84196379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332955)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/files/9/%e2%98%85%ec%a0%9c%ed%92%88%ec%82%ac%ec%9a%a9%ec%a0%84%20%ed%95%84%ec%88%98%ec%85%8b%ed%8c%85%e2%98%85.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"xn--yh4bx88a.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332955/; classtype:trojan-activity;sid:84196055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332954)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/files/9/%e2%ab%b8%ec%a0%9c%ed%92%88%ec%82%ac%ec%9a%a9%ec%a0%84%20%ed%95%84%ec%88%98%ec%85%8b%ed%8c%85%e2%ab%b7.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"xn--yh4bx88a.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332954/; classtype:trojan-activity;sid:84196054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332844)"; flow:established,from_client; content:"GET"; http_method; content:"/get/19f3c14691d28ab174a7935987ce2182/"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"loader.oxy.st"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332844/; classtype:trojan-activity;sid:84195944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332792)"; flow:established,from_client; content:"GET"; http_method; content:"/noccenter/noccenter/refs/heads/main/huong%20dan%20xu%20ly%20tai%20khoan%20mail%20noi%20bo.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332792/; classtype:trojan-activity;sid:84195892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332783)"; flow:established,from_client; content:"GET"; http_method; content:"/noccenter/noccenter/raw/refs/heads/main/huong%20dan%20xu%20ly%20tai%20khoan%20mail%20noi%20bo.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332783/; classtype:trojan-activity;sid:84195883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332780)"; flow:established,from_client; content:"GET"; http_method; content:"/baksvoronov/testingflrplgpreg/raw/refs/heads/main/connector1.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332780/; classtype:trojan-activity;sid:84195880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332771)"; flow:established,from_client; content:"GET"; http_method; content:"/xevioo/xeviohub/main/critscript.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332771/; classtype:trojan-activity;sid:84195871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332764)"; flow:established,from_client; content:"GET"; http_method; content:"/mae-luadev/mae-tests/main/system.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332764/; classtype:trojan-activity;sid:84195864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332765)"; flow:established,from_client; content:"GET"; http_method; content:"/apoxyies/deeneme/refs/heads/main/runtimebroker.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332765/; classtype:trojan-activity;sid:84195865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332761)"; flow:established,from_client; content:"GET"; http_method; content:"/yuriksq/papilla/refs/heads/main/jrockekcurje.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332761/; classtype:trojan-activity;sid:84195861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332757)"; flow:established,from_client; content:"GET"; http_method; content:"/mae-luadev/mae-tests/raw/main/system.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332757/; classtype:trojan-activity;sid:84195857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332758)"; flow:established,from_client; content:"GET"; http_method; content:"/mohammedsalmannnnnnn/laughing-train/refs/heads/main/client-built.exe"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332758/; classtype:trojan-activity;sid:84195858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332753)"; flow:established,from_client; content:"GET"; http_method; content:"/mohammedsalmannnnnnn/laughing-train/raw/refs/heads/main/client-built.exe"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332753/; classtype:trojan-activity;sid:84195853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332754)"; flow:established,from_client; content:"GET"; http_method; content:"/apoxyies/deeneme/raw/refs/heads/main/runtimebroker.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332754/; classtype:trojan-activity;sid:84195854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332751)"; flow:established,from_client; content:"GET"; http_method; content:"/yuriksq/papilla/raw/refs/heads/main/jrockekcurje.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332751/; classtype:trojan-activity;sid:84195851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331919)"; flow:established,from_client; content:"GET"; http_method; content:"/presema/kersal/refs/heads/main/opyhjdase.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331919/; classtype:trojan-activity;sid:84195019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331862)"; flow:established,from_client; content:"GET"; http_method; content:"/presema/kersal/refs/heads/main/popapoers.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331862/; classtype:trojan-activity;sid:84194962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331858)"; flow:established,from_client; content:"GET"; http_method; content:"/presema/kersal/refs/heads/main/ljgksdtihd.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331858/; classtype:trojan-activity;sid:84194958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331850)"; flow:established,from_client; content:"GET"; http_method; content:"/presema/kersal/refs/heads/main/pfntjejghjsdkr.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331850/; classtype:trojan-activity;sid:84194950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331828)"; flow:established,from_client; content:"GET"; http_method; content:"/presema/kersal/refs/heads/main/vikings.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331828/; classtype:trojan-activity;sid:84194928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331826)"; flow:established,from_client; content:"GET"; http_method; content:"/presema/kersal/refs/heads/main/bnkrigkawd.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331826/; classtype:trojan-activity;sid:84194926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331699)"; flow:established,from_client; content:"GET"; http_method; content:"/frenzy-zwaake/discordrat-2.0/main/client-built.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331699/; classtype:trojan-activity;sid:84194799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331669)"; flow:established,from_client; content:"GET"; http_method; content:"/fofit-rater/1/refs/heads/main/xclient.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331669/; classtype:trojan-activity;sid:84194769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331670)"; flow:established,from_client; content:"GET"; http_method; content:"/efedursun125/xfakeplayers/master/xclient.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331670/; classtype:trojan-activity;sid:84194770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331665)"; flow:established,from_client; content:"GET"; http_method; content:"/abhidadatg/worm/refs/heads/main/xclient.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331665/; classtype:trojan-activity;sid:84194765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331653)"; flow:established,from_client; content:"GET"; http_method; content:"/zonicleaks/yappadabbadoo/main/xclient.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331653/; classtype:trojan-activity;sid:84194753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331648)"; flow:established,from_client; content:"GET"; http_method; content:"/jikoos/rrr/main/xclient.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331648/; classtype:trojan-activity;sid:84194748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331649)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/debug2.ps1"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"www.drgenov.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331649/; classtype:trojan-activity;sid:84194749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331644)"; flow:established,from_client; content:"GET"; http_method; content:"/lvlh01am/wrwrwr/main/xclient.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331644/; classtype:trojan-activity;sid:84194744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331643)"; flow:established,from_client; content:"GET"; http_method; content:"/lvlh01am/adad/main/xclient.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331643/; classtype:trojan-activity;sid:84194743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331639)"; flow:established,from_client; content:"GET"; http_method; content:"/frenzy-zwaake/discordrat-2.0/deferred-metadata/main/client-built.exe"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331639/; classtype:trojan-activity;sid:84194739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331640)"; flow:established,from_client; content:"GET"; http_method; content:"/whois-black/qew123/main/xclient.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331640/; classtype:trojan-activity;sid:84194740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331636)"; flow:established,from_client; content:"GET"; http_method; content:"/paco321312312/cautious-sniffle/main/xclient.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331636/; classtype:trojan-activity;sid:84194736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331633)"; flow:established,from_client; content:"GET"; http_method; content:"/joeljosephpajeet/testexe/refs/heads/main/xclient.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331633/; classtype:trojan-activity;sid:84194733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331626)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/debug4.ps1"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"www.drgenov.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331626/; classtype:trojan-activity;sid:84194726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331628)"; flow:established,from_client; content:"GET"; http_method; content:"/lvlh01am/fsfsf/main/xclient.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331628/; classtype:trojan-activity;sid:84194728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331630)"; flow:established,from_client; content:"GET"; http_method; content:"/cheetz/nishang/master/gather/keylogger.ps1"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331630/; classtype:trojan-activity;sid:84194730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331588)"; flow:established,from_client; content:"GET"; http_method; content:"/cookieskush/pip-package-template/master/client-built.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331588/; classtype:trojan-activity;sid:84194688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331577)"; flow:established,from_client; content:"GET"; http_method; content:"/valofficial/client-follower/main/client-built.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331577/; classtype:trojan-activity;sid:84194677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331574)"; flow:established,from_client; content:"GET"; http_method; content:"/efedursun125/xfakeplayers/refs/heads/master/xclient.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331574/; classtype:trojan-activity;sid:84194674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331534)"; flow:established,from_client; content:"GET"; http_method; content:"/cidadejunina/js/vendor/debug2.ps1"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"transparenciacanaa.com.br"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331534/; classtype:trojan-activity;sid:84194634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331498)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1_-w5me4evtzbdzix_v_ymzdelazhrv5z"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331498/; classtype:trojan-activity;sid:84194598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331500)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1nskagzrswpttoue3wbrhdqpyzlyve4tg"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331500/; classtype:trojan-activity;sid:84194600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331502)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1unu9ydyxvbsgdas_xzewlzcaiv6o_qdt"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331502/; classtype:trojan-activity;sid:84194602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331503)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1b3mrgxuzwdg46exhp6a71yeymlvrmabx"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331503/; classtype:trojan-activity;sid:84194603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331489)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1-wql_iua-mylu2kiuyz-ib-5ggjqjqqp"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331489/; classtype:trojan-activity;sid:84194589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331490)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1o3zw7sodji4uk954kngkdyshyl37gozq"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331490/; classtype:trojan-activity;sid:84194590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331487)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/decqq-cf20a.appspot.com/o/donchifile_vchfujk91.bin|3f|alt=media|7c|26|7c|token=c2737a65-ff1c-436c-a6f0-11d3a748f62f"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331487/; classtype:trojan-activity;sid:84194587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3319642)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.137.114.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3319642/; classtype:trojan-activity;sid:84182742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318309)"; flow:established,from_client; content:"GET"; http_method; content:"/khangdz1801/raw/refs/heads/main/sound.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318309/; classtype:trojan-activity;sid:84181409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3317497)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/images/media/thing2"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"divvanews.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3317497/; classtype:trojan-activity;sid:84180597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3316452)"; flow:established,from_client; content:"GET"; http_method; content:"/searchuii.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_01; reference:url, urlhaus.abuse.ch/url/3316452/; classtype:trojan-activity;sid:84179552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3315253)"; flow:established,from_client; content:"GET"; http_method; content:"/order/purchaseorder.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"csg-app.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3315253/; classtype:trojan-activity;sid:84178353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3315254)"; flow:established,from_client; content:"GET"; http_method; content:"/order/putty.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"csg-app.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3315254/; classtype:trojan-activity;sid:84178354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308970)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.111.146.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308970/; classtype:trojan-activity;sid:84172070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308898)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"61.183.16.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308898/; classtype:trojan-activity;sid:84171998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308875)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.155.36.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308875/; classtype:trojan-activity;sid:84171975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308798)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1idr9p3dgxkblhu7h4jckclzmtlibwsiw"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308798/; classtype:trojan-activity;sid:84171898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308797)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1c2pnucvma1shu90mnauhef6shildth-s"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308797/; classtype:trojan-activity;sid:84171897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308461)"; flow:established,from_client; content:"GET"; http_method; content:"/xblkpfz8y0"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"158.101.35.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308461/; classtype:trojan-activity;sid:84171561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308462)"; flow:established,from_client; content:"GET"; http_method; content:"/xblkpfz8y3"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"158.101.35.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308462/; classtype:trojan-activity;sid:84171562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308463)"; flow:established,from_client; content:"GET"; http_method; content:"/xblkpfz8y4.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"158.101.35.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308463/; classtype:trojan-activity;sid:84171563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308464)"; flow:established,from_client; content:"GET"; http_method; content:"/xblkpfz8y2"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"158.101.35.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308464/; classtype:trojan-activity;sid:84171564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308465)"; flow:established,from_client; content:"GET"; http_method; content:"/xblkpfz8y1"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"158.101.35.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308465/; classtype:trojan-activity;sid:84171565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3305535)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"111.185.23.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_26; reference:url, urlhaus.abuse.ch/url/3305535/; classtype:trojan-activity;sid:84168635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3303817)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1jbzzntbk1kuszoofww7hsqfdh066ontf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3303817/; classtype:trojan-activity;sid:84166917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3303818)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1hkvynldkcbdd50_bsw3s9tk5elbduxtg"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3303818/; classtype:trojan-activity;sid:84166918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300881)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/lnk/refs/heads/main/y.png"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300881/; classtype:trojan-activity;sid:84163981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300394)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/dcm/refs/heads/main/document.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300394/; classtype:trojan-activity;sid:84163494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300382)"; flow:established,from_client; content:"GET"; http_method; content:"/steamer/malwerjobs/refs/heads/master/test.xll"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300382/; classtype:trojan-activity;sid:84163482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300387)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/lnk/refs/heads/main/ud.bat"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300387/; classtype:trojan-activity;sid:84163487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300377)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/lnk/refs/heads/main/t.png"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300377/; classtype:trojan-activity;sid:84163477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300378)"; flow:established,from_client; content:"GET"; http_method; content:"/steamer/malwerjobs/refs/heads/master/template.dotm"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300378/; classtype:trojan-activity;sid:84163478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300374)"; flow:established,from_client; content:"GET"; http_method; content:"/steamer/malwerjobs/refs/heads/master/doadmin.png"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300374/; classtype:trojan-activity;sid:84163474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300375)"; flow:established,from_client; content:"GET"; http_method; content:"/steamer/malwerjobs/refs/heads/master/steamerx.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300375/; classtype:trojan-activity;sid:84163475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300376)"; flow:established,from_client; content:"GET"; http_method; content:"/steamer/malwerjobs/refs/heads/master/justpoc.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300376/; classtype:trojan-activity;sid:84163476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300371)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/lnk/refs/heads/main/u.xls"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300371/; classtype:trojan-activity;sid:84163471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300372)"; flow:established,from_client; content:"GET"; http_method; content:"/steamer/malwerjobs/refs/heads/master/scriptlet"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300372/; classtype:trojan-activity;sid:84163472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300068)"; flow:established,from_client; content:"GET"; http_method; content:"/es.hta"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pub-cdd0dd27ae6a4aee9841d397e0496374.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3300068/; classtype:trojan-activity;sid:84163168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299333)"; flow:established,from_client; content:"GET"; http_method; content:"/account/rolex_file.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"treinamento.convenio.to.gov.br"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299333/; classtype:trojan-activity;sid:84162433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298233)"; flow:established,from_client; content:"GET"; http_method; content:"/saked018/rivada/refs/heads/main/mis_file_9888123_received_xsls.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298233/; classtype:trojan-activity;sid:84161333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298219)"; flow:established,from_client; content:"GET"; http_method; content:"/saked018/rivada/raw/refs/heads/main/mis_file_9888123_received_xsls.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298219/; classtype:trojan-activity;sid:84161319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298207)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/dcm/raw/refs/heads/main/document.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298207/; classtype:trojan-activity;sid:84161307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298202)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/ud/raw/refs/heads/main/ud.bat"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298202/; classtype:trojan-activity;sid:84161302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298205)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/lnk/raw/refs/heads/main/u.xls"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298205/; classtype:trojan-activity;sid:84161305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298201)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/lnk/raw/refs/heads/main/ud.bat"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298201/; classtype:trojan-activity;sid:84161301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297750)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/nube-f5f04.appspot.com/o/ansy.txt|3f|alt=media|7c|26|7c|token=703d87ea-0284-408f-b949-21b01138d2a5"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297750/; classtype:trojan-activity;sid:84160850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297053)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"119.15.239.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297053/; classtype:trojan-activity;sid:84160153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296209)"; flow:established,from_client; content:"GET"; http_method; content:"/crm/exe/update.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"www.zhikey.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296209/; classtype:trojan-activity;sid:84159309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294913)"; flow:established,from_client; content:"GET"; http_method; content:"/ledshow1.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"101.200.220.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294913/; classtype:trojan-activity;sid:84158013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294809)"; flow:established,from_client; content:"GET"; http_method; content:"/configureregistrysettings.ps1"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"103.247.164.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294809/; classtype:trojan-activity;sid:84157909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294619)"; flow:established,from_client; content:"GET"; http_method; content:"/noureddine-nt9/rgsdr/raw/refs/heads/main/cheet.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294619/; classtype:trojan-activity;sid:84157719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292725)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"47.181.114.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292725/; classtype:trojan-activity;sid:84155825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292014)"; flow:established,from_client; content:"GET"; http_method; content:"/n/tui/mininews/mininewsplus/3.0.0.26165/mininewsplus-2.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"mininews.kpzip.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292014/; classtype:trojan-activity;sid:84155114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291910)"; flow:established,from_client; content:"GET"; http_method; content:"/3911_wz.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"wz.3911.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291910/; classtype:trojan-activity;sid:84155010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291869)"; flow:established,from_client; content:"GET"; http_method; content:"/images/stories/guides/guide2018.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"dcwblida.dz"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291869/; classtype:trojan-activity;sid:84154969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290573)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.44.144.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290573/; classtype:trojan-activity;sid:84153673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290243)"; flow:established,from_client; content:"GET"; http_method; content:"/pro2.jpg"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"113.98.201.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290243/; classtype:trojan-activity;sid:84153343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289875)"; flow:established,from_client; content:"GET"; http_method; content:"/r00ts3c/ddos-rootsec/refs/heads/master/ddos%20scripts/l4/udp/10gbpsudp.py"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289875/; classtype:trojan-activity;sid:84152975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289773)"; flow:established,from_client; content:"GET"; http_method; content:"/abcd/09.jpg"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"quit.do.am"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289773/; classtype:trojan-activity;sid:84152873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289468)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.250.231.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289468/; classtype:trojan-activity;sid:84152568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289461)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.236.65.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289461/; classtype:trojan-activity;sid:84152561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289464)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.28.177.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289464/; classtype:trojan-activity;sid:84152564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289456)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.202.101.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289456/; classtype:trojan-activity;sid:84152556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289458)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"70.39.20.176"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289458/; classtype:trojan-activity;sid:84152558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289454)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.201.176.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289454/; classtype:trojan-activity;sid:84152554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288915)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.118.75.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288915/; classtype:trojan-activity;sid:84152015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287639)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.233.95.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287639/; classtype:trojan-activity;sid:84150739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287641)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.233.95.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287641/; classtype:trojan-activity;sid:84150741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287643)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.233.95.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287643/; classtype:trojan-activity;sid:84150743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287644)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.233.95.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287644/; classtype:trojan-activity;sid:84150744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287645)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.166.191.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287645/; classtype:trojan-activity;sid:84150745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287632)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.121.12.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287632/; classtype:trojan-activity;sid:84150732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.127.218.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287636/; classtype:trojan-activity;sid:84150736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287637)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.252.66.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287637/; classtype:trojan-activity;sid:84150737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286821)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.77.228.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286821/; classtype:trojan-activity;sid:84149921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286822)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.131.73.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286822/; classtype:trojan-activity;sid:84149922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286518)"; flow:established,from_client; content:"GET"; http_method; content:"/kzxiaopeng2/kuaizip_setup_-808202126_xiaopeng2_001.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"d.kpzip.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286518/; classtype:trojan-activity;sid:84149618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286367)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.166.251.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286367/; classtype:trojan-activity;sid:84149467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286067)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/rust-reverse-shell/main/shellcode.bin"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286067/; classtype:trojan-activity;sid:84149167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285570)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.247.218.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285570/; classtype:trojan-activity;sid:84148670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285433)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.162.59.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285433/; classtype:trojan-activity;sid:84148533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281714)"; flow:established,from_client; content:"GET"; http_method; content:"/s3cur3th1ssh1t/creds/master/obfuscatedps/dccuac.ps1"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281714/; classtype:trojan-activity;sid:84144814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281578)"; flow:established,from_client; content:"GET"; http_method; content:"/maxz/update/client/client.exe.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"103.174.191.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281578/; classtype:trojan-activity;sid:84144678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281577)"; flow:established,from_client; content:"GET"; http_method; content:"/maxz/update/client/dsetup.dll.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"103.174.191.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281577/; classtype:trojan-activity;sid:84144677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281278)"; flow:established,from_client; content:"GET"; http_method; content:"/nok/x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"87.121.112.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281278/; classtype:trojan-activity;sid:84144378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281085)"; flow:established,from_client; content:"GET"; http_method; content:"/barrigudinha157/barrigudinha/raw/master/rage.dll"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281085/; classtype:trojan-activity;sid:84144185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280990)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/2d424qwn"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280990/; classtype:trojan-activity;sid:84144090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280680)"; flow:established,from_client; content:"GET"; http_method; content:"/fiies/stormfn-launcher/raw/refs/heads/main/stormfn-launcher.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280680/; classtype:trojan-activity;sid:84143780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279353)"; flow:established,from_client; content:"GET"; http_method; content:"/xavieprowel/crispy-palm-tree/releases/download/1/3e3ev3.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279353/; classtype:trojan-activity;sid:84142453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278669)"; flow:established,from_client; content:"GET"; http_method; content:"/txdown_disk/%e8%bd%af%e4%bb%b6%e4%bd%bf%e7%94%a8/%e7%bc%ba%e5%a4%b1%e4%b8%8b%e8%bd%bd/plugin.dll"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"disk.accord1key.cn"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278669/; classtype:trojan-activity;sid:84141769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278579)"; flow:established,from_client; content:"GET"; http_method; content:"/felikzig/wdt/refs/heads/main/collosalloader.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278579/; classtype:trojan-activity;sid:84141679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278578)"; flow:established,from_client; content:"GET"; http_method; content:"/bonsko216/1/refs/heads/main/runtimebroker.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278578/; classtype:trojan-activity;sid:84141678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278573)"; flow:established,from_client; content:"GET"; http_method; content:"/ciphershld/ms-p-1a/master/setup%20ms%20p-1a.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278573/; classtype:trojan-activity;sid:84141673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278576)"; flow:established,from_client; content:"GET"; http_method; content:"/minecradt/regdelete/readme-edits/hell9o.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278576/; classtype:trojan-activity;sid:84141676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278567)"; flow:established,from_client; content:"GET"; http_method; content:"/openpeach/dotnetfx_cleanup_tool/refs/heads/master/cleanup_tool.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278567/; classtype:trojan-activity;sid:84141667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278556)"; flow:established,from_client; content:"GET"; http_method; content:"/new.pdf"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"152.67.4.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278556/; classtype:trojan-activity;sid:84141656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278558)"; flow:established,from_client; content:"GET"; http_method; content:"/bonsko216/1/raw/refs/heads/main/runtimebroker.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278558/; classtype:trojan-activity;sid:84141658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278362)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1las2cmd3reobg45qhkqhawi90h4_u0kd"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278362/; classtype:trojan-activity;sid:84141462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278361)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=17hv9-3t2ilikbmcfql2z66ipd72x4mz7"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278361/; classtype:trojan-activity;sid:84141461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276956)"; flow:established,from_client; content:"GET"; http_method; content:"/mig"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"216.201.80.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276956/; classtype:trojan-activity;sid:84140056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276896)"; flow:established,from_client; content:"GET"; http_method; content:"/loistupidpet/sfdawsdawdaw/main/serials_checker.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276896/; classtype:trojan-activity;sid:84139996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276847)"; flow:established,from_client; content:"GET"; http_method; content:"/smerttb2/xvpn/raw/main/xclient.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276847/; classtype:trojan-activity;sid:84139947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276830)"; flow:established,from_client; content:"GET"; http_method; content:"/smerttb2/xvpn/raw/main/xclient.exe/"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276830/; classtype:trojan-activity;sid:84139930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275669)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1kc4fdseohzqymz2x0ncqswph66uxdb1z"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275669/; classtype:trojan-activity;sid:84138769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275667)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1u_rahqbks7vd7qqc6wx3gxnjxtfqrzbp"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275667/; classtype:trojan-activity;sid:84138767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275658)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1-8qpzgr4-iis53p1-kr2-o6prrjmnksk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275658/; classtype:trojan-activity;sid:84138758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275656)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ubqrhziusgl-cn_nie2_udj4qi6qrqsw"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275656/; classtype:trojan-activity;sid:84138756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275240)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ikoxnnlvglh6jhnfqkrsihss_p2dqkyp"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275240/; classtype:trojan-activity;sid:84138340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275241)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1r7oi2jekx0ks1wqpt0ms3_kqvukzy3dv"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275241/; classtype:trojan-activity;sid:84138341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275242)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1gmzqsemymffka4lve0jkwa06sklk7xhu"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275242/; classtype:trojan-activity;sid:84138342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274957)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"162.219.216.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274957/; classtype:trojan-activity;sid:84138057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274635)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.0.199.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274635/; classtype:trojan-activity;sid:84137735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274602)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.104.33.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274602/; classtype:trojan-activity;sid:84137702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274591)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.19.13.27"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274591/; classtype:trojan-activity;sid:84137691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274508)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.219.123.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274508/; classtype:trojan-activity;sid:84137608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274064)"; flow:established,from_client; content:"GET"; http_method; content:"/borisizdabezt/exitlag-hwid-spoofer/main/drv64.dll"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274064/; classtype:trojan-activity;sid:84137164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274049)"; flow:established,from_client; content:"GET"; http_method; content:"/realstrings/lydian-spoofer/raw/main/spoofy.sys"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274049/; classtype:trojan-activity;sid:84137149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274046)"; flow:established,from_client; content:"GET"; http_method; content:"/skarsys/assaultcubecheat/main/spoofy.sys"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274046/; classtype:trojan-activity;sid:84137146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274047)"; flow:established,from_client; content:"GET"; http_method; content:"/realstrings/lydian-spoofer/refs/heads/main/spoofy.sys"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274047/; classtype:trojan-activity;sid:84137147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274048)"; flow:established,from_client; content:"GET"; http_method; content:"/realstrings/lydian-spoofer/raw/refs/heads/main/spoofy.sys"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274048/; classtype:trojan-activity;sid:84137148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273868)"; flow:established,from_client; content:"GET"; http_method; content:"/download/telegram.apk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"telegramcn.co"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273868/; classtype:trojan-activity;sid:84136968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272092)"; flow:established,from_client; content:"GET"; http_method; content:"/ordogos2/g575/releases/download/download/setup.7.0.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272092/; classtype:trojan-activity;sid:84135192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271922)"; flow:established,from_client; content:"GET"; http_method; content:"/leakerbydragon1/leakerbydragon1/main/injector.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271922/; classtype:trojan-activity;sid:84135022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271923)"; flow:established,from_client; content:"GET"; http_method; content:"/leakerbydragon1/leakerbydragon1/main/injectorold.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271923/; classtype:trojan-activity;sid:84135023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271924)"; flow:established,from_client; content:"GET"; http_method; content:"/leakerbydragon1/leakerbydragon1/main/driver.sys"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271924/; classtype:trojan-activity;sid:84135024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271925)"; flow:established,from_client; content:"GET"; http_method; content:"/leakerbydragon1/leakerbydragon1/main/loader.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271925/; classtype:trojan-activity;sid:84135025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271919)"; flow:established,from_client; content:"GET"; http_method; content:"/leakerbydragon1/leakerbydragon1/main/ogfn%20updater.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271919/; classtype:trojan-activity;sid:84135019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271920)"; flow:established,from_client; content:"GET"; http_method; content:"/leakerbydragon1/leakerbydragon1/main/pclient.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271920/; classtype:trojan-activity;sid:84135020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271921)"; flow:established,from_client; content:"GET"; http_method; content:"/leakerbydragon1/leakerbydragon1/main/kdmapper_release.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271921/; classtype:trojan-activity;sid:84135021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271692)"; flow:established,from_client; content:"GET"; http_method; content:"/vc17x64.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271692/; classtype:trojan-activity;sid:84134792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271691)"; flow:established,from_client; content:"GET"; http_method; content:"/pchunter64.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271691/; classtype:trojan-activity;sid:84134791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271690)"; flow:established,from_client; content:"GET"; http_method; content:"/remotelyanywhere11.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271690/; classtype:trojan-activity;sid:84134790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271689)"; flow:established,from_client; content:"GET"; http_method; content:"/pm3100.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271689/; classtype:trojan-activity;sid:84134789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271686)"; flow:established,from_client; content:"GET"; http_method; content:"/qwsrv3.3.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271686/; classtype:trojan-activity;sid:84134786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271681)"; flow:established,from_client; content:"GET"; http_method; content:"/x210.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271681/; classtype:trojan-activity;sid:84134781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271683)"; flow:established,from_client; content:"GET"; http_method; content:"/ydcx.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271683/; classtype:trojan-activity;sid:84134783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271684)"; flow:established,from_client; content:"GET"; http_method; content:"/smb.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271684/; classtype:trojan-activity;sid:84134784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271685)"; flow:established,from_client; content:"GET"; http_method; content:"/kb2808679x64.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271685/; classtype:trojan-activity;sid:84134785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271678)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271678/; classtype:trojan-activity;sid:84134778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271679)"; flow:established,from_client; content:"GET"; http_method; content:"/rlpb15.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271679/; classtype:trojan-activity;sid:84134779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271680)"; flow:established,from_client; content:"GET"; http_method; content:"/hydkj.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271680/; classtype:trojan-activity;sid:84134780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271675)"; flow:established,from_client; content:"GET"; http_method; content:"/autoruns.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271675/; classtype:trojan-activity;sid:84134775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271673)"; flow:established,from_client; content:"GET"; http_method; content:"/cysoft/winrarx64521sc.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271673/; classtype:trojan-activity;sid:84134773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271672)"; flow:established,from_client; content:"GET"; http_method; content:"/hdtune.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271672/; classtype:trojan-activity;sid:84134772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271664)"; flow:established,from_client; content:"GET"; http_method; content:"/wblog.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"123.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271664/; classtype:trojan-activity;sid:84134764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271666)"; flow:established,from_client; content:"GET"; http_method; content:"/steam.txt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271666/; classtype:trojan-activity;sid:84134766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271663)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"123.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271663/; classtype:trojan-activity;sid:84134763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271634)"; flow:established,from_client; content:"GET"; http_method; content:"/undertalanted/mod/refs/heads/main/svchost.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271634/; classtype:trojan-activity;sid:84134734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271624)"; flow:established,from_client; content:"GET"; http_method; content:"/sdifru877234/ilu123g5/main/svchost.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271624/; classtype:trojan-activity;sid:84134724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271617)"; flow:established,from_client; content:"GET"; http_method; content:"/regolx1/hadb/refs/heads/main/svchost.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271617/; classtype:trojan-activity;sid:84134717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271614)"; flow:established,from_client; content:"GET"; http_method; content:"/chokopie333/doom/main/svchost.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271614/; classtype:trojan-activity;sid:84134714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271612)"; flow:established,from_client; content:"GET"; http_method; content:"/artem674118/erterytry/main/svchost.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271612/; classtype:trojan-activity;sid:84134712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271609)"; flow:established,from_client; content:"GET"; http_method; content:"/morgantaraum/automatic-octo-barnacle/refs/heads/main/svchost.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271609/; classtype:trojan-activity;sid:84134709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271610)"; flow:established,from_client; content:"GET"; http_method; content:"/media/furystorage/api/main/svchost.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"media.githubusercontent.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271610/; classtype:trojan-activity;sid:84134710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271611)"; flow:established,from_client; content:"GET"; http_method; content:"/zodiac1616/test/refs/heads/main/svchost.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271611/; classtype:trojan-activity;sid:84134711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271605)"; flow:established,from_client; content:"GET"; http_method; content:"/sdifru877234/ilu123g5/raw/main/svchost.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271605/; classtype:trojan-activity;sid:84134705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271594)"; flow:established,from_client; content:"GET"; http_method; content:"/artem674118/erterytry/raw/main/svchost.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271594/; classtype:trojan-activity;sid:84134694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271596)"; flow:established,from_client; content:"GET"; http_method; content:"/heresfilly09-9/fornova/raw/main/svchost.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271596/; classtype:trojan-activity;sid:84134696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271586)"; flow:established,from_client; content:"GET"; http_method; content:"/chokopie333/doom/raw/main/svchost.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271586/; classtype:trojan-activity;sid:84134686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271587)"; flow:established,from_client; content:"GET"; http_method; content:"/morgantaraum/automatic-octo-barnacle/raw/refs/heads/main/svchost.exe"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271587/; classtype:trojan-activity;sid:84134687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271590)"; flow:established,from_client; content:"GET"; http_method; content:"/zodiac1616/test/raw/refs/heads/main/svchost.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271590/; classtype:trojan-activity;sid:84134690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271366)"; flow:established,from_client; content:"GET"; http_method; content:"/zzrevva1/osu-maple/refs/heads/main/extremeinjector.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271366/; classtype:trojan-activity;sid:84134466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271369)"; flow:established,from_client; content:"GET"; http_method; content:"/zzrevva1/osu-maple/raw/refs/heads/main/extremeinjector.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271369/; classtype:trojan-activity;sid:84134469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271206)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/blader-4f96f.appspot.com/o/rem251.txt|3f|alt=media|7c|26|7c|token=c0f99eb2-2f4d-4b6b-8bb6-bdb0e353c395"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271206/; classtype:trojan-activity;sid:84134306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270748)"; flow:established,from_client; content:"GET"; http_method; content:"/abc3.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270748/; classtype:trojan-activity;sid:84133848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270747)"; flow:established,from_client; content:"GET"; http_method; content:"/abc2.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270747/; classtype:trojan-activity;sid:84133847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270746)"; flow:established,from_client; content:"GET"; http_method; content:"/abc1.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270746/; classtype:trojan-activity;sid:84133846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270744)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270744/; classtype:trojan-activity;sid:84133844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270741)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270741/; classtype:trojan-activity;sid:84133841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270198)"; flow:established,from_client; content:"GET"; http_method; content:"/web/img/edadf5dc5ec04c578e24f68006fad2b4.sys"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"zlonline.oss-cn-shenzhen.aliyuncs.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270198/; classtype:trojan-activity;sid:84133298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270196)"; flow:established,from_client; content:"GET"; http_method; content:"/novocrm/static/winring0x64.sys"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"118.189.172.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270196/; classtype:trojan-activity;sid:84133296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270195)"; flow:established,from_client; content:"GET"; http_method; content:"/ggassistant/update/2.3.11.29/tool/winring0x64.sys|3f|skq=1701042218"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"shqdown.ggzuhao.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270195/; classtype:trojan-activity;sid:84133295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270193)"; flow:established,from_client; content:"GET"; http_method; content:"/miguel-b-p/..../raw/main/winring0x64.sys"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270193/; classtype:trojan-activity;sid:84133293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270185)"; flow:established,from_client; content:"GET"; http_method; content:"/silenthashik/winring/raw/main/winring0x64.sys"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270185/; classtype:trojan-activity;sid:84133285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270186)"; flow:established,from_client; content:"GET"; http_method; content:"/hak333444/xmrig/raw/main/winring0x64.sys"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270186/; classtype:trojan-activity;sid:84133286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270187)"; flow:established,from_client; content:"GET"; http_method; content:"/irusanov/zenstates-core/raw/master/winring0x64.sys"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270187/; classtype:trojan-activity;sid:84133287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270188)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig/xmrig/blob/master/bin/winring0/winring0x64.sys|3f|raw=true"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270188/; classtype:trojan-activity;sid:84133288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270189)"; flow:established,from_client; content:"GET"; http_method; content:"/so251/olaquerida/releases/download/1releasae/winring0x64.sys"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270189/; classtype:trojan-activity;sid:84133289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270191)"; flow:established,from_client; content:"GET"; http_method; content:"/jsjsjsc79/advsd/raw/main/winring0x64.sys"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270191/; classtype:trojan-activity;sid:84133291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270192)"; flow:established,from_client; content:"GET"; http_method; content:"/stickmengamer/idk/raw/main/winring0x64.sys"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270192/; classtype:trojan-activity;sid:84133292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270183)"; flow:established,from_client; content:"GET"; http_method; content:"/sopranotech/dimeo/main/winring0x64.sys"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270183/; classtype:trojan-activity;sid:84133283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270184)"; flow:established,from_client; content:"GET"; http_method; content:"/abrissyy/min/main/winring0x64.sys"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270184/; classtype:trojan-activity;sid:84133284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269818)"; flow:established,from_client; content:"GET"; http_method; content:"/smerttb2/xvpn/raw/main/xclient.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269818/; classtype:trojan-activity;sid:84132918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269789)"; flow:established,from_client; content:"GET"; http_method; content:"/framzzzzz/dont-use/main/xclient.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269789/; classtype:trojan-activity;sid:84132889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269807)"; flow:established,from_client; content:"GET"; http_method; content:"/smerttb2/xvpn/main/xclient.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269807/; classtype:trojan-activity;sid:84132907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269715)"; flow:established,from_client; content:"GET"; http_method; content:"/sqrtzeroknowledge/xworm-trojan/archive/refs/heads/main.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269715/; classtype:trojan-activity;sid:84132815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268242)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"162.219.216.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268242/; classtype:trojan-activity;sid:84131342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268047)"; flow:established,from_client; content:"GET"; http_method; content:"/a.hta"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"www.newshostingsupdate.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268047/; classtype:trojan-activity;sid:84131147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268050)"; flow:established,from_client; content:"GET"; http_method; content:"/a.hta"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"newshostingsupdate.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268050/; classtype:trojan-activity;sid:84131150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268046)"; flow:established,from_client; content:"GET"; http_method; content:"/a.hta"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"newshostingsupdate.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268046/; classtype:trojan-activity;sid:84131146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265959)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ygqwpvxadhjsxskr3u3tdw2u5dnzv0pp"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265959/; classtype:trojan-activity;sid:84129059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265958)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1uzjwtbh4hcs9i060hwf08hrnymnodugn"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265958/; classtype:trojan-activity;sid:84129058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265708)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"162.219.216.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265708/; classtype:trojan-activity;sid:84128808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260977)"; flow:established,from_client; content:"GET"; http_method; content:"/pag/photosetting.lzh"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"bradreddekopp.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260977/; classtype:trojan-activity;sid:84124077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258033)"; flow:established,from_client; content:"GET"; http_method; content:"/ijeuwaesika/nna/refs/heads/main/ifiinms.txt"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258033/; classtype:trojan-activity;sid:84121133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258029)"; flow:established,from_client; content:"GET"; http_method; content:"/javamagazine/magdownloads/downloads/utilities-windowtimer-ptimer.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258029/; classtype:trojan-activity;sid:84121129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257484)"; flow:established,from_client; content:"GET"; http_method; content:"/data/javaw/net/net.xsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"shangmei-test.oss-cn-beijing.aliyuncs.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257484/; classtype:trojan-activity;sid:84120584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257470)"; flow:established,from_client; content:"GET"; http_method; content:"/netstat.ps1"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"cat.xiaoshabi.nl"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257470/; classtype:trojan-activity;sid:84120570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257471)"; flow:established,from_client; content:"GET"; http_method; content:"/net/net.xsl"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"cat.xiaoshabi.nl"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257471/; classtype:trojan-activity;sid:84120571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257473)"; flow:established,from_client; content:"GET"; http_method; content:"/javaw2/net/net.xsl"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sec.xiaoshabi.nl"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257473/; classtype:trojan-activity;sid:84120573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257474)"; flow:established,from_client; content:"GET"; http_method; content:"/javaw2/inst.ps1"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"sec.xiaoshabi.nl"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257474/; classtype:trojan-activity;sid:84120574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257475)"; flow:established,from_client; content:"GET"; http_method; content:"/netstat.xsl"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"cat.xiaoshabi.nl"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257475/; classtype:trojan-activity;sid:84120575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257477)"; flow:established,from_client; content:"GET"; http_method; content:"/javaw2/instance.ps1"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sec.xiaoshabi.nl"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257477/; classtype:trojan-activity;sid:84120577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254228)"; flow:established,from_client; content:"GET"; http_method; content:"/kdot227/somalifuscator/archive/refs/heads/main.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254228/; classtype:trojan-activity;sid:84117328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254226)"; flow:established,from_client; content:"GET"; http_method; content:"/proxyonly/www/raw/main/security.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254226/; classtype:trojan-activity;sid:84117326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254222)"; flow:established,from_client; content:"GET"; http_method; content:"/robloxdev1223/requirements/raw/main/requirements.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254222/; classtype:trojan-activity;sid:84117322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252970)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.210.236.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252970/; classtype:trojan-activity;sid:84116070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252630)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/17267811/stm.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252630/; classtype:trojan-activity;sid:84115730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249739)"; flow:established,from_client; content:"GET"; http_method; content:"/img_up/shop_pds/nicehana/client.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"www.xn--on3b15m2lco2u.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249739/; classtype:trojan-activity;sid:84112839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249735)"; flow:established,from_client; content:"GET"; http_method; content:"/client.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"119.193.158.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249735/; classtype:trojan-activity;sid:84112835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249675)"; flow:established,from_client; content:"GET"; http_method; content:"/quasar/quasar/releases/download/v1.4.1/quasar.v1.4.1.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249675/; classtype:trojan-activity;sid:84112775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249662)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/refs/heads/master/rat/njrat.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249662/; classtype:trojan-activity;sid:84112762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3246018)"; flow:established,from_client; content:"GET"; http_method; content:"/mestalic/site/refs/heads/main/file.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3246018/; classtype:trojan-activity;sid:84109118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245772)"; flow:established,from_client; content:"GET"; http_method; content:"/sample.hta"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"210.56.13.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245772/; classtype:trojan-activity;sid:84108872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245733)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.152.219.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245733/; classtype:trojan-activity;sid:84108833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245732)"; flow:established,from_client; content:"GET"; http_method; content:"/vz.txt"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"51.79.124.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245732/; classtype:trojan-activity;sid:84108832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245730)"; flow:established,from_client; content:"GET"; http_method; content:"/chinese.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"202.129.16.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245730/; classtype:trojan-activity;sid:84108830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245463)"; flow:established,from_client; content:"GET"; http_method; content:"/hs.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"146.0.42.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245463/; classtype:trojan-activity;sid:84108563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245459)"; flow:established,from_client; content:"GET"; http_method; content:"/kg.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"146.0.42.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245459/; classtype:trojan-activity;sid:84108559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245458)"; flow:established,from_client; content:"GET"; http_method; content:"/keygen.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"146.0.42.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245458/; classtype:trojan-activity;sid:84108558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243260)"; flow:established,from_client; content:"GET"; http_method; content:"/loader/loader.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"klar.gg"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243260/; classtype:trojan-activity;sid:84106360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243138)"; flow:established,from_client; content:"GET"; http_method; content:"/down/jgevbkn6di30"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"222.187.223.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243138/; classtype:trojan-activity;sid:84106238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243135)"; flow:established,from_client; content:"GET"; http_method; content:"/samarinda/filekey.mentah"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243135/; classtype:trojan-activity;sid:84106235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243134)"; flow:established,from_client; content:"GET"; http_method; content:"/enjoyers/file3.mentah"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243134/; classtype:trojan-activity;sid:84106234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243133)"; flow:established,from_client; content:"GET"; http_method; content:"/enjoyers/injek3.mentah"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243133/; classtype:trojan-activity;sid:84106233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243086)"; flow:established,from_client; content:"GET"; http_method; content:"/update/data/update.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"114.55.106.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243086/; classtype:trojan-activity;sid:84106186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243082)"; flow:established,from_client; content:"GET"; http_method; content:"/sysupdate/ckbgd/2.3.0624.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"8.131.63.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243082/; classtype:trojan-activity;sid:84106182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243077)"; flow:established,from_client; content:"GET"; http_method; content:"/sysupdate/ckbgd/2.3.0703.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"8.131.63.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243077/; classtype:trojan-activity;sid:84106177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242983)"; flow:established,from_client; content:"GET"; http_method; content:"/flowseal/zapret-discord-youtube/releases/download/1.1.1/zapret-discord-youtube-1.1.1.rar"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242983/; classtype:trojan-activity;sid:84106083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242769)"; flow:established,from_client; content:"GET"; http_method; content:"/docs/solr.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"119.192.128.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242769/; classtype:trojan-activity;sid:84105869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242663)"; flow:established,from_client; content:"GET"; http_method; content:"/hmatrix/data/hack0832.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"cd.textfiles.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242663/; classtype:trojan-activity;sid:84105763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242642)"; flow:established,from_client; content:"GET"; http_method; content:"/rishabhkumardeveloper/malware_analysis_using_ml/main/wildfire-test-pe-file.exe"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242642/; classtype:trojan-activity;sid:84105742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241764)"; flow:established,from_client; content:"GET"; http_method; content:"/mori-miyako/discord-token-generator/zip/refs/heads/main"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241764/; classtype:trojan-activity;sid:84104864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241765)"; flow:established,from_client; content:"GET"; http_method; content:"/scode18/all-tweaker/main/tweaks.7z"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241765/; classtype:trojan-activity;sid:84104865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241756)"; flow:established,from_client; content:"GET"; http_method; content:"/intergate0/none/main/main.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241756/; classtype:trojan-activity;sid:84104856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241754)"; flow:established,from_client; content:"GET"; http_method; content:"/wbrswbrn/awew45/refs/heads/main/nurik.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241754/; classtype:trojan-activity;sid:84104854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241752)"; flow:established,from_client; content:"GET"; http_method; content:"/kntjspr/licensebytes/refs/heads/main/licensemalwarebytes.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241752/; classtype:trojan-activity;sid:84104852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241750)"; flow:established,from_client; content:"GET"; http_method; content:"/dns/pwer"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"main.dsn.ovh"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241750/; classtype:trojan-activity;sid:84104850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241644)"; flow:established,from_client; content:"GET"; http_method; content:"/baksvoronov/testingflrplgpreg/refs/heads/main/connector1.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241644/; classtype:trojan-activity;sid:84104744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241637)"; flow:established,from_client; content:"GET"; http_method; content:"/s107000665/c1/master/1223.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241637/; classtype:trojan-activity;sid:84104737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241638)"; flow:established,from_client; content:"GET"; http_method; content:"/iciamyplant/ctf/master/plantrojan.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241638/; classtype:trojan-activity;sid:84104738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241639)"; flow:established,from_client; content:"GET"; http_method; content:"/fengjixuchui/cve-2022-26810/main/shellcode.bin"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241639/; classtype:trojan-activity;sid:84104739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241640)"; flow:established,from_client; content:"GET"; http_method; content:"/killbillpribil/world-of-tanks/master/world%20of%20tanks.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241640/; classtype:trojan-activity;sid:84104740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241641)"; flow:established,from_client; content:"GET"; http_method; content:"/mach1el/htb-scripts/master/exploit-fuse/shell.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241641/; classtype:trojan-activity;sid:84104741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241642)"; flow:established,from_client; content:"GET"; http_method; content:"/khr0x40sh/whitelistevasion/master/installutil/script.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241642/; classtype:trojan-activity;sid:84104742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241636)"; flow:established,from_client; content:"GET"; http_method; content:"/award.pdf.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"alien-training.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241636/; classtype:trojan-activity;sid:84104736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241635)"; flow:established,from_client; content:"GET"; http_method; content:"/msf.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"qiniuyunxz.yxflzs.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241635/; classtype:trojan-activity;sid:84104735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241559)"; flow:established,from_client; content:"GET"; http_method; content:"/c5hackr/phantom/main/phantom/resources/donut.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241559/; classtype:trojan-activity;sid:84104659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241291)"; flow:established,from_client; content:"GET"; http_method; content:"/key.pem"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"152.136.140.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241291/; classtype:trojan-activity;sid:84104391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241127)"; flow:established,from_client; content:"GET"; http_method; content:"/justincoding3/slumfun/main/obfuscated.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241127/; classtype:trojan-activity;sid:84104227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241126)"; flow:established,from_client; content:"GET"; http_method; content:"/r00t-3xp10it/redpill/main/utils/compiled.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241126/; classtype:trojan-activity;sid:84104226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241125)"; flow:established,from_client; content:"GET"; http_method; content:"/secwiki/windows-kernel-exploits/master/ms14-068/ms14-068.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241125/; classtype:trojan-activity;sid:84104225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241123)"; flow:established,from_client; content:"GET"; http_method; content:"/prowindows365/hailhydra/refs/heads/main/hailhydra.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241123/; classtype:trojan-activity;sid:84104223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241055)"; flow:established,from_client; content:"GET"; http_method; content:"/neo23x0/signature-base/archive/master.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241055/; classtype:trojan-activity;sid:84104155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241019)"; flow:established,from_client; content:"GET"; http_method; content:"/gosha1239/onetap/master/onetap.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241019/; classtype:trojan-activity;sid:84104119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241005)"; flow:established,from_client; content:"GET"; http_method; content:"/ricepudding0xl/discordnitrogenerator/main/discordnitrogenerator.exe"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241005/; classtype:trojan-activity;sid:84104105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241004)"; flow:established,from_client; content:"GET"; http_method; content:"/ryan2159/stuff/main/discord.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241004/; classtype:trojan-activity;sid:84104104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240999)"; flow:established,from_client; content:"GET"; http_method; content:"/sad-dust/death/main/stealinfo.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240999/; classtype:trojan-activity;sid:84104099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240998)"; flow:established,from_client; content:"GET"; http_method; content:"/deepdevil51/discordspotifybypass/main/discordspotifybypass.exe"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240998/; classtype:trojan-activity;sid:84104098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240994)"; flow:established,from_client; content:"GET"; http_method; content:"/deepdevil51/discordspotifybypass/raw/main/discordspotifybypass.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240994/; classtype:trojan-activity;sid:84104094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240819)"; flow:established,from_client; content:"GET"; http_method; content:"/redcanaryco/atomic-red-team/master/atomics/t1204.002/bin/test10.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240819/; classtype:trojan-activity;sid:84103919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240817)"; flow:established,from_client; content:"GET"; http_method; content:"/cuckoobox/cuckoo/archive/master.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240817/; classtype:trojan-activity;sid:84103917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240813)"; flow:established,from_client; content:"GET"; http_method; content:"/haxork8880/files/main/windowssync.txt.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240813/; classtype:trojan-activity;sid:84103913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240814)"; flow:established,from_client; content:"GET"; http_method; content:"/crjtpp/tpplab_public/main/poc-sample-lnk.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240814/; classtype:trojan-activity;sid:84103914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240812)"; flow:established,from_client; content:"GET"; http_method; content:"/hackerx237/miner/main/my-files.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240812/; classtype:trojan-activity;sid:84103912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240811)"; flow:established,from_client; content:"GET"; http_method; content:"/scode18/all-tweaker/releases/download/beta_v0.6/all.tweaker.beta.v0.6.7z"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240811/; classtype:trojan-activity;sid:84103911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240810)"; flow:established,from_client; content:"GET"; http_method; content:"/scode18/all-tweaker/raw/main/tweaks.7z"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240810/; classtype:trojan-activity;sid:84103910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240720)"; flow:established,from_client; content:"GET"; http_method; content:"/dqwr1q23rwdfr/xxx/releases/download/xxx/vital.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240720/; classtype:trojan-activity;sid:84103820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240639)"; flow:established,from_client; content:"GET"; http_method; content:"/mohdjulaya09/code-sparrow-crypter-2.0-private-crack-leak/releases/download/%23crypter/codesparrow.crypter.2.0.crack.rar"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240639/; classtype:trojan-activity;sid:84103739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239707)"; flow:established,from_client; content:"GET"; http_method; content:"/demon.x64.bin"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"8.138.96.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239707/; classtype:trojan-activity;sid:84102807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239669)"; flow:established,from_client; content:"GET"; http_method; content:"/sys/20230120_3.bin"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"124.248.65.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239669/; classtype:trojan-activity;sid:84102769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239666)"; flow:established,from_client; content:"GET"; http_method; content:"/sys/20230120_4.bin"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"124.248.65.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239666/; classtype:trojan-activity;sid:84102766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239667)"; flow:established,from_client; content:"GET"; http_method; content:"/sys/20230120_2.bin"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"124.248.65.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239667/; classtype:trojan-activity;sid:84102767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239668)"; flow:established,from_client; content:"GET"; http_method; content:"/sys/20230120_1.bin"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"124.248.65.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239668/; classtype:trojan-activity;sid:84102768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238658)"; flow:established,from_client; content:"GET"; http_method; content:"/eaklauncher/eaklauncher.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"147.50.240.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238658/; classtype:trojan-activity;sid:84101758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238111)"; flow:established,from_client; content:"GET"; http_method; content:"/resources/js/info2r.txt"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"188.81.134.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238111/; classtype:trojan-activity;sid:84101211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238084)"; flow:established,from_client; content:"GET"; http_method; content:"/python312/rusty-dropper/main/client-built.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238084/; classtype:trojan-activity;sid:84101184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238073)"; flow:established,from_client; content:"GET"; http_method; content:"/ff245185/payload/main/fast%20download.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238073/; classtype:trojan-activity;sid:84101173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238067)"; flow:established,from_client; content:"GET"; http_method; content:"/eliasgay23/123/main/svhost.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238067/; classtype:trojan-activity;sid:84101167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238061)"; flow:established,from_client; content:"GET"; http_method; content:"/grozniy1/folder/main/444.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238061/; classtype:trojan-activity;sid:84101161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238057)"; flow:established,from_client; content:"GET"; http_method; content:"/mentaliczz/bloxflippredictor-v2/main/bloxflip%20predictor.exe"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238057/; classtype:trojan-activity;sid:84101157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238047)"; flow:established,from_client; content:"GET"; http_method; content:"/horiffy/sentil/main/sentil.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238047/; classtype:trojan-activity;sid:84101147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238045)"; flow:established,from_client; content:"GET"; http_method; content:"/theairblow/theairblow/refs/heads/main/njrat.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238045/; classtype:trojan-activity;sid:84101145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238025)"; flow:established,from_client; content:"GET"; http_method; content:"/tpinauskas/anticheat/main/amogus.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238025/; classtype:trojan-activity;sid:84101125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238013)"; flow:established,from_client; content:"GET"; http_method; content:"/vampirvikariy/clientn2/master/intro.avi.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238013/; classtype:trojan-activity;sid:84101113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238012)"; flow:established,from_client; content:"GET"; http_method; content:"/theairblow/theairblow/main/njrat.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238012/; classtype:trojan-activity;sid:84101112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238010)"; flow:established,from_client; content:"GET"; http_method; content:"/eluwnkaquxi/elcio/main/server1.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238010/; classtype:trojan-activity;sid:84101110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237975)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/blob/master/rat/njrat.exe|3f|raw=true"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237975/; classtype:trojan-activity;sid:84101075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237976)"; flow:established,from_client; content:"GET"; http_method; content:"/5556.rar"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"188.212.158.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237976/; classtype:trojan-activity;sid:84101076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237956)"; flow:established,from_client; content:"GET"; http_method; content:"/blank-c/umbral-stealer/zip/refs/heads/main"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237956/; classtype:trojan-activity;sid:84101056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237955)"; flow:established,from_client; content:"GET"; http_method; content:"/blank-c/blank-grabber/zip/refs/heads/main"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237955/; classtype:trojan-activity;sid:84101055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237954)"; flow:established,from_client; content:"GET"; http_method; content:"/blank-c/blankobf/zip/refs/heads/v2"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237954/; classtype:trojan-activity;sid:84101054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237889)"; flow:established,from_client; content:"GET"; http_method; content:"/activia/aa_v3.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"sfa.com.ar"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237889/; classtype:trojan-activity;sid:84100989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237861)"; flow:established,from_client; content:"GET"; http_method; content:"/joh81/exploi01/zip/refs/heads/main"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237861/; classtype:trojan-activity;sid:84100961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237810)"; flow:established,from_client; content:"GET"; http_method; content:"/steve824/a/zip/refs/heads/main"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237810/; classtype:trojan-activity;sid:84100910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237737)"; flow:established,from_client; content:"GET"; http_method; content:"/thebb5th/123/zip/refs/heads/main"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237737/; classtype:trojan-activity;sid:84100837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237465)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1_suia0iczdw2reew1f9hgunezxcwv52d"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237465/; classtype:trojan-activity;sid:84100565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237464)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1_3ozdjl5puad8qn3tipydynn5j7l13el"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237464/; classtype:trojan-activity;sid:84100564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237443)"; flow:established,from_client; content:"GET"; http_method; content:"/new.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"210.56.13.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237443/; classtype:trojan-activity;sid:84100543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236597)"; flow:established,from_client; content:"GET"; http_method; content:"/center.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"119.193.158.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236597/; classtype:trojan-activity;sid:84099697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236587)"; flow:established,from_client; content:"GET"; http_method; content:"/download/kedadecoder.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"153.37.77.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236587/; classtype:trojan-activity;sid:84099687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236559)"; flow:established,from_client; content:"GET"; http_method; content:"/download/kedadecoder.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"116.136.142.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236559/; classtype:trojan-activity;sid:84099659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236485)"; flow:established,from_client; content:"GET"; http_method; content:"/never.hta"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"210.56.13.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236485/; classtype:trojan-activity;sid:84099585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236453)"; flow:established,from_client; content:"GET"; http_method; content:"/s3cur3th1ssh1t/creds/master/powershellscripts/invoke-petitpotam.ps1"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236453/; classtype:trojan-activity;sid:84099553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236450)"; flow:established,from_client; content:"GET"; http_method; content:"/docs/x.rar"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"119.192.128.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236450/; classtype:trojan-activity;sid:84099550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236449)"; flow:established,from_client; content:"GET"; http_method; content:"/mvt/xmrig.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"main.dsn.ovh"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236449/; classtype:trojan-activity;sid:84099549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236322)"; flow:established,from_client; content:"GET"; http_method; content:"/file/xw_setup.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"data.yhydl.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236322/; classtype:trojan-activity;sid:84099422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236323)"; flow:established,from_client; content:"GET"; http_method; content:"/file/yhy_setup.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"data.yhydl.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236323/; classtype:trojan-activity;sid:84099423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236318)"; flow:established,from_client; content:"GET"; http_method; content:"/products/4001/updates/efatura/efatura.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"elisans.novayonetim.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236318/; classtype:trojan-activity;sid:84099418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236314)"; flow:established,from_client; content:"GET"; http_method; content:"/ipscan.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"file.edunet.ac"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236314/; classtype:trojan-activity;sid:84099414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236272)"; flow:established,from_client; content:"GET"; http_method; content:"/1skilllauncher/1skilllauncher.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"147.50.240.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236272/; classtype:trojan-activity;sid:84099372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236240)"; flow:established,from_client; content:"GET"; http_method; content:"/services/identification/server/gtptoolsdownloadhandler.ashx|3f|filename=gtp_6_browserplugin_setup.exe"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"hnjgdl.geps.glodon.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236240/; classtype:trojan-activity;sid:84099340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236236)"; flow:established,from_client; content:"GET"; http_method; content:"/download/etermproxy.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"pid.fly160.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236236/; classtype:trojan-activity;sid:84099336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236227)"; flow:established,from_client; content:"GET"; http_method; content:"/ftp/iupdate.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"download.innovare.no"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236227/; classtype:trojan-activity;sid:84099327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236224)"; flow:established,from_client; content:"GET"; http_method; content:"/pdd_biaoge/soft/down.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"49.234.48.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236224/; classtype:trojan-activity;sid:84099324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236154)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/17267811/stm.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236154/; classtype:trojan-activity;sid:84099254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235523)"; flow:established,from_client; content:"GET"; http_method; content:"/chainguard-dev/bincapz/archive/refs/tags/v0.5.0.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3235523/; classtype:trojan-activity;sid:84098623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235522)"; flow:established,from_client; content:"GET"; http_method; content:"/playmcbkuwu/vape/releases/download/stable/vape.v4.10.from.duckysolucky.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3235522/; classtype:trojan-activity;sid:84098622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235514)"; flow:established,from_client; content:"GET"; http_method; content:"/barrigudinha157/barrigudinha/raw/master/rage.dll"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3235514/; classtype:trojan-activity;sid:84098614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235513)"; flow:established,from_client; content:"GET"; http_method; content:"/meckazin/chromekatz/releases/download/0.4.7/chromekatzbofs.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3235513/; classtype:trojan-activity;sid:84098613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235094)"; flow:established,from_client; content:"GET"; http_method; content:"/xsh/update.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.126.11.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3235094/; classtype:trojan-activity;sid:84098194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235077)"; flow:established,from_client; content:"GET"; http_method; content:"/libcurl.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"coach.028csc.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3235077/; classtype:trojan-activity;sid:84098177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234859)"; flow:established,from_client; content:"GET"; http_method; content:"/petikvx/lockbit-black-builder/main/lockbit30/builder.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234859/; classtype:trojan-activity;sid:84097959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234858)"; flow:established,from_client; content:"GET"; http_method; content:"/tennessene/lockbit/refs/heads/main/builder.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234858/; classtype:trojan-activity;sid:84097958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234803)"; flow:established,from_client; content:"GET"; http_method; content:"/crazycoach.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"coach.028csc.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234803/; classtype:trojan-activity;sid:84097903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3232402)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"152.32.202.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_13; reference:url, urlhaus.abuse.ch/url/3232402/; classtype:trojan-activity;sid:84095502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231923)"; flow:established,from_client; content:"GET"; http_method; content:"/nok/mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"87.121.112.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231923/; classtype:trojan-activity;sid:84095023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231796)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/16737801/wave.zip|3f|"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231796/; classtype:trojan-activity;sid:84094896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231794)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/16419615/solara.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231794/; classtype:trojan-activity;sid:84094894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229631)"; flow:established,from_client; content:"GET"; http_method; content:"/kamilniftaliev/cryptoview/zip/refs/heads/main"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229631/; classtype:trojan-activity;sid:84092731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228667)"; flow:established,from_client; content:"GET"; http_method; content:"/winassist/login/login.7z"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"win.down.55kantu.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228667/; classtype:trojan-activity;sid:84091767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228412)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.0.199.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228412/; classtype:trojan-activity;sid:84091512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3226239)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig/xmrig/releases/download/v6.22.0/xmrig-6.22.0-linux-static-x64.tar.gz"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_09; reference:url, urlhaus.abuse.ch/url/3226239/; classtype:trojan-activity;sid:84089339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3225932)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.70.238.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_09; reference:url, urlhaus.abuse.ch/url/3225932/; classtype:trojan-activity;sid:84089032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3225930)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.248.23.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_09; reference:url, urlhaus.abuse.ch/url/3225930/; classtype:trojan-activity;sid:84089030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3225922)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.92.188.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_09; reference:url, urlhaus.abuse.ch/url/3225922/; classtype:trojan-activity;sid:84089022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218033)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"109.207.216.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218033/; classtype:trojan-activity;sid:84081133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218030)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.106.101.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218030/; classtype:trojan-activity;sid:84081130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218022)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"212.3.211.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218022/; classtype:trojan-activity;sid:84081122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218026)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.121.113.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218026/; classtype:trojan-activity;sid:84081126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218007)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.247.101.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218007/; classtype:trojan-activity;sid:84081107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218009)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"109.207.217.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218009/; classtype:trojan-activity;sid:84081109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218011)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"166.147.146.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218011/; classtype:trojan-activity;sid:84081111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218001)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.96.13.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218001/; classtype:trojan-activity;sid:84081101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217787)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.205.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217787/; classtype:trojan-activity;sid:84080887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217784)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.35.233.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217784/; classtype:trojan-activity;sid:84080884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217780)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.203.169.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217780/; classtype:trojan-activity;sid:84080880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217768)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"194.144.250.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217768/; classtype:trojan-activity;sid:84080868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217775)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.191.89.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217775/; classtype:trojan-activity;sid:84080875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217753)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.35.233.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217753/; classtype:trojan-activity;sid:84080853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217757)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.106.155.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217757/; classtype:trojan-activity;sid:84080857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217760)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.97.161.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217760/; classtype:trojan-activity;sid:84080860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217750)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.28.228.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217750/; classtype:trojan-activity;sid:84080850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217745)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.97.161.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217745/; classtype:trojan-activity;sid:84080845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217740)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.203.169.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217740/; classtype:trojan-activity;sid:84080840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217717)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.97.161.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217717/; classtype:trojan-activity;sid:84080817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217719)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.35.233.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217719/; classtype:trojan-activity;sid:84080819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217729)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.97.161.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217729/; classtype:trojan-activity;sid:84080829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217689)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.96.13.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217689/; classtype:trojan-activity;sid:84080789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217684)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.43.16.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217684/; classtype:trojan-activity;sid:84080784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217681)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.45.183.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217681/; classtype:trojan-activity;sid:84080781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217682)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.45.183.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217682/; classtype:trojan-activity;sid:84080782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217665)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.96.13.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217665/; classtype:trojan-activity;sid:84080765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217669)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.12.184.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217669/; classtype:trojan-activity;sid:84080769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217674)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.191.89.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217674/; classtype:trojan-activity;sid:84080774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217676)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.24.237.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217676/; classtype:trojan-activity;sid:84080776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217661)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.26.194.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217661/; classtype:trojan-activity;sid:84080761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217638)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.161.6.225"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217638/; classtype:trojan-activity;sid:84080738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217625)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.205.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217625/; classtype:trojan-activity;sid:84080725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217628)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.40.25.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217628/; classtype:trojan-activity;sid:84080728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217621)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.205.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217621/; classtype:trojan-activity;sid:84080721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217618)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.205.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217618/; classtype:trojan-activity;sid:84080718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217562)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.212.35.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217562/; classtype:trojan-activity;sid:84080662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217557)"; flow:established,from_client; content:"GET"; http_method; content:"/123.ps1"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.247.164.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217557/; classtype:trojan-activity;sid:84080657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217454)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.118.215.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217454/; classtype:trojan-activity;sid:84080554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217426)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.212.35.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217426/; classtype:trojan-activity;sid:84080526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217127)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"92.241.19.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217127/; classtype:trojan-activity;sid:84080227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217134)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.43.228.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217134/; classtype:trojan-activity;sid:84080234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217135)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.15.239.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217135/; classtype:trojan-activity;sid:84080235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217136)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.254.255.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217136/; classtype:trojan-activity;sid:84080236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217095)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.223.60.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217095/; classtype:trojan-activity;sid:84080195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217097)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.133.95.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217097/; classtype:trojan-activity;sid:84080197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217098)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.238.209.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217098/; classtype:trojan-activity;sid:84080198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217101)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.188.216.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217101/; classtype:trojan-activity;sid:84080201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217104)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.140.105.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217104/; classtype:trojan-activity;sid:84080204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217106)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.189.254.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217106/; classtype:trojan-activity;sid:84080206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217109)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.16.249.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217109/; classtype:trojan-activity;sid:84080209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217110)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.116.68.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217110/; classtype:trojan-activity;sid:84080210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217088)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.145.205.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217088/; classtype:trojan-activity;sid:84080188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217090)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.108.84.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217090/; classtype:trojan-activity;sid:84080190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217069)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.119.95.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217069/; classtype:trojan-activity;sid:84080169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217073)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"197.159.1.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217073/; classtype:trojan-activity;sid:84080173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217046)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"167.250.193.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217046/; classtype:trojan-activity;sid:84080146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217049)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.203.89.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217049/; classtype:trojan-activity;sid:84080149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217053)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.64.202.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217053/; classtype:trojan-activity;sid:84080153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217058)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.106.58.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217058/; classtype:trojan-activity;sid:84080158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217059)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.88.180.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217059/; classtype:trojan-activity;sid:84080159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217062)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.78.201.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217062/; classtype:trojan-activity;sid:84080162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217063)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.49.47.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217063/; classtype:trojan-activity;sid:84080163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217064)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.194.46.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217064/; classtype:trojan-activity;sid:84080164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217065)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"151.237.4.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217065/; classtype:trojan-activity;sid:84080165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217042)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"159.224.143.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217042/; classtype:trojan-activity;sid:84080142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217044)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.41.63.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217044/; classtype:trojan-activity;sid:84080144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217037)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.197.160.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217037/; classtype:trojan-activity;sid:84080137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217028)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.172.187.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217028/; classtype:trojan-activity;sid:84080128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217029)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.7.27.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217029/; classtype:trojan-activity;sid:84080129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217032)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.230.158.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217032/; classtype:trojan-activity;sid:84080132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217033)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.223.44.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217033/; classtype:trojan-activity;sid:84080133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217006)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"156.155.176.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217006/; classtype:trojan-activity;sid:84080106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217009)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.145.168.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217009/; classtype:trojan-activity;sid:84080109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217023)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"62.162.113.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217023/; classtype:trojan-activity;sid:84080123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217024)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"194.183.186.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217024/; classtype:trojan-activity;sid:84080124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217001)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"92.241.77.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217001/; classtype:trojan-activity;sid:84080101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217004)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.253.115.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217004/; classtype:trojan-activity;sid:84080104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216997)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.10.183.36"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216997/; classtype:trojan-activity;sid:84080097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216968)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.94.29.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216968/; classtype:trojan-activity;sid:84080068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216971)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.92.68.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216971/; classtype:trojan-activity;sid:84080071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216974)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.250.160.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216974/; classtype:trojan-activity;sid:84080074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216975)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.153.80.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216975/; classtype:trojan-activity;sid:84080075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216977)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.255.217.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216977/; classtype:trojan-activity;sid:84080077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216978)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.155.92.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216978/; classtype:trojan-activity;sid:84080078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216979)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.34.91.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216979/; classtype:trojan-activity;sid:84080079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216980)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.245.112.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216980/; classtype:trojan-activity;sid:84080080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216983)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.57.33.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216983/; classtype:trojan-activity;sid:84080083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216986)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.253.115.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216986/; classtype:trojan-activity;sid:84080086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216987)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.119.151.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216987/; classtype:trojan-activity;sid:84080087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216989)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.160.128.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216989/; classtype:trojan-activity;sid:84080089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216961)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.118.112.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216961/; classtype:trojan-activity;sid:84080061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216962)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.90.207.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216962/; classtype:trojan-activity;sid:84080062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216958)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.248.23.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216958/; classtype:trojan-activity;sid:84080058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216950)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.4.124.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216950/; classtype:trojan-activity;sid:84080050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216924)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.143.133.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216924/; classtype:trojan-activity;sid:84080024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216927)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.140.100.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216927/; classtype:trojan-activity;sid:84080027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216934)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.179.121.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216934/; classtype:trojan-activity;sid:84080034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216935)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.90.207.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216935/; classtype:trojan-activity;sid:84080035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216936)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.148.20.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216936/; classtype:trojan-activity;sid:84080036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216941)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.156.224.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216941/; classtype:trojan-activity;sid:84080041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216943)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.7.160.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216943/; classtype:trojan-activity;sid:84080043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216945)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.164.200.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216945/; classtype:trojan-activity;sid:84080045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216917)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"206.214.35.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216917/; classtype:trojan-activity;sid:84080017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216918)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.80.242.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216918/; classtype:trojan-activity;sid:84080018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216921)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.140.99.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216921/; classtype:trojan-activity;sid:84080021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216889)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"138.122.43.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216889/; classtype:trojan-activity;sid:84079989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216891)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.190.20.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216891/; classtype:trojan-activity;sid:84079991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216892)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.216.100.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216892/; classtype:trojan-activity;sid:84079992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216894)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.131.244.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216894/; classtype:trojan-activity;sid:84079994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216899)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.127.105.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216899/; classtype:trojan-activity;sid:84079999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216900)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.94.219.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216900/; classtype:trojan-activity;sid:84080000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216909)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.23.192.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216909/; classtype:trojan-activity;sid:84080009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216911)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.125.163.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216911/; classtype:trojan-activity;sid:84080011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216883)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.12.78.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216883/; classtype:trojan-activity;sid:84079983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216886)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.224.162.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216886/; classtype:trojan-activity;sid:84079986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216877)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.112.2.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216877/; classtype:trojan-activity;sid:84079977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216872)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"197.159.8.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216872/; classtype:trojan-activity;sid:84079972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216854)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.131.234.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216854/; classtype:trojan-activity;sid:84079954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216855)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.41.225.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216855/; classtype:trojan-activity;sid:84079955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216856)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.184.179.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216856/; classtype:trojan-activity;sid:84079956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216857)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.245.220.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216857/; classtype:trojan-activity;sid:84079957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216860)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.187.82.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216860/; classtype:trojan-activity;sid:84079960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216867)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.52.86.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216867/; classtype:trojan-activity;sid:84079967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216841)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.165.79.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216841/; classtype:trojan-activity;sid:84079941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216843)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"76.76.195.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216843/; classtype:trojan-activity;sid:84079943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216846)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.217.215.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216846/; classtype:trojan-activity;sid:84079946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216837)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"146.196.120.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216837/; classtype:trojan-activity;sid:84079937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216832)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.74.246.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216832/; classtype:trojan-activity;sid:84079932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216809)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.147.225.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216809/; classtype:trojan-activity;sid:84079909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216811)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"134.249.141.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216811/; classtype:trojan-activity;sid:84079911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216812)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.74.207.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216812/; classtype:trojan-activity;sid:84079912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216813)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.188.30.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216813/; classtype:trojan-activity;sid:84079913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216819)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.140.100.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216819/; classtype:trojan-activity;sid:84079919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216820)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.143.114.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216820/; classtype:trojan-activity;sid:84079920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216823)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.179.203.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216823/; classtype:trojan-activity;sid:84079923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216828)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.115.103.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216828/; classtype:trojan-activity;sid:84079928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216802)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.160.87.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216802/; classtype:trojan-activity;sid:84079902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216803)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.34.209.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216803/; classtype:trojan-activity;sid:84079903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216804)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.19.172.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216804/; classtype:trojan-activity;sid:84079904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216800)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"98.103.171.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216800/; classtype:trojan-activity;sid:84079900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216795)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.194.25.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216795/; classtype:trojan-activity;sid:84079895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216796)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.192.22.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216796/; classtype:trojan-activity;sid:84079896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216767)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.70.204.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216767/; classtype:trojan-activity;sid:84079867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216769)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.170.119.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216769/; classtype:trojan-activity;sid:84079869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216772)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.231.14.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216772/; classtype:trojan-activity;sid:84079872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216773)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"168.228.6.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216773/; classtype:trojan-activity;sid:84079873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216761)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.7.209.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216761/; classtype:trojan-activity;sid:84079861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216751)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.170.203.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216751/; classtype:trojan-activity;sid:84079851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216747)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.230.153.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216747/; classtype:trojan-activity;sid:84079847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216750)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.92.143.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216750/; classtype:trojan-activity;sid:84079850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216730)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"197.155.64.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216730/; classtype:trojan-activity;sid:84079830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216732)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.124.33.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216732/; classtype:trojan-activity;sid:84079832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216739)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.64.210.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216739/; classtype:trojan-activity;sid:84079839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216742)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.197.107.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216742/; classtype:trojan-activity;sid:84079842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216722)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.57.69.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216722/; classtype:trojan-activity;sid:84079822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216726)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.81.156.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216726/; classtype:trojan-activity;sid:84079826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216717)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.30.234.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216717/; classtype:trojan-activity;sid:84079817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216719)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.116.62.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216719/; classtype:trojan-activity;sid:84079819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216710)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.211.135.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216710/; classtype:trojan-activity;sid:84079810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216682)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.66.151.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216682/; classtype:trojan-activity;sid:84079782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216685)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.151.56.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216685/; classtype:trojan-activity;sid:84079785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216686)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.119.193.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216686/; classtype:trojan-activity;sid:84079786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216688)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.218.189.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216688/; classtype:trojan-activity;sid:84079788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216690)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.85.176.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216690/; classtype:trojan-activity;sid:84079790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216694)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.151.143.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216694/; classtype:trojan-activity;sid:84079794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216696)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.129.106.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216696/; classtype:trojan-activity;sid:84079796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216700)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.61.163.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216700/; classtype:trojan-activity;sid:84079800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216675)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"84.36.25.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216675/; classtype:trojan-activity;sid:84079775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216670)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.28.58.132"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216670/; classtype:trojan-activity;sid:84079770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216648)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.82.211.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216648/; classtype:trojan-activity;sid:84079748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216650)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.53.164.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216650/; classtype:trojan-activity;sid:84079750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216651)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.137.36.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216651/; classtype:trojan-activity;sid:84079751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216652)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"63.78.214.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216652/; classtype:trojan-activity;sid:84079752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216653)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.72.6.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216653/; classtype:trojan-activity;sid:84079753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216664)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.245.10.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216664/; classtype:trojan-activity;sid:84079764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216666)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.223.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216666/; classtype:trojan-activity;sid:84079766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216641)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.5.61.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216641/; classtype:trojan-activity;sid:84079741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216646)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.253.205.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216646/; classtype:trojan-activity;sid:84079746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216629)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.40.91.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216629/; classtype:trojan-activity;sid:84079729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216607)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.16.247.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216607/; classtype:trojan-activity;sid:84079707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216608)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"217.218.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216608/; classtype:trojan-activity;sid:84079708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216610)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"150.129.202.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216610/; classtype:trojan-activity;sid:84079710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216616)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.100.49.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216616/; classtype:trojan-activity;sid:84079716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216624)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"136.169.119.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216624/; classtype:trojan-activity;sid:84079724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216599)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.6.74.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216599/; classtype:trojan-activity;sid:84079699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216600)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.233.63.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216600/; classtype:trojan-activity;sid:84079700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216603)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.186.54.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216603/; classtype:trojan-activity;sid:84079703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216598)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.49.0.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216598/; classtype:trojan-activity;sid:84079698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216594)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.159.74.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216594/; classtype:trojan-activity;sid:84079694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216576)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.129.2.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216576/; classtype:trojan-activity;sid:84079676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216581)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.2.237.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216581/; classtype:trojan-activity;sid:84079681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216582)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.244.169.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216582/; classtype:trojan-activity;sid:84079682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216583)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.77.228.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216583/; classtype:trojan-activity;sid:84079683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216584)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.91.236.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216584/; classtype:trojan-activity;sid:84079684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216588)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.200.203.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216588/; classtype:trojan-activity;sid:84079688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216553)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.180.9.57"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216553/; classtype:trojan-activity;sid:84079653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216555)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.29.14.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216555/; classtype:trojan-activity;sid:84079655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216557)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.170.116.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216557/; classtype:trojan-activity;sid:84079657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216564)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.221.111.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216564/; classtype:trojan-activity;sid:84079664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216565)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.30.85.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216565/; classtype:trojan-activity;sid:84079665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216569)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"150.129.202.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216569/; classtype:trojan-activity;sid:84079669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216550)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.161.217.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216550/; classtype:trojan-activity;sid:84079650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216537)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"84.242.139.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216537/; classtype:trojan-activity;sid:84079637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216519)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.4.44.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216519/; classtype:trojan-activity;sid:84079619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216520)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.71.46.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216520/; classtype:trojan-activity;sid:84079620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216529)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.66.139.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216529/; classtype:trojan-activity;sid:84079629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216532)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.28.58.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216532/; classtype:trojan-activity;sid:84079632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216536)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.1.157.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216536/; classtype:trojan-activity;sid:84079636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216509)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.202.49.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216509/; classtype:trojan-activity;sid:84079609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216507)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.175.223.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216507/; classtype:trojan-activity;sid:84079607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216503)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.180.35.231"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216503/; classtype:trojan-activity;sid:84079603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216480)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.80.244.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216480/; classtype:trojan-activity;sid:84079580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216487)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.160.124.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216487/; classtype:trojan-activity;sid:84079587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216491)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.26.81.99"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216491/; classtype:trojan-activity;sid:84079591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216496)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.12.6.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216496/; classtype:trojan-activity;sid:84079596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216499)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.252.66.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216499/; classtype:trojan-activity;sid:84079599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216501)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.21.223.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216501/; classtype:trojan-activity;sid:84079601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216470)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.223.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216470/; classtype:trojan-activity;sid:84079570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216471)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.186.54.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216471/; classtype:trojan-activity;sid:84079571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216478)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.133.214.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216478/; classtype:trojan-activity;sid:84079578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216479)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.92.82.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216479/; classtype:trojan-activity;sid:84079579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216465)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.227.118.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216465/; classtype:trojan-activity;sid:84079565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216463)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.231.226.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216463/; classtype:trojan-activity;sid:84079563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216456)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"121.43.104.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216456/; classtype:trojan-activity;sid:84079556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216443)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.249.142.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216443/; classtype:trojan-activity;sid:84079543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216437)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.227.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216437/; classtype:trojan-activity;sid:84079537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216435)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"24.93.22.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216435/; classtype:trojan-activity;sid:84079535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216430)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"194.122.191.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216430/; classtype:trojan-activity;sid:84079530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216428)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"58.220.203.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216428/; classtype:trojan-activity;sid:84079528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216425)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.211.15.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216425/; classtype:trojan-activity;sid:84079525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216421)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.92.214.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216421/; classtype:trojan-activity;sid:84079521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216406)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.232.126.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216406/; classtype:trojan-activity;sid:84079506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216404)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"150.158.25.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216404/; classtype:trojan-activity;sid:84079504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216398)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"113.106.6.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216398/; classtype:trojan-activity;sid:84079498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216396)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"121.43.104.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216396/; classtype:trojan-activity;sid:84079496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216384)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.132.12.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216384/; classtype:trojan-activity;sid:84079484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216382)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"50.65.169.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216382/; classtype:trojan-activity;sid:84079482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216377)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"36.110.15.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216377/; classtype:trojan-activity;sid:84079477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216376)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"47.104.169.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216376/; classtype:trojan-activity;sid:84079476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216372)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.61.160.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216372/; classtype:trojan-activity;sid:84079472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216365)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"124.123.123.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216365/; classtype:trojan-activity;sid:84079465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216359)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"82.67.13.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216359/; classtype:trojan-activity;sid:84079459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216353)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"123.117.136.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216353/; classtype:trojan-activity;sid:84079453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216349)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"68.225.217.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216349/; classtype:trojan-activity;sid:84079449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216348)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"113.106.6.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216348/; classtype:trojan-activity;sid:84079448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216334)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.132.13.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216334/; classtype:trojan-activity;sid:84079434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216329)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"181.36.153.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216329/; classtype:trojan-activity;sid:84079429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216327)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.240.97.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216327/; classtype:trojan-activity;sid:84079427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216326)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.156.110.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216326/; classtype:trojan-activity;sid:84079426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216323)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.11.228.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216323/; classtype:trojan-activity;sid:84079423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216321)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"74.64.155.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216321/; classtype:trojan-activity;sid:84079421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216318)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"72.219.74.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216318/; classtype:trojan-activity;sid:84079418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216302)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.187.151.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216302/; classtype:trojan-activity;sid:84079402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216301)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.200.106.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216301/; classtype:trojan-activity;sid:84079401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215834)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.118.112.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215834/; classtype:trojan-activity;sid:84078934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215835)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.64.202.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215835/; classtype:trojan-activity;sid:84078935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215832)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.74.207.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215832/; classtype:trojan-activity;sid:84078932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.217.215.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215823/; classtype:trojan-activity;sid:84078923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215825)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.160.124.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215825/; classtype:trojan-activity;sid:84078925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215826)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.147.225.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215826/; classtype:trojan-activity;sid:84078926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215827)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.74.246.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215827/; classtype:trojan-activity;sid:84078927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.160.56.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215829/; classtype:trojan-activity;sid:84078929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215830)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.15.239.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215830/; classtype:trojan-activity;sid:84078930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215816)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.57.69.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215816/; classtype:trojan-activity;sid:84078916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215817)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.36.25.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215817/; classtype:trojan-activity;sid:84078917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215811)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.253.205.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215811/; classtype:trojan-activity;sid:84078911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.252.86.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215806/; classtype:trojan-activity;sid:84078906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215780)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.151.108.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215780/; classtype:trojan-activity;sid:84078880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215788)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.186.54.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215788/; classtype:trojan-activity;sid:84078888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215792)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.184.179.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215792/; classtype:trojan-activity;sid:84078892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215794)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.70.238.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215794/; classtype:trojan-activity;sid:84078894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.221.111.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215795/; classtype:trojan-activity;sid:84078895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215775)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.119.193.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215775/; classtype:trojan-activity;sid:84078875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215776)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.156.224.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215776/; classtype:trojan-activity;sid:84078876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215772)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.197.160.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215772/; classtype:trojan-activity;sid:84078872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.172.187.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215485/; classtype:trojan-activity;sid:84078585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215481)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.203.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215481/; classtype:trojan-activity;sid:84078581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215483)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.26.81.99"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215483/; classtype:trojan-activity;sid:84078583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215473)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.155.92.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215473/; classtype:trojan-activity;sid:84078573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215463)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.160.87.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215463/; classtype:trojan-activity;sid:84078563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215465)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.131.234.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215465/; classtype:trojan-activity;sid:84078565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215454)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"49.158.206.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215454/; classtype:trojan-activity;sid:84078554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215447)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.9.34.78"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215447/; classtype:trojan-activity;sid:84078547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215449)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.109.223.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215449/; classtype:trojan-activity;sid:84078549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215435)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.94.219.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215435/; classtype:trojan-activity;sid:84078535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215424)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.211.15.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215424/; classtype:trojan-activity;sid:84078524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215425)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.82.211.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215425/; classtype:trojan-activity;sid:84078525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215421)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.81.156.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215421/; classtype:trojan-activity;sid:84078521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215422)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"206.214.35.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215422/; classtype:trojan-activity;sid:84078522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215420)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.225.186.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215420/; classtype:trojan-activity;sid:84078520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215403)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.143.114.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215403/; classtype:trojan-activity;sid:84078503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215399)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.231.14.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215399/; classtype:trojan-activity;sid:84078499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215388)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.61.103.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215388/; classtype:trojan-activity;sid:84078488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215380)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.116.62.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215380/; classtype:trojan-activity;sid:84078480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215382)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.46.170.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215382/; classtype:trojan-activity;sid:84078482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215375)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.112.2.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215375/; classtype:trojan-activity;sid:84078475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215366)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.23.192.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215366/; classtype:trojan-activity;sid:84078466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215369)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.160.128.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215369/; classtype:trojan-activity;sid:84078469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215358)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.218.189.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215358/; classtype:trojan-activity;sid:84078458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215363)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.223.60.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215363/; classtype:trojan-activity;sid:84078463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215356)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.211.135.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215356/; classtype:trojan-activity;sid:84078456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215357)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.224.162.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215357/; classtype:trojan-activity;sid:84078457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215259)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.153.222.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215259/; classtype:trojan-activity;sid:84078359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3213897)"; flow:established,from_client; content:"GET"; http_method; content:"/matinrco/tor/releases/download/v0.4.5.10/tor-expert-bundle-v0.4.5.10.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3213897/; classtype:trojan-activity;sid:84076997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3206293)"; flow:established,from_client; content:"GET"; http_method; content:"/ox2fa/justnow/refs/heads/main/2pac.php"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3206293/; classtype:trojan-activity;sid:84069393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3204753)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"192.176.50.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_02; reference:url, urlhaus.abuse.ch/url/3204753/; classtype:trojan-activity;sid:84067853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3204733)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.176.50.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_02; reference:url, urlhaus.abuse.ch/url/3204733/; classtype:trojan-activity;sid:84067833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3204531)"; flow:established,from_client; content:"GET"; http_method; content:"/for_down/2013/new/dlls/rse/rsreport.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"download.suxiazai.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_02; reference:url, urlhaus.abuse.ch/url/3204531/; classtype:trojan-activity;sid:84067631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3200548)"; flow:established,from_client; content:"GET"; http_method; content:"/slinky/slinkycrack.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"crystalpvp.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_29; reference:url, urlhaus.abuse.ch/url/3200548/; classtype:trojan-activity;sid:84063648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198764)"; flow:established,from_client; content:"GET"; http_method; content:"/host.out"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"113.50.0.109"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198764/; classtype:trojan-activity;sid:84061864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198753)"; flow:established,from_client; content:"GET"; http_method; content:"/pinginfoview.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"139.198.15.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198753/; classtype:trojan-activity;sid:84061853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198696)"; flow:established,from_client; content:"GET"; http_method; content:"/cen22.php"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"39.100.33.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198696/; classtype:trojan-activity;sid:84061796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195888)"; flow:established,from_client; content:"GET"; http_method; content:"/dllgiris.dll"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"78.188.137.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195888/; classtype:trojan-activity;sid:84058988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195887)"; flow:established,from_client; content:"GET"; http_method; content:"/dllgiris.dll"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"212.98.231.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195887/; classtype:trojan-activity;sid:84058987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195883)"; flow:established,from_client; content:"GET"; http_method; content:"/scanport.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"139.198.15.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195883/; classtype:trojan-activity;sid:84058983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195831)"; flow:established,from_client; content:"GET"; http_method; content:"/winbox/winbox.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.123.98.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195831/; classtype:trojan-activity;sid:84058931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195832)"; flow:established,from_client; content:"GET"; http_method; content:"/winbox/winbox.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.123.98.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195832/; classtype:trojan-activity;sid:84058932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195736)"; flow:established,from_client; content:"GET"; http_method; content:"/fx8"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"123.57.250.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195736/; classtype:trojan-activity;sid:84058836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195292)"; flow:established,from_client; content:"GET"; http_method; content:"/%e6%b8%85%e7%90%86%e5%9e%83%e5%9c%be.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"39.103.217.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195292/; classtype:trojan-activity;sid:84058392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195255)"; flow:established,from_client; content:"GET"; http_method; content:"/exsync.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"58.137.135.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195255/; classtype:trojan-activity;sid:84058355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3193861)"; flow:established,from_client; content:"GET"; http_method; content:"/massgravel/microsoft-activation-scripts/b1b5299c4725d97349b18b59061647198f7cc59b/mas/all-in-one-version-kl/mas_aio.cmd"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_09_27; reference:url, urlhaus.abuse.ch/url/3193861/; classtype:trojan-activity;sid:84056961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3193548)"; flow:established,from_client; content:"GET"; http_method; content:"/bitrix/js/main/core/core.js"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"evangroup.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_27; reference:url, urlhaus.abuse.ch/url/3193548/; classtype:trojan-activity;sid:84056648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192568)"; flow:established,from_client; content:"GET"; http_method; content:"/mimikatz_trunk/win32/mimikatz.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"120.25.163.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192568/; classtype:trojan-activity;sid:84055668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190997)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190997/; classtype:trojan-activity;sid:84054097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190775)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190775/; classtype:trojan-activity;sid:84053875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190704)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190704/; classtype:trojan-activity;sid:84053804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190461)"; flow:established,from_client; content:"GET"; http_method; content:"/7"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.153.129.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190461/; classtype:trojan-activity;sid:84053561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190462)"; flow:established,from_client; content:"GET"; http_method; content:"/5"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.153.129.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190462/; classtype:trojan-activity;sid:84053562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190459)"; flow:established,from_client; content:"GET"; http_method; content:"/3"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.153.129.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190459/; classtype:trojan-activity;sid:84053559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190421)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"51.91.111.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190421/; classtype:trojan-activity;sid:84053521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190376)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.153.129.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190376/; classtype:trojan-activity;sid:84053476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190326)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"1.179.63.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190326/; classtype:trojan-activity;sid:84053426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190328)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"1.179.63.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190328/; classtype:trojan-activity;sid:84053428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190323)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.68.74.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190323/; classtype:trojan-activity;sid:84053423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190317)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"112.4.110.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190317/; classtype:trojan-activity;sid:84053417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3189225)"; flow:established,from_client; content:"GET"; http_method; content:"/unknwon1352/qawfdasfaw/main/software.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_09_24; reference:url, urlhaus.abuse.ch/url/3189225/; classtype:trojan-activity;sid:84052325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3188620)"; flow:established,from_client; content:"GET"; http_method; content:"/repository/aa_v3.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"83.149.17.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_24; reference:url, urlhaus.abuse.ch/url/3188620/; classtype:trojan-activity;sid:84051720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3188034)"; flow:established,from_client; content:"GET"; http_method; content:"/blueskyxn/changesource/master/besttrace"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_09_23; reference:url, urlhaus.abuse.ch/url/3188034/; classtype:trojan-activity;sid:84051134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3187553)"; flow:established,from_client; content:"GET"; http_method; content:"/download/%e5%9b%9b%e6%96%b9%e5%b9%b3%e5%8f%b0-%e5%8d%a1%e5%95%86%e7%ab%af.exe"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"sms-szfang.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_23; reference:url, urlhaus.abuse.ch/url/3187553/; classtype:trojan-activity;sid:84050653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186441)"; flow:established,from_client; content:"GET"; http_method; content:"/dxl_win_tool_v9.6.iso"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"down.fwqlt.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186441/; classtype:trojan-activity;sid:84049541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186440)"; flow:established,from_client; content:"GET"; http_method; content:"/1-%e4%bf%ae%e6%94%b9%e7%ab%af%e5%8f%a3.iso"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"down.fwqlt.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186440/; classtype:trojan-activity;sid:84049540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186439)"; flow:established,from_client; content:"GET"; http_method; content:"/dxl_win_tool_v9.4.iso"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"down.fwqlt.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186439/; classtype:trojan-activity;sid:84049539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186430)"; flow:established,from_client; content:"GET"; http_method; content:"/1-%e4%bf%ae%e6%94%b9%e7%ab%af%e5%8f%a3.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"down.fwqlt.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186430/; classtype:trojan-activity;sid:84049530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186428)"; flow:established,from_client; content:"GET"; http_method; content:"/1_dxl_windowsport.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"down.fwqlt.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186428/; classtype:trojan-activity;sid:84049528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3182627)"; flow:established,from_client; content:"GET"; http_method; content:"/criptonize.i586"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"41.231.37.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_20; reference:url, urlhaus.abuse.ch/url/3182627/; classtype:trojan-activity;sid:84045727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3182626)"; flow:established,from_client; content:"GET"; http_method; content:"/criptonize.armv7l"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"41.231.37.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_20; reference:url, urlhaus.abuse.ch/url/3182626/; classtype:trojan-activity;sid:84045726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3182622)"; flow:established,from_client; content:"GET"; http_method; content:"/criptonize.mipsel"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"41.231.37.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_20; reference:url, urlhaus.abuse.ch/url/3182622/; classtype:trojan-activity;sid:84045722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3182623)"; flow:established,from_client; content:"GET"; http_method; content:"/criptonize.armv5l"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"41.231.37.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_20; reference:url, urlhaus.abuse.ch/url/3182623/; classtype:trojan-activity;sid:84045723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3182624)"; flow:established,from_client; content:"GET"; http_method; content:"/criptonize.armv6l"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"41.231.37.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_20; reference:url, urlhaus.abuse.ch/url/3182624/; classtype:trojan-activity;sid:84045724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3182620)"; flow:established,from_client; content:"GET"; http_method; content:"/criptonize.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"41.231.37.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_20; reference:url, urlhaus.abuse.ch/url/3182620/; classtype:trojan-activity;sid:84045720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3178401)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1v9ujqbyj-mlf9mugkyiwow6t3rpui2bu"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_09_17; reference:url, urlhaus.abuse.ch/url/3178401/; classtype:trojan-activity;sid:84041501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3177088)"; flow:established,from_client; content:"GET"; http_method; content:"/game/qm2014chs.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"144.34.158.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_16; reference:url, urlhaus.abuse.ch/url/3177088/; classtype:trojan-activity;sid:84040188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175721)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"61.131.3.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175721/; classtype:trojan-activity;sid:84038821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175712)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"61.131.3.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175712/; classtype:trojan-activity;sid:84038812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175448)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"61.131.3.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175448/; classtype:trojan-activity;sid:84038548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175437)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.131.3.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175437/; classtype:trojan-activity;sid:84038537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175403)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"61.131.3.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175403/; classtype:trojan-activity;sid:84038503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175280)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.131.3.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175280/; classtype:trojan-activity;sid:84038380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174891)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.112.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174891/; classtype:trojan-activity;sid:84037991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174523)"; flow:established,from_client; content:"GET"; http_method; content:"/scribblercoder/browserthief/main/browserthief.ps1"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174523/; classtype:trojan-activity;sid:84037623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174364)"; flow:established,from_client; content:"GET"; http_method; content:"/foru.apk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"tecunonline.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174364/; classtype:trojan-activity;sid:84037464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174340)"; flow:established,from_client; content:"GET"; http_method; content:"/foru.apk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.tecunonline.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174340/; classtype:trojan-activity;sid:84037440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174264)"; flow:established,from_client; content:"GET"; http_method; content:"/keygen"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"146.0.42.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174264/; classtype:trojan-activity;sid:84037364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3173868)"; flow:established,from_client; content:"GET"; http_method; content:"/file.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"85.25.72.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3173868/; classtype:trojan-activity;sid:84036968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3172240)"; flow:established,from_client; content:"GET"; http_method; content:"/techsavvysenior/referralreactjs/archive/refs/heads/main.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3172240/; classtype:trojan-activity;sid:84035340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3171541)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"87.121.112.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3171541/; classtype:trojan-activity;sid:84034641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3171542)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.112.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3171542/; classtype:trojan-activity;sid:84034642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3169080)"; flow:established,from_client; content:"GET"; http_method; content:"/tenants/135790374f46b0107c516a5f5e13069b/5e5f800fdf87209fdf8f9b61441e53a1/linux/x64/stable/install.sh"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"download.cudo.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_09_12; reference:url, urlhaus.abuse.ch/url/3169080/; classtype:trojan-activity;sid:84032180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3154718)"; flow:established,from_client; content:"GET"; http_method; content:"/hackirby/discord-injection/main/injection.js"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_09_03; reference:url, urlhaus.abuse.ch/url/3154718/; classtype:trojan-activity;sid:84017818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3153312)"; flow:established,from_client; content:"GET"; http_method; content:"/jndiexploit-0x727-1.3-snapshot.jar"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"8.219.134.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_02; reference:url, urlhaus.abuse.ch/url/3153312/; classtype:trojan-activity;sid:84016412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3153310)"; flow:established,from_client; content:"GET"; http_method; content:"/fastjson.class"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.219.134.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_02; reference:url, urlhaus.abuse.ch/url/3153310/; classtype:trojan-activity;sid:84016410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3137563)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"14.224.162.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_31; reference:url, urlhaus.abuse.ch/url/3137563/; classtype:trojan-activity;sid:84000663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3135722)"; flow:established,from_client; content:"GET"; http_method; content:"/sosinchik/asd/main/zoom.py"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_30; reference:url, urlhaus.abuse.ch/url/3135722/; classtype:trojan-activity;sid:83998822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3135724)"; flow:established,from_client; content:"GET"; http_method; content:"/moneroocean/xmrig_setup/master/setup_moneroocean_miner.sh"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_30; reference:url, urlhaus.abuse.ch/url/3135724/; classtype:trojan-activity;sid:83998824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3135613)"; flow:established,from_client; content:"GET"; http_method; content:"/log/orgn.txt"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"epanpano.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_30; reference:url, urlhaus.abuse.ch/url/3135613/; classtype:trojan-activity;sid:83998713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3134374)"; flow:established,from_client; content:"GET"; http_method; content:"/soft/wnbsqv3008.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"soft.wsyhn.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_29; reference:url, urlhaus.abuse.ch/url/3134374/; classtype:trojan-activity;sid:83997474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3134371)"; flow:established,from_client; content:"GET"; http_method; content:"/qqhelper_1540.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"down.qqfarmer.com.cn"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_08_29; reference:url, urlhaus.abuse.ch/url/3134371/; classtype:trojan-activity;sid:83997471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3134368)"; flow:established,from_client; content:"GET"; http_method; content:"/login/1188%e7%83%88%e7%84%b0.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"cdn.ly.9377.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_29; reference:url, urlhaus.abuse.ch/url/3134368/; classtype:trojan-activity;sid:83997468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129654)"; flow:established,from_client; content:"GET"; http_method; content:"/nova_flow/patcher.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"144.172.71.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129654/; classtype:trojan-activity;sid:83992754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129577)"; flow:established,from_client; content:"GET"; http_method; content:"/pages/update/css/self/[upg]css.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"cs.go.kg"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129577/; classtype:trojan-activity;sid:83992677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129478)"; flow:established,from_client; content:"GET"; http_method; content:"/zoldownload/foobar2000_v1.6.7_beta_17@1704_129472.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"down10d.zol.com.cn"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129478/; classtype:trojan-activity;sid:83992578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129422)"; flow:established,from_client; content:"GET"; http_method; content:"/tjqdq.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.249.193.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129422/; classtype:trojan-activity;sid:83992522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129417)"; flow:established,from_client; content:"GET"; http_method; content:"/asmedises/pxray_cast_sort.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"www.medises.co.kr"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129417/; classtype:trojan-activity;sid:83992517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129220)"; flow:established,from_client; content:"GET"; http_method; content:"/media/mod_junewsultra/js/bootstrap/js/bootstrap.min.js"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"temirtau-adm.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129220/; classtype:trojan-activity;sid:83992320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129042)"; flow:established,from_client; content:"GET"; http_method; content:"/yuta1111x/selfbot/04ecdf46e8db9fce689d93905d759334b475c825/aquarius.exe"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129042/; classtype:trojan-activity;sid:83992142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3119648)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/spam-c273a.appspot.com/o/15-08-2024.jpg|3f|alt=media|7c|26|7c|token=dba912c0-e841-4225-ab88-8ba2612661e2"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_08_21; reference:url, urlhaus.abuse.ch/url/3119648/; classtype:trojan-activity;sid:83982748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3118765)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"87.121.112.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3118765/; classtype:trojan-activity;sid:83981865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3118728)"; flow:established,from_client; content:"GET"; http_method; content:"/i5"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"87.121.112.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3118728/; classtype:trojan-activity;sid:83981828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3118721)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.112.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3118721/; classtype:trojan-activity;sid:83981821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3118722)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.112.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3118722/; classtype:trojan-activity;sid:83981822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3118723)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"87.121.112.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3118723/; classtype:trojan-activity;sid:83981823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3118724)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"87.121.112.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3118724/; classtype:trojan-activity;sid:83981824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3118725)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.112.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3118725/; classtype:trojan-activity;sid:83981825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3118726)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"87.121.112.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3118726/; classtype:trojan-activity;sid:83981826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3118727)"; flow:established,from_client; content:"GET"; http_method; content:"/i6"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"87.121.112.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3118727/; classtype:trojan-activity;sid:83981827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3115660)"; flow:established,from_client; content:"GET"; http_method; content:"/ssh.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.121.112.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_19; reference:url, urlhaus.abuse.ch/url/3115660/; classtype:trojan-activity;sid:83978760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3114844)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.112.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3114844/; classtype:trojan-activity;sid:83977944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3114845)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"87.121.112.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3114845/; classtype:trojan-activity;sid:83977945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3114776)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"87.121.112.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3114776/; classtype:trojan-activity;sid:83977876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3114775)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.112.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3114775/; classtype:trojan-activity;sid:83977875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112427)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"190.104.213.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112427/; classtype:trojan-activity;sid:83975527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112426)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"200.29.120.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112426/; classtype:trojan-activity;sid:83975526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112419)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.182.76.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112419/; classtype:trojan-activity;sid:83975519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112420)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.182.76.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112420/; classtype:trojan-activity;sid:83975520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112417)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.121.250.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112417/; classtype:trojan-activity;sid:83975517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110861)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.153.222.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110861/; classtype:trojan-activity;sid:83973961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110511)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"114.55.250.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110511/; classtype:trojan-activity;sid:83973611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109981)"; flow:established,from_client; content:"GET"; http_method; content:"/in/2041.bin"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"uyul.oss-cn-beijing.aliyuncs.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109981/; classtype:trojan-activity;sid:83973081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109982)"; flow:established,from_client; content:"GET"; http_method; content:"/in/204.bin"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"uyul.oss-cn-beijing.aliyuncs.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109982/; classtype:trojan-activity;sid:83973082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109980)"; flow:established,from_client; content:"GET"; http_method; content:"/in/d204.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"uyul.oss-cn-beijing.aliyuncs.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109980/; classtype:trojan-activity;sid:83973080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108504)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/master/discord%20rat/resources/webcam.dll"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108504/; classtype:trojan-activity;sid:83971604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108505)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/master/discord%20rat/resources/token%20grabber.dll"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108505/; classtype:trojan-activity;sid:83971605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108506)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/master/discord%20rat/resources/rootkit.dll"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108506/; classtype:trojan-activity;sid:83971606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108507)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/master/discord%20rat/resources/unrootkit.dll"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108507/; classtype:trojan-activity;sid:83971607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108503)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/master/discord%20rat/resources/passwordstealer.dll"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108503/; classtype:trojan-activity;sid:83971603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108502)"; flow:established,from_client; content:"GET"; http_method; content:"/openark/version.txt"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"file.blackint3.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108502/; classtype:trojan-activity;sid:83971602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108492)"; flow:established,from_client; content:"GET"; http_method; content:"/openark/openark64.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"file.blackint3.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108492/; classtype:trojan-activity;sid:83971592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108491)"; flow:established,from_client; content:"GET"; http_method; content:"/openark/openark32.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"file.blackint3.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108491/; classtype:trojan-activity;sid:83971591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106560)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808120646if_/http:/154.216.19.139/bins/mirai.armv4l"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106560/; classtype:trojan-activity;sid:83969660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106559)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122936if_/http:/154.216.19.139/bins/mirai.gnueabihf"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106559/; classtype:trojan-activity;sid:83969659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106556)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121041if_/http:/154.216.19.139/bins/mirai.armv6l"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106556/; classtype:trojan-activity;sid:83969656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106557)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808123114if_/http:/154.216.19.139/bins/mirai.arc"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106557/; classtype:trojan-activity;sid:83969657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106551)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122755if_/http:/154.216.19.139/bins/mirai.x86_64"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106551/; classtype:trojan-activity;sid:83969651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106552)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121121if_/http:/154.216.19.139/bins/mirai.armv7l"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106552/; classtype:trojan-activity;sid:83969652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106554)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122159if_/http:/154.216.19.139/bins/mirai.powerpc"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106554/; classtype:trojan-activity;sid:83969654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106555)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121832if_/http:/154.216.19.139/bins/mirai.mipsel"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106555/; classtype:trojan-activity;sid:83969655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105147)"; flow:established,from_client; content:"GET"; http_method; content:"/s3q/blackdoor/main/extensions/test_move.bat"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105147/; classtype:trojan-activity;sid:83968247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105148)"; flow:established,from_client; content:"GET"; http_method; content:"/s3q/blackdoor/main/extensions/test_virus.bat"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105148/; classtype:trojan-activity;sid:83968248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105149)"; flow:established,from_client; content:"GET"; http_method; content:"/s3q/blackdoor/main/extensions/keylogger.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105149/; classtype:trojan-activity;sid:83968249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105150)"; flow:established,from_client; content:"GET"; http_method; content:"/s3q/blackdoor/main/extensions/networks_profile.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105150/; classtype:trojan-activity;sid:83968250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105145)"; flow:established,from_client; content:"GET"; http_method; content:"/s3q/blackdoor/main/backdoor.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105145/; classtype:trojan-activity;sid:83968245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105146)"; flow:established,from_client; content:"GET"; http_method; content:"/s3q/blackdoor/main/extensions/fill_storage_move.bat"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105146/; classtype:trojan-activity;sid:83968246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105144)"; flow:established,from_client; content:"GET"; http_method; content:"/s3q/blackdoor/main/extensions/fill_storage_virus.bat"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105144/; classtype:trojan-activity;sid:83968244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103508)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"194.122.165.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103508/; classtype:trojan-activity;sid:83966608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103500)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"194.122.165.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103500/; classtype:trojan-activity;sid:83966600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103490)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"194.122.165.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103490/; classtype:trojan-activity;sid:83966590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103488)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.234.95.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103488/; classtype:trojan-activity;sid:83966588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103489)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"170.55.7.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103489/; classtype:trojan-activity;sid:83966589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103482)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.255.218.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103482/; classtype:trojan-activity;sid:83966582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103476)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.247.242.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103476/; classtype:trojan-activity;sid:83966576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103467)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"23.241.17.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103467/; classtype:trojan-activity;sid:83966567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3100465)"; flow:established,from_client; content:"GET"; http_method; content:"/cdn-vs/data.php"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"k1gkl25as.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3100465/; classtype:trojan-activity;sid:83963565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3100466)"; flow:established,from_client; content:"GET"; http_method; content:"/cdn-vs/data.php"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"k1gkl25as.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3100466/; classtype:trojan-activity;sid:83963566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3100103)"; flow:established,from_client; content:"GET"; http_method; content:"/sthealthclient.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"47.104.173.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3100103/; classtype:trojan-activity;sid:83963203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3100102)"; flow:established,from_client; content:"GET"; http_method; content:"/ggws.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"47.104.173.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3100102/; classtype:trojan-activity;sid:83963202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3100100)"; flow:established,from_client; content:"GET"; http_method; content:"/ggwsupdate.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.104.173.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3100100/; classtype:trojan-activity;sid:83963200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3100042)"; flow:established,from_client; content:"GET"; http_method; content:"/joelgmsec/invoke-stealth/main/resources/betterxencrypt/betterxencrypt.ps1"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3100042/; classtype:trojan-activity;sid:83963142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099961)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122448if_/http:/154.216.19.139/bins/mirai.sh4"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099961/; classtype:trojan-activity;sid:83963061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099962)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121230if_/http:/154.216.19.139/bins/mirai.i586"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099962/; classtype:trojan-activity;sid:83963062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099963)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122636if_/http:/154.216.19.139/bins/mirai.sparc"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099963/; classtype:trojan-activity;sid:83963063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099965)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121347if_/http:/154.216.19.139/bins/mirai.m68k"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099965/; classtype:trojan-activity;sid:83963065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099966)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121419if_/http:/154.216.19.139/bins/mirai.mips"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099966/; classtype:trojan-activity;sid:83963066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099960)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121308if_/http:/154.216.19.139/bins/mirai.i686"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099960/; classtype:trojan-activity;sid:83963060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097244)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808120223if_/http://154.216.19.139/bins/mirai.bin"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097244/; classtype:trojan-activity;sid:83960344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097239)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122755if_/http://154.216.19.139/bins/mirai.x86_64"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097239/; classtype:trojan-activity;sid:83960339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097240)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121041if_/http://154.216.19.139/bins/mirai.armv6l"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097240/; classtype:trojan-activity;sid:83960340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097241)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121230if_/http://154.216.19.139/bins/mirai.i586"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097241/; classtype:trojan-activity;sid:83960341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097242)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122636if_/http://154.216.19.139/bins/mirai.sparc"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097242/; classtype:trojan-activity;sid:83960342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097243)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121308if_/http://154.216.19.139/bins/mirai.i686"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097243/; classtype:trojan-activity;sid:83960343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097229)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122159if_/http://154.216.19.139/bins/mirai.powerpc"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097229/; classtype:trojan-activity;sid:83960329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097230)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121347if_/http://154.216.19.139/bins/mirai.m68k"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097230/; classtype:trojan-activity;sid:83960330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097231)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121121if_/http://154.216.19.139/bins/mirai.armv7l"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097231/; classtype:trojan-activity;sid:83960331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097232)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808123114if_/http://154.216.19.139/bins/mirai.arc"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097232/; classtype:trojan-activity;sid:83960332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097233)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122448if_/http://154.216.19.139/bins/mirai.sh4"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097233/; classtype:trojan-activity;sid:83960333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097234)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121832if_/http://154.216.19.139/bins/mirai.mipsel"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097234/; classtype:trojan-activity;sid:83960334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097235)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808120945if_/http://154.216.19.139/bins/mirai.armv5l"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097235/; classtype:trojan-activity;sid:83960335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097236)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808120646if_/http://154.216.19.139/bins/mirai.armv4l"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097236/; classtype:trojan-activity;sid:83960336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097237)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122936if_/http://154.216.19.139/bins/mirai.gnueabihf"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097237/; classtype:trojan-activity;sid:83960337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097238)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121419if_/http://154.216.19.139/bins/mirai.mips"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097238/; classtype:trojan-activity;sid:83960338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3094790)"; flow:established,from_client; content:"GET"; http_method; content:"/latest.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"37.9.35.70"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_08_07; reference:url, urlhaus.abuse.ch/url/3094790/; classtype:trojan-activity;sid:83957890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3093518)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/uypthvq0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3093518/; classtype:trojan-activity;sid:83956618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3093388)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.153.222.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3093388/; classtype:trojan-activity;sid:83956488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3093191)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.243.175.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3093191/; classtype:trojan-activity;sid:83956291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3093125)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"114.55.250.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3093125/; classtype:trojan-activity;sid:83956225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3092809)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/rme3ibrb"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3092809/; classtype:trojan-activity;sid:83955909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3092807)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/a9he0f3w"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3092807/; classtype:trojan-activity;sid:83955907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3088913)"; flow:established,from_client; content:"GET"; http_method; content:"/%5bwww.ghxi.com%5d%e7%93%9c%e5%ad%90%e5%bd%b1%e8%a7%86v2_v1.9.1.1.apk"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"47.109.77.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_04; reference:url, urlhaus.abuse.ch/url/3088913/; classtype:trojan-activity;sid:83952013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3088911)"; flow:established,from_client; content:"GET"; http_method; content:"/%e6%88%91%e7%9a%84%e7%94%b5%e8%a7%86tv-v2.1.8-%e5%85%8d%e8%b4%b9%e7%ba%af%e5%87%80%e7%89%88.apk"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"47.109.77.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_04; reference:url, urlhaus.abuse.ch/url/3088911/; classtype:trojan-activity;sid:83952011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086848)"; flow:established,from_client; content:"GET"; http_method; content:"/down/tb/tb.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"tengfeidn.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086848/; classtype:trojan-activity;sid:83949948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086847)"; flow:established,from_client; content:"GET"; http_method; content:"/down/jf/jf.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"tengfeidn.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086847/; classtype:trojan-activity;sid:83949947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3083844)"; flow:established,from_client; content:"GET"; http_method; content:"/store_app/guardservice.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sgz-1302338321.cos.ap-guangzhou.myqcloud.com"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2024_08_02; reference:url, urlhaus.abuse.ch/url/3083844/; classtype:trojan-activity;sid:83946944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072990)"; flow:established,from_client; content:"GET"; http_method; content:"/komasinfo/idcb/main/cbs_applcation_details_072602024_xlsx.rar"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072990/; classtype:trojan-activity;sid:83936090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072974)"; flow:established,from_client; content:"GET"; http_method; content:"/adrinnno/ptwis/raw/main/file_cbs_app_details_no-0923871691_xlsx.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072974/; classtype:trojan-activity;sid:83936074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072975)"; flow:established,from_client; content:"GET"; http_method; content:"/reporgu/fakado/raw/main/transaction_file_9812009_end_ids_yesbr5_pdf.rar"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072975/; classtype:trojan-activity;sid:83936075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072978)"; flow:established,from_client; content:"GET"; http_method; content:"/komasinfo/idcb/raw/main/cbs_applcation_details_072602024_xlsx.rar"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072978/; classtype:trojan-activity;sid:83936078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072969)"; flow:established,from_client; content:"GET"; http_method; content:"/deannwas/policah/main/file_cbs_app_details_no-0923871691_xlsx.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072969/; classtype:trojan-activity;sid:83936069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072970)"; flow:established,from_client; content:"GET"; http_method; content:"/trevsglass/morna/main/ref_ba0929399122_pdf.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072970/; classtype:trojan-activity;sid:83936070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072971)"; flow:established,from_client; content:"GET"; http_method; content:"/trevsglass/morna/raw/main/ref_ba0929399122_pdf.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072971/; classtype:trojan-activity;sid:83936071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072972)"; flow:established,from_client; content:"GET"; http_method; content:"/reporgu/fakado/main/transaction_file_9812009_end_ids_yesbr5_pdf.rar"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072972/; classtype:trojan-activity;sid:83936072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072973)"; flow:established,from_client; content:"GET"; http_method; content:"/grayinv/henidus/raw/main/transaction_end_ids_58788719853478_pdf.rar"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072973/; classtype:trojan-activity;sid:83936073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058866)"; flow:established,from_client; content:"GET"; http_method; content:"/cve-2023-36874.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"51.255.46.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058866/; classtype:trojan-activity;sid:83921966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058862)"; flow:established,from_client; content:"GET"; http_method; content:"/nc64.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"51.255.46.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058862/; classtype:trojan-activity;sid:83921962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058863)"; flow:established,from_client; content:"GET"; http_method; content:"/nc64.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"51.255.46.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058863/; classtype:trojan-activity;sid:83921963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058864)"; flow:established,from_client; content:"GET"; http_method; content:"/b64"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"51.255.46.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058864/; classtype:trojan-activity;sid:83921964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052730)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/srmaster-3e0e8.appspot.com/o/revenger.jpg|3f|alt=media|7c|26|7c|token=f4f35bff-72c6-4f56-ae67-ea2379366dd5"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052730/; classtype:trojan-activity;sid:83915830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052707)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052707/; classtype:trojan-activity;sid:83915807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052706)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"220.248.47.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052706/; classtype:trojan-activity;sid:83915806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052415)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/mimikatz.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052415/; classtype:trojan-activity;sid:83915515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052412)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/x64/mimispool.dll"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052412/; classtype:trojan-activity;sid:83915512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052413)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/x64/mimilib.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052413/; classtype:trojan-activity;sid:83915513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052414)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/x64/mimidrv.sys"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052414/; classtype:trojan-activity;sid:83915514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052395)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimidrv.sys"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052395/; classtype:trojan-activity;sid:83915495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052400)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimikatz.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052400/; classtype:trojan-activity;sid:83915500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052392)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimispool.dll"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052392/; classtype:trojan-activity;sid:83915492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052393)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimilove.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052393/; classtype:trojan-activity;sid:83915493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052394)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimilib.dll"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052394/; classtype:trojan-activity;sid:83915494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2968688)"; flow:established,from_client; content:"GET"; http_method; content:"/av_downloader1.1.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"203.232.37.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2968688/; classtype:trojan-activity;sid:83831788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2968679)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/12.apk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"47.98.177.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2968679/; classtype:trojan-activity;sid:83831779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2968678)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/22.apk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"47.98.177.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2968678/; classtype:trojan-activity;sid:83831778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2949407)"; flow:established,from_client; content:"GET"; http_method; content:"/tan.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www999999safagqwhg-1327129302.cos.ap-chengdu.myqcloud.com"; http_host; depth:57; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2949407/; classtype:trojan-activity;sid:83812507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2949385)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1rsqnkyvcaein5m-gskl8coyuh8w5xrbd"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2949385/; classtype:trojan-activity;sid:83812485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2949176)"; flow:established,from_client; content:"GET"; http_method; content:"/tan.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www999999asgasg-1327129302.cos.ap-chengdu.myqcloud.com"; http_host; depth:54; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2949176/; classtype:trojan-activity;sid:83812276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2947794)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.248.194.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_10; reference:url, urlhaus.abuse.ch/url/2947794/; classtype:trojan-activity;sid:83810894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2947795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.248.194.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_10; reference:url, urlhaus.abuse.ch/url/2947795/; classtype:trojan-activity;sid:83810895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2947781)"; flow:established,from_client; content:"GET"; http_method; content:"/bitrix/cache/js/s1/kolibri_corppro/kernel_main/kernel_main_v1.js"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"vodomer-service.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_07_10; reference:url, urlhaus.abuse.ch/url/2947781/; classtype:trojan-activity;sid:83810881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2944285)"; flow:established,from_client; content:"GET"; http_method; content:"/jijilovedada/jijilovedada/main/tools/cc/adaptorovernight.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_08; reference:url, urlhaus.abuse.ch/url/2944285/; classtype:trojan-activity;sid:83807385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942727)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/1.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"47.98.177.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942727/; classtype:trojan-activity;sid:83805827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942725)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download//1.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"47.98.177.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942725/; classtype:trojan-activity;sid:83805825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942694)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/123.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"47.98.177.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942694/; classtype:trojan-activity;sid:83805794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934823)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/000.exe"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934823/; classtype:trojan-activity;sid:83797923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934824)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/trojan.malpack.themida%20(anti%20vm).exe"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934824/; classtype:trojan-activity;sid:83797924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934818)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/jigsaw.exe"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934818/; classtype:trojan-activity;sid:83797918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934819)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/freeyoutubedownloader.exe"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934819/; classtype:trojan-activity;sid:83797919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934820)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/memz.exe"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934820/; classtype:trojan-activity;sid:83797920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934821)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/noescape.exe"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934821/; classtype:trojan-activity;sid:83797921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934822)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/destover.exe"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934822/; classtype:trojan-activity;sid:83797922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934816)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/meredrop.exe"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934816/; classtype:trojan-activity;sid:83797916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934817)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/redlinestealer.exe"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934817/; classtype:trojan-activity;sid:83797917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934811)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/hive%20ransomware.exe"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934811/; classtype:trojan-activity;sid:83797911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934812)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/wannacry.exe"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934812/; classtype:trojan-activity;sid:83797912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934813)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/nomoreransom.exe"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934813/; classtype:trojan-activity;sid:83797913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934808)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/petya.a.exe"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934808/; classtype:trojan-activity;sid:83797908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934809)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/cryptowall.exe"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934809/; classtype:trojan-activity;sid:83797909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934810)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/infinitycrypt.exe"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934810/; classtype:trojan-activity;sid:83797910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934805)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/coronavirus.exe"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934805/; classtype:trojan-activity;sid:83797905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2932460)"; flow:established,from_client; content:"GET"; http_method; content:"/445.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"down.ftp21.cc"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2932460/; classtype:trojan-activity;sid:83795560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2914055)"; flow:established,from_client; content:"GET"; http_method; content:"/tq.jpg"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"down.ftp21.cc"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_30; reference:url, urlhaus.abuse.ch/url/2914055/; classtype:trojan-activity;sid:83777155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2912423)"; flow:established,from_client; content:"GET"; http_method; content:"/tq.jpg"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ssl.ftp21.cc"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_29; reference:url, urlhaus.abuse.ch/url/2912423/; classtype:trojan-activity;sid:83775523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911222)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"186.3.78.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911222/; classtype:trojan-activity;sid:83774322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911219)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.226.135.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911219/; classtype:trojan-activity;sid:83774319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911217)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.58.62.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911217/; classtype:trojan-activity;sid:83774317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911215)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.179.136.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911215/; classtype:trojan-activity;sid:83774315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911212)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"130.185.193.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911212/; classtype:trojan-activity;sid:83774312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911194)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"195.103.203.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911194/; classtype:trojan-activity;sid:83774294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911191)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"88.28.218.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911191/; classtype:trojan-activity;sid:83774291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911187)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"102.53.15.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911187/; classtype:trojan-activity;sid:83774287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911184)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"126.23.203.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911184/; classtype:trojan-activity;sid:83774284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911166)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85.22.139.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911166/; classtype:trojan-activity;sid:83774266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911154)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"95.255.114.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911154/; classtype:trojan-activity;sid:83774254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911160)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"181.36.153.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911160/; classtype:trojan-activity;sid:83774260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911133)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"102.53.15.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911133/; classtype:trojan-activity;sid:83774233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911126)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"125.186.91.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911126/; classtype:trojan-activity;sid:83774226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911119)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"83-87-76-41.cable.dynamic.v4.ziggo.nl"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911119/; classtype:trojan-activity;sid:83774219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911118)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"83.87.76.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911118/; classtype:trojan-activity;sid:83774218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911113)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"softbank126023203236.bbtec.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911113/; classtype:trojan-activity;sid:83774213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911108)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"host-195-103-203-106.business.telecomitalia.it"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911108/; classtype:trojan-activity;sid:83774208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911105)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"host-95-255-114-11.business.telecomitalia.it"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911105/; classtype:trojan-activity;sid:83774205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2909291)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.184.185.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2909291/; classtype:trojan-activity;sid:83772391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2909290)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.224.107.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2909290/; classtype:trojan-activity;sid:83772390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908910)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"170.210.81.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908910/; classtype:trojan-activity;sid:83772010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908913)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"182.72.167.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908913/; classtype:trojan-activity;sid:83772013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908909)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"12.196.184.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908909/; classtype:trojan-activity;sid:83772009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908899)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"211.192.113.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908899/; classtype:trojan-activity;sid:83771999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908900)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"190.108.63.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908900/; classtype:trojan-activity;sid:83772000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908901)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"211.192.113.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908901/; classtype:trojan-activity;sid:83772001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908902)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.57.39.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908902/; classtype:trojan-activity;sid:83772002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908903)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.142.209.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908903/; classtype:trojan-activity;sid:83772003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908894)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"170.210.81.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908894/; classtype:trojan-activity;sid:83771994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906195)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"203.232.37.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906195/; classtype:trojan-activity;sid:83769295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905145)"; flow:established,from_client; content:"GET"; http_method; content:"/av_downloader.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"203.232.37.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905145/; classtype:trojan-activity;sid:83768245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905125)"; flow:established,from_client; content:"GET"; http_method; content:"/pornhub_downloader.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"203.232.37.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905125/; classtype:trojan-activity;sid:83768225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905115)"; flow:established,from_client; content:"GET"; http_method; content:"/install_python3.sh"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"203.232.37.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905115/; classtype:trojan-activity;sid:83768215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2901197)"; flow:established,from_client; content:"GET"; http_method; content:"/zwzonepieces/posapsi/master/chatlife.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_06_22; reference:url, urlhaus.abuse.ch/url/2901197/; classtype:trojan-activity;sid:83764297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2900548)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"27.156.154.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_21; reference:url, urlhaus.abuse.ch/url/2900548/; classtype:trojan-activity;sid:83763648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2898814)"; flow:established,from_client; content:"GET"; http_method; content:"/fury-os/fury_kms/releases/download/v.1.6.0/furykms_v.1.6.0.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2898814/; classtype:trojan-activity;sid:83761914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2897332)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"5.202.101.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_19; reference:url, urlhaus.abuse.ch/url/2897332/; classtype:trojan-activity;sid:83760432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2894025)"; flow:established,from_client; content:"GET"; http_method; content:"/kailash-jakhar/webpack-v5-tutorial/main/quizpokemon.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_06_17; reference:url, urlhaus.abuse.ch/url/2894025/; classtype:trojan-activity;sid:83757125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2892223)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"59.19.13.27"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_06_16; reference:url, urlhaus.abuse.ch/url/2892223/; classtype:trojan-activity;sid:83755323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2891702)"; flow:established,from_client; content:"GET"; http_method; content:"/u/software/%e6%89%93%e5%8d%b0%e4%bb%bb%e5%8a%a1%e6%b8%85%e9%99%a4%e5%99%a8.exe"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"183.166.57.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_16; reference:url, urlhaus.abuse.ch/url/2891702/; classtype:trojan-activity;sid:83754802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888476)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"59.175.183.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888476/; classtype:trojan-activity;sid:83751576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888469)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"222.244.110.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888469/; classtype:trojan-activity;sid:83751569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888463)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"118.178.133.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888463/; classtype:trojan-activity;sid:83751563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888459)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"112.27.189.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888459/; classtype:trojan-activity;sid:83751559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888444)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"124.67.254.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888444/; classtype:trojan-activity;sid:83751544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888440)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"139.159.155.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888440/; classtype:trojan-activity;sid:83751540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888438)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"139.159.155.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888438/; classtype:trojan-activity;sid:83751538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888430)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"117.157.17.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888430/; classtype:trojan-activity;sid:83751530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2885860)"; flow:established,from_client; content:"GET"; http_method; content:"/brunovale03/adegaads/main/offeredbuilt.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_06_13; reference:url, urlhaus.abuse.ch/url/2885860/; classtype:trojan-activity;sid:83748960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2883947)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"27.156.224.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_11; reference:url, urlhaus.abuse.ch/url/2883947/; classtype:trojan-activity;sid:83747047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2883708)"; flow:established,from_client; content:"GET"; http_method; content:"/sirvivor32/sirvivor/main/lukejazz.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_06_11; reference:url, urlhaus.abuse.ch/url/2883708/; classtype:trojan-activity;sid:83746808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2881768)"; flow:established,from_client; content:"GET"; http_method; content:"/cg100/update.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"update.cg100iii.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_06_10; reference:url, urlhaus.abuse.ch/url/2881768/; classtype:trojan-activity;sid:83744868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2879846)"; flow:established,from_client; content:"GET"; http_method; content:"/cve/cve-2021-4034"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"47.120.46.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_08; reference:url, urlhaus.abuse.ch/url/2879846/; classtype:trojan-activity;sid:83742946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2879655)"; flow:established,from_client; content:"GET"; http_method; content:"/sharphound.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"92.127.156.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_08; reference:url, urlhaus.abuse.ch/url/2879655/; classtype:trojan-activity;sid:83742755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2877890)"; flow:established,from_client; content:"GET"; http_method; content:"/ustaxes/ustaxes/files/15421286/2022and2023taxdocuments.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_06_07; reference:url, urlhaus.abuse.ch/url/2877890/; classtype:trojan-activity;sid:83740990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2877319)"; flow:established,from_client; content:"GET"; http_method; content:"/slade107.psm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"karoonpc.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_06; reference:url, urlhaus.abuse.ch/url/2877319/; classtype:trojan-activity;sid:83740419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2875871)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"27.159.154.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_05; reference:url, urlhaus.abuse.ch/url/2875871/; classtype:trojan-activity;sid:83738971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2874107)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=19nonxskhmwbvfxpr2ccmwd9xrhz1ldco"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_06_04; reference:url, urlhaus.abuse.ch/url/2874107/; classtype:trojan-activity;sid:83737207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2874109)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1p_knmkidu8kiejeem_ijrlumbjih3bkv"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_06_04; reference:url, urlhaus.abuse.ch/url/2874109/; classtype:trojan-activity;sid:83737209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2874102)"; flow:established,from_client; content:"GET"; http_method; content:"/walesboller.pcx"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"karoonpc.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_04; reference:url, urlhaus.abuse.ch/url/2874102/; classtype:trojan-activity;sid:83737202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2873811)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.118.112.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_04; reference:url, urlhaus.abuse.ch/url/2873811/; classtype:trojan-activity;sid:83736911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2870237)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1cqtygpx9gdoywntprwub0xbckivif6iy"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2870237/; classtype:trojan-activity;sid:83733337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2870235)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1wsqkirdngjlt8uu2lv9mzciks4my12jh"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2870235/; classtype:trojan-activity;sid:83733335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2869849)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"119.91.25.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2869849/; classtype:trojan-activity;sid:83732949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2869844)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"119.91.25.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2869844/; classtype:trojan-activity;sid:83732944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2869702)"; flow:established,from_client; content:"GET"; http_method; content:"/sheksweet/sheksweet1/main/rambledmime.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2869702/; classtype:trojan-activity;sid:83732802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2868723)"; flow:established,from_client; content:"GET"; http_method; content:"/a.i_1003h.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"221.143.49.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_30; reference:url, urlhaus.abuse.ch/url/2868723/; classtype:trojan-activity;sid:83731823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2867270)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmed45sh/flutter-movie/master/crypted_c360a5b7.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_05_28; reference:url, urlhaus.abuse.ch/url/2867270/; classtype:trojan-activity;sid:83730370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2867236)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmed45sh/apple-replica-starter-files/master/apple-replica/zintask.exe"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_05_28; reference:url, urlhaus.abuse.ch/url/2867236/; classtype:trojan-activity;sid:83730336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2865442)"; flow:established,from_client; content:"GET"; http_method; content:"/ggws_upload.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"47.104.173.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_27; reference:url, urlhaus.abuse.ch/url/2865442/; classtype:trojan-activity;sid:83728542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2865272)"; flow:established,from_client; content:"GET"; http_method; content:"/sthealthbq.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.104.173.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_27; reference:url, urlhaus.abuse.ch/url/2865272/; classtype:trojan-activity;sid:83728372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2865273)"; flow:established,from_client; content:"GET"; http_method; content:"/sthealthupload.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"47.104.173.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_27; reference:url, urlhaus.abuse.ch/url/2865273/; classtype:trojan-activity;sid:83728373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2865241)"; flow:established,from_client; content:"GET"; http_method; content:"/sthealthupdate.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"47.104.173.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_27; reference:url, urlhaus.abuse.ch/url/2865241/; classtype:trojan-activity;sid:83728341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863372)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"221.10.233.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863372/; classtype:trojan-activity;sid:83726472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863341)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"223.108.58.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863341/; classtype:trojan-activity;sid:83726441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863342)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.24.87.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863342/; classtype:trojan-activity;sid:83726442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863345)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863345/; classtype:trojan-activity;sid:83726445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863346)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.43.19.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863346/; classtype:trojan-activity;sid:83726446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863328)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.135.42.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863328/; classtype:trojan-activity;sid:83726428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863330)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"223.108.58.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863330/; classtype:trojan-activity;sid:83726430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863333)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.77.57.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863333/; classtype:trojan-activity;sid:83726433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863334)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.49.168.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863334/; classtype:trojan-activity;sid:83726434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863321)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.135.42.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863321/; classtype:trojan-activity;sid:83726421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863322)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.135.42.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863322/; classtype:trojan-activity;sid:83726422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862520)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/varteyjw"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862520/; classtype:trojan-activity;sid:83725620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862050)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/8gikly"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862050/; classtype:trojan-activity;sid:83725150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862051)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/medjl1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862051/; classtype:trojan-activity;sid:83725151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862052)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/dy1f16"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862052/; classtype:trojan-activity;sid:83725152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862053)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/kx3wl4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862053/; classtype:trojan-activity;sid:83725153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862054)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/ppxodm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862054/; classtype:trojan-activity;sid:83725154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862055)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/e7opy8"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862055/; classtype:trojan-activity;sid:83725155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862056)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/7dhid7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862056/; classtype:trojan-activity;sid:83725156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862049)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/tbfvpd"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862049/; classtype:trojan-activity;sid:83725149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862046)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/6f2c5c"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862046/; classtype:trojan-activity;sid:83725146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862047)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/g2js91"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862047/; classtype:trojan-activity;sid:83725147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862044)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/lt00vw"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862044/; classtype:trojan-activity;sid:83725144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862045)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/i7tdbr"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862045/; classtype:trojan-activity;sid:83725145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862043)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/3a9xj1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862043/; classtype:trojan-activity;sid:83725143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862042)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/wyg3h5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862042/; classtype:trojan-activity;sid:83725142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862022)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"212.3.211.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862022/; classtype:trojan-activity;sid:83725122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862020)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.216.105.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862020/; classtype:trojan-activity;sid:83725120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862017)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862017/; classtype:trojan-activity;sid:83725117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862004)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862004/; classtype:trojan-activity;sid:83725104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862005)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.202.0.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862005/; classtype:trojan-activity;sid:83725105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862007)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"24.234.159.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862007/; classtype:trojan-activity;sid:83725107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862009)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.24.87.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862009/; classtype:trojan-activity;sid:83725109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862010)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"166.144.131.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862010/; classtype:trojan-activity;sid:83725110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862014)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862014/; classtype:trojan-activity;sid:83725114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861987)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"218.108.181.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861987/; classtype:trojan-activity;sid:83725087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861978)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.165.122.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861978/; classtype:trojan-activity;sid:83725078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861979)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.208.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861979/; classtype:trojan-activity;sid:83725079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861982)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861982/; classtype:trojan-activity;sid:83725082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861971)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"132.255.192.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861971/; classtype:trojan-activity;sid:83725071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861974)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861974/; classtype:trojan-activity;sid:83725074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861956)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.26.194.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861956/; classtype:trojan-activity;sid:83725056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861957)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.208.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861957/; classtype:trojan-activity;sid:83725057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861958)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.24.87.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861958/; classtype:trojan-activity;sid:83725058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861959)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861959/; classtype:trojan-activity;sid:83725059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861951)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.84.167.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861951/; classtype:trojan-activity;sid:83725051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861950)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"95.47.248.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861950/; classtype:trojan-activity;sid:83725050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861946)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.22.143.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861946/; classtype:trojan-activity;sid:83725046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861948)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861948/; classtype:trojan-activity;sid:83725048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861949)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14stirling.dyndns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861949/; classtype:trojan-activity;sid:83725049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861919)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861919/; classtype:trojan-activity;sid:83725019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861923)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861923/; classtype:trojan-activity;sid:83725023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861927)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"223.82.83.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861927/; classtype:trojan-activity;sid:83725027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861929)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"95.230.215.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861929/; classtype:trojan-activity;sid:83725029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861930)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.134.214.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861930/; classtype:trojan-activity;sid:83725030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861931)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861931/; classtype:trojan-activity;sid:83725031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861932)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861932/; classtype:trojan-activity;sid:83725032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861935)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861935/; classtype:trojan-activity;sid:83725035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861939)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861939/; classtype:trojan-activity;sid:83725039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861940)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861940/; classtype:trojan-activity;sid:83725040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861941)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861941/; classtype:trojan-activity;sid:83725041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861943)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861943/; classtype:trojan-activity;sid:83725043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861945)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"218.108.181.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861945/; classtype:trojan-activity;sid:83725045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861888)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/dvbcvt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861888/; classtype:trojan-activity;sid:83724988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861887)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/exw2o1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861887/; classtype:trojan-activity;sid:83724987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861842)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"66.49.95.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861842/; classtype:trojan-activity;sid:83724942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861843)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861843/; classtype:trojan-activity;sid:83724943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861844)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861844/; classtype:trojan-activity;sid:83724944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861854)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"74.72.72.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861854/; classtype:trojan-activity;sid:83724954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861838)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"80.24.87.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861838/; classtype:trojan-activity;sid:83724938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861839)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861839/; classtype:trojan-activity;sid:83724939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861834)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"202.3.248.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861834/; classtype:trojan-activity;sid:83724934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861831)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.176.204.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861831/; classtype:trojan-activity;sid:83724931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861828)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"141.134.214.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861828/; classtype:trojan-activity;sid:83724928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861826)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861826/; classtype:trojan-activity;sid:83724926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861827)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"68.107.218.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861827/; classtype:trojan-activity;sid:83724927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861824)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"202.22.143.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861824/; classtype:trojan-activity;sid:83724924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861822)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861822/; classtype:trojan-activity;sid:83724922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861819)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861819/; classtype:trojan-activity;sid:83724919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861818)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"80.64.76.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861818/; classtype:trojan-activity;sid:83724918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861814)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861814/; classtype:trojan-activity;sid:83724914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861808)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"218.108.181.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861808/; classtype:trojan-activity;sid:83724908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861802)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"24.234.159.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861802/; classtype:trojan-activity;sid:83724902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861799)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861799/; classtype:trojan-activity;sid:83724899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861800)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861800/; classtype:trojan-activity;sid:83724900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861798)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"132.255.192.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861798/; classtype:trojan-activity;sid:83724898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861794)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861794/; classtype:trojan-activity;sid:83724894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861791)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.183.208.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861791/; classtype:trojan-activity;sid:83724891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861790)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861790/; classtype:trojan-activity;sid:83724890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861789)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.231.190.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861789/; classtype:trojan-activity;sid:83724889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861785)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861785/; classtype:trojan-activity;sid:83724885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861781)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"46.250.54.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861781/; classtype:trojan-activity;sid:83724881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861777)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861777/; classtype:trojan-activity;sid:83724877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861769)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"102.165.122.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861769/; classtype:trojan-activity;sid:83724869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861770)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861770/; classtype:trojan-activity;sid:83724870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861773)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861773/; classtype:trojan-activity;sid:83724873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861758)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"218.108.181.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861758/; classtype:trojan-activity;sid:83724858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861761)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"159.196.71.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861761/; classtype:trojan-activity;sid:83724861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861763)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861763/; classtype:trojan-activity;sid:83724863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861755)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861755/; classtype:trojan-activity;sid:83724855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861750)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861750/; classtype:trojan-activity;sid:83724850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861749)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861749/; classtype:trojan-activity;sid:83724849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861745)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861745/; classtype:trojan-activity;sid:83724845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861743)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861743/; classtype:trojan-activity;sid:83724843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861735)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861735/; classtype:trojan-activity;sid:83724835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861737)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.0.241.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861737/; classtype:trojan-activity;sid:83724837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861740)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861740/; classtype:trojan-activity;sid:83724840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861729)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861729/; classtype:trojan-activity;sid:83724829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861731)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"166.144.131.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861731/; classtype:trojan-activity;sid:83724831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861733)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"46.250.54.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861733/; classtype:trojan-activity;sid:83724833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861734)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861734/; classtype:trojan-activity;sid:83724834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861721)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861721/; classtype:trojan-activity;sid:83724821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861722)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"89.31.226.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861722/; classtype:trojan-activity;sid:83724822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861725)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861725/; classtype:trojan-activity;sid:83724825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861726)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"74.72.72.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861726/; classtype:trojan-activity;sid:83724826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861719)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"87.251.249.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861719/; classtype:trojan-activity;sid:83724819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861716)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"188.170.32.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861716/; classtype:trojan-activity;sid:83724816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861710)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"80.14.38.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861710/; classtype:trojan-activity;sid:83724810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861707)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"209.162.229.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861707/; classtype:trojan-activity;sid:83724807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861694)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"41.71.51.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861694/; classtype:trojan-activity;sid:83724794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861695)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"102.216.105.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861695/; classtype:trojan-activity;sid:83724795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861700)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"14stirling.dyndns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861700/; classtype:trojan-activity;sid:83724800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861682)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861682/; classtype:trojan-activity;sid:83724782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861683)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"117.202.0.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861683/; classtype:trojan-activity;sid:83724783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861685)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861685/; classtype:trojan-activity;sid:83724785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861689)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.125.243.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861689/; classtype:trojan-activity;sid:83724789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861692)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861692/; classtype:trojan-activity;sid:83724792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861693)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"202.3.248.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861693/; classtype:trojan-activity;sid:83724793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861680)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861680/; classtype:trojan-activity;sid:83724780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861675)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"80.24.87.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861675/; classtype:trojan-activity;sid:83724775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861670)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861670/; classtype:trojan-activity;sid:83724770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861666)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"159.196.71.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861666/; classtype:trojan-activity;sid:83724766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861667)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861667/; classtype:trojan-activity;sid:83724767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861657)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.173.70.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861657/; classtype:trojan-activity;sid:83724757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861659)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861659/; classtype:trojan-activity;sid:83724759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861661)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"212.3.211.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861661/; classtype:trojan-activity;sid:83724761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861643)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861643/; classtype:trojan-activity;sid:83724743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861640)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861640/; classtype:trojan-activity;sid:83724740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861641)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861641/; classtype:trojan-activity;sid:83724741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861636)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"95.47.248.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861636/; classtype:trojan-activity;sid:83724736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861629)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861629/; classtype:trojan-activity;sid:83724729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861628)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861628/; classtype:trojan-activity;sid:83724728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861626)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861626/; classtype:trojan-activity;sid:83724726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861615)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861615/; classtype:trojan-activity;sid:83724715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861616)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861616/; classtype:trojan-activity;sid:83724716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861620)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"66.49.95.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861620/; classtype:trojan-activity;sid:83724720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861595)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"82.148.194.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861595/; classtype:trojan-activity;sid:83724695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861597)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"69.75.168.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861597/; classtype:trojan-activity;sid:83724697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861598)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861598/; classtype:trojan-activity;sid:83724698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861600)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"223.82.83.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861600/; classtype:trojan-activity;sid:83724700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861601)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861601/; classtype:trojan-activity;sid:83724701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861606)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.0.241.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861606/; classtype:trojan-activity;sid:83724706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861609)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861609/; classtype:trojan-activity;sid:83724709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861610)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.183.208.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861610/; classtype:trojan-activity;sid:83724710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861592)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"24.234.159.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861592/; classtype:trojan-activity;sid:83724692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861586)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.84.167.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861586/; classtype:trojan-activity;sid:83724686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861582)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861582/; classtype:trojan-activity;sid:83724682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861568)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861568/; classtype:trojan-activity;sid:83724668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861569)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"113.160.251.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861569/; classtype:trojan-activity;sid:83724669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861573)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861573/; classtype:trojan-activity;sid:83724673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861577)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"202.22.143.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861577/; classtype:trojan-activity;sid:83724677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861559)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"68.226.36.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861559/; classtype:trojan-activity;sid:83724659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861562)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861562/; classtype:trojan-activity;sid:83724662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861553)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"95.230.215.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861553/; classtype:trojan-activity;sid:83724653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861554)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"87.26.194.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861554/; classtype:trojan-activity;sid:83724654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861555)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"88.123.92.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861555/; classtype:trojan-activity;sid:83724655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861549)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861549/; classtype:trojan-activity;sid:83724649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861547)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861547/; classtype:trojan-activity;sid:83724647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861543)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.231.190.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861543/; classtype:trojan-activity;sid:83724643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2859511)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.66.30.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_22; reference:url, urlhaus.abuse.ch/url/2859511/; classtype:trojan-activity;sid:83722611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2859508)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.148.194.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_22; reference:url, urlhaus.abuse.ch/url/2859508/; classtype:trojan-activity;sid:83722608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2859027)"; flow:established,from_client; content:"GET"; http_method; content:"/ustaxes/ustaxes/files/15378217/all.2023.tax.documents.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_21; reference:url, urlhaus.abuse.ch/url/2859027/; classtype:trojan-activity;sid:83722127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2858898)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.225.186.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_21; reference:url, urlhaus.abuse.ch/url/2858898/; classtype:trojan-activity;sid:83721998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857904)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.49.95.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857904/; classtype:trojan-activity;sid:83721004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857892)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.3.248.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857892/; classtype:trojan-activity;sid:83720992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857875)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857875/; classtype:trojan-activity;sid:83720975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857868)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"159.196.71.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857868/; classtype:trojan-activity;sid:83720968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857866)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.0.241.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857866/; classtype:trojan-activity;sid:83720966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857861)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"74.72.72.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857861/; classtype:trojan-activity;sid:83720961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857859)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857859/; classtype:trojan-activity;sid:83720959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857850)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"159.196.71.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857850/; classtype:trojan-activity;sid:83720950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857851)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"144.6.87.144"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857851/; classtype:trojan-activity;sid:83720951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857849)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857849/; classtype:trojan-activity;sid:83720949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857844)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.2.229.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857844/; classtype:trojan-activity;sid:83720944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857837)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857837/; classtype:trojan-activity;sid:83720937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857838)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"149.62.200.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857838/; classtype:trojan-activity;sid:83720938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857834)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857834/; classtype:trojan-activity;sid:83720934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857820)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.31.226.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857820/; classtype:trojan-activity;sid:83720920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857821)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.176.204.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857821/; classtype:trojan-activity;sid:83720921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857813)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857813/; classtype:trojan-activity;sid:83720913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857809)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857809/; classtype:trojan-activity;sid:83720909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857807)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.3.248.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857807/; classtype:trojan-activity;sid:83720907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857804)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.49.95.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857804/; classtype:trojan-activity;sid:83720904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857802)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857802/; classtype:trojan-activity;sid:83720902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857795)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857795/; classtype:trojan-activity;sid:83720895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857794)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"68.107.218.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857794/; classtype:trojan-activity;sid:83720894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857788)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"68.226.36.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857788/; classtype:trojan-activity;sid:83720888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857785)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857785/; classtype:trojan-activity;sid:83720885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857778)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857778/; classtype:trojan-activity;sid:83720878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857772)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"69.75.168.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857772/; classtype:trojan-activity;sid:83720872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857773)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857773/; classtype:trojan-activity;sid:83720873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857762)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857762/; classtype:trojan-activity;sid:83720862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857747)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857747/; classtype:trojan-activity;sid:83720847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857749)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857749/; classtype:trojan-activity;sid:83720849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857730)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857730/; classtype:trojan-activity;sid:83720830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857719)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857719/; classtype:trojan-activity;sid:83720819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857708)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"74.72.72.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857708/; classtype:trojan-activity;sid:83720808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857704)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.120.181.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857704/; classtype:trojan-activity;sid:83720804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857699)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.120.181.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857699/; classtype:trojan-activity;sid:83720799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857696)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.241.90.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857696/; classtype:trojan-activity;sid:83720796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857692)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.173.70.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857692/; classtype:trojan-activity;sid:83720792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857693)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.160.10.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857693/; classtype:trojan-activity;sid:83720793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857689)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857689/; classtype:trojan-activity;sid:83720789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857687)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"113.160.251.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857687/; classtype:trojan-activity;sid:83720787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857671)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857671/; classtype:trojan-activity;sid:83720771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857672)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857672/; classtype:trojan-activity;sid:83720772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857669)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857669/; classtype:trojan-activity;sid:83720769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857666)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857666/; classtype:trojan-activity;sid:83720766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857660)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.251.249.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857660/; classtype:trojan-activity;sid:83720760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857653)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"144.6.87.144"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857653/; classtype:trojan-activity;sid:83720753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857654)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857654/; classtype:trojan-activity;sid:83720754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857651)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.250.54.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857651/; classtype:trojan-activity;sid:83720751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857652)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.170.32.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857652/; classtype:trojan-activity;sid:83720752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857642)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857642/; classtype:trojan-activity;sid:83720742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857634)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.0.241.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857634/; classtype:trojan-activity;sid:83720734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857630)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857630/; classtype:trojan-activity;sid:83720730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857624)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857624/; classtype:trojan-activity;sid:83720724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857620)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857620/; classtype:trojan-activity;sid:83720720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857601)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"212.93.103.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857601/; classtype:trojan-activity;sid:83720701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857602)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"112.4.110.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857602/; classtype:trojan-activity;sid:83720702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857590)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.160.10.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857590/; classtype:trojan-activity;sid:83720690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857587)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"24.234.159.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857587/; classtype:trojan-activity;sid:83720687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857584)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"223.108.58.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857584/; classtype:trojan-activity;sid:83720684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857580)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857580/; classtype:trojan-activity;sid:83720680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857582)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857582/; classtype:trojan-activity;sid:83720682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857573)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.14.38.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857573/; classtype:trojan-activity;sid:83720673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857561)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.22.143.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857561/; classtype:trojan-activity;sid:83720661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857553)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.250.54.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857553/; classtype:trojan-activity;sid:83720653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857551)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857551/; classtype:trojan-activity;sid:83720651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857545)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857545/; classtype:trojan-activity;sid:83720645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857539)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.160.10.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857539/; classtype:trojan-activity;sid:83720639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857535)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.139.20.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857535/; classtype:trojan-activity;sid:83720635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857526)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857526/; classtype:trojan-activity;sid:83720626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857527)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857527/; classtype:trojan-activity;sid:83720627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857521)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"164.126.129.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857521/; classtype:trojan-activity;sid:83720621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857522)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.64.76.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857522/; classtype:trojan-activity;sid:83720622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857524)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857524/; classtype:trojan-activity;sid:83720624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857525)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"209.162.229.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857525/; classtype:trojan-activity;sid:83720625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857510)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"212.93.103.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857510/; classtype:trojan-activity;sid:83720610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857509)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"74.72.72.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857509/; classtype:trojan-activity;sid:83720609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857502)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"223.108.58.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857502/; classtype:trojan-activity;sid:83720602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857496)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"112.4.110.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857496/; classtype:trojan-activity;sid:83720596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857498)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857498/; classtype:trojan-activity;sid:83720598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857483)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857483/; classtype:trojan-activity;sid:83720583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857484)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857484/; classtype:trojan-activity;sid:83720584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857486)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857486/; classtype:trojan-activity;sid:83720586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857475)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857475/; classtype:trojan-activity;sid:83720575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857468)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.222.113.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857468/; classtype:trojan-activity;sid:83720568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857464)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857464/; classtype:trojan-activity;sid:83720564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857465)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.68.74.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857465/; classtype:trojan-activity;sid:83720565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857444)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857444/; classtype:trojan-activity;sid:83720544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857447)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857447/; classtype:trojan-activity;sid:83720547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857448)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"68.226.36.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857448/; classtype:trojan-activity;sid:83720548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857437)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.238.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857437/; classtype:trojan-activity;sid:83720537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2856551)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.223.60.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2856551/; classtype:trojan-activity;sid:83719651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2852772)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"59.30.12.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_17; reference:url, urlhaus.abuse.ch/url/2852772/; classtype:trojan-activity;sid:83715872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2852301)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1mzon8jro4iemie6erfw5o3w-0tnwxnlz"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_05_16; reference:url, urlhaus.abuse.ch/url/2852301/; classtype:trojan-activity;sid:83715401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2846768)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/css/setup.msi"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"zenglobalenerji.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_11; reference:url, urlhaus.abuse.ch/url/2846768/; classtype:trojan-activity;sid:83709868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2845681)"; flow:established,from_client; content:"GET"; http_method; content:"/app/filesrc/android/apk/2023/zonghengxsandroid_7.5.6.63_zh-zhh5.apk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"static.zongheng.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_10; reference:url, urlhaus.abuse.ch/url/2845681/; classtype:trojan-activity;sid:83708781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843557)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/is2kceh3"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843557/; classtype:trojan-activity;sid:83706657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843047)"; flow:established,from_client; content:"GET"; http_method; content:"/plc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843047/; classtype:trojan-activity;sid:83706147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843007)"; flow:established,from_client; content:"GET"; http_method; content:"/4g"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843007/; classtype:trojan-activity;sid:83706107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843002)"; flow:established,from_client; content:"GET"; http_method; content:"/kraxe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843002/; classtype:trojan-activity;sid:83706102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842725)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.231.14.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842725/; classtype:trojan-activity;sid:83705825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842724)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.119.193.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842724/; classtype:trojan-activity;sid:83705824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842722)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.116.62.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842722/; classtype:trojan-activity;sid:83705822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842723)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.119.151.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842723/; classtype:trojan-activity;sid:83705823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842671)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.120.38.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842671/; classtype:trojan-activity;sid:83705771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842655)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.92.29.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842655/; classtype:trojan-activity;sid:83705755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842657)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.16.100.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842657/; classtype:trojan-activity;sid:83705757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842420)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.120.38.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842420/; classtype:trojan-activity;sid:83705520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842412)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.16.100.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842412/; classtype:trojan-activity;sid:83705512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842405)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.92.29.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842405/; classtype:trojan-activity;sid:83705505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842081)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.205.81.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842081/; classtype:trojan-activity;sid:83705181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842062)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.151.34.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842062/; classtype:trojan-activity;sid:83705162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842037)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.37.170.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842037/; classtype:trojan-activity;sid:83705137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842029)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.109.205.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842029/; classtype:trojan-activity;sid:83705129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842030)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"172.85.143.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842030/; classtype:trojan-activity;sid:83705130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842018)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.80.77.125"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842018/; classtype:trojan-activity;sid:83705118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842015)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.66.151.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842015/; classtype:trojan-activity;sid:83705115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842006)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"116.58.51.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842006/; classtype:trojan-activity;sid:83705106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842007)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.107.232.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842007/; classtype:trojan-activity;sid:83705107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841990)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"123.231.247.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841990/; classtype:trojan-activity;sid:83705090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841999)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"70.45.241.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841999/; classtype:trojan-activity;sid:83705099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841975)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"80.65.80.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841975/; classtype:trojan-activity;sid:83705075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841976)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.16.249.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841976/; classtype:trojan-activity;sid:83705076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841942)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.9.14.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841942/; classtype:trojan-activity;sid:83705042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841929)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"159.224.143.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841929/; classtype:trojan-activity;sid:83705029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841807)"; flow:established,from_client; content:"GET"; http_method; content:"/cryptography_module_windows.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"122.170.110.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841807/; classtype:trojan-activity;sid:83704907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841721)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.37.170.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841721/; classtype:trojan-activity;sid:83704821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841715)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.247.13.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841715/; classtype:trojan-activity;sid:83704815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841712)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.253.115.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841712/; classtype:trojan-activity;sid:83704812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841683)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.151.34.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841683/; classtype:trojan-activity;sid:83704783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841684)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.65.80.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841684/; classtype:trojan-activity;sid:83704784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.253.115.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841631/; classtype:trojan-activity;sid:83704731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841621)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.66.151.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841621/; classtype:trojan-activity;sid:83704721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841614)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.83.215.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841614/; classtype:trojan-activity;sid:83704714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841609)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.109.205.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841609/; classtype:trojan-activity;sid:83704709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841591)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"70.45.241.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841591/; classtype:trojan-activity;sid:83704691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841586)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"172.85.143.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841586/; classtype:trojan-activity;sid:83704686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841573)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.107.232.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841573/; classtype:trojan-activity;sid:83704673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841570)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.145.205.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841570/; classtype:trojan-activity;sid:83704670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837354)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"61.83.215.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837354/; classtype:trojan-activity;sid:83700454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837116)"; flow:established,from_client; content:"GET"; http_method; content:"/ag_injector_latest.apk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"dl.aginjector.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837116/; classtype:trojan-activity;sid:83700216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836854)"; flow:established,from_client; content:"GET"; http_method; content:"/build.s.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.146.202.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836854/; classtype:trojan-activity;sid:83699954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836844)"; flow:established,from_client; content:"GET"; http_method; content:"/build.s.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"195.211.101.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836844/; classtype:trojan-activity;sid:83699944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834467)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.71.249.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834467/; classtype:trojan-activity;sid:83697567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834459)"; flow:established,from_client; content:"GET"; http_method; content:"/cron"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.76.122.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834459/; classtype:trojan-activity;sid:83697559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834442)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.71.242.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834442/; classtype:trojan-activity;sid:83697542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834400)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.71.242.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834400/; classtype:trojan-activity;sid:83697500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834387)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.71.242.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834387/; classtype:trojan-activity;sid:83697487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834372)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.71.242.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834372/; classtype:trojan-activity;sid:83697472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833916)"; flow:established,from_client; content:"GET"; http_method; content:"/frexoff/efefwefwwf/main/cock.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833916/; classtype:trojan-activity;sid:83697016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833904)"; flow:established,from_client; content:"GET"; http_method; content:"/frexoff/efefwefwwf/raw/main/cock.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833904/; classtype:trojan-activity;sid:83697004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830963)"; flow:established,from_client; content:"GET"; http_method; content:"/kampfkarren/roblox/files/15001743/roexec.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830963/; classtype:trojan-activity;sid:83694063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830955)"; flow:established,from_client; content:"GET"; http_method; content:"/delta-io/delta/files/15016110/delta.zip"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830955/; classtype:trojan-activity;sid:83694055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828325)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/user-private-files/shared/"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"antvietnam.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828325/; classtype:trojan-activity;sid:83691425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827204)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/user-private-files/shared/"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"yahyacarpet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827204/; classtype:trojan-activity;sid:83690304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827195)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/user-private-files/shared/"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"antvietnam.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827195/; classtype:trojan-activity;sid:83690295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827181)"; flow:established,from_client; content:"GET"; http_method; content:"/projects/visioncrystal/wp-content/plugins/user-private-files/shared/"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"www.websitedesigningindia.biz"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827181/; classtype:trojan-activity;sid:83690281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824078)"; flow:established,from_client; content:"GET"; http_method; content:"/mazacoin/maza/releases/download/v0.16.3/maza-0.16.3-win64-setup-unsigned.exe"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824078/; classtype:trojan-activity;sid:83687178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824079)"; flow:established,from_client; content:"GET"; http_method; content:"/mazacoin/maza/releases/download/v0.16.3/maza-0.16.3-osx-unsigned.dmg"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824079/; classtype:trojan-activity;sid:83687179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824077)"; flow:established,from_client; content:"GET"; http_method; content:"/mazacoin/maza/releases/download/v0.16.3/maza-0.16.3-win32-setup-unsigned.exe"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824077/; classtype:trojan-activity;sid:83687177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823150)"; flow:established,from_client; content:"GET"; http_method; content:"/y-steamworks.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"117.50.194.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823150/; classtype:trojan-activity;sid:83686250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822909)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.89.188.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822909/; classtype:trojan-activity;sid:83686009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822908)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.30.85.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822908/; classtype:trojan-activity;sid:83686008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822907)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"197.159.1.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822907/; classtype:trojan-activity;sid:83686007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822891)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.28.58.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822891/; classtype:trojan-activity;sid:83685991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822881)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.154.131.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822881/; classtype:trojan-activity;sid:83685981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822882)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.141.135.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822882/; classtype:trojan-activity;sid:83685982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822876)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.76.195.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822876/; classtype:trojan-activity;sid:83685976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822865)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"12.148.208.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822865/; classtype:trojan-activity;sid:83685965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822867)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"217.65.15.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822867/; classtype:trojan-activity;sid:83685967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822872)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"141.101.226.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822872/; classtype:trojan-activity;sid:83685972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822873)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.148.20.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822873/; classtype:trojan-activity;sid:83685973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822856)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.123.169.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822856/; classtype:trojan-activity;sid:83685956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822862)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.128.195.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822862/; classtype:trojan-activity;sid:83685962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822847)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"84.242.139.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822847/; classtype:trojan-activity;sid:83685947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822834)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.154.187.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822834/; classtype:trojan-activity;sid:83685934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822823)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.88.180.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822823/; classtype:trojan-activity;sid:83685923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822824)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.227.118.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822824/; classtype:trojan-activity;sid:83685924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822825)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.94.245.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822825/; classtype:trojan-activity;sid:83685925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822828)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"122.201.25.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822828/; classtype:trojan-activity;sid:83685928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822830)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"167.250.193.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822830/; classtype:trojan-activity;sid:83685930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822809)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.170.116.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822809/; classtype:trojan-activity;sid:83685909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822811)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"5.200.72.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822811/; classtype:trojan-activity;sid:83685911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822816)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.5.36.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822816/; classtype:trojan-activity;sid:83685916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822819)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.170.114.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822819/; classtype:trojan-activity;sid:83685919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822806)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.116.68.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822806/; classtype:trojan-activity;sid:83685906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822794)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.72.6.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822794/; classtype:trojan-activity;sid:83685894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822778)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.176.137.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822778/; classtype:trojan-activity;sid:83685878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822782)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.154.135.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822782/; classtype:trojan-activity;sid:83685882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822792)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.78.201.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822792/; classtype:trojan-activity;sid:83685892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822772)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.210.50.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822772/; classtype:trojan-activity;sid:83685872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822774)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.5.61.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822774/; classtype:trojan-activity;sid:83685874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822763)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"79.120.54.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822763/; classtype:trojan-activity;sid:83685863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822768)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"110.34.7.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822768/; classtype:trojan-activity;sid:83685868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822755)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.1.157.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822755/; classtype:trojan-activity;sid:83685855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822740)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"168.228.6.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822740/; classtype:trojan-activity;sid:83685840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822744)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"201.184.231.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822744/; classtype:trojan-activity;sid:83685844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822721)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"82.193.120.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822721/; classtype:trojan-activity;sid:83685821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822724)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.179.121.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822724/; classtype:trojan-activity;sid:83685824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822726)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"196.41.63.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822726/; classtype:trojan-activity;sid:83685826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822715)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"197.159.8.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822715/; classtype:trojan-activity;sid:83685815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822711)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.229.139.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822711/; classtype:trojan-activity;sid:83685811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822706)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.215.61.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822706/; classtype:trojan-activity;sid:83685806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822695)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"193.228.135.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822695/; classtype:trojan-activity;sid:83685795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822698)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"98.103.171.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822698/; classtype:trojan-activity;sid:83685798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822705)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.52.164.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822705/; classtype:trojan-activity;sid:83685805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822687)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.188.174.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822687/; classtype:trojan-activity;sid:83685787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822691)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.129.106.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822691/; classtype:trojan-activity;sid:83685791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822671)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"87.197.107.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822671/; classtype:trojan-activity;sid:83685771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822670)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"116.58.78.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822670/; classtype:trojan-activity;sid:83685770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822661)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"121.55.247.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822661/; classtype:trojan-activity;sid:83685761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822648)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"194.36.80.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822648/; classtype:trojan-activity;sid:83685748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822649)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.70.204.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822649/; classtype:trojan-activity;sid:83685749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822650)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.129.2.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822650/; classtype:trojan-activity;sid:83685750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822657)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.49.100.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822657/; classtype:trojan-activity;sid:83685757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822632)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"24.227.22.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822632/; classtype:trojan-activity;sid:83685732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822634)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.171.30.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822634/; classtype:trojan-activity;sid:83685734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822619)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.154.93.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822619/; classtype:trojan-activity;sid:83685719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822620)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"150.129.202.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822620/; classtype:trojan-activity;sid:83685720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822601)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.94.29.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822601/; classtype:trojan-activity;sid:83685701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822605)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"43.245.131.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822605/; classtype:trojan-activity;sid:83685705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822606)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.216.100.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822606/; classtype:trojan-activity;sid:83685706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822613)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.245.220.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822613/; classtype:trojan-activity;sid:83685713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822615)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"125.20.254.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822615/; classtype:trojan-activity;sid:83685715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822616)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.109.201.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822616/; classtype:trojan-activity;sid:83685716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822590)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"84.22.48.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822590/; classtype:trojan-activity;sid:83685690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822575)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.4.222.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822575/; classtype:trojan-activity;sid:83685675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822578)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.175.134.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822578/; classtype:trojan-activity;sid:83685678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822581)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.171.80.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822581/; classtype:trojan-activity;sid:83685681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822585)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"77.89.199.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822585/; classtype:trojan-activity;sid:83685685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822571)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.249.140.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822571/; classtype:trojan-activity;sid:83685671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822555)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.71.46.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822555/; classtype:trojan-activity;sid:83685655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822553)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.49.0.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822553/; classtype:trojan-activity;sid:83685653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822547)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"80.73.70.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822547/; classtype:trojan-activity;sid:83685647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822548)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.92.82.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822548/; classtype:trojan-activity;sid:83685648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822549)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.254.255.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822549/; classtype:trojan-activity;sid:83685649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822544)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.53.164.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822544/; classtype:trojan-activity;sid:83685644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822536)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"193.228.134.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822536/; classtype:trojan-activity;sid:83685636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822543)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.170.119.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822543/; classtype:trojan-activity;sid:83685643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822530)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"217.64.96.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822530/; classtype:trojan-activity;sid:83685630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822532)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"64.140.100.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822532/; classtype:trojan-activity;sid:83685632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822518)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.124.33.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822518/; classtype:trojan-activity;sid:83685618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822522)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.140.32.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822522/; classtype:trojan-activity;sid:83685622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822512)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.12.6.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822512/; classtype:trojan-activity;sid:83685612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822514)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"136.169.119.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822514/; classtype:trojan-activity;sid:83685614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822498)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.80.242.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822498/; classtype:trojan-activity;sid:83685598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822495)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.28.123.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822495/; classtype:trojan-activity;sid:83685595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822482)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.216.28.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822482/; classtype:trojan-activity;sid:83685582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822485)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.134.42.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822485/; classtype:trojan-activity;sid:83685585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822467)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"154.126.186.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822467/; classtype:trojan-activity;sid:83685567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822468)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.91.144.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822468/; classtype:trojan-activity;sid:83685568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822471)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.2.237.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822471/; classtype:trojan-activity;sid:83685571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822462)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"200.61.163.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822462/; classtype:trojan-activity;sid:83685562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822452)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.219.187.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822452/; classtype:trojan-activity;sid:83685552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822451)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.214.241.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822451/; classtype:trojan-activity;sid:83685551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822443)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"151.237.4.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822443/; classtype:trojan-activity;sid:83685543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822407)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"193.106.58.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822407/; classtype:trojan-activity;sid:83685507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822399)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"216.155.93.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822399/; classtype:trojan-activity;sid:83685499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822405)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.157.212.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822405/; classtype:trojan-activity;sid:83685505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822388)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.252.69.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822388/; classtype:trojan-activity;sid:83685488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822389)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.7.27.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822389/; classtype:trojan-activity;sid:83685489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822390)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.170.119.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822390/; classtype:trojan-activity;sid:83685490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822396)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822396/; classtype:trojan-activity;sid:83685496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822377)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.101.81.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822377/; classtype:trojan-activity;sid:83685477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822383)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"119.40.91.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822383/; classtype:trojan-activity;sid:83685483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822384)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.113.124.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822384/; classtype:trojan-activity;sid:83685484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822371)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.108.84.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822371/; classtype:trojan-activity;sid:83685471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822372)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"154.84.212.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822372/; classtype:trojan-activity;sid:83685472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822374)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"64.140.100.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822374/; classtype:trojan-activity;sid:83685474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822367)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.88.244.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822367/; classtype:trojan-activity;sid:83685467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822356)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.143.133.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822356/; classtype:trojan-activity;sid:83685456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822357)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"139.255.67.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822357/; classtype:trojan-activity;sid:83685457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822364)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.211.197.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822364/; classtype:trojan-activity;sid:83685464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822355)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.127.105.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822355/; classtype:trojan-activity;sid:83685455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822345)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"14.200.203.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822345/; classtype:trojan-activity;sid:83685445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822337)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.68.95.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822337/; classtype:trojan-activity;sid:83685437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822334)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.92.207.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822334/; classtype:trojan-activity;sid:83685434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822330)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.161.217.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822330/; classtype:trojan-activity;sid:83685430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822325)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.193.62.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822325/; classtype:trojan-activity;sid:83685425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822318)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"66.198.193.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822318/; classtype:trojan-activity;sid:83685418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822321)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"79.175.42.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822321/; classtype:trojan-activity;sid:83685421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822303)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"146.66.164.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822303/; classtype:trojan-activity;sid:83685403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822304)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.28.11.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822304/; classtype:trojan-activity;sid:83685404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822308)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"115.245.112.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822308/; classtype:trojan-activity;sid:83685408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822302)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"77.73.49.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822302/; classtype:trojan-activity;sid:83685402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822294)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"75.136.50.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822294/; classtype:trojan-activity;sid:83685394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822275)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.131.244.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822275/; classtype:trojan-activity;sid:83685375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822281)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.202.63.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822281/; classtype:trojan-activity;sid:83685381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822268)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.122.96.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822268/; classtype:trojan-activity;sid:83685368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822270)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.90.207.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822270/; classtype:trojan-activity;sid:83685370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822263)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.228.64.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822263/; classtype:trojan-activity;sid:83685363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822255)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.159.74.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822255/; classtype:trojan-activity;sid:83685355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822259)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.90.207.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822259/; classtype:trojan-activity;sid:83685359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822249)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.215.23.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822249/; classtype:trojan-activity;sid:83685349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822250)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.117.210.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822250/; classtype:trojan-activity;sid:83685350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822239)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.193.97.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822239/; classtype:trojan-activity;sid:83685339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822240)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.28.58.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822240/; classtype:trojan-activity;sid:83685340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822244)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"114.7.160.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822244/; classtype:trojan-activity;sid:83685344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822234)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"82.193.118.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822234/; classtype:trojan-activity;sid:83685334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822227)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"197.155.64.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822227/; classtype:trojan-activity;sid:83685327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822218)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.214.31.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822218/; classtype:trojan-activity;sid:83685318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822210)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.5.52.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822210/; classtype:trojan-activity;sid:83685310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822204)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.34.157.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822204/; classtype:trojan-activity;sid:83685304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822207)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.244.169.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822207/; classtype:trojan-activity;sid:83685307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822196)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"119.40.84.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822196/; classtype:trojan-activity;sid:83685296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822198)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.163.57.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822198/; classtype:trojan-activity;sid:83685298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822199)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"84.52.94.215"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822199/; classtype:trojan-activity;sid:83685299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822192)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"200.255.164.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822192/; classtype:trojan-activity;sid:83685292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822189)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"58.145.168.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822189/; classtype:trojan-activity;sid:83685289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822190)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.162.113.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822190/; classtype:trojan-activity;sid:83685290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822184)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"194.187.151.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822184/; classtype:trojan-activity;sid:83685284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822178)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.253.60.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822178/; classtype:trojan-activity;sid:83685278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822181)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"92.241.19.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822181/; classtype:trojan-activity;sid:83685281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822165)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"211.186.82.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822165/; classtype:trojan-activity;sid:83685265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822168)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.190.20.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822168/; classtype:trojan-activity;sid:83685268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822170)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.93.219.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822170/; classtype:trojan-activity;sid:83685270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822155)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.18.223.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822155/; classtype:trojan-activity;sid:83685255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822151)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"217.218.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822151/; classtype:trojan-activity;sid:83685251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822142)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.44.110.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822142/; classtype:trojan-activity;sid:83685242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822138)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.191.123.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822138/; classtype:trojan-activity;sid:83685238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822131)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.162.141.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822131/; classtype:trojan-activity;sid:83685231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822132)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"150.129.202.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822132/; classtype:trojan-activity;sid:83685232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822121)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.16.247.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822121/; classtype:trojan-activity;sid:83685221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822101)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.65.35.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822101/; classtype:trojan-activity;sid:83685201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822102)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"138.122.43.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822102/; classtype:trojan-activity;sid:83685202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822107)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"92.241.77.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822107/; classtype:trojan-activity;sid:83685207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822098)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"5.10.183.36"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822098/; classtype:trojan-activity;sid:83685198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822096)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.28.58.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822096/; classtype:trojan-activity;sid:83685196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822088)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.122.210.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822088/; classtype:trojan-activity;sid:83685188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822091)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.62.179.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822091/; classtype:trojan-activity;sid:83685191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822092)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.70.204.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822092/; classtype:trojan-activity;sid:83685192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822077)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.4.44.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822077/; classtype:trojan-activity;sid:83685177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822067)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.203.218.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822067/; classtype:trojan-activity;sid:83685167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822064)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.187.151.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822064/; classtype:trojan-activity;sid:83685164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822044)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822044/; classtype:trojan-activity;sid:83685144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822046)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"213.175.189.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822046/; classtype:trojan-activity;sid:83685146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822047)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"124.29.249.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822047/; classtype:trojan-activity;sid:83685147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822039)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.48.119.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822039/; classtype:trojan-activity;sid:83685139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822040)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.114.97.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822040/; classtype:trojan-activity;sid:83685140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822041)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.115.103.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822041/; classtype:trojan-activity;sid:83685141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822024)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.4.147.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822024/; classtype:trojan-activity;sid:83685124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822025)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"216.188.216.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822025/; classtype:trojan-activity;sid:83685125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822014)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.119.95.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822014/; classtype:trojan-activity;sid:83685114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822007)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"200.122.211.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822007/; classtype:trojan-activity;sid:83685107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821996)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"43.230.158.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821996/; classtype:trojan-activity;sid:83685096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822004)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.251.5.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822004/; classtype:trojan-activity;sid:83685104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822006)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"77.89.245.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822006/; classtype:trojan-activity;sid:83685106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821974)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"183.108.106.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821974/; classtype:trojan-activity;sid:83685074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821976)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.188.30.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821976/; classtype:trojan-activity;sid:83685076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821977)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.92.68.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821977/; classtype:trojan-activity;sid:83685077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821980)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.32.86.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821980/; classtype:trojan-activity;sid:83685080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821970)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.16.247.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821970/; classtype:trojan-activity;sid:83685070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821961)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.92.93.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821961/; classtype:trojan-activity;sid:83685061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821963)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.204.154.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821963/; classtype:trojan-activity;sid:83685063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821965)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.66.108.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821965/; classtype:trojan-activity;sid:83685065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821959)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.151.56.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821959/; classtype:trojan-activity;sid:83685059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821960)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.133.95.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821960/; classtype:trojan-activity;sid:83685060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821941)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.56.164.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821941/; classtype:trojan-activity;sid:83685041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821944)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.34.177.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821944/; classtype:trojan-activity;sid:83685044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821929)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.30.234.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821929/; classtype:trojan-activity;sid:83685029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821935)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.127.112.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821935/; classtype:trojan-activity;sid:83685035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821924)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.55.98.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821924/; classtype:trojan-activity;sid:83685024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821918)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.126.195.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821918/; classtype:trojan-activity;sid:83685018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821863)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.4.222.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821863/; classtype:trojan-activity;sid:83684963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821854)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.43.228.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821854/; classtype:trojan-activity;sid:83684954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821851)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.34.182.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821851/; classtype:trojan-activity;sid:83684951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821834)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.183.186.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821834/; classtype:trojan-activity;sid:83684934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821836)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821836/; classtype:trojan-activity;sid:83684936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821838)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.155.64.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821838/; classtype:trojan-activity;sid:83684938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.148.20.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821829/; classtype:trojan-activity;sid:83684929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821818)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.0.131.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821818/; classtype:trojan-activity;sid:83684918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821820)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.36.80.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821820/; classtype:trojan-activity;sid:83684920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821800)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.41.63.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821800/; classtype:trojan-activity;sid:83684900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821801)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.193.62.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821801/; classtype:trojan-activity;sid:83684901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821802)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.159.1.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821802/; classtype:trojan-activity;sid:83684902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821803)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.159.8.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821803/; classtype:trojan-activity;sid:83684903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821804)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.185.119.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821804/; classtype:trojan-activity;sid:83684904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821790)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"75.136.50.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821790/; classtype:trojan-activity;sid:83684890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821776)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.175.134.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821776/; classtype:trojan-activity;sid:83684876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.55.98.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821777/; classtype:trojan-activity;sid:83684877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821764)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.124.33.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821764/; classtype:trojan-activity;sid:83684864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821760)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.72.6.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821760/; classtype:trojan-activity;sid:83684860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821762)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.129.2.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821762/; classtype:trojan-activity;sid:83684862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821755)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.211.252.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821755/; classtype:trojan-activity;sid:83684855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821751)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.18.223.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821751/; classtype:trojan-activity;sid:83684851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821740)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.151.143.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821740/; classtype:trojan-activity;sid:83684840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821735)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.4.44.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821735/; classtype:trojan-activity;sid:83684835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821736)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.49.100.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821736/; classtype:trojan-activity;sid:83684836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821737)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.188.30.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821737/; classtype:trojan-activity;sid:83684837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821732)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.154.187.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821732/; classtype:trojan-activity;sid:83684832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821722)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.5.19.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821722/; classtype:trojan-activity;sid:83684822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821723)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.115.103.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821723/; classtype:trojan-activity;sid:83684823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821715)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.245.220.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821715/; classtype:trojan-activity;sid:83684815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821706)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"151.237.4.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821706/; classtype:trojan-activity;sid:83684806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821710)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.117.210.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821710/; classtype:trojan-activity;sid:83684810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821711)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.173.173.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821711/; classtype:trojan-activity;sid:83684811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821693)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.5.50.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821693/; classtype:trojan-activity;sid:83684793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821697)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.106.58.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821697/; classtype:trojan-activity;sid:83684797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821683)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.90.207.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821683/; classtype:trojan-activity;sid:83684783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821687)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"168.228.6.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821687/; classtype:trojan-activity;sid:83684787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821689)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.49.0.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821689/; classtype:trojan-activity;sid:83684789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821677)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.184.231.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821677/; classtype:trojan-activity;sid:83684777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821670)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.137.36.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821670/; classtype:trojan-activity;sid:83684770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821660)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.200.106.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821660/; classtype:trojan-activity;sid:83684760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821657)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.78.201.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821657/; classtype:trojan-activity;sid:83684757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821659)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.109.201.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821659/; classtype:trojan-activity;sid:83684759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821650)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.20.254.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821650/; classtype:trojan-activity;sid:83684750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821629)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.12.6.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821629/; classtype:trojan-activity;sid:83684729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821633)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.94.245.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821633/; classtype:trojan-activity;sid:83684733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821634)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.65.35.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821634/; classtype:trojan-activity;sid:83684734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821619)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.61.163.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821619/; classtype:trojan-activity;sid:83684719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821622)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.92.207.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821622/; classtype:trojan-activity;sid:83684722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821616)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.2.237.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821616/; classtype:trojan-activity;sid:83684716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821597)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"150.129.202.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821597/; classtype:trojan-activity;sid:83684697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821599)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.68.95.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821599/; classtype:trojan-activity;sid:83684699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821605)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"165.90.16.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821605/; classtype:trojan-activity;sid:83684705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821595)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.134.42.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821595/; classtype:trojan-activity;sid:83684695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821583)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.66.105.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821583/; classtype:trojan-activity;sid:83684683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820656)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.5.52.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820656/; classtype:trojan-activity;sid:83683756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820657)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.5.52.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820657/; classtype:trojan-activity;sid:83683757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820658)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.218.152.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820658/; classtype:trojan-activity;sid:83683758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820623)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/esa0xclp"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820623/; classtype:trojan-activity;sid:83683723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818988)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.52.86.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818988/; classtype:trojan-activity;sid:83682088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"92.241.19.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818986/; classtype:trojan-activity;sid:83682086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818983)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.15.92.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818983/; classtype:trojan-activity;sid:83682083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818969)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.76.195.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818969/; classtype:trojan-activity;sid:83682069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818975)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.140.32.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818975/; classtype:trojan-activity;sid:83682075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818977)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.242.106.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818977/; classtype:trojan-activity;sid:83682077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818963)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.164.200.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818963/; classtype:trojan-activity;sid:83682063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818959)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.72.19.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818959/; classtype:trojan-activity;sid:83682059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818961)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.78.185.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818961/; classtype:trojan-activity;sid:83682061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818931)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"92.241.77.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818931/; classtype:trojan-activity;sid:83682031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818914)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.100.49.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818914/; classtype:trojan-activity;sid:83682014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818915)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.41.225.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818915/; classtype:trojan-activity;sid:83682015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818917)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.120.54.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818917/; classtype:trojan-activity;sid:83682017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818920)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.143.133.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818920/; classtype:trojan-activity;sid:83682020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818911)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.58.78.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818911/; classtype:trojan-activity;sid:83682011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818905)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.73.49.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818905/; classtype:trojan-activity;sid:83682005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818899)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.202.49.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818899/; classtype:trojan-activity;sid:83681999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818884)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.133.95.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818884/; classtype:trojan-activity;sid:83681984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818888)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.10.183.36"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818888/; classtype:trojan-activity;sid:83681988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818865)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.215.23.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818865/; classtype:trojan-activity;sid:83681965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818866)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.127.105.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818866/; classtype:trojan-activity;sid:83681966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818864)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.31.28.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818864/; classtype:trojan-activity;sid:83681964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818852)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.113.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818852/; classtype:trojan-activity;sid:83681952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818853)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.40.91.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818853/; classtype:trojan-activity;sid:83681953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818845)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.122.210.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818845/; classtype:trojan-activity;sid:83681945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818841)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.55.247.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818841/; classtype:trojan-activity;sid:83681941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818843)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"76.76.195.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818843/; classtype:trojan-activity;sid:83681943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818844)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.188.174.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818844/; classtype:trojan-activity;sid:83681944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"86.102.177.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818823/; classtype:trojan-activity;sid:83681923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818826)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"136.169.119.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818826/; classtype:trojan-activity;sid:83681926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818797)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.161.217.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818797/; classtype:trojan-activity;sid:83681897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818798)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.145.168.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818798/; classtype:trojan-activity;sid:83681898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818800)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.40.84.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818800/; classtype:trojan-activity;sid:83681900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818803)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"24.227.22.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818803/; classtype:trojan-activity;sid:83681903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818773)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.136.240.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818773/; classtype:trojan-activity;sid:83681873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"63.78.214.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818777/; classtype:trojan-activity;sid:83681877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818778)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.114.200.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818778/; classtype:trojan-activity;sid:83681878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818772)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.203.218.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818772/; classtype:trojan-activity;sid:83681872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818758)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.180.35.231"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818758/; classtype:trojan-activity;sid:83681858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818763)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.227.118.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818763/; classtype:trojan-activity;sid:83681863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818238)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.66.108.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818238/; classtype:trojan-activity;sid:83681338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817357)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1w6j0xeptoliyrblijhnxbm_qnnoptzfw"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817357/; classtype:trojan-activity;sid:83680457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817239)"; flow:established,from_client; content:"GET"; http_method; content:"/pbhhdf/12/raw/main/keepvid-pro_full2578.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817239/; classtype:trojan-activity;sid:83680339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816706)"; flow:established,from_client; content:"GET"; http_method; content:"/wed"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"205.209.114.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816706/; classtype:trojan-activity;sid:83679806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814157)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/full-nelson.c"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"vulnfactory.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814157/; classtype:trojan-activity;sid:83677257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814127)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.21.223.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814127/; classtype:trojan-activity;sid:83677227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814128)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.250.160.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814128/; classtype:trojan-activity;sid:83677228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814116)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.228.134.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814116/; classtype:trojan-activity;sid:83677216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814117)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.71.46.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814117/; classtype:trojan-activity;sid:83677217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814122)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.113.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814122/; classtype:trojan-activity;sid:83677222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814109)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.133.214.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814109/; classtype:trojan-activity;sid:83677209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814105)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.126.186.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814105/; classtype:trojan-activity;sid:83677205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814093)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.231.226.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814093/; classtype:trojan-activity;sid:83677193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814095)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.128.195.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814095/; classtype:trojan-activity;sid:83677195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814096)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"131.108.39.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814096/; classtype:trojan-activity;sid:83677196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814080)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.22.48.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814080/; classtype:trojan-activity;sid:83677180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814082)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.34.91.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814082/; classtype:trojan-activity;sid:83677182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.155.93.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813795/; classtype:trojan-activity;sid:83676895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813150)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.28.123.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813150/; classtype:trojan-activity;sid:83676250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813137)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.89.245.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813137/; classtype:trojan-activity;sid:83676237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813133)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.91.144.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813133/; classtype:trojan-activity;sid:83676233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.249.140.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813132/; classtype:trojan-activity;sid:83676232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813125)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.216.100.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813125/; classtype:trojan-activity;sid:83676225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813118)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.92.188.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813118/; classtype:trojan-activity;sid:83676218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813111)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.29.14.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813111/; classtype:trojan-activity;sid:83676211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813106)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.100.5.56"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813106/; classtype:trojan-activity;sid:83676206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813107)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.151.56.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813107/; classtype:trojan-activity;sid:83676207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813108)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.165.209.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813108/; classtype:trojan-activity;sid:83676208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813093)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.30.234.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813093/; classtype:trojan-activity;sid:83676193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813098)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.141.135.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813098/; classtype:trojan-activity;sid:83676198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813100)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.179.121.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813100/; classtype:trojan-activity;sid:83676200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.29.249.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813084/; classtype:trojan-activity;sid:83676184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813081)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"102.39.242.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813081/; classtype:trojan-activity;sid:83676181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813078)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.163.57.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813078/; classtype:trojan-activity;sid:83676178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813068)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.22.136.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813068/; classtype:trojan-activity;sid:83676168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813069)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.204.154.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813069/; classtype:trojan-activity;sid:83676169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813072)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.187.151.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813072/; classtype:trojan-activity;sid:83676172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.228.64.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813057/; classtype:trojan-activity;sid:83676157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813049)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.108.84.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813049/; classtype:trojan-activity;sid:83676149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813052)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.88.244.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813052/; classtype:trojan-activity;sid:83676152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813037)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.230.153.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813037/; classtype:trojan-activity;sid:83676137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813039)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.92.68.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813039/; classtype:trojan-activity;sid:83676139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813040)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.70.204.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813040/; classtype:trojan-activity;sid:83676140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813026)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"141.101.226.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813026/; classtype:trojan-activity;sid:83676126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809237)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.69.79.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809237/; classtype:trojan-activity;sid:83672337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809227)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.175.223.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809227/; classtype:trojan-activity;sid:83672327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809228)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.211.197.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809228/; classtype:trojan-activity;sid:83672328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809229)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.221.36.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809229/; classtype:trojan-activity;sid:83672329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809226)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.244.169.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809226/; classtype:trojan-activity;sid:83672326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809208)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.211.8.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809208/; classtype:trojan-activity;sid:83672308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809209)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.92.93.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809209/; classtype:trojan-activity;sid:83672309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809202)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.4.124.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809202/; classtype:trojan-activity;sid:83672302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809199)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.202.63.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809199/; classtype:trojan-activity;sid:83672299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809193)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.89.188.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809193/; classtype:trojan-activity;sid:83672293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809187)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.193.118.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809187/; classtype:trojan-activity;sid:83672287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809173)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.215.61.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809173/; classtype:trojan-activity;sid:83672273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809175)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.119.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809175/; classtype:trojan-activity;sid:83672275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809171)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"64.140.99.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809171/; classtype:trojan-activity;sid:83672271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809167)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.65.45.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809167/; classtype:trojan-activity;sid:83672267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809162)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809162/; classtype:trojan-activity;sid:83672262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809149)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"217.65.15.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809149/; classtype:trojan-activity;sid:83672249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809136)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.67.66.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809136/; classtype:trojan-activity;sid:83672236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809140)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.53.164.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809140/; classtype:trojan-activity;sid:83672240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809130)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.49.47.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809130/; classtype:trojan-activity;sid:83672230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809128)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.32.86.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809128/; classtype:trojan-activity;sid:83672228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809122)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.193.97.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809122/; classtype:trojan-activity;sid:83672222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809123)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.254.255.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809123/; classtype:trojan-activity;sid:83672223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809117)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.193.120.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809117/; classtype:trojan-activity;sid:83672217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809107)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.50.10.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809107/; classtype:trojan-activity;sid:83672207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809106)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.155.192.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809106/; classtype:trojan-activity;sid:83672206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.200.63.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809084/; classtype:trojan-activity;sid:83672184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809089)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.251.5.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809089/; classtype:trojan-activity;sid:83672189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809091)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.200.72.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809091/; classtype:trojan-activity;sid:83672191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809010)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.36.80.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809010/; classtype:trojan-activity;sid:83672110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.228.135.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808986/; classtype:trojan-activity;sid:83672086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808980)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.61.246.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808980/; classtype:trojan-activity;sid:83672080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808981)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.154.131.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808981/; classtype:trojan-activity;sid:83672081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808973)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.19.174.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808973/; classtype:trojan-activity;sid:83672073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808967)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.57.33.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808967/; classtype:trojan-activity;sid:83672067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808957)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.157.212.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808957/; classtype:trojan-activity;sid:83672057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808951)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.4.147.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808951/; classtype:trojan-activity;sid:83672051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808952)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.223.44.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808952/; classtype:trojan-activity;sid:83672052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808948)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.64.210.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808948/; classtype:trojan-activity;sid:83672048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808947)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.66.139.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808947/; classtype:trojan-activity;sid:83672047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808944)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.7.160.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808944/; classtype:trojan-activity;sid:83672044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808929)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.245.112.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808929/; classtype:trojan-activity;sid:83672029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808933)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.101.81.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808933/; classtype:trojan-activity;sid:83672033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808938)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.108.106.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808938/; classtype:trojan-activity;sid:83672038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808924)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.162.113.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808924/; classtype:trojan-activity;sid:83672024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808928)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.116.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808928/; classtype:trojan-activity;sid:83672028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808921)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.175.189.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808921/; classtype:trojan-activity;sid:83672021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808907)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.84.212.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808907/; classtype:trojan-activity;sid:83672007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808910)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.154.135.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808910/; classtype:trojan-activity;sid:83672010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808903)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.97.190.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808903/; classtype:trojan-activity;sid:83672003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808900)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"217.64.96.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808900/; classtype:trojan-activity;sid:83672000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808888)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.131.95.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808888/; classtype:trojan-activity;sid:83671988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808882)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.144.235.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808882/; classtype:trojan-activity;sid:83671982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808883)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.171.30.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808883/; classtype:trojan-activity;sid:83671983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808880)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.48.119.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808880/; classtype:trojan-activity;sid:83671980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808876)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.5.61.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808876/; classtype:trojan-activity;sid:83671976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808872)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"122.201.25.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808872/; classtype:trojan-activity;sid:83671972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808875)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"217.218.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808875/; classtype:trojan-activity;sid:83671975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.34.177.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808869/; classtype:trojan-activity;sid:83671969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808870)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.52.164.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808870/; classtype:trojan-activity;sid:83671970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808871)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.21.120.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808871/; classtype:trojan-activity;sid:83671971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808855)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.12.99.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808855/; classtype:trojan-activity;sid:83671955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808836)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.253.60.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808836/; classtype:trojan-activity;sid:83671936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808839)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.214.31.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808839/; classtype:trojan-activity;sid:83671939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.245.10.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808823/; classtype:trojan-activity;sid:83671923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808827)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.34.177.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808827/; classtype:trojan-activity;sid:83671927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808809)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.187.151.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808809/; classtype:trojan-activity;sid:83671909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808792)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808792/; classtype:trojan-activity;sid:83671892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808794)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.122.211.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808794/; classtype:trojan-activity;sid:83671894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"150.107.205.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808795/; classtype:trojan-activity;sid:83671895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808787)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.170.48.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808787/; classtype:trojan-activity;sid:83671887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808771)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.165.79.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808771/; classtype:trojan-activity;sid:83671871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808766)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"153.152.44.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808766/; classtype:trojan-activity;sid:83671866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808756)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.34.183.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808756/; classtype:trojan-activity;sid:83671856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808758)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.34.157.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808758/; classtype:trojan-activity;sid:83671858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808746)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.175.42.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808746/; classtype:trojan-activity;sid:83671846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808734)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.214.241.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808734/; classtype:trojan-activity;sid:83671834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808737)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.159.74.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808737/; classtype:trojan-activity;sid:83671837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808739)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.197.107.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808739/; classtype:trojan-activity;sid:83671839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808740)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.114.97.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808740/; classtype:trojan-activity;sid:83671840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808708)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.17.248.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808708/; classtype:trojan-activity;sid:83671808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808710)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.113.124.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808710/; classtype:trojan-activity;sid:83671810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808713)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"12.148.208.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808713/; classtype:trojan-activity;sid:83671813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808715)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.62.179.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808715/; classtype:trojan-activity;sid:83671815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808699)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.123.169.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808699/; classtype:trojan-activity;sid:83671799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808652)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.34.7.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808652/; classtype:trojan-activity;sid:83671752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808644)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.131.244.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808644/; classtype:trojan-activity;sid:83671744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808637)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.191.123.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808637/; classtype:trojan-activity;sid:83671737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.253.60.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808636/; classtype:trojan-activity;sid:83671736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.28.58.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808631/; classtype:trojan-activity;sid:83671731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808630)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.176.137.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808630/; classtype:trojan-activity;sid:83671730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808625)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"146.66.164.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808625/; classtype:trojan-activity;sid:83671725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808594)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.80.244.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808594/; classtype:trojan-activity;sid:83671694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808599)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.92.82.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808599/; classtype:trojan-activity;sid:83671699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808575)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.190.69.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808575/; classtype:trojan-activity;sid:83671675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808562)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.7.27.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808562/; classtype:trojan-activity;sid:83671662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808545)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.189.222.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808545/; classtype:trojan-activity;sid:83671645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808533)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.87.5.2"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808533/; classtype:trojan-activity;sid:83671633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808535)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.28.58.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808535/; classtype:trojan-activity;sid:83671635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808520)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.34.209.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808520/; classtype:trojan-activity;sid:83671620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808524)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.171.80.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808524/; classtype:trojan-activity;sid:83671624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808525)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.205.90.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808525/; classtype:trojan-activity;sid:83671625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808512)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"66.198.193.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808512/; classtype:trojan-activity;sid:83671612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808515)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.229.139.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808515/; classtype:trojan-activity;sid:83671615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808518)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.28.58.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808518/; classtype:trojan-activity;sid:83671618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808504)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.187.82.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808504/; classtype:trojan-activity;sid:83671604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808502)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.111.119.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808502/; classtype:trojan-activity;sid:83671602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808496)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.139.249.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808496/; classtype:trojan-activity;sid:83671596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808492)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.90.207.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808492/; classtype:trojan-activity;sid:83671592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808467)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.242.139.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808467/; classtype:trojan-activity;sid:83671567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808470)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"64.140.105.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808470/; classtype:trojan-activity;sid:83671570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808474)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.36.68.156"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808474/; classtype:trojan-activity;sid:83671574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808462)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.55.243.196"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808462/; classtype:trojan-activity;sid:83671562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808448)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.92.143.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808448/; classtype:trojan-activity;sid:83671548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808432)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.200.203.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808432/; classtype:trojan-activity;sid:83671532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808444)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.247.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808444/; classtype:trojan-activity;sid:83671544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808424)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.89.199.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808424/; classtype:trojan-activity;sid:83671524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808427)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.116.68.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808427/; classtype:trojan-activity;sid:83671527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808430)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.73.70.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808430/; classtype:trojan-activity;sid:83671530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808417)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.66.168.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808417/; classtype:trojan-activity;sid:83671517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808418)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.216.28.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808418/; classtype:trojan-activity;sid:83671518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808420)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.194.25.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808420/; classtype:trojan-activity;sid:83671520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808400)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.195.100.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808400/; classtype:trojan-activity;sid:83671500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808390)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"47.50.169.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808390/; classtype:trojan-activity;sid:83671490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808385)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.245.131.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808385/; classtype:trojan-activity;sid:83671485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808387)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.70.204.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808387/; classtype:trojan-activity;sid:83671487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808369)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.80.242.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808369/; classtype:trojan-activity;sid:83671469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808371)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.72.39.196"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808371/; classtype:trojan-activity;sid:83671471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808373)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.125.163.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808373/; classtype:trojan-activity;sid:83671473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808374)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"98.103.171.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808374/; classtype:trojan-activity;sid:83671474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808366)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.114.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808366/; classtype:trojan-activity;sid:83671466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808309)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.229.139.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808309/; classtype:trojan-activity;sid:83671409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808300)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808300/; classtype:trojan-activity;sid:83671400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808284)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"79.120.54.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808284/; classtype:trojan-activity;sid:83671384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808286)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"79.120.54.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808286/; classtype:trojan-activity;sid:83671386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808287)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.229.139.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808287/; classtype:trojan-activity;sid:83671387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808291)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808291/; classtype:trojan-activity;sid:83671391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808274)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"109.171.30.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808274/; classtype:trojan-activity;sid:83671374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808275)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"109.171.30.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808275/; classtype:trojan-activity;sid:83671375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808279)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"36.67.66.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808279/; classtype:trojan-activity;sid:83671379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808280)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808280/; classtype:trojan-activity;sid:83671380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808267)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.i686"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808267/; classtype:trojan-activity;sid:83671367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808232)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808232/; classtype:trojan-activity;sid:83671332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808235)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808235/; classtype:trojan-activity;sid:83671335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808236)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"79.120.54.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808236/; classtype:trojan-activity;sid:83671336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808241)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.120.54.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808241/; classtype:trojan-activity;sid:83671341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808244)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.67.66.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808244/; classtype:trojan-activity;sid:83671344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808248)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808248/; classtype:trojan-activity;sid:83671348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808249)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808249/; classtype:trojan-activity;sid:83671349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808225)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.171.30.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808225/; classtype:trojan-activity;sid:83671325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808215)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808215/; classtype:trojan-activity;sid:83671315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808217)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808217/; classtype:trojan-activity;sid:83671317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808222)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.171.30.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808222/; classtype:trojan-activity;sid:83671322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808198)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.67.66.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808198/; classtype:trojan-activity;sid:83671298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808189)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"79.120.54.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808189/; classtype:trojan-activity;sid:83671289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808196)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.67.66.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808196/; classtype:trojan-activity;sid:83671296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808183)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808183/; classtype:trojan-activity;sid:83671283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808184)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.229.139.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808184/; classtype:trojan-activity;sid:83671284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808168)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808168/; classtype:trojan-activity;sid:83671268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808160)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.171.30.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808160/; classtype:trojan-activity;sid:83671260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808161)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.171.30.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808161/; classtype:trojan-activity;sid:83671261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807492)"; flow:established,from_client; content:"GET"; http_method; content:"/ping"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.57.122.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807492/; classtype:trojan-activity;sid:83670592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804806)"; flow:established,from_client; content:"GET"; http_method; content:"/slitaz/sources/packages/c/cross-compiler-armv6l.tar.bz2"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"distro.ibiblio.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804806/; classtype:trojan-activity;sid:83667906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2799350)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1dkj56fnkcbsf3inlqszzm7vpvq3dmdl5"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_02; reference:url, urlhaus.abuse.ch/url/2799350/; classtype:trojan-activity;sid:83662450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2798325)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"75.119.134.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_01; reference:url, urlhaus.abuse.ch/url/2798325/; classtype:trojan-activity;sid:83661425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2798324)"; flow:established,from_client; content:"GET"; http_method; content:"/i386"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"75.119.134.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_01; reference:url, urlhaus.abuse.ch/url/2798324/; classtype:trojan-activity;sid:83661424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2795045)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"metrics.gocloudmaps.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_03_28; reference:url, urlhaus.abuse.ch/url/2795045/; classtype:trojan-activity;sid:83658145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2793603)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1qxwff0k49bjdhwzotirkvqlqhebzgphg"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_27; reference:url, urlhaus.abuse.ch/url/2793603/; classtype:trojan-activity;sid:83656703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2790578)"; flow:established,from_client; content:"GET"; http_method; content:"/.index/scan.tar"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"58.216.207.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_23; reference:url, urlhaus.abuse.ch/url/2790578/; classtype:trojan-activity;sid:83653678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2789249)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1aygcpsnow8esde5bkkuaj0bygkowvttd"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_21; reference:url, urlhaus.abuse.ch/url/2789249/; classtype:trojan-activity;sid:83652349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787791)"; flow:established,from_client; content:"GET"; http_method; content:"/ykwsyyt/help/hddrive1095_xinanplug3030_20230619_inno.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"60.22.23.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_20; reference:url, urlhaus.abuse.ch/url/2787791/; classtype:trojan-activity;sid:83650891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787399)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1stvkjdfiwxw79oezmc62wzmjjaeftyze"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_20; reference:url, urlhaus.abuse.ch/url/2787399/; classtype:trojan-activity;sid:83650499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787397)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1hditwve1kadzeycbldxttxi4mmhddgyp"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_20; reference:url, urlhaus.abuse.ch/url/2787397/; classtype:trojan-activity;sid:83650497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787024)"; flow:established,from_client; content:"GET"; http_method; content:"/bash"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"65.49.44.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2787024/; classtype:trojan-activity;sid:83650124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787023)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"212.113.35.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2787023/; classtype:trojan-activity;sid:83650123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786829)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1re9cqjrafya6wcb5e0zcolwdorvsf9pi"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786829/; classtype:trojan-activity;sid:83649929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786674)"; flow:established,from_client; content:"GET"; http_method; content:"/ftp"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"47.101.206.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786674/; classtype:trojan-activity;sid:83649774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786663)"; flow:established,from_client; content:"GET"; http_method; content:"/washywashy14/7zip-bin/master/win/er5thygfd.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786663/; classtype:trojan-activity;sid:83649763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786661)"; flow:established,from_client; content:"GET"; http_method; content:"/washywashy14/7zip-bin/master/win/uemlxaw.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786661/; classtype:trojan-activity;sid:83649761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2785768)"; flow:established,from_client; content:"GET"; http_method; content:"/zev3n/ubuntu-gnome-privilege-escalation/main/cve-2020-1612%5b6_7%5d_exploit.sh"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2785768/; classtype:trojan-activity;sid:83648868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2785466)"; flow:established,from_client; content:"GET"; http_method; content:"/licensing/deployment/yellow%20pages%20scraper.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"www.blackhattoolz.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2785466/; classtype:trojan-activity;sid:83648566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2785447)"; flow:established,from_client; content:"GET"; http_method; content:"/licensing/updates/tinder%20bot.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"www.blackhattoolz.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2785447/; classtype:trojan-activity;sid:83648547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2782882)"; flow:established,from_client; content:"GET"; http_method; content:"/driveapplet.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"noithaticon.vn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_14; reference:url, urlhaus.abuse.ch/url/2782882/; classtype:trojan-activity;sid:83645982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2782434)"; flow:established,from_client; content:"GET"; http_method; content:"/17c4755d1d45ed1bb454/8703634058188758823"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"f24-zfcloud.zdn.vn"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_03_13; reference:url, urlhaus.abuse.ch/url/2782434/; classtype:trojan-activity;sid:83645534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2782219)"; flow:established,from_client; content:"GET"; http_method; content:"/45700/macc.txt"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"147.185.243.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_03_13; reference:url, urlhaus.abuse.ch/url/2782219/; classtype:trojan-activity;sid:83645319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2782217)"; flow:established,from_client; content:"GET"; http_method; content:"/45700/beautifulglobe.jpg"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"147.185.243.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_03_13; reference:url, urlhaus.abuse.ch/url/2782217/; classtype:trojan-activity;sid:83645317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2780273)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ge6chcvywbep4kgx_odpxtvfi3vj-zwy"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_11; reference:url, urlhaus.abuse.ch/url/2780273/; classtype:trojan-activity;sid:83643373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2780255)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"oys0ro.static.otenet.gr"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_03_11; reference:url, urlhaus.abuse.ch/url/2780255/; classtype:trojan-activity;sid:83643355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776130)"; flow:established,from_client; content:"GET"; http_method; content:"//pcs/click|3f|adurl=//bamautzky.de/red.php"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_03_05; reference:url, urlhaus.abuse.ch/url/2776130/; classtype:trojan-activity;sid:83639230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2772697)"; flow:established,from_client; content:"GET"; http_method; content:"/docs/x.rar"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"106.254.250.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_29; reference:url, urlhaus.abuse.ch/url/2772697/; classtype:trojan-activity;sid:83635797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2772689)"; flow:established,from_client; content:"GET"; http_method; content:"/docs/met111.sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.254.250.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_29; reference:url, urlhaus.abuse.ch/url/2772689/; classtype:trojan-activity;sid:83635789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2770936)"; flow:established,from_client; content:"GET"; http_method; content:"/tenda.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.230.55.224"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_02_26; reference:url, urlhaus.abuse.ch/url/2770936/; classtype:trojan-activity;sid:83634036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769195)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.188.216.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769195/; classtype:trojan-activity;sid:83632295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769165)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"64.140.100.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769165/; classtype:trojan-activity;sid:83632265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769015)"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/down/jeditor/jeditor.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"www.ojang.pe.kr"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769015/; classtype:trojan-activity;sid:83632115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765933)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2024/e_r1.bmp"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"catbaparadisehotel.com.vn"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765933/; classtype:trojan-activity;sid:83629033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765626)"; flow:established,from_client; content:"GET"; http_method; content:"/hitmanpro.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"hitman-pro.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765626/; classtype:trojan-activity;sid:83628726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765616)"; flow:established,from_client; content:"GET"; http_method; content:"/css/down.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"computersupportexperts.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765616/; classtype:trojan-activity;sid:83628716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765602)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f||7c|26|7c|adurl=https://patricstoremegans2.com/"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765602/; classtype:trojan-activity;sid:83628702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765586)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2024/e_default.bmp"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"catbaparadisehotel.com.vn"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765586/; classtype:trojan-activity;sid:83628686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764512)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764512/; classtype:trojan-activity;sid:83627612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764507)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764507/; classtype:trojan-activity;sid:83627607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764508)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764508/; classtype:trojan-activity;sid:83627608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764509)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764509/; classtype:trojan-activity;sid:83627609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764510)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764510/; classtype:trojan-activity;sid:83627610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764511)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764511/; classtype:trojan-activity;sid:83627611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2761815)"; flow:established,from_client; content:"GET"; http_method; content:"/dt9.txt"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"delp-heizungsbau.de"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_02_15; reference:url, urlhaus.abuse.ch/url/2761815/; classtype:trojan-activity;sid:83624915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2757963)"; flow:established,from_client; content:"GET"; http_method; content:"/mobileanjian.apk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"103.6.5.3"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_02_07; reference:url, urlhaus.abuse.ch/url/2757963/; classtype:trojan-activity;sid:83621063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754788)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754788/; classtype:trojan-activity;sid:83617888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754787)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754787/; classtype:trojan-activity;sid:83617887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754786)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754786/; classtype:trojan-activity;sid:83617886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754784)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754784/; classtype:trojan-activity;sid:83617884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754783)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754783/; classtype:trojan-activity;sid:83617883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754299)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1wuy2y3vbxibdfqcs6-kx96nocarzixfd"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_31; reference:url, urlhaus.abuse.ch/url/2754299/; classtype:trojan-activity;sid:83617399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2753677)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=//projetodegente.com"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_30; reference:url, urlhaus.abuse.ch/url/2753677/; classtype:trojan-activity;sid:83616777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2751573)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=//higreens.co.in"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_25; reference:url, urlhaus.abuse.ch/url/2751573/; classtype:trojan-activity;sid:83614673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2751543)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=//kavyasourcing.com/"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_25; reference:url, urlhaus.abuse.ch/url/2751543/; classtype:trojan-activity;sid:83614643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2751237)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=https://cliffg.me"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_24; reference:url, urlhaus.abuse.ch/url/2751237/; classtype:trojan-activity;sid:83614337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2751171)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=https://streammobs.com/"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_24; reference:url, urlhaus.abuse.ch/url/2751171/; classtype:trojan-activity;sid:83614271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749355)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=https://redeamazoniaazul.org/"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_18; reference:url, urlhaus.abuse.ch/url/2749355/; classtype:trojan-activity;sid:83612455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749356)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=//www.jd-forever.com/"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_18; reference:url, urlhaus.abuse.ch/url/2749356/; classtype:trojan-activity;sid:83612456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749357)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=//old.umcl.us/"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_18; reference:url, urlhaus.abuse.ch/url/2749357/; classtype:trojan-activity;sid:83612457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749182)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=https://wegrowcoaching.com/"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_17; reference:url, urlhaus.abuse.ch/url/2749182/; classtype:trojan-activity;sid:83612282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749177)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=https://dongyu.us/"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_17; reference:url, urlhaus.abuse.ch/url/2749177/; classtype:trojan-activity;sid:83612277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749055)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ez7mmq79ya6ldc_u2jomq6c9knccqpp2"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_16; reference:url, urlhaus.abuse.ch/url/2749055/; classtype:trojan-activity;sid:83612155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748605)"; flow:established,from_client; content:"GET"; http_method; content:"/ssslllap1/asdasd/raw/main/crypted.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_13; reference:url, urlhaus.abuse.ch/url/2748605/; classtype:trojan-activity;sid:83611705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748365)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ifvzub1blhmwsirshbe2wu5b1tus3ls-"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_12; reference:url, urlhaus.abuse.ch/url/2748365/; classtype:trojan-activity;sid:83611465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748364)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1bww1cavmcskehhqx7brpue_fhdwskt8r"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_12; reference:url, urlhaus.abuse.ch/url/2748364/; classtype:trojan-activity;sid:83611464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748363)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1yydiodtw09banou13ro8ielf9rcmljxy"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_12; reference:url, urlhaus.abuse.ch/url/2748363/; classtype:trojan-activity;sid:83611463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748361)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1vd8ouzqja1zsydzzhje7oxftzvwngqek"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_12; reference:url, urlhaus.abuse.ch/url/2748361/; classtype:trojan-activity;sid:83611461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748358)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1wuphz_vydyx9rwhcwprxgvkkda1tkqtx"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_12; reference:url, urlhaus.abuse.ch/url/2748358/; classtype:trojan-activity;sid:83611458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748360)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=11cbyky_wegqjut6afr8jannw7vub-xxf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_12; reference:url, urlhaus.abuse.ch/url/2748360/; classtype:trojan-activity;sid:83611460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748349)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1gv5qahzp_toxgct3ezfvvy4q3a5vvh6s"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_12; reference:url, urlhaus.abuse.ch/url/2748349/; classtype:trojan-activity;sid:83611449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2747896)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=//vaibhavtripathi.in"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_10; reference:url, urlhaus.abuse.ch/url/2747896/; classtype:trojan-activity;sid:83610996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2747890)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=//procuratio.nu/"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_10; reference:url, urlhaus.abuse.ch/url/2747890/; classtype:trojan-activity;sid:83610990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2747825)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1qsyjsxwhb7iwskqztoyhzeipxcflq7xn"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_10; reference:url, urlhaus.abuse.ch/url/2747825/; classtype:trojan-activity;sid:83610925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2747823)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1cvz7hgyqz31sjspj6d-a7aotyoj1pius"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_10; reference:url, urlhaus.abuse.ch/url/2747823/; classtype:trojan-activity;sid:83610923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2747433)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/zpmmtvzq"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_01_08; reference:url, urlhaus.abuse.ch/url/2747433/; classtype:trojan-activity;sid:83610533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2746783)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.180.35.231"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_01_06; reference:url, urlhaus.abuse.ch/url/2746783/; classtype:trojan-activity;sid:83609883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2746751)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/avmezmcr"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_01_05; reference:url, urlhaus.abuse.ch/url/2746751/; classtype:trojan-activity;sid:83609851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2746285)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/v7jxrycp"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_01_04; reference:url, urlhaus.abuse.ch/url/2746285/; classtype:trojan-activity;sid:83609385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2743463)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1y7km_gygvbh13nkdf-k_5zzkcnnaxg36"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_12_22; reference:url, urlhaus.abuse.ch/url/2743463/; classtype:trojan-activity;sid:83606563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2743461)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=12rmvuwgpj0dzbb3haoaww2lviavhvb4r"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_12_22; reference:url, urlhaus.abuse.ch/url/2743461/; classtype:trojan-activity;sid:83606561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2743460)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1rfsmrzeanvap2tnmtwrptlepwarwlkge"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_12_22; reference:url, urlhaus.abuse.ch/url/2743460/; classtype:trojan-activity;sid:83606560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2743459)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1o5wwgpjwoka_quoqp1knccfi4ijeh9zk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_12_22; reference:url, urlhaus.abuse.ch/url/2743459/; classtype:trojan-activity;sid:83606559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2742817)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=https://synergyconsulting.us"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2023_12_20; reference:url, urlhaus.abuse.ch/url/2742817/; classtype:trojan-activity;sid:83605917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2742524)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=//www.deltabehavioralhealth.org/"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2023_12_19; reference:url, urlhaus.abuse.ch/url/2742524/; classtype:trojan-activity;sid:83605624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2742518)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1k0bqhrtnu4v1yexoni5p1utyjuohmfzm"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_12_19; reference:url, urlhaus.abuse.ch/url/2742518/; classtype:trojan-activity;sid:83605618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2742517)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1thfyivvkzpyrqfa60w9lymrzk-z6vvgy"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_12_19; reference:url, urlhaus.abuse.ch/url/2742517/; classtype:trojan-activity;sid:83605617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2742516)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1fhqpevblkipshqumjmsbzeetdzhzxv-j"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_12_19; reference:url, urlhaus.abuse.ch/url/2742516/; classtype:trojan-activity;sid:83605616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2740202)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=//balkarsoftware.cubistech.com"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2023_12_13; reference:url, urlhaus.abuse.ch/url/2740202/; classtype:trojan-activity;sid:83603302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2734981)"; flow:established,from_client; content:"GET"; http_method; content:"/vendor/bin/nobody/clean.it"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"xiangshunjy.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_11_24; reference:url, urlhaus.abuse.ch/url/2734981/; classtype:trojan-activity;sid:83598081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2734979)"; flow:established,from_client; content:"GET"; http_method; content:"/404"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"31.184.194.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_11_24; reference:url, urlhaus.abuse.ch/url/2734979/; classtype:trojan-activity;sid:83598079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2733771)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.139.249.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_11_23; reference:url, urlhaus.abuse.ch/url/2733771/; classtype:trojan-activity;sid:83596871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2733212)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=//churchinmanila.org/"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2023_11_20; reference:url, urlhaus.abuse.ch/url/2733212/; classtype:trojan-activity;sid:83596312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2731428)"; flow:established,from_client; content:"GET"; http_method; content:"/update.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"muzzumilruheel.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_11_17; reference:url, urlhaus.abuse.ch/url/2731428/; classtype:trojan-activity;sid:83594528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2731357)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"115.165.209.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_11_16; reference:url, urlhaus.abuse.ch/url/2731357/; classtype:trojan-activity;sid:83594457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2731061)"; flow:established,from_client; content:"GET"; http_method; content:"/centro/index.php"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"spst.hqup.in"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_11_15; reference:url, urlhaus.abuse.ch/url/2731061/; classtype:trojan-activity;sid:83594161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2730213)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1sjm5t0ktlepibtv3kgaousspnw3zonom"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_13; reference:url, urlhaus.abuse.ch/url/2730213/; classtype:trojan-activity;sid:83593313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2730069)"; flow:established,from_client; content:"GET"; http_method; content:"/cronusxd/update/releases/download/programa/universal.cheat.all.games.rar"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_11_12; reference:url, urlhaus.abuse.ch/url/2730069/; classtype:trojan-activity;sid:83593169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2729736)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=https://posicionamientonatural.es/"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2023_11_10; reference:url, urlhaus.abuse.ch/url/2729736/; classtype:trojan-activity;sid:83592836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2729405)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=https://namaacont.com/"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2023_11_09; reference:url, urlhaus.abuse.ch/url/2729405/; classtype:trojan-activity;sid:83592505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2728799)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/wfwtp8qn"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_11_07; reference:url, urlhaus.abuse.ch/url/2728799/; classtype:trojan-activity;sid:83591899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2727395)"; flow:established,from_client; content:"GET"; http_method; content:"/frankcastle2/0/main/0j"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2023_11_03; reference:url, urlhaus.abuse.ch/url/2727395/; classtype:trojan-activity;sid:83590495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726994)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1lhnnwoydntgqibsykxwgd32s5xftxvfh"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726994/; classtype:trojan-activity;sid:83590094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726921)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1oxpqeutyreby186exx4zeofyz0rjocsp"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726921/; classtype:trojan-activity;sid:83590021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726920)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1e2y5yppu_zjj4o3wmuo-2j8n9lbthkzc"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726920/; classtype:trojan-activity;sid:83590020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726906)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1_ldguopt2cg7fblntw3ltxgtxqtmlflc"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726906/; classtype:trojan-activity;sid:83590006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726907)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=10lygpyju_dlg3x6r9oslzgblshakstl-"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726907/; classtype:trojan-activity;sid:83590007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726788)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ozzfkobmxw9pwbtscnlt-gooqqrlybq-"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_31; reference:url, urlhaus.abuse.ch/url/2726788/; classtype:trojan-activity;sid:83589888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726777)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1sqvm1xsoranfnvqst_kkdmn8yhgulm4k"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_31; reference:url, urlhaus.abuse.ch/url/2726777/; classtype:trojan-activity;sid:83589877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726592)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1zqzivoxid6wgvjstzd0lg2vxnpnc-puf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_30; reference:url, urlhaus.abuse.ch/url/2726592/; classtype:trojan-activity;sid:83589692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726432)"; flow:established,from_client; content:"GET"; http_method; content:"/drakeo03/rbxfpsunlocker-x64-hotfix1/zip/refs/heads/main"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_10_28; reference:url, urlhaus.abuse.ch/url/2726432/; classtype:trojan-activity;sid:83589532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726089)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1gfn3lqd1rvybut4ha-ldl92wt8ysrzfc"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_26; reference:url, urlhaus.abuse.ch/url/2726089/; classtype:trojan-activity;sid:83589189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2722703)"; flow:established,from_client; content:"GET"; http_method; content:"/image.png"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"ircftp.net"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_10_20; reference:url, urlhaus.abuse.ch/url/2722703/; classtype:trojan-activity;sid:83585803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2720935)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"221.152.81.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_10_16; reference:url, urlhaus.abuse.ch/url/2720935/; classtype:trojan-activity;sid:83584035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2719389)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1satmexzn3qpvqzfxnc-5dtnnn8lihdxh"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_12; reference:url, urlhaus.abuse.ch/url/2719389/; classtype:trojan-activity;sid:83582489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713178)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.82.211.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713178/; classtype:trojan-activity;sid:83576278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713056)"; flow:established,from_client; content:"GET"; http_method; content:"/rter/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"tanscarattorneys.co.tz"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713056/; classtype:trojan-activity;sid:83576156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2711386)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"183.97.32.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_13; reference:url, urlhaus.abuse.ch/url/2711386/; classtype:trojan-activity;sid:83574486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2708874)"; flow:established,from_client; content:"GET"; http_method; content:"/readme.txt"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"svirtual.sanviatorperu.edu.pe"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2023_09_01; reference:url, urlhaus.abuse.ch/url/2708874/; classtype:trojan-activity;sid:83571974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2705989)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"115.94.9.181"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_08_21; reference:url, urlhaus.abuse.ch/url/2705989/; classtype:trojan-activity;sid:83569089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2704162)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.36.68.156"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_08_13; reference:url, urlhaus.abuse.ch/url/2704162/; classtype:trojan-activity;sid:83567262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2702776)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/scler.ttf"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"scainseto.com.br"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_08_08; reference:url, urlhaus.abuse.ch/url/2702776/; classtype:trojan-activity;sid:83565876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2701777)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/tm63vbgu"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_08_07; reference:url, urlhaus.abuse.ch/url/2701777/; classtype:trojan-activity;sid:83564877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2693150)"; flow:established,from_client; content:"GET"; http_method; content:"/housenetshare.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"stdown.dinju.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_07_31; reference:url, urlhaus.abuse.ch/url/2693150/; classtype:trojan-activity;sid:83556250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2686558)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/jc80ycae"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_20; reference:url, urlhaus.abuse.ch/url/2686558/; classtype:trojan-activity;sid:83549658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2682035)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"59.7.131.145"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_13; reference:url, urlhaus.abuse.ch/url/2682035/; classtype:trojan-activity;sid:83545135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2676029)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/rr3hywgc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_03; reference:url, urlhaus.abuse.ch/url/2676029/; classtype:trojan-activity;sid:83539129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2675524)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.87.5.2"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2023_07_02; reference:url, urlhaus.abuse.ch/url/2675524/; classtype:trojan-activity;sid:83538624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661661)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661661/; classtype:trojan-activity;sid:83524761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661657)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661657/; classtype:trojan-activity;sid:83524757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661658)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661658/; classtype:trojan-activity;sid:83524758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661659)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661659/; classtype:trojan-activity;sid:83524759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661660)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661660/; classtype:trojan-activity;sid:83524760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661653)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661653/; classtype:trojan-activity;sid:83524753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661654)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661654/; classtype:trojan-activity;sid:83524754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661655)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661655/; classtype:trojan-activity;sid:83524755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661656)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661656/; classtype:trojan-activity;sid:83524756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648633)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.192.69.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648633/; classtype:trojan-activity;sid:83511733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2632434)"; flow:established,from_client; content:"GET"; http_method; content:"/xqqsou.png"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"208.67.107.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_05_15; reference:url, urlhaus.abuse.ch/url/2632434/; classtype:trojan-activity;sid:83495534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2632435)"; flow:established,from_client; content:"GET"; http_method; content:"/jshggkofqk.png"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"208.67.107.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_05_15; reference:url, urlhaus.abuse.ch/url/2632435/; classtype:trojan-activity;sid:83495535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2629977)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|confirm=t|7c|26|7c|id=145b1fbjtyee3w1rjsazo7hzcoiiaxzum|7c|26|7c|uuid=eb581596-9566-4a21-b3b6-e6909eb42ff6|7c|26|7c|at=akkf8vzrltviqrn7wljfjcwisgcc:1683793107077"; http_uri; depth:193; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_05_11; reference:url, urlhaus.abuse.ch/url/2629977/; classtype:trojan-activity;sid:83493077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2628190)"; flow:established,from_client; content:"GET"; http_method; content:"/neicpac.png"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"208.67.107.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_05_10; reference:url, urlhaus.abuse.ch/url/2628190/; classtype:trojan-activity;sid:83491290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2628180)"; flow:established,from_client; content:"GET"; http_method; content:"/jtnhsefe.png"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"208.67.107.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_05_10; reference:url, urlhaus.abuse.ch/url/2628180/; classtype:trojan-activity;sid:83491280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2628183)"; flow:established,from_client; content:"GET"; http_method; content:"/btwvkpvlg.png"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"208.67.107.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_05_10; reference:url, urlhaus.abuse.ch/url/2628183/; classtype:trojan-activity;sid:83491283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2628184)"; flow:established,from_client; content:"GET"; http_method; content:"/pepbg.png"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"208.67.107.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_05_10; reference:url, urlhaus.abuse.ch/url/2628184/; classtype:trojan-activity;sid:83491284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2628185)"; flow:established,from_client; content:"GET"; http_method; content:"/gkxcfiyk.png"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"208.67.107.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_05_10; reference:url, urlhaus.abuse.ch/url/2628185/; classtype:trojan-activity;sid:83491285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2625633)"; flow:established,from_client; content:"GET"; http_method; content:"/kbase/rentfree.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"aurorabolnica.co.rs"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_05_05; reference:url, urlhaus.abuse.ch/url/2625633/; classtype:trojan-activity;sid:83488733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2622777)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/1a5fq2ek"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_05_02; reference:url, urlhaus.abuse.ch/url/2622777/; classtype:trojan-activity;sid:83485877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2618153)"; flow:established,from_client; content:"GET"; http_method; content:"/cache/rentfree.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ranojpegu.in"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_04_25; reference:url, urlhaus.abuse.ch/url/2618153/; classtype:trojan-activity;sid:83481253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2618110)"; flow:established,from_client; content:"GET"; http_method; content:"/cache/rentfree.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ita-airwaysva.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_04_25; reference:url, urlhaus.abuse.ch/url/2618110/; classtype:trojan-activity;sid:83481210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2617048)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/nss3.dll"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"91.235.234.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_24; reference:url, urlhaus.abuse.ch/url/2617048/; classtype:trojan-activity;sid:83480148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2617044)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/msvcp140.dll"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"91.235.234.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_24; reference:url, urlhaus.abuse.ch/url/2617044/; classtype:trojan-activity;sid:83480144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2617045)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/mozglue.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"91.235.234.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_24; reference:url, urlhaus.abuse.ch/url/2617045/; classtype:trojan-activity;sid:83480145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2617046)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/freebl3.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"91.235.234.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_24; reference:url, urlhaus.abuse.ch/url/2617046/; classtype:trojan-activity;sid:83480146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2617047)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/sqlite3.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"91.235.234.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_24; reference:url, urlhaus.abuse.ch/url/2617047/; classtype:trojan-activity;sid:83480147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2617042)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/softokn3.dll"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"91.235.234.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_24; reference:url, urlhaus.abuse.ch/url/2617042/; classtype:trojan-activity;sid:83480142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2617043)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/vcruntime140.dll"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"91.235.234.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_24; reference:url, urlhaus.abuse.ch/url/2617043/; classtype:trojan-activity;sid:83480143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2616975)"; flow:established,from_client; content:"GET"; http_method; content:"/pep/per.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"friendsofsclarc.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_04_24; reference:url, urlhaus.abuse.ch/url/2616975/; classtype:trojan-activity;sid:83480075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615396)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.100.5.56"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615396/; classtype:trojan-activity;sid:83478496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615310)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.227.118.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615310/; classtype:trojan-activity;sid:83478410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615289)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.70.214.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615289/; classtype:trojan-activity;sid:83478389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615251)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"79.121.103.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615251/; classtype:trojan-activity;sid:83478351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2614289)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.100.49.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_19; reference:url, urlhaus.abuse.ch/url/2614289/; classtype:trojan-activity;sid:83477389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2602547)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/mdpqv8gx"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_04_08; reference:url, urlhaus.abuse.ch/url/2602547/; classtype:trojan-activity;sid:83465647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2599750)"; flow:established,from_client; content:"GET"; http_method; content:"/le9/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"milleniuninformatica.com.br"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2023_04_06; reference:url, urlhaus.abuse.ch/url/2599750/; classtype:trojan-activity;sid:83462850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2587598)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/jtx57kpr"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_03_27; reference:url, urlhaus.abuse.ch/url/2587598/; classtype:trojan-activity;sid:83450698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2582576)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"217.144.173.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_03_23; reference:url, urlhaus.abuse.ch/url/2582576/; classtype:trojan-activity;sid:83445676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2581006)"; flow:established,from_client; content:"GET"; http_method; content:"/salatikochen/salatapps/archive/refs/heads/main.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_03_22; reference:url, urlhaus.abuse.ch/url/2581006/; classtype:trojan-activity;sid:83444106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2579753)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/fu3d5tvi"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_03_21; reference:url, urlhaus.abuse.ch/url/2579753/; classtype:trojan-activity;sid:83442853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2573934)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/4jusqzvd"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_03_16; reference:url, urlhaus.abuse.ch/url/2573934/; classtype:trojan-activity;sid:83437034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2572493)"; flow:established,from_client; content:"GET"; http_method; content:"/nti/nti.js"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"shaderm.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_03_15; reference:url, urlhaus.abuse.ch/url/2572493/; classtype:trojan-activity;sid:83435593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571484)"; flow:established,from_client; content:"GET"; http_method; content:"/scarica/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"gabyagozetim.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571484/; classtype:trojan-activity;sid:83434584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571417)"; flow:established,from_client; content:"GET"; http_method; content:"/agenzia/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"admin.byte.in.ua"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571417/; classtype:trojan-activity;sid:83434517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571387)"; flow:established,from_client; content:"GET"; http_method; content:"/agenzia/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"donkeytourscroatia.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571387/; classtype:trojan-activity;sid:83434487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571323)"; flow:established,from_client; content:"GET"; http_method; content:"/connect/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"gabyagozetim.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571323/; classtype:trojan-activity;sid:83434423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571282)"; flow:established,from_client; content:"GET"; http_method; content:"/agenzia/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"gabyagozetim.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571282/; classtype:trojan-activity;sid:83434382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571162)"; flow:established,from_client; content:"GET"; http_method; content:"/scarica/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"admin.byte.in.ua"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571162/; classtype:trojan-activity;sid:83434262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571156)"; flow:established,from_client; content:"GET"; http_method; content:"/connect/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.institut-corps-a-ligne.fr"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571156/; classtype:trojan-activity;sid:83434256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571152)"; flow:established,from_client; content:"GET"; http_method; content:"/agenzia/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cfu.twr.mybluehost.me"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571152/; classtype:trojan-activity;sid:83434252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571135)"; flow:established,from_client; content:"GET"; http_method; content:"/connect/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"donkeytourscroatia.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571135/; classtype:trojan-activity;sid:83434235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571043)"; flow:established,from_client; content:"GET"; http_method; content:"/scarica/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"donkeytourscroatia.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571043/; classtype:trojan-activity;sid:83434143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2570909)"; flow:established,from_client; content:"GET"; http_method; content:"/scarica/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"rpperformance.com.br"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2570909/; classtype:trojan-activity;sid:83434009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2570812)"; flow:established,from_client; content:"GET"; http_method; content:"/connect/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bracell.latitude.net.br"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2570812/; classtype:trojan-activity;sid:83433912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2570732)"; flow:established,from_client; content:"GET"; http_method; content:"/connect/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cfu.twr.mybluehost.me"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2570732/; classtype:trojan-activity;sid:83433832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2570688)"; flow:established,from_client; content:"GET"; http_method; content:"/scarica/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.institut-corps-a-ligne.fr"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2570688/; classtype:trojan-activity;sid:83433788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2570642)"; flow:established,from_client; content:"GET"; http_method; content:"/connect/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"admin.byte.in.ua"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2570642/; classtype:trojan-activity;sid:83433742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2570563)"; flow:established,from_client; content:"GET"; http_method; content:"/scarica/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"embedone.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2570563/; classtype:trojan-activity;sid:83433663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2570515)"; flow:established,from_client; content:"GET"; http_method; content:"/agenzia/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.institut-corps-a-ligne.fr"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2570515/; classtype:trojan-activity;sid:83433615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2570474)"; flow:established,from_client; content:"GET"; http_method; content:"/scarica/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cfu.twr.mybluehost.me"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2570474/; classtype:trojan-activity;sid:83433574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2568876)"; flow:established,from_client; content:"GET"; http_method; content:"/teev/teev.js"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"nusatoyota.co.id"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_03_13; reference:url, urlhaus.abuse.ch/url/2568876/; classtype:trojan-activity;sid:83431976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2568823)"; flow:established,from_client; content:"GET"; http_method; content:"/gcn/gcn.js"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"spoar.org.in"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_03_13; reference:url, urlhaus.abuse.ch/url/2568823/; classtype:trojan-activity;sid:83431923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2561396)"; flow:established,from_client; content:"GET"; http_method; content:"/connect/index.php"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"trungtambaohanhmaylanh.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2023_03_07; reference:url, urlhaus.abuse.ch/url/2561396/; classtype:trojan-activity;sid:83424496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2555339)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/rn8tlx2e"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_03_02; reference:url, urlhaus.abuse.ch/url/2555339/; classtype:trojan-activity;sid:83418439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2545788)"; flow:established,from_client; content:"GET"; http_method; content:"/tedburke/commandcam/archive/refs/heads/master.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_20; reference:url, urlhaus.abuse.ch/url/2545788/; classtype:trojan-activity;sid:83408888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2540034)"; flow:established,from_client; content:"GET"; http_method; content:"/unlockteame/unlimited/zip/refs/heads/main"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_02_14; reference:url, urlhaus.abuse.ch/url/2540034/; classtype:trojan-activity;sid:83403134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2538213)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/images/gallery/credit%20alert.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"anapa-zarya.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_12; reference:url, urlhaus.abuse.ch/url/2538213/; classtype:trojan-activity;sid:83401313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2533240)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/bztvxkzb"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_07; reference:url, urlhaus.abuse.ch/url/2533240/; classtype:trojan-activity;sid:83396340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2532808)"; flow:established,from_client; content:"GET"; http_method; content:"/connect/index.php"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"gabyagozetim.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_07; reference:url, urlhaus.abuse.ch/url/2532808/; classtype:trojan-activity;sid:83395908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2510643)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/bn6ktvyl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_01_17; reference:url, urlhaus.abuse.ch/url/2510643/; classtype:trojan-activity;sid:83373743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2502405)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/tgp9td9z"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_01_09; reference:url, urlhaus.abuse.ch/url/2502405/; classtype:trojan-activity;sid:83365505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2440082)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/raw/master/discord%20rat/resources/token%20grabber.dll"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_11_30; reference:url, urlhaus.abuse.ch/url/2440082/; classtype:trojan-activity;sid:83303182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2440081)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/raw/master/discord%20rat/resources/passwordstealer.dll"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_11_30; reference:url, urlhaus.abuse.ch/url/2440081/; classtype:trojan-activity;sid:83303181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2414734)"; flow:established,from_client; content:"GET"; http_method; content:"/core"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cnom.sante.gov.ml"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2022_11_16; reference:url, urlhaus.abuse.ch/url/2414734/; classtype:trojan-activity;sid:83277834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2414733)"; flow:established,from_client; content:"GET"; http_method; content:"/12"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"cnom.sante.gov.ml"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2022_11_16; reference:url, urlhaus.abuse.ch/url/2414733/; classtype:trojan-activity;sid:83277833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2408069)"; flow:established,from_client; content:"GET"; http_method; content:"/analytics/zy5ntk/"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"fromthetrenchesworldreport.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2022_11_11; reference:url, urlhaus.abuse.ch/url/2408069/; classtype:trojan-activity;sid:83271169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2406761)"; flow:established,from_client; content:"GET"; http_method; content:"/s/dl/wpoxoxqe2in4fju/doc7november00065.js"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_11_10; reference:url, urlhaus.abuse.ch/url/2406761/; classtype:trojan-activity;sid:83269861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2403614)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/uuja3km9"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_11_07; reference:url, urlhaus.abuse.ch/url/2403614/; classtype:trojan-activity;sid:83266714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2403434)"; flow:established,from_client; content:"GET"; http_method; content:"/down/fw/fw.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"tengfeidn.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_11_07; reference:url, urlhaus.abuse.ch/url/2403434/; classtype:trojan-activity;sid:83266534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2400757)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"116.72.19.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_11_04; reference:url, urlhaus.abuse.ch/url/2400757/; classtype:trojan-activity;sid:83263857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2399181)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/nrhtc20u"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_11_03; reference:url, urlhaus.abuse.ch/url/2399181/; classtype:trojan-activity;sid:83262281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2393391)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/block-supports/5.png"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"fullstacknir.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2022_11_01; reference:url, urlhaus.abuse.ch/url/2393391/; classtype:trojan-activity;sid:83256491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2388056)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/j5nyvlbz"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_10_27; reference:url, urlhaus.abuse.ch/url/2388056/; classtype:trojan-activity;sid:83251156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2376908)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/hf1kfswr"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_10_18; reference:url, urlhaus.abuse.ch/url/2376908/; classtype:trojan-activity;sid:83240008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2350870)"; flow:established,from_client; content:"GET"; http_method; content:"/image2021042gfreds12322erdq1doc03027382doc20220513prelidoc20220513hgy37845657488494338293trdfednarc0559doc0302732112202135jihg25485/vfrixuukosr"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"ramactools.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_10_05; reference:url, urlhaus.abuse.ch/url/2350870/; classtype:trojan-activity;sid:83213970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2350871)"; flow:established,from_client; content:"GET"; http_method; content:"/image2021042gfreds12322erdq1doc03027382doc20220513prelidoc20220513hgy37845657488494338293trdfednarc0559doc0302732112202135jihg25485/frqolwwzjar"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"ramactools.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_10_05; reference:url, urlhaus.abuse.ch/url/2350871/; classtype:trojan-activity;sid:83213971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2346004)"; flow:established,from_client; content:"GET"; http_method; content:"/image2021042gfreds12322erdq1doc03027382doc20220513prelidoc20220513hgy37845657488494338293trdfednarc0559doc0302732112202135jihg25485/zjqvxfqziug"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"ramactools.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_10_03; reference:url, urlhaus.abuse.ch/url/2346004/; classtype:trojan-activity;sid:83209104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2344776)"; flow:established,from_client; content:"GET"; http_method; content:"/image2021042gfreds12322erdq1doc03027382doc20220513prelidoc20220513hgy37845657488494338293trdfednarc0559doc0302732112202135jihg25485/jvtabqibosa"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"ramactools.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_10_01; reference:url, urlhaus.abuse.ch/url/2344776/; classtype:trojan-activity;sid:83207876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2344769)"; flow:established,from_client; content:"GET"; http_method; content:"/doc20220513hgy37845657488494338293trdfednarc0559doc0302732112202135jihg25485/kuueqefqqhz"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"ramactools.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_10_01; reference:url, urlhaus.abuse.ch/url/2344769/; classtype:trojan-activity;sid:83207869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2344770)"; flow:established,from_client; content:"GET"; http_method; content:"/doc20220513hgy37845657488494338293trdfednarc0559doc0302732112202135jihg25485/nzifvmlonlj"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"ramactools.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_10_01; reference:url, urlhaus.abuse.ch/url/2344770/; classtype:trojan-activity;sid:83207870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2344771)"; flow:established,from_client; content:"GET"; http_method; content:"/image2021042gfreds12322erdq1doc03027382doc20220513prelidoc20220513hgy37845657488494338293trdfednarc0559doc0302732112202135jihg25485/hsrdqwkmzlr"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"ramactools.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_10_01; reference:url, urlhaus.abuse.ch/url/2344771/; classtype:trojan-activity;sid:83207871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2344772)"; flow:established,from_client; content:"GET"; http_method; content:"/doc20220513hgy37845657488494338293trdfednarc0559doc0302732112202135jihg25485/udndlytpwdl"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"ramactools.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_10_01; reference:url, urlhaus.abuse.ch/url/2344772/; classtype:trojan-activity;sid:83207872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2344773)"; flow:established,from_client; content:"GET"; http_method; content:"/image2021042gfreds12322erdq1doc03027382doc20220513prelidoc20220513hgy37845657488494338293trdfednarc0559doc0302732112202135jihg25485/irvwgjjfsyc"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"ramactools.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_10_01; reference:url, urlhaus.abuse.ch/url/2344773/; classtype:trojan-activity;sid:83207873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2344774)"; flow:established,from_client; content:"GET"; http_method; content:"/doc20220513hgy37845657488494338293trdfednarc0559doc0302732112202135jihg25485/zjqyppwjmbp"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"ramactools.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_10_01; reference:url, urlhaus.abuse.ch/url/2344774/; classtype:trojan-activity;sid:83207874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2344775)"; flow:established,from_client; content:"GET"; http_method; content:"/image2021042gfreds12322erdq1doc03027382doc20220513prelidoc20220513hgy37845657488494338293trdfednarc0559doc0302732112202135jihg25485/ztjemchbyhr"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"ramactools.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_10_01; reference:url, urlhaus.abuse.ch/url/2344775/; classtype:trojan-activity;sid:83207875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2314671)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/8v775ivv"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_09_26; reference:url, urlhaus.abuse.ch/url/2314671/; classtype:trojan-activity;sid:83177771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2302899)"; flow:established,from_client; content:"GET"; http_method; content:"/janchuk/voidrat/raw/master/voidrat.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_09_14; reference:url, urlhaus.abuse.ch/url/2302899/; classtype:trojan-activity;sid:83165999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2301947)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"5.201.176.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_09_13; reference:url, urlhaus.abuse.ch/url/2301947/; classtype:trojan-activity;sid:83165047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2301795)"; flow:established,from_client; content:"GET"; http_method; content:"/buding.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"47.98.224.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_09_13; reference:url, urlhaus.abuse.ch/url/2301795/; classtype:trojan-activity;sid:83164895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2300014)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/gxkzk3ds"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_09_12; reference:url, urlhaus.abuse.ch/url/2300014/; classtype:trojan-activity;sid:83163114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2296313)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.180.9.57"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_09_07; reference:url, urlhaus.abuse.ch/url/2296313/; classtype:trojan-activity;sid:83159413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2283630)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"175.200.208.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_08_29; reference:url, urlhaus.abuse.ch/url/2283630/; classtype:trojan-activity;sid:83146730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2276646)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/ujztrvsh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_08_24; reference:url, urlhaus.abuse.ch/url/2276646/; classtype:trojan-activity;sid:83139746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2276438)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/t53jemit"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_08_24; reference:url, urlhaus.abuse.ch/url/2276438/; classtype:trojan-activity;sid:83139538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2276221)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/jstt4bu3"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_08_23; reference:url, urlhaus.abuse.ch/url/2276221/; classtype:trojan-activity;sid:83139321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273642)"; flow:established,from_client; content:"GET"; http_method; content:"/rv8i00aqhy9h.appspot.com/w/3cfyb8wwk0rbazs.html|3f|w=923512558645741636"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273642/; classtype:trojan-activity;sid:83136742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273644)"; flow:established,from_client; content:"GET"; http_method; content:"/zu084vpj5pi3.appspot.com/w/5wztrvywkg1nfh3.html|3f|0=26927131496308317"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273644/; classtype:trojan-activity;sid:83136744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273641)"; flow:established,from_client; content:"GET"; http_method; content:"/rv8i00aqhy9h.appspot.com/w/3cfyb8wwk0rbazs.html|3f|b=078869956064707140"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273641/; classtype:trojan-activity;sid:83136741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273631)"; flow:established,from_client; content:"GET"; http_method; content:"/ty9i5j0gyv05.appspot.com/w/3hiwrrbg7kfgwix.html|3f|b=034842339434253164"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273631/; classtype:trojan-activity;sid:83136731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273635)"; flow:established,from_client; content:"GET"; http_method; content:"/mof722sen9dd.appspot.com/w/frv9esc9c6itwcf.html|3f|0=338008105729275687"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273635/; classtype:trojan-activity;sid:83136735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273638)"; flow:established,from_client; content:"GET"; http_method; content:"/no9h3qe3ulhy.appspot.com/w/ovqlo2cstw8agi4.html|3f|0=949870842437428557"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273638/; classtype:trojan-activity;sid:83136738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273639)"; flow:established,from_client; content:"GET"; http_method; content:"/q08e1nunq6qw.appspot.com/w/iqc3wtjt5nwkwr2.html|3f|a=628281255891256139"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273639/; classtype:trojan-activity;sid:83136739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273616)"; flow:established,from_client; content:"GET"; http_method; content:"/no9h3qe3ulhy.appspot.com/w/61wyeicw653vri9.html|3f|0=639911943761137497"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273616/; classtype:trojan-activity;sid:83136716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273620)"; flow:established,from_client; content:"GET"; http_method; content:"/ty9i5j0gyv05.appspot.com/w/bceqtk5gdz1bi0o.html|3f|w=622601326319247024"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273620/; classtype:trojan-activity;sid:83136720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273622)"; flow:established,from_client; content:"GET"; http_method; content:"/mof722sen9dd.appspot.com/w/kdjppmswkowyt08.html|3f|a=635327819844459660"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273622/; classtype:trojan-activity;sid:83136722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273624)"; flow:established,from_client; content:"GET"; http_method; content:"/mof722sen9dd.appspot.com/w/kdjppmswkowyt08.html|3f|0=180530635864101112"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273624/; classtype:trojan-activity;sid:83136724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273625)"; flow:established,from_client; content:"GET"; http_method; content:"/mof722sen9dd.appspot.com/w/7psfpp4zrf4stzt.html|3f|a=516444057951127042"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273625/; classtype:trojan-activity;sid:83136725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273602)"; flow:established,from_client; content:"GET"; http_method; content:"/le9t9f8owv3e.appspot.com/w/rgtnon73qqparlt.html|3f|w=400667741549615496"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273602/; classtype:trojan-activity;sid:83136702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273606)"; flow:established,from_client; content:"GET"; http_method; content:"/pf4yttmpbcc1.appspot.com/w/l2vbukjpboaa0rp.html|3f|b=628132126654153176"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273606/; classtype:trojan-activity;sid:83136706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273601)"; flow:established,from_client; content:"GET"; http_method; content:"/le9t9f8owv3e.appspot.com/w/pxj4b9pt3neodpl.html|3f|b=105291068911024790"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273601/; classtype:trojan-activity;sid:83136701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273600)"; flow:established,from_client; content:"GET"; http_method; content:"/c08hrgew4vlk.appspot.com/w/vzuevaq9st1om0u.html|3f|0=686223453033719951"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273600/; classtype:trojan-activity;sid:83136700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273564)"; flow:established,from_client; content:"GET"; http_method; content:"/le9t9f8owv3e.appspot.com/w/pxj4b9pt3neodpl.html|3f|a=798607223158637252"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273564/; classtype:trojan-activity;sid:83136664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273565)"; flow:established,from_client; content:"GET"; http_method; content:"/le9t9f8owv3e.appspot.com/w/md9tu4xcfdj0vej.html|3f|w=075279633731175239"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273565/; classtype:trojan-activity;sid:83136665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273566)"; flow:established,from_client; content:"GET"; http_method; content:"/c08hrgew4vlk.appspot.com/w/bowky7hf4zoq1yj.html|3f|b=461383376258417948"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273566/; classtype:trojan-activity;sid:83136666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273567)"; flow:established,from_client; content:"GET"; http_method; content:"/le9t9f8owv3e.appspot.com/w/anqx16yjifb1cwa.html|3f|0=969703532910206739"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273567/; classtype:trojan-activity;sid:83136667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273569)"; flow:established,from_client; content:"GET"; http_method; content:"/c08hrgew4vlk.appspot.com/w/j28wvecoagaougq.html|3f|w=803273432647646489"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273569/; classtype:trojan-activity;sid:83136669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273574)"; flow:established,from_client; content:"GET"; http_method; content:"/c08hrgew4vlk.appspot.com/w/vzuevaq9st1om0u.html|3f|a=552325786310453352"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273574/; classtype:trojan-activity;sid:83136674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273575)"; flow:established,from_client; content:"GET"; http_method; content:"/by9sdoqaf4zo.appspot.com/w/faa0zxu52jz0fge.html|3f|0=778301933278021061"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273575/; classtype:trojan-activity;sid:83136675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273579)"; flow:established,from_client; content:"GET"; http_method; content:"/c08hrgew4vlk.appspot.com/w/vzuevaq9st1om0u.html|3f|a=414671893653575055"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273579/; classtype:trojan-activity;sid:83136679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273580)"; flow:established,from_client; content:"GET"; http_method; content:"/e899w369ygfh.appspot.com/w/hm8qqu1yh2nhiuw.html|3f|0=850822877794596921"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273580/; classtype:trojan-activity;sid:83136680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273581)"; flow:established,from_client; content:"GET"; http_method; content:"/gewls1oaxiv8.appspot.com/w/k2gvfktvgwo6t7t.html|3f|0=500436606434401193"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273581/; classtype:trojan-activity;sid:83136681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273582)"; flow:established,from_client; content:"GET"; http_method; content:"/le9t9f8owv3e.appspot.com/w/2b6lhcmpzq1rcwl.html|3f|0=292730885826958440"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273582/; classtype:trojan-activity;sid:83136682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273583)"; flow:established,from_client; content:"GET"; http_method; content:"/le9t9f8owv3e.appspot.com/w/md9tu4xcfdj0vej.html|3f|b=351877166079332276"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273583/; classtype:trojan-activity;sid:83136683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273586)"; flow:established,from_client; content:"GET"; http_method; content:"/c08hrgew4vlk.appspot.com/w/d5bpwq7evn1mfxz.html|3f|b=770321496534593005"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273586/; classtype:trojan-activity;sid:83136686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273588)"; flow:established,from_client; content:"GET"; http_method; content:"/c8qhff44bb7f.appspot.com/w/q5gro00vqf3ltx5.html|3f|a=334407029692307930"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273588/; classtype:trojan-activity;sid:83136688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273592)"; flow:established,from_client; content:"GET"; http_method; content:"/e899w369ygfh.appspot.com/w/c82wdsb4ehjf8rf.html|3f|0=051292546441672376"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273592/; classtype:trojan-activity;sid:83136692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273597)"; flow:established,from_client; content:"GET"; http_method; content:"/k6yho9kvu0tt.appspot.com/w/89vh2kpx4x61qlr.html|3f|w=697802237262829742"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273597/; classtype:trojan-activity;sid:83136697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273598)"; flow:established,from_client; content:"GET"; http_method; content:"/kjl51nnbkg8f.appspot.com/w/5m6qptmj0v66s7q.html|3f|0=327926918056836416"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273598/; classtype:trojan-activity;sid:83136698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273599)"; flow:established,from_client; content:"GET"; http_method; content:"/by9sdoqaf4zo.appspot.com/w/faa0zxu52jz0fge.html|3f|a=494789731176222112"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273599/; classtype:trojan-activity;sid:83136699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273560)"; flow:established,from_client; content:"GET"; http_method; content:"/kjl51nnbkg8f.appspot.com/w/i3hmewo60gwvumx.html|3f|b=841660865822302577"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273560/; classtype:trojan-activity;sid:83136660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273561)"; flow:established,from_client; content:"GET"; http_method; content:"/c08hrgew4vlk.appspot.com/w/j28wvecoagaougq.html|3f|w=036663603374497270"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273561/; classtype:trojan-activity;sid:83136661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2258280)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.181.0.61"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_07_17; reference:url, urlhaus.abuse.ch/url/2258280/; classtype:trojan-activity;sid:83121380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2258131)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/e8kjpbmd"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_07_17; reference:url, urlhaus.abuse.ch/url/2258131/; classtype:trojan-activity;sid:83121231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2253550)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/ib64cptx"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_07_03; reference:url, urlhaus.abuse.ch/url/2253550/; classtype:trojan-activity;sid:83116650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2253210)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/rwrja2sz"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_07_02; reference:url, urlhaus.abuse.ch/url/2253210/; classtype:trojan-activity;sid:83116310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2252574)"; flow:established,from_client; content:"GET"; http_method; content:"/updates1/up.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"1717.1000uc.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_30; reference:url, urlhaus.abuse.ch/url/2252574/; classtype:trojan-activity;sid:83115674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250908)"; flow:established,from_client; content:"GET"; http_method; content:"/ema_kvcebm137.bin"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mersped.mycpanel.rs"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_27; reference:url, urlhaus.abuse.ch/url/2250908/; classtype:trojan-activity;sid:83114008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2241008)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/ty045yct"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_16; reference:url, urlhaus.abuse.ch/url/2241008/; classtype:trojan-activity;sid:83104108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2240596)"; flow:established,from_client; content:"GET"; http_method; content:"/js/prototype/form.js"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.usaayurveda.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_16; reference:url, urlhaus.abuse.ch/url/2240596/; classtype:trojan-activity;sid:83103696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2237175)"; flow:established,from_client; content:"GET"; http_method; content:"/cg100/cg100.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"update.cg100iii.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_14; reference:url, urlhaus.abuse.ch/url/2237175/; classtype:trojan-activity;sid:83100275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2237174)"; flow:established,from_client; content:"GET"; http_method; content:"/cgmb/benzmonster.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"update.cg100iii.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_14; reference:url, urlhaus.abuse.ch/url/2237174/; classtype:trojan-activity;sid:83100274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2236625)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/sm02zsvdywdotb7rql/"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"dhnconstrucciones.com.ar"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2022_06_13; reference:url, urlhaus.abuse.ch/url/2236625/; classtype:trojan-activity;sid:83099725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2233718)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"218.157.219.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_11; reference:url, urlhaus.abuse.ch/url/2233718/; classtype:trojan-activity;sid:83096818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2230406)"; flow:established,from_client; content:"GET"; http_method; content:"/down/newsales/adm_atu.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"palharesinformatica.com.br"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2022_06_08; reference:url, urlhaus.abuse.ch/url/2230406/; classtype:trojan-activity;sid:83093506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2227709)"; flow:established,from_client; content:"GET"; http_method; content:"/img/rm0xpx/"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"jobcity.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_06; reference:url, urlhaus.abuse.ch/url/2227709/; classtype:trojan-activity;sid:83090809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2192744)"; flow:established,from_client; content:"GET"; http_method; content:"/crt/xe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pns.org.pk"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_05_13; reference:url, urlhaus.abuse.ch/url/2192744/; classtype:trojan-activity;sid:83055844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2171312)"; flow:established,from_client; content:"GET"; http_method; content:"/verkaufsberater_service/ozrw36a2y1ch2cluzy/"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"farschid.de"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_04_29; reference:url, urlhaus.abuse.ch/url/2171312/; classtype:trojan-activity;sid:83034412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2164668)"; flow:established,from_client; content:"GET"; http_method; content:"/verkaufsberater_service/uadjw/"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"farschid.de"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_04_26; reference:url, urlhaus.abuse.ch/url/2164668/; classtype:trojan-activity;sid:83027768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2157062)"; flow:established,from_client; content:"GET"; http_method; content:"/3136808.dat"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.244.149.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_04_20; reference:url, urlhaus.abuse.ch/url/2157062/; classtype:trojan-activity;sid:83020162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2148323)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/5nnq0rbw"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_04_14; reference:url, urlhaus.abuse.ch/url/2148323/; classtype:trojan-activity;sid:83011423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2135884)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/herrldgm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_04_07; reference:url, urlhaus.abuse.ch/url/2135884/; classtype:trojan-activity;sid:82998984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2134110)"; flow:established,from_client; content:"GET"; http_method; content:"/0011b9cd240249c3aeb520ea1205eaf1.jpg"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"zhengxinpeixun.oss-cn-qingdao.aliyuncs.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2022_04_06; reference:url, urlhaus.abuse.ch/url/2134110/; classtype:trojan-activity;sid:82997210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2124302)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig/xmrig/releases/download/v6.10.0/xmrig-6.10.0-linux-static-x64.tar.gz"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_03_31; reference:url, urlhaus.abuse.ch/url/2124302/; classtype:trojan-activity;sid:82987402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2120589)"; flow:established,from_client; content:"GET"; http_method; content:"/1/f48jppqimvyqqwd2jk3jvvpslx/"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"hranenie.pereezd-24.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2022_03_29; reference:url, urlhaus.abuse.ch/url/2120589/; classtype:trojan-activity;sid:82983689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2120590)"; flow:established,from_client; content:"GET"; http_method; content:"/1/f48jppqimvyqqwd2jk3jvvpslx/|3f|i=1"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"hranenie.pereezd-24.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2022_03_29; reference:url, urlhaus.abuse.ch/url/2120590/; classtype:trojan-activity;sid:82983690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2119354)"; flow:established,from_client; content:"GET"; http_method; content:"/verkaufsberater_service/3cxmq4uaxy/"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"farschid.de"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_03_29; reference:url, urlhaus.abuse.ch/url/2119354/; classtype:trojan-activity;sid:82982454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2119353)"; flow:established,from_client; content:"GET"; http_method; content:"/verkaufsberater_service/3cxmq4uaxy/|3f|i=1"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"farschid.de"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_03_29; reference:url, urlhaus.abuse.ch/url/2119353/; classtype:trojan-activity;sid:82982453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2114263)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/yjmqxmidki/a/hyehwggs.ps1"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"trtmyanmar.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_03_24; reference:url, urlhaus.abuse.ch/url/2114263/; classtype:trojan-activity;sid:82977363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2098517)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/znbskzzj"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_03_15; reference:url, urlhaus.abuse.ch/url/2098517/; classtype:trojan-activity;sid:82961617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2086600)"; flow:established,from_client; content:"GET"; http_method; content:"/logfiles/u2o/"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.25.223.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_03_09; reference:url, urlhaus.abuse.ch/url/2086600/; classtype:trojan-activity;sid:82949700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2086235)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1gvnzexvvs3vpv0-ihflwnmzmhij3qqly"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2022_03_09; reference:url, urlhaus.abuse.ch/url/2086235/; classtype:trojan-activity;sid:82949335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2053942)"; flow:established,from_client; content:"GET"; http_method; content:"/zp-user/protected%20client.js"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"dreamwatchevent.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2022_02_22; reference:url, urlhaus.abuse.ch/url/2053942/; classtype:trojan-activity;sid:82917042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2052331)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"222.113.145.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_02_22; reference:url, urlhaus.abuse.ch/url/2052331/; classtype:trojan-activity;sid:82915431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2048755)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.34.209.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_02_19; reference:url, urlhaus.abuse.ch/url/2048755/; classtype:trojan-activity;sid:82911855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2048580)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.107.81.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_02_19; reference:url, urlhaus.abuse.ch/url/2048580/; classtype:trojan-activity;sid:82911680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2044850)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/3k52mzsw"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_02_16; reference:url, urlhaus.abuse.ch/url/2044850/; classtype:trojan-activity;sid:82907950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2043048)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.231.226.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_02_14; reference:url, urlhaus.abuse.ch/url/2043048/; classtype:trojan-activity;sid:82906148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2035651)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"210.96.44.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_02_08; reference:url, urlhaus.abuse.ch/url/2035651/; classtype:trojan-activity;sid:82898751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2021785)"; flow:established,from_client; content:"GET"; http_method; content:"/hksweep/vendor/font-awesome/svgs/brands/subtraction.php"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"rxquickpay.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_02_01; reference:url, urlhaus.abuse.ch/url/2021785/; classtype:trojan-activity;sid:82884885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2021799)"; flow:established,from_client; content:"GET"; http_method; content:"/src/js/scripts/gallery/photo-swipe/retraction.php"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"acms.saleseos.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2022_02_01; reference:url, urlhaus.abuse.ch/url/2021799/; classtype:trojan-activity;sid:82884899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2021757)"; flow:established,from_client; content:"GET"; http_method; content:"/src/js/scripts/gallery/photo-swipe/highlight.php"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"acms.saleseos.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2022_02_01; reference:url, urlhaus.abuse.ch/url/2021757/; classtype:trojan-activity;sid:82884857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2021704)"; flow:established,from_client; content:"GET"; http_method; content:"/src/js/scripts/gallery/photo-swipe/zany.php"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"acms.saleseos.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2022_02_01; reference:url, urlhaus.abuse.ch/url/2021704/; classtype:trojan-activity;sid:82884804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2008178)"; flow:established,from_client; content:"GET"; http_method; content:"/comply.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.crazywickedaddiction.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2022_01_27; reference:url, urlhaus.abuse.ch/url/2008178/; classtype:trojan-activity;sid:82871278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2008138)"; flow:established,from_client; content:"GET"; http_method; content:"/squalid.php"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"continentalgroup.net.in"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2022_01_27; reference:url, urlhaus.abuse.ch/url/2008138/; classtype:trojan-activity;sid:82871238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2008130)"; flow:established,from_client; content:"GET"; http_method; content:"/development/public/uploads/images/categories/beirut.php"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"www.crazywickedaddiction.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2022_01_27; reference:url, urlhaus.abuse.ch/url/2008130/; classtype:trojan-activity;sid:82871230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2008131)"; flow:established,from_client; content:"GET"; http_method; content:"/belt.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"forms.saurashtrauniversity.edu"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2022_01_27; reference:url, urlhaus.abuse.ch/url/2008131/; classtype:trojan-activity;sid:82871231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2007403)"; flow:established,from_client; content:"GET"; http_method; content:"/b/tu/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"izogard.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_26; reference:url, urlhaus.abuse.ch/url/2007403/; classtype:trojan-activity;sid:82870503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2007115)"; flow:established,from_client; content:"GET"; http_method; content:"/nashi-klienty/b5sc/"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"izocab.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_01_26; reference:url, urlhaus.abuse.ch/url/2007115/; classtype:trojan-activity;sid:82870215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2000244)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"153.152.44.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_23; reference:url, urlhaus.abuse.ch/url/2000244/; classtype:trojan-activity;sid:82863344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1986867)"; flow:established,from_client; content:"GET"; http_method; content:"/tmp_it22/test_zip2/loader_zip.js"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"5.8.18.7"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2022_01_18; reference:url, urlhaus.abuse.ch/url/1986867/; classtype:trojan-activity;sid:82849967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1979387)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.43.139.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_15; reference:url, urlhaus.abuse.ch/url/1979387/; classtype:trojan-activity;sid:82842487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1978480)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"84.22.136.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_15; reference:url, urlhaus.abuse.ch/url/1978480/; classtype:trojan-activity;sid:82841580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1917301)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/okxyj/"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"fulltai.top"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_24; reference:url, urlhaus.abuse.ch/url/1917301/; classtype:trojan-activity;sid:82780401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1895334)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/twentyseventeen/s.cmd"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"150.60.139.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_18; reference:url, urlhaus.abuse.ch/url/1895334/; classtype:trojan-activity;sid:82758434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1892687)"; flow:established,from_client; content:"GET"; http_method; content:"/sphygmus.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"chaparral.es"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_17; reference:url, urlhaus.abuse.ch/url/1892687/; classtype:trojan-activity;sid:82755787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1891042)"; flow:established,from_client; content:"GET"; http_method; content:"/reactron.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"chaparral.es"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_16; reference:url, urlhaus.abuse.ch/url/1891042/; classtype:trojan-activity;sid:82754142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1891016)"; flow:established,from_client; content:"GET"; http_method; content:"/mausoleum.php"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"chaparral.es"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_16; reference:url, urlhaus.abuse.ch/url/1891016/; classtype:trojan-activity;sid:82754116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1890991)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/porto/less/js_composer/sneerly.php"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"chaparral.es"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_16; reference:url, urlhaus.abuse.ch/url/1890991/; classtype:trojan-activity;sid:82754091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1890984)"; flow:established,from_client; content:"GET"; http_method; content:"/unbaked.php"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"chaparral.es"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_16; reference:url, urlhaus.abuse.ch/url/1890984/; classtype:trojan-activity;sid:82754084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1890257)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/crypta.js"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"reauthenticator.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2021_12_16; reference:url, urlhaus.abuse.ch/url/1890257/; classtype:trojan-activity;sid:82753357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888166)"; flow:established,from_client; content:"GET"; http_method; content:"/actionably.php"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"kramersmarionnettes.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888166/; classtype:trojan-activity;sid:82751266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888149)"; flow:established,from_client; content:"GET"; http_method; content:"/roughness.php"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"kramersmarionnettes.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888149/; classtype:trojan-activity;sid:82751249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888139)"; flow:established,from_client; content:"GET"; http_method; content:"/intermission.php"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"kramersmarionnettes.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888139/; classtype:trojan-activity;sid:82751239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888114)"; flow:established,from_client; content:"GET"; http_method; content:"/redesign.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"kramersmarionnettes.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888114/; classtype:trojan-activity;sid:82751214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888115)"; flow:established,from_client; content:"GET"; http_method; content:"/antienuretic.php"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"kramersmarionnettes.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888115/; classtype:trojan-activity;sid:82751215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888106)"; flow:established,from_client; content:"GET"; http_method; content:"/fizz.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"kramersmarionnettes.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888106/; classtype:trojan-activity;sid:82751206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888086)"; flow:established,from_client; content:"GET"; http_method; content:"/designer.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"kramersmarionnettes.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888086/; classtype:trojan-activity;sid:82751186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888092)"; flow:established,from_client; content:"GET"; http_method; content:"/frustrating.php"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"kramersmarionnettes.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888092/; classtype:trojan-activity;sid:82751192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888081)"; flow:established,from_client; content:"GET"; http_method; content:"/conditioner.php"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"kramersmarionnettes.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888081/; classtype:trojan-activity;sid:82751181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888082)"; flow:established,from_client; content:"GET"; http_method; content:"/unthinkably.php"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"kramersmarionnettes.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888082/; classtype:trojan-activity;sid:82751182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888084)"; flow:established,from_client; content:"GET"; http_method; content:"/unexplainable.php"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"kramersmarionnettes.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888084/; classtype:trojan-activity;sid:82751184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888085)"; flow:established,from_client; content:"GET"; http_method; content:"/whiz.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"kramersmarionnettes.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888085/; classtype:trojan-activity;sid:82751185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1861154)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"49.158.206.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_07; reference:url, urlhaus.abuse.ch/url/1861154/; classtype:trojan-activity;sid:82724254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1840623)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/t7scuzy/"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"apple-service93.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1840623/; classtype:trojan-activity;sid:82703723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1809781)"; flow:established,from_client; content:"GET"; http_method; content:"/libraries/vendor/joomla/registry/src/format/pinafore.php"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"ukguk71.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_11_23; reference:url, urlhaus.abuse.ch/url/1809781/; classtype:trojan-activity;sid:82672881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1783703)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"69.11.121.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_11_13; reference:url, urlhaus.abuse.ch/url/1783703/; classtype:trojan-activity;sid:82646803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1782559)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/finaly_hd1.jpg"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"greenmile.ng"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_11_13; reference:url, urlhaus.abuse.ch/url/1782559/; classtype:trojan-activity;sid:82645659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1778573)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/c91fwnb0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_11_12; reference:url, urlhaus.abuse.ch/url/1778573/; classtype:trojan-activity;sid:82641673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1761107)"; flow:established,from_client; content:"GET"; http_method; content:"/svr_netchecker/server.asp|3f|v_command=3002|7c|26|7c|v_progname=sjptmanagerlauncher.exe"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"server.toeicswt.co.kr"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2021_11_07; reference:url, urlhaus.abuse.ch/url/1761107/; classtype:trojan-activity;sid:82624207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1751625)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/ywjkrwem"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_11_04; reference:url, urlhaus.abuse.ch/url/1751625/; classtype:trojan-activity;sid:82614725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1743733)"; flow:established,from_client; content:"GET"; http_method; content:"/zoologies.php"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"bridgeroad.maverickpreviews.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2021_11_03; reference:url, urlhaus.abuse.ch/url/1743733/; classtype:trojan-activity;sid:82606833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1743713)"; flow:established,from_client; content:"GET"; http_method; content:"/whacked.php"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"bridgeroad.maverickpreviews.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2021_11_03; reference:url, urlhaus.abuse.ch/url/1743713/; classtype:trojan-activity;sid:82606813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1743660)"; flow:established,from_client; content:"GET"; http_method; content:"/unplug.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"bridgeroad.maverickpreviews.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2021_11_03; reference:url, urlhaus.abuse.ch/url/1743660/; classtype:trojan-activity;sid:82606760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1728024)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/egenyqrk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_10_29; reference:url, urlhaus.abuse.ch/url/1728024/; classtype:trojan-activity;sid:82591124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1727038)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/nwj3nqw2"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_10_29; reference:url, urlhaus.abuse.ch/url/1727038/; classtype:trojan-activity;sid:82590138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1720728)"; flow:established,from_client; content:"GET"; http_method; content:"/upload/medialibrary/012/fucking.php"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"shop.mediasova.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_10_27; reference:url, urlhaus.abuse.ch/url/1720728/; classtype:trojan-activity;sid:82583828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1720508)"; flow:established,from_client; content:"GET"; http_method; content:"/upload/medialibrary/012/chaperon.php"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"shop.mediasova.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_10_27; reference:url, urlhaus.abuse.ch/url/1720508/; classtype:trojan-activity;sid:82583608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1704978)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=04a3894062e7d373|7c|26|7c|resid=4a3894062e7d373%21192|7c|26|7c|authkey=ab7i1w77n6tsb3m"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_10_21; reference:url, urlhaus.abuse.ch/url/1704978/; classtype:trojan-activity;sid:82568078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1698617)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=75ea534baf13442d|7c|26|7c|resid=75ea534baf13442d%21128|7c|26|7c|authkey=akd4vmzywc14zgq|7c|26|7c|em=2"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_10_20; reference:url, urlhaus.abuse.ch/url/1698617/; classtype:trojan-activity;sid:82561717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1695302)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=07e7986a5bf9243c|7c|26|7c|resid=7e7986a5bf9243c%21490|7c|26|7c|authkey=abhawhbvtpoyc2a"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_10_19; reference:url, urlhaus.abuse.ch/url/1695302/; classtype:trojan-activity;sid:82558402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1681096)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/htylx0l1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_10_15; reference:url, urlhaus.abuse.ch/url/1681096/; classtype:trojan-activity;sid:82544196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1668138)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/2a3tx7hd"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_10_11; reference:url, urlhaus.abuse.ch/url/1668138/; classtype:trojan-activity;sid:82531238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1658131)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=539bd593e9568c65|7c|26|7c|resid=539bd593e9568c65%21136|7c|26|7c|authkey=aepr2tr-q36tt8u|7c|26|7c|em=2"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_10_06; reference:url, urlhaus.abuse.ch/url/1658131/; classtype:trojan-activity;sid:82521231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1657096)"; flow:established,from_client; content:"GET"; http_method; content:"/update/ana/update.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.teknoarge.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_10_06; reference:url, urlhaus.abuse.ch/url/1657096/; classtype:trojan-activity;sid:82520196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1647561)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=12ma_yvbmprts6e_vkfnmwikrnwsarqbw"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_09_29; reference:url, urlhaus.abuse.ch/url/1647561/; classtype:trojan-activity;sid:82510661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1641492)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2021/01/spell.php"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"easybrand.vn"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_09_23; reference:url, urlhaus.abuse.ch/url/1641492/; classtype:trojan-activity;sid:82504592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1641460)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2021/01/stored.php"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"easybrand.vn"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_09_23; reference:url, urlhaus.abuse.ch/url/1641460/; classtype:trojan-activity;sid:82504560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1640507)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=2cc133e5e8e9b372|7c|26|7c|resid=2cc133e5e8e9b372%21113|7c|26|7c|authkey=agftuffxlpqkaz8|7c|26|7c|em=2"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_09_23; reference:url, urlhaus.abuse.ch/url/1640507/; classtype:trojan-activity;sid:82503607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1638740)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/xpmlg1s0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_09_21; reference:url, urlhaus.abuse.ch/url/1638740/; classtype:trojan-activity;sid:82501840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1638721)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/3pqfze3c"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_09_21; reference:url, urlhaus.abuse.ch/url/1638721/; classtype:trojan-activity;sid:82501821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1624890)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1o9jg3oqyewncoptigwscdbtfmvtfqygj"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_09_16; reference:url, urlhaus.abuse.ch/url/1624890/; classtype:trojan-activity;sid:82487990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1609238)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/mjzm2uub"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_09_10; reference:url, urlhaus.abuse.ch/url/1609238/; classtype:trojan-activity;sid:82472338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1609225)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/fhxehwzr"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_09_10; reference:url, urlhaus.abuse.ch/url/1609225/; classtype:trojan-activity;sid:82472325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1582138)"; flow:established,from_client; content:"GET"; http_method; content:"/coon.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"allendostmen.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_09_01; reference:url, urlhaus.abuse.ch/url/1582138/; classtype:trojan-activity;sid:82445238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1582118)"; flow:established,from_client; content:"GET"; http_method; content:"/manly.php"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"allendostmen.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_09_01; reference:url, urlhaus.abuse.ch/url/1582118/; classtype:trojan-activity;sid:82445218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1582106)"; flow:established,from_client; content:"GET"; http_method; content:"/lecher.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"allendostmen.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_09_01; reference:url, urlhaus.abuse.ch/url/1582106/; classtype:trojan-activity;sid:82445206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1582015)"; flow:established,from_client; content:"GET"; http_method; content:"/strobing.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"allendostmen.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_09_01; reference:url, urlhaus.abuse.ch/url/1582015/; classtype:trojan-activity;sid:82445115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1577204)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"154.126.170.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_08_30; reference:url, urlhaus.abuse.ch/url/1577204/; classtype:trojan-activity;sid:82440304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1569937)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/2fvyxcn8"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_08_27; reference:url, urlhaus.abuse.ch/url/1569937/; classtype:trojan-activity;sid:82433037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1560761)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/safmanager/safman_setup.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"www.saf-oil.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_08_24; reference:url, urlhaus.abuse.ch/url/1560761/; classtype:trojan-activity;sid:82423861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1503427)"; flow:established,from_client; content:"GET"; http_method; content:"/teachable.php"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"chat-server.maverickpreviews.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2021_08_03; reference:url, urlhaus.abuse.ch/url/1503427/; classtype:trojan-activity;sid:82366527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1503410)"; flow:established,from_client; content:"GET"; http_method; content:"/aggressive.php"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"chat-server.maverickpreviews.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2021_08_03; reference:url, urlhaus.abuse.ch/url/1503410/; classtype:trojan-activity;sid:82366510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1503377)"; flow:established,from_client; content:"GET"; http_method; content:"/belt.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bridgeroad.maverickpreviews.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2021_08_03; reference:url, urlhaus.abuse.ch/url/1503377/; classtype:trojan-activity;sid:82366477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1503368)"; flow:established,from_client; content:"GET"; http_method; content:"/anarchical.php"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"bridgeroad.maverickpreviews.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2021_08_03; reference:url, urlhaus.abuse.ch/url/1503368/; classtype:trojan-activity;sid:82366468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1503361)"; flow:established,from_client; content:"GET"; http_method; content:"/newborn.php"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"chat-server.maverickpreviews.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2021_08_03; reference:url, urlhaus.abuse.ch/url/1503361/; classtype:trojan-activity;sid:82366461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1503351)"; flow:established,from_client; content:"GET"; http_method; content:"/ruckus.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.cutting-edge.in"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2021_08_03; reference:url, urlhaus.abuse.ch/url/1503351/; classtype:trojan-activity;sid:82366451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1503338)"; flow:established,from_client; content:"GET"; http_method; content:"/unanswerable.php"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"chat-server.maverickpreviews.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2021_08_03; reference:url, urlhaus.abuse.ch/url/1503338/; classtype:trojan-activity;sid:82366438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1503341)"; flow:established,from_client; content:"GET"; http_method; content:"/harass.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.cutting-edge.in"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2021_08_03; reference:url, urlhaus.abuse.ch/url/1503341/; classtype:trojan-activity;sid:82366441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1497688)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.164.200.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_08_01; reference:url, urlhaus.abuse.ch/url/1497688/; classtype:trojan-activity;sid:82360788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1497194)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.223.44.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_08_01; reference:url, urlhaus.abuse.ch/url/1497194/; classtype:trojan-activity;sid:82360294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1473823)"; flow:established,from_client; content:"GET"; http_method; content:"/sweat.php"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.cutting-edge.in"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2021_07_22; reference:url, urlhaus.abuse.ch/url/1473823/; classtype:trojan-activity;sid:82336923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1470181)"; flow:established,from_client; content:"GET"; http_method; content:"/power.txt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.106.250.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_21; reference:url, urlhaus.abuse.ch/url/1470181/; classtype:trojan-activity;sid:82333281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1434520)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.253.205.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_07; reference:url, urlhaus.abuse.ch/url/1434520/; classtype:trojan-activity;sid:82297620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1431282)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/zn9ibvfw"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_06; reference:url, urlhaus.abuse.ch/url/1431282/; classtype:trojan-activity;sid:82294382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1422022)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1n8_s6gijerearczwh74blkygodig64eo"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_07_03; reference:url, urlhaus.abuse.ch/url/1422022/; classtype:trojan-activity;sid:82285122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1422010)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1yfqtugahqhqrulwugdekeavffktsl8ci"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_07_03; reference:url, urlhaus.abuse.ch/url/1422010/; classtype:trojan-activity;sid:82285110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1416935)"; flow:established,from_client; content:"GET"; http_method; content:"/multifunctional.php"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"advansys.com.ar"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_01; reference:url, urlhaus.abuse.ch/url/1416935/; classtype:trojan-activity;sid:82280035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1416925)"; flow:established,from_client; content:"GET"; http_method; content:"/livestock.php"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"advansys.com.ar"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_01; reference:url, urlhaus.abuse.ch/url/1416925/; classtype:trojan-activity;sid:82280025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1416914)"; flow:established,from_client; content:"GET"; http_method; content:"/steepness.php"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"advansys.com.ar"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_01; reference:url, urlhaus.abuse.ch/url/1416914/; classtype:trojan-activity;sid:82280014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1416690)"; flow:established,from_client; content:"GET"; http_method; content:"/anthropoid.php"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"advansys.com.ar"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_01; reference:url, urlhaus.abuse.ch/url/1416690/; classtype:trojan-activity;sid:82279790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1416653)"; flow:established,from_client; content:"GET"; http_method; content:"/liniment.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"advansys.com.ar"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_01; reference:url, urlhaus.abuse.ch/url/1416653/; classtype:trojan-activity;sid:82279753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1402229)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.230.153.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_26; reference:url, urlhaus.abuse.ch/url/1402229/; classtype:trojan-activity;sid:82265329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1391235)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1sbd1rnw8luztjmsh6gdlzupvyupbopa0|7c|26|7c|revid=0b3yyjts_woklr2vnyxvqohlidxbxn1l2wwjntxfnwvi5v0h3pq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_23; reference:url, urlhaus.abuse.ch/url/1391235/; classtype:trojan-activity;sid:82254335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1378480)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ctmywlj5wouiug1wgizy3ke7yj1u0yor|7c|26|7c|revid=0b_t0-zked1mgagxwmxcwywq5q0q1uk1uoxcwaup6l2ovmtdjpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_19; reference:url, urlhaus.abuse.ch/url/1378480/; classtype:trojan-activity;sid:82241580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1372338)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1alq8r5tnr6wwiftqa3l6d9fymv7y0g9m"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_17; reference:url, urlhaus.abuse.ch/url/1372338/; classtype:trojan-activity;sid:82235438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1371786)"; flow:established,from_client; content:"GET"; http_method; content:"/watercress.php"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.playtown.co.za"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_06_16; reference:url, urlhaus.abuse.ch/url/1371786/; classtype:trojan-activity;sid:82234886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1371739)"; flow:established,from_client; content:"GET"; http_method; content:"/lining.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.playtown.co.za"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_06_16; reference:url, urlhaus.abuse.ch/url/1371739/; classtype:trojan-activity;sid:82234839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1371719)"; flow:established,from_client; content:"GET"; http_method; content:"/scroungy.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.playtown.co.za"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_06_16; reference:url, urlhaus.abuse.ch/url/1371719/; classtype:trojan-activity;sid:82234819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1369570)"; flow:established,from_client; content:"GET"; http_method; content:"/pinout.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"jyothishmathi.in"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_15; reference:url, urlhaus.abuse.ch/url/1369570/; classtype:trojan-activity;sid:82232670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1369536)"; flow:established,from_client; content:"GET"; http_method; content:"/steeplechases.php"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"jyothishmathi.in"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_15; reference:url, urlhaus.abuse.ch/url/1369536/; classtype:trojan-activity;sid:82232636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1369533)"; flow:established,from_client; content:"GET"; http_method; content:"/familial.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"jyothishmathi.in"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_15; reference:url, urlhaus.abuse.ch/url/1369533/; classtype:trojan-activity;sid:82232633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1364815)"; flow:established,from_client; content:"GET"; http_method; content:"/update_vbase/voklight.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"visam.info"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_06_14; reference:url, urlhaus.abuse.ch/url/1364815/; classtype:trojan-activity;sid:82227915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1364597)"; flow:established,from_client; content:"GET"; http_method; content:"/update_vbase/voklightd.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"visam.info"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_06_14; reference:url, urlhaus.abuse.ch/url/1364597/; classtype:trojan-activity;sid:82227697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1352974)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.125.163.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_06_11; reference:url, urlhaus.abuse.ch/url/1352974/; classtype:trojan-activity;sid:82216074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1350653)"; flow:established,from_client; content:"GET"; http_method; content:"/habitual.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"jyothishmathi.in"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_10; reference:url, urlhaus.abuse.ch/url/1350653/; classtype:trojan-activity;sid:82213753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1350619)"; flow:established,from_client; content:"GET"; http_method; content:"/ruleless.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"jyothishmathi.in"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_10; reference:url, urlhaus.abuse.ch/url/1350619/; classtype:trojan-activity;sid:82213719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1350517)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1tilqozot07vylvdmmsfs7ia452jwhktj|7c|26|7c|revid=0b7gsmqzks4xkcdjcwhuvatj2qvlvchnmnnovu2ldzstek2jzpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_10; reference:url, urlhaus.abuse.ch/url/1350517/; classtype:trojan-activity;sid:82213617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1348672)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1etpmpb2shvuny5dxj5awfpxklxqpbzgx"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_10; reference:url, urlhaus.abuse.ch/url/1348672/; classtype:trojan-activity;sid:82211772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1346907)"; flow:established,from_client; content:"GET"; http_method; content:"/toothy.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"jyothishmathi.in"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_09; reference:url, urlhaus.abuse.ch/url/1346907/; classtype:trojan-activity;sid:82210007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1346883)"; flow:established,from_client; content:"GET"; http_method; content:"/unpunished.php"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"jyothishmathi.in"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_09; reference:url, urlhaus.abuse.ch/url/1346883/; classtype:trojan-activity;sid:82209983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1346885)"; flow:established,from_client; content:"GET"; http_method; content:"/jordan.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"jyothishmathi.in"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_09; reference:url, urlhaus.abuse.ch/url/1346885/; classtype:trojan-activity;sid:82209985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1346871)"; flow:established,from_client; content:"GET"; http_method; content:"/defended.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"jyothishmathi.in"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_09; reference:url, urlhaus.abuse.ch/url/1346871/; classtype:trojan-activity;sid:82209971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1331376)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1b6t1mjnjcvndcy-mdqq0neqrbocqyju4"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_06; reference:url, urlhaus.abuse.ch/url/1331376/; classtype:trojan-activity;sid:82194476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1327898)"; flow:established,from_client; content:"GET"; http_method; content:"/inst77player/inst77player_1.0.0.1.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"softdl.360tpcdn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2021_06_05; reference:url, urlhaus.abuse.ch/url/1327898/; classtype:trojan-activity;sid:82190998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1319551)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1nw1gmzg6lwtuhs0tte969xcfpp9_dc5q"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_03; reference:url, urlhaus.abuse.ch/url/1319551/; classtype:trojan-activity;sid:82182651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314584)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vqofspqgo4lhe7xt4ky-gkjbc9rgwzgw9rksc_azpw2gotdlnhx9oxc_rgk1zz9mgxxwqoixey0eajp/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314584/; classtype:trojan-activity;sid:82177684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314578)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vszvhw0lywviz_dpqozkdip0orjsf7411ucirwqegcgfxwqqb3nqpbn3d7orqqxnatypulra_ssggie/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314578/; classtype:trojan-activity;sid:82177678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314581)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vr-asdhfa85lnhp1g6rll18x2htnflvy5zggxzrfveecvbhjiwaes9o9w3dn49od7lplixl3u59icjr/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314581/; classtype:trojan-activity;sid:82177681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314569)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vqb__8qdiraoo-s_qrzkk8o_8brsuwaeje3ivcd5efhddlux4gw5otilj5ezfenwjzaha-zojj_7srj/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314569/; classtype:trojan-activity;sid:82177669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314562)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vqha4kutkvbpn1c9r1jolub-v1dyh36itza-2zhojxuluskoxk6iogpy8b8iscqqjskaf3wduc6oykt/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314562/; classtype:trojan-activity;sid:82177662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314563)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vqm_l1o1djktv6pcfwixdz1gjaqrg26rpb3n3uqpk0jqvif91b_irdew7mo34hhhoffbjohoztlmdtp/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314563/; classtype:trojan-activity;sid:82177663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314556)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vrxkt9v4qcom-0wjceb6bexufgpr_vdebkc-kra8h7gutbblset1veguumqxs3npiv4qw-7_1kiy3jm/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314556/; classtype:trojan-activity;sid:82177656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314548)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vspnrqtfaftwpvbd8o61fbvozlhc3z0x8jy4glnji-v80xrxnlemgt89l5imnr_7kxst0gn9ydkjj0q/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314548/; classtype:trojan-activity;sid:82177648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314549)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vsftpbjz498ict3ab9-tehopymacl8ygytkgufxpnwlfphfxyyh5jmfj_2llrrddsiu8vypu1ksvp5p/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314549/; classtype:trojan-activity;sid:82177649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314550)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vshl18r1ck_d3qquy_96cldxn3bn2en2drftj2jau29p-unkvg5b093kl8xckthpd2jfiaplgzbiqnu/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314550/; classtype:trojan-activity;sid:82177650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314543)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vs1h7txewarzqve-jwxnwcgzibofoz58qrk8kerhmfz8mpippgfjeoijthgmm-tw7lwcipr8acup_ft/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314543/; classtype:trojan-activity;sid:82177643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314544)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vr92cz6z4uh71ogqyzgn6vtdc54xoa0iovizmkmogvekyix648nysfipvt4qto6uvtrp9jsatoeuhk3/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314544/; classtype:trojan-activity;sid:82177644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314545)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vtuc-a7s7ylxnfwqp8oxz6no5uwdmabudx-6glkwrnzjwqwgdtcpdvwp0x0l03qdarzrzonj_adevlw/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314545/; classtype:trojan-activity;sid:82177645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314534)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vqe1vc-nlfenfgigyaugmmg1dq4l0-haikp9qxkacc32ig0xtg6go8lejdoogo0vfeoie4tcyy4_bn4/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314534/; classtype:trojan-activity;sid:82177634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314535)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vsrvkllojuhzbqokettk0u2b1whglldp35-o1zgt_jlem2z2odwedj0z9sgtukvikdowcuan-0fj5wn/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314535/; classtype:trojan-activity;sid:82177635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314537)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vqvbpr6y2jjnkxfpcwt9uv7pqycg6vdoowr-xnakhtl9ns4tk44rpa91em8usoc992uqyrpn6ucy5ep/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314537/; classtype:trojan-activity;sid:82177637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314526)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vq8kqm4rsobvbpga8ncnzs-1xulwuezfri9x1ktowpiijctqe1uq0iged6iq7sa5zuhnh56egsebkoj/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314526/; classtype:trojan-activity;sid:82177626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1287391)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vtecbrofm9hcrdmzz8g7ktneypnrpr1s7bvyoit3r8jd7rjanmysk9yyuhvzmdp3dmkd-xss7kpyffa/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_26; reference:url, urlhaus.abuse.ch/url/1287391/; classtype:trojan-activity;sid:82150491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1287387)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vt544w_wvxhvfskbx2zio7pht-jzhb1nvr7y1qhtxccjopcfxzhm1mottjhjsdudpgs9lfrjcqzoi8n/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_26; reference:url, urlhaus.abuse.ch/url/1287387/; classtype:trojan-activity;sid:82150487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1287378)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vtcfdv_0srlqbmtfzi6hivmikknsfqd5bubuem-s-mzpzfsva62zyncoy-phkzysuhuddl0yhlyajye/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_26; reference:url, urlhaus.abuse.ch/url/1287378/; classtype:trojan-activity;sid:82150478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1287373)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vrtnhy8ipm82egefg7zhukj5qwbit31-jlhdsxovff8rcefw2uhpndpuclv_ffrqqdjhxyxympj3ame/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_26; reference:url, urlhaus.abuse.ch/url/1287373/; classtype:trojan-activity;sid:82150473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1287333)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vt4iy9nlwuov8hsmpykbfkn1fh1ydp7ms8dudg2ldfjgxf8rumdtzgiw7ukoifo3ap-pb7ybzlcdfqi/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_26; reference:url, urlhaus.abuse.ch/url/1287333/; classtype:trojan-activity;sid:82150433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1285698)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"222.114.95.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_26; reference:url, urlhaus.abuse.ch/url/1285698/; classtype:trojan-activity;sid:82148798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1278913)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vtyg409rjv4omi3oujyjsc6ajzflluuz37ofzbpjjihmrewoh2ehp2pwbfllgyy_yzqdrldwcaejvd5/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_24; reference:url, urlhaus.abuse.ch/url/1278913/; classtype:trojan-activity;sid:82142013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1278910)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vr1e4kzyqneoh2tjc5rh_unlfwjdo31gedrveg0wdyrprmm3yfdxjqxdvyy535adzu5p9m4mrvdau9v/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_24; reference:url, urlhaus.abuse.ch/url/1278910/; classtype:trojan-activity;sid:82142010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1278905)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vrvmutaxfc2ewkvy_l_cewfjwv4md_uadqlv4onmlyc0frnp7jod3ru93sm6y-tmoj0nrvbfylt739z/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_24; reference:url, urlhaus.abuse.ch/url/1278905/; classtype:trojan-activity;sid:82142005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1278895)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vtpholmraa4dir0lg8z5yhqljwbzp0qkypc3jax6d3l0hs6n23kpm2iqgccjvbvug5th443jjbzs2uv/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_24; reference:url, urlhaus.abuse.ch/url/1278895/; classtype:trojan-activity;sid:82141995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1278896)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vq6nr-yg49vldzzxliqvpupbajoss2nfxsnsk3khaixmvqydl20mxhttp-qa7mojkwa4osepa76nnbl/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_24; reference:url, urlhaus.abuse.ch/url/1278896/; classtype:trojan-activity;sid:82141996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1278899)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vqyowyoxata2couqa6uc3gwi59sq5maualr7yfmq6luzvtefqopogncbli8hx6vubkt2b65qerqhzy8/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_24; reference:url, urlhaus.abuse.ch/url/1278899/; classtype:trojan-activity;sid:82141999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1278586)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/j5fxvrf3"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_24; reference:url, urlhaus.abuse.ch/url/1278586/; classtype:trojan-activity;sid:82141686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1265916)"; flow:established,from_client; content:"GET"; http_method; content:"/hajime"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.144.235.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_21; reference:url, urlhaus.abuse.ch/url/1265916/; classtype:trojan-activity;sid:82129016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1265914)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.144.235.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_21; reference:url, urlhaus.abuse.ch/url/1265914/; classtype:trojan-activity;sid:82129014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1252888)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/v1jcezvd"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_18; reference:url, urlhaus.abuse.ch/url/1252888/; classtype:trojan-activity;sid:82115988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1252886)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/gz3wxtar"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_18; reference:url, urlhaus.abuse.ch/url/1252886/; classtype:trojan-activity;sid:82115986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1237690)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1m8jszvq-ztfrul7vgsb6q-n3ftgnkbdj|7c|26|7c|revid=0bxrhybf9__wnmgjlnmxmunzznlu0v204azc4edmzcep6a0hzpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_15; reference:url, urlhaus.abuse.ch/url/1237690/; classtype:trojan-activity;sid:82100790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1233306)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1gv_nk9llqw4fxudo-khja7nuuj1kevvw|7c|26|7c|revid=0b7zefp-g6n7vm0zhowo4be9pvus4mmh0ymxvd3r6zlu3ylznpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_14; reference:url, urlhaus.abuse.ch/url/1233306/; classtype:trojan-activity;sid:82096406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1230008)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/jnljbghz"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_13; reference:url, urlhaus.abuse.ch/url/1230008/; classtype:trojan-activity;sid:82093108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1228961)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|id=1a7jwdzayvxw_d3cgv_n7tjf4sty3ufor|7c|26|7c|export=download"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_05_13; reference:url, urlhaus.abuse.ch/url/1228961/; classtype:trojan-activity;sid:82092061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1228819)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=140vkyfrfhbqkukc2hnw-gsvi5wjw6iyi"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_13; reference:url, urlhaus.abuse.ch/url/1228819/; classtype:trojan-activity;sid:82091919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1223625)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/reqfy21x"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_12; reference:url, urlhaus.abuse.ch/url/1223625/; classtype:trojan-activity;sid:82086725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1220349)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1h_dyp_d5lst4akyf2qezxl7j1scvbtvs|7c|26|7c|revid=0b5thckui5i0mdk5moelbnm9vuhnydvjnvwpyq01vrg5xvwhrpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_11; reference:url, urlhaus.abuse.ch/url/1220349/; classtype:trojan-activity;sid:82083449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1199812)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1uygnpwzzyzn2rodsrimg0-sloxy_letg"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_05_06; reference:url, urlhaus.abuse.ch/url/1199812/; classtype:trojan-activity;sid:82062912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1198558)"; flow:established,from_client; content:"GET"; http_method; content:"/view/59bmj3vj18vh2/drive/storage/a/files/download|3f|id=625899581658508733"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"sites.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_05_06; reference:url, urlhaus.abuse.ch/url/1198558/; classtype:trojan-activity;sid:82061658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1184754)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ygn4gkmy9musdp_lgnpyjjh6rskt39vp|7c|26|7c|revid=0b8rbgp2bpeofmk5ta3n3mgjtefbzdevwtk5wwhpjd3yruejjpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_04_30; reference:url, urlhaus.abuse.ch/url/1184754/; classtype:trojan-activity;sid:82047854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1182816)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1zxejnkdwqezrbgani5vjk2y2nhmpkg0z|7c|26|7c|revid=0b-bo0wgwxcblsui1mehkbhrlu01rwxnyrxzxanbdendmbndnpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1182816/; classtype:trojan-activity;sid:82045916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181763)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=mep5euraznm5lmjsb2cuzgf1bs5uzxq6l0lnqudflzavns5legu=|7c|26|7c|filename=%ec%9d%b8%ed%84%b0%eb%84%b7_%ec%a2%85%eb%9f%89%ec%a0%9c_%ed%85%8c%ec%8a%a4%ed%8a%b8.exe"; http_uri; depth:199; isdataat:!1,relative; nocase; content:"cfs9.blog.daum.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181763/; classtype:trojan-activity;sid:82044863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181758)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=ymxvzze5mtk5nubmczezlnrpc3rvcnkuy29toi9hdhrhy2gvmc8xnzawmdawmdawmdauzxhl|7c|26|7c|filename=oleaut32.dll%bf%c0%b7%f9%c7%d8%b0%e1%c7%cf%b1%e2.exe"; http_uri; depth:184; isdataat:!1,relative; nocase; content:"cfs13.tistory.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181758/; classtype:trojan-activity;sid:82044858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181756)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=mdczafhaznmxmc5ibg9nlmrhdw0ubmv0oi9jtufhrs8wlzkwlmv4zq==|7c|26|7c|filename=xp_sp3_%ed%85%8c%eb%a7%88%ed%8c%a8%ec%b9%98.exe"; http_uri; depth:163; isdataat:!1,relative; nocase; content:"cfs10.blog.daum.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181756/; classtype:trojan-activity;sid:82044856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181754)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=ymxvzze5mtk5nubmczezlnrpc3rvcnkuy29toi9hdhrhy2gvmc8xnzawmdawmdawmdauzxhl|7c|26|7c|filename=oleaut32.dll%ef%bf%bd%ef%bf%bd%ef%bf%bd%ef%bf%bd%ef%bf%bd%d8%b0%ef%bf%bd%ef%bf%bd%cf%b1%ef%bf%bd.exe"; http_uri; depth:232; isdataat:!1,relative; nocase; content:"cfs13.tistory.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181754/; classtype:trojan-activity;sid:82044854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181755)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=metnwe5aznm3lmjsb2cuzgf1bs5uzxq6l0lnqudflzavmc5legu=|7c|26|7c|filename=%ec%9d%b8%ed%84%b0%eb%84%b7_%ec%a2%85%eb%9f%89%ec%a0%9c_%ed%85%8c%ec%8a%a4%ed%8a%b8-cksal16.exe/%ec%9d%b8%ed%84%b0%eb%84%b7_%ec%a2%85%eb%9f%89%ec%a0%9c_%ed%85%8c%ec%8a%a4%ed%8a%b8-cksal16.exe"; http_uri; depth:303; isdataat:!1,relative; nocase; content:"cfs7.blog.daum.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181755/; classtype:trojan-activity;sid:82044855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1152444)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1jpl-uouydm5hypqm67uokyddrblbpxvw|7c|26|7c|revid=0b7zpiprmoc5ubhpwclq0cxdyte5vwtrbymnidznhtgm3bzvrpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_04_22; reference:url, urlhaus.abuse.ch/url/1152444/; classtype:trojan-activity;sid:82015544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1143404)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"102.39.242.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_04_20; reference:url, urlhaus.abuse.ch/url/1143404/; classtype:trojan-activity;sid:82006504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1138786)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"102.39.242.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_04_19; reference:url, urlhaus.abuse.ch/url/1138786/; classtype:trojan-activity;sid:82001886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1061608)"; flow:established,from_client; content:"GET"; http_method; content:"/dos/nemesy13.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"dl.packetstormsecurity.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2021_03_11; reference:url, urlhaus.abuse.ch/url/1061608/; classtype:trojan-activity;sid:81924708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1054502)"; flow:established,from_client; content:"GET"; http_method; content:"/fedex/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"www.njzmfcls.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_03_08; reference:url, urlhaus.abuse.ch/url/1054502/; classtype:trojan-activity;sid:81917602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1040535)"; flow:established,from_client; content:"GET"; http_method; content:"/agha25.tar"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"spaceframe.mobi.space-frame.co.za"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2021_03_01; reference:url, urlhaus.abuse.ch/url/1040535/; classtype:trojan-activity;sid:81903635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1010244)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/bew39lta"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_14; reference:url, urlhaus.abuse.ch/url/1010244/; classtype:trojan-activity;sid:81873344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (984502)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/g7vaue54"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_30; reference:url, urlhaus.abuse.ch/url/984502/; classtype:trojan-activity;sid:81847602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (961009)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/00aujclx"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_14; reference:url, urlhaus.abuse.ch/url/961009/; classtype:trojan-activity;sid:81824109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (957784)"; flow:established,from_client; content:"GET"; http_method; content:"/gamewd/yhdl.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"download.caihong.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2021_01_13; reference:url, urlhaus.abuse.ch/url/957784/; classtype:trojan-activity;sid:81820884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (936427)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/bxjesdj7w3meuh7iatiurbsgh/"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"cdaonline.com.ar"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_12_21; reference:url, urlhaus.abuse.ch/url/936427/; classtype:trojan-activity;sid:81799527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (935625)"; flow:established,from_client; content:"GET"; http_method; content:"/u0eukz.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"abissnet.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_12_21; reference:url, urlhaus.abuse.ch/url/935625/; classtype:trojan-activity;sid:81798725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (815870)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.43.139.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_11_14; reference:url, urlhaus.abuse.ch/url/815870/; classtype:trojan-activity;sid:81678970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (788214)"; flow:established,from_client; content:"GET"; http_method; content:"/v2x2vexx.jpg"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"yzkzixun.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_11_05; reference:url, urlhaus.abuse.ch/url/788214/; classtype:trojan-activity;sid:81651314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (765703)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/lm/7cfvaaa9jo/"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"ncxps.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_10_29; reference:url, urlhaus.abuse.ch/url/765703/; classtype:trojan-activity;sid:81628803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (763354)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/hkhchyzdynzpebzcre0lq3l2ddjizwk4f7/"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"xuezha.net"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_10_29; reference:url, urlhaus.abuse.ch/url/763354/; classtype:trojan-activity;sid:81626454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (757965)"; flow:established,from_client; content:"GET"; http_method; content:"/carchi/atluhiydd0mzjfxoauso50h6xtzrieogf7f3mkhqlpdjr1yayy5aa1/"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"gpjulioandrade.gob.ec"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_10_27; reference:url, urlhaus.abuse.ch/url/757965/; classtype:trojan-activity;sid:81621065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (756747)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/rrrv7ilgm2dzpohaklkhewb8rkju15bmqeewccglap/"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"ncxps.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_10_27; reference:url, urlhaus.abuse.ch/url/756747/; classtype:trojan-activity;sid:81619847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (756736)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/4ld2g8w3rrmhtgvvvpeq2orlcqm71yyxveriw5rzitvii3/"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"ncxps.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_10_27; reference:url, urlhaus.abuse.ch/url/756736/; classtype:trojan-activity;sid:81619836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (733798)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/oct/w9hmkanqe5py4r/"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"ncxps.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_10_22; reference:url, urlhaus.abuse.ch/url/733798/; classtype:trojan-activity;sid:81596898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (733429)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/n/"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"gordon-and-son.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_10_22; reference:url, urlhaus.abuse.ch/url/733429/; classtype:trojan-activity;sid:81596529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (723755)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/sites/ci6p05scnuonqslqmehm/"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"cdaonline.com.ar"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/723755/; classtype:trojan-activity;sid:81586855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (698460)"; flow:established,from_client; content:"GET"; http_method; content:"/content/inc/laljbjzxrefspp/"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"gordon-and-son.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_10_15; reference:url, urlhaus.abuse.ch/url/698460/; classtype:trojan-activity;sid:81561560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (658293)"; flow:established,from_client; content:"GET"; http_method; content:"/ayedz.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"194.15.36.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_06; reference:url, urlhaus.abuse.ch/url/658293/; classtype:trojan-activity;sid:81521393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (658294)"; flow:established,from_client; content:"GET"; http_method; content:"/apache2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"194.15.36.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_06; reference:url, urlhaus.abuse.ch/url/658294/; classtype:trojan-activity;sid:81521394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (658290)"; flow:established,from_client; content:"GET"; http_method; content:"/ayedz.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"194.15.36.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_06; reference:url, urlhaus.abuse.ch/url/658290/; classtype:trojan-activity;sid:81521390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (658275)"; flow:established,from_client; content:"GET"; http_method; content:"/ayedz.mipsel"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"194.15.36.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_06; reference:url, urlhaus.abuse.ch/url/658275/; classtype:trojan-activity;sid:81521375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (658273)"; flow:established,from_client; content:"GET"; http_method; content:"/ayedz.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"194.15.36.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_06; reference:url, urlhaus.abuse.ch/url/658273/; classtype:trojan-activity;sid:81521373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (658266)"; flow:established,from_client; content:"GET"; http_method; content:"/ayedz.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"194.15.36.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_06; reference:url, urlhaus.abuse.ch/url/658266/; classtype:trojan-activity;sid:81521366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (658267)"; flow:established,from_client; content:"GET"; http_method; content:"/ayedz.i586"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"194.15.36.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_06; reference:url, urlhaus.abuse.ch/url/658267/; classtype:trojan-activity;sid:81521367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (658235)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"194.15.36.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_06; reference:url, urlhaus.abuse.ch/url/658235/; classtype:trojan-activity;sid:81521335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (658228)"; flow:established,from_client; content:"GET"; http_method; content:"/ayedz.i686"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"194.15.36.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_06; reference:url, urlhaus.abuse.ch/url/658228/; classtype:trojan-activity;sid:81521328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (658222)"; flow:established,from_client; content:"GET"; http_method; content:"/[cpu]"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"194.15.36.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_06; reference:url, urlhaus.abuse.ch/url/658222/; classtype:trojan-activity;sid:81521322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (658223)"; flow:established,from_client; content:"GET"; http_method; content:"/ayedz.armv61"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"194.15.36.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_06; reference:url, urlhaus.abuse.ch/url/658223/; classtype:trojan-activity;sid:81521323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (658224)"; flow:established,from_client; content:"GET"; http_method; content:"/ayedz.ppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"194.15.36.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_06; reference:url, urlhaus.abuse.ch/url/658224/; classtype:trojan-activity;sid:81521324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (637433)"; flow:established,from_client; content:"GET"; http_method; content:"/paetools.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"soft.110route.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_10_01; reference:url, urlhaus.abuse.ch/url/637433/; classtype:trojan-activity;sid:81500533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (613088)"; flow:established,from_client; content:"GET"; http_method; content:"/mikf/gallery-dl/releases/download/v1.15.0/gallery-dl.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_09_26; reference:url, urlhaus.abuse.ch/url/613088/; classtype:trojan-activity;sid:81476188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (610777)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/etrac/qqlox3lvjh/"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"jkshaonv.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_24; reference:url, urlhaus.abuse.ch/url/610777/; classtype:trojan-activity;sid:81473877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (554647)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/file/x7z9wbk77tt6v9/"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"cdaonline.com.ar"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_09_18; reference:url, urlhaus.abuse.ch/url/554647/; classtype:trojan-activity;sid:81417747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (549365)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/file/"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"jkshaonv.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_18; reference:url, urlhaus.abuse.ch/url/549365/; classtype:trojan-activity;sid:81412465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (490516)"; flow:established,from_client; content:"GET"; http_method; content:"/hmatrix/data/hack1226.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"cd.textfiles.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_09_14; reference:url, urlhaus.abuse.ch/url/490516/; classtype:trojan-activity;sid:81353616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (453216)"; flow:established,from_client; content:"GET"; http_method; content:"/enteihacking/mt/master/asycivic.jpg"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_09_04; reference:url, urlhaus.abuse.ch/url/453216/; classtype:trojan-activity;sid:81316316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (453035)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1g_x0a_gnyxai5glsipkq1b2mqknanuw8"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_09_04; reference:url, urlhaus.abuse.ch/url/453035/; classtype:trojan-activity;sid:81316135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (452177)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=14muad9cmj6mxsd9lrccuo1egxyf5f-ty"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_09_03; reference:url, urlhaus.abuse.ch/url/452177/; classtype:trojan-activity;sid:81315277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (451466)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1yrmkzxf4rmy9utrikbh6rgvsokehbmeo"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_09_02; reference:url, urlhaus.abuse.ch/url/451466/; classtype:trojan-activity;sid:81314566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (447394)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1sm7b9902i8v4yitepf6gzomqc84ltloi"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_31; reference:url, urlhaus.abuse.ch/url/447394/; classtype:trojan-activity;sid:81310494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (446803)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1gavcby-nhlq22ohbgm530exffsrg1aub"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_30; reference:url, urlhaus.abuse.ch/url/446803/; classtype:trojan-activity;sid:81309903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (439853)"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"194.15.36.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_24; reference:url, urlhaus.abuse.ch/url/439853/; classtype:trojan-activity;sid:81302953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (439852)"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"194.15.36.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_24; reference:url, urlhaus.abuse.ch/url/439852/; classtype:trojan-activity;sid:81302952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (439851)"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"194.15.36.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_24; reference:url, urlhaus.abuse.ch/url/439851/; classtype:trojan-activity;sid:81302951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (439850)"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.sparc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"194.15.36.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_24; reference:url, urlhaus.abuse.ch/url/439850/; classtype:trojan-activity;sid:81302950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (439849)"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"194.15.36.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_24; reference:url, urlhaus.abuse.ch/url/439849/; classtype:trojan-activity;sid:81302949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (439848)"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"194.15.36.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_24; reference:url, urlhaus.abuse.ch/url/439848/; classtype:trojan-activity;sid:81302948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (439847)"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.arm4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"194.15.36.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_24; reference:url, urlhaus.abuse.ch/url/439847/; classtype:trojan-activity;sid:81302947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (439846)"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"194.15.36.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_24; reference:url, urlhaus.abuse.ch/url/439846/; classtype:trojan-activity;sid:81302946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (439845)"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"194.15.36.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_24; reference:url, urlhaus.abuse.ch/url/439845/; classtype:trojan-activity;sid:81302945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (439844)"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"194.15.36.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_24; reference:url, urlhaus.abuse.ch/url/439844/; classtype:trojan-activity;sid:81302944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (439843)"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.i586"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"194.15.36.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_24; reference:url, urlhaus.abuse.ch/url/439843/; classtype:trojan-activity;sid:81302943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (439842)"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"194.15.36.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_24; reference:url, urlhaus.abuse.ch/url/439842/; classtype:trojan-activity;sid:81302942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (439841)"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"194.15.36.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_24; reference:url, urlhaus.abuse.ch/url/439841/; classtype:trojan-activity;sid:81302941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (439389)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/statement/ul397wfyb/"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"reifenquick.de"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_24; reference:url, urlhaus.abuse.ch/url/439389/; classtype:trojan-activity;sid:81302489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (438705)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/file/21mnqlvi/oz88535657v7rbazasyth9x8i/"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_21; reference:url, urlhaus.abuse.ch/url/438705/; classtype:trojan-activity;sid:81301805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (438357)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/maint/documentation/"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"jkshaonv.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_21; reference:url, urlhaus.abuse.ch/url/438357/; classtype:trojan-activity;sid:81301457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (438230)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/closed-disk/guarded-space/0870725-raadiviu/"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"yongtai.cn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_21; reference:url, urlhaus.abuse.ch/url/438230/; classtype:trojan-activity;sid:81301330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (436727)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/statement/ul397wfyb/"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_19; reference:url, urlhaus.abuse.ch/url/436727/; classtype:trojan-activity;sid:81299827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (436557)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/vctie/"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"yongtai.cn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_19; reference:url, urlhaus.abuse.ch/url/436557/; classtype:trojan-activity;sid:81299657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (434592)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/closed_957176_mxqsdoj6a4iz/close_warehouse/ql55hnq09iyn6lm_334stxvw03wyv/"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_17; reference:url, urlhaus.abuse.ch/url/434592/; classtype:trojan-activity;sid:81297692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (434320)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/hl8-8w4cs-6325/"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"reifenquick.de"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_17; reference:url, urlhaus.abuse.ch/url/434320/; classtype:trojan-activity;sid:81297420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (434311)"; flow:established,from_client; content:"GET"; http_method; content:"/gttu/xofsl/"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"dweixin.cn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_17; reference:url, urlhaus.abuse.ch/url/434311/; classtype:trojan-activity;sid:81297411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (433042)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/documentation/"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"jkshaonv.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_14; reference:url, urlhaus.abuse.ch/url/433042/; classtype:trojan-activity;sid:81296142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (432722)"; flow:established,from_client; content:"GET"; http_method; content:"/gttu/xofsl/"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"dweixin.cn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_14; reference:url, urlhaus.abuse.ch/url/432722/; classtype:trojan-activity;sid:81295822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (432117)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/hl8-8w4cs-6325/"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_13; reference:url, urlhaus.abuse.ch/url/432117/; classtype:trojan-activity;sid:81295217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (430532)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/cg1-70urc-761/"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"jkshaonv.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_12; reference:url, urlhaus.abuse.ch/url/430532/; classtype:trojan-activity;sid:81293632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429290)"; flow:established,from_client; content:"GET"; http_method; content:"/gttu/overview/sw94b26/"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"dweixin.cn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429290/; classtype:trojan-activity;sid:81292390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428089)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/payment/8o4054361916emn7j49of5zb3bgzbw29zx/"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"jkshaonv.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428089/; classtype:trojan-activity;sid:81291189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427444)"; flow:established,from_client; content:"GET"; http_method; content:"/gttu/invoice/ujn3me8cye/"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"dweixin.cn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427444/; classtype:trojan-activity;sid:81290544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426390)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/open-0627720493640-azq24pffjrm/guarded-space/gxkx9t42ra6yf-6x7uyx330389w/"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_06; reference:url, urlhaus.abuse.ch/url/426390/; classtype:trojan-activity;sid:81289490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426310)"; flow:established,from_client; content:"GET"; http_method; content:"/covid19/statement/"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"schenckel.com.br"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_06; reference:url, urlhaus.abuse.ch/url/426310/; classtype:trojan-activity;sid:81289410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (424629)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/kdgxnbhp"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_05; reference:url, urlhaus.abuse.ch/url/424629/; classtype:trojan-activity;sid:81287729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422458)"; flow:established,from_client; content:"GET"; http_method; content:"/invoice/aog-3515110/"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"lindnerelektroanlagen.de"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422458/; classtype:trojan-activity;sid:81285558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (420521)"; flow:established,from_client; content:"GET"; http_method; content:"/css/parts_service/ly944myw/"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"hitstation.nl"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_28; reference:url, urlhaus.abuse.ch/url/420521/; classtype:trojan-activity;sid:81283621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (417815)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/znhs8f1m"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_22; reference:url, urlhaus.abuse.ch/url/417815/; classtype:trojan-activity;sid:81280915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (417814)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/6xgqcgx8"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_22; reference:url, urlhaus.abuse.ch/url/417814/; classtype:trojan-activity;sid:81280914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (412922)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-keys.php"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"hotel-city.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_14; reference:url, urlhaus.abuse.ch/url/412922/; classtype:trojan-activity;sid:81276022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (410755)"; flow:established,from_client; content:"GET"; http_method; content:"/d35ha/processhide/master/bins/processhide32.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_07_10; reference:url, urlhaus.abuse.ch/url/410755/; classtype:trojan-activity;sid:81273855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (398898)"; flow:established,from_client; content:"GET"; http_method; content:"/viewpoint_support.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"support.viewpoint.fr"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_06_18; reference:url, urlhaus.abuse.ch/url/398898/; classtype:trojan-activity;sid:81261998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (390013)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1am1ztjjhswzwdbvue5tke5mbkwjud0w5"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_06_15; reference:url, urlhaus.abuse.ch/url/390013/; classtype:trojan-activity;sid:81253113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (390009)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1hd7ffgig6btbzuy2_2kds_t4u637qxjn"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_06_15; reference:url, urlhaus.abuse.ch/url/390009/; classtype:trojan-activity;sid:81253109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (374230)"; flow:established,from_client; content:"GET"; http_method; content:"/mmjbbs/673484/nqad_673484_01062020.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"xn--b1afiqif6c.xn--p1ai"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_06_02; reference:url, urlhaus.abuse.ch/url/374230/; classtype:trojan-activity;sid:81237330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (366549)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1pyl4hq8sbp5qatm1zz9vmsze1cuy2uzw"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_22; reference:url, urlhaus.abuse.ch/url/366549/; classtype:trojan-activity;sid:81229649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (355363)"; flow:established,from_client; content:"GET"; http_method; content:"/u/0/uc|3f|id=1osjrfvjdy1vblk4fya98jp5jlnk7rutv|7c|26|7c|export=download"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_01; reference:url, urlhaus.abuse.ch/url/355363/; classtype:trojan-activity;sid:81218463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (351490)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1nndvq_2_7doyyuqvcvwmory_4lyrplb7"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_04_26; reference:url, urlhaus.abuse.ch/url/351490/; classtype:trojan-activity;sid:81214590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (336481)"; flow:established,from_client; content:"GET"; http_method; content:"/fwdfvf"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"194.15.36.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_04_08; reference:url, urlhaus.abuse.ch/url/336481/; classtype:trojan-activity;sid:81199581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (336474)"; flow:established,from_client; content:"GET"; http_method; content:"/nvitpj"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"194.15.36.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_04_08; reference:url, urlhaus.abuse.ch/url/336474/; classtype:trojan-activity;sid:81199574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (336466)"; flow:established,from_client; content:"GET"; http_method; content:"/qvmxvl"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"194.15.36.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_04_08; reference:url, urlhaus.abuse.ch/url/336466/; classtype:trojan-activity;sid:81199566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (336460)"; flow:established,from_client; content:"GET"; http_method; content:"/vvglma"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"194.15.36.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_04_08; reference:url, urlhaus.abuse.ch/url/336460/; classtype:trojan-activity;sid:81199560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (336450)"; flow:established,from_client; content:"GET"; http_method; content:"/lnkfmx"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"194.15.36.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_04_08; reference:url, urlhaus.abuse.ch/url/336450/; classtype:trojan-activity;sid:81199550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (336442)"; flow:established,from_client; content:"GET"; http_method; content:"/earyzq"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"194.15.36.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_04_08; reference:url, urlhaus.abuse.ch/url/336442/; classtype:trojan-activity;sid:81199542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (336433)"; flow:established,from_client; content:"GET"; http_method; content:"/qtmzbn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"194.15.36.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_04_08; reference:url, urlhaus.abuse.ch/url/336433/; classtype:trojan-activity;sid:81199533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (336428)"; flow:established,from_client; content:"GET"; http_method; content:"/ajoomk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"194.15.36.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_04_08; reference:url, urlhaus.abuse.ch/url/336428/; classtype:trojan-activity;sid:81199528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (336412)"; flow:established,from_client; content:"GET"; http_method; content:"/atxhua"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"194.15.36.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_04_08; reference:url, urlhaus.abuse.ch/url/336412/; classtype:trojan-activity;sid:81199512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (336407)"; flow:established,from_client; content:"GET"; http_method; content:"/cemtop"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"194.15.36.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_04_08; reference:url, urlhaus.abuse.ch/url/336407/; classtype:trojan-activity;sid:81199507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (336372)"; flow:established,from_client; content:"GET"; http_method; content:"/vtyhat"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"194.15.36.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_04_08; reference:url, urlhaus.abuse.ch/url/336372/; classtype:trojan-activity;sid:81199472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (336366)"; flow:established,from_client; content:"GET"; http_method; content:"/razdzn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"194.15.36.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_04_08; reference:url, urlhaus.abuse.ch/url/336366/; classtype:trojan-activity;sid:81199466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (336354)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"194.15.36.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_04_08; reference:url, urlhaus.abuse.ch/url/336354/; classtype:trojan-activity;sid:81199454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (326350)"; flow:established,from_client; content:"GET"; http_method; content:"/builds/offers/12.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"softcatalog.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_18; reference:url, urlhaus.abuse.ch/url/326350/; classtype:trojan-activity;sid:81189450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (322758)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=ymxvzzcxmzyyqgzzns50axn0b3j5lmnvbtovyxr0ywnolzavmtqwmdawmdawmdawlmv4zq%3d%3d|7c|26|7c|filename=crack-pro20.exe"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"cfs5.tistory.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_08; reference:url, urlhaus.abuse.ch/url/322758/; classtype:trojan-activity;sid:81185858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (318948)"; flow:established,from_client; content:"GET"; http_method; content:"/fuzzbunch/fuzzbunch/master/payloads/doublepulsar-1.3.1.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_02_26; reference:url, urlhaus.abuse.ch/url/318948/; classtype:trojan-activity;sid:81182048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (318947)"; flow:established,from_client; content:"GET"; http_method; content:"/bero1985/berotinypascal/e34bd4164f4b7c27e7cf667dffd9274d33d6dfbe/bin/btpc.exe"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_02_26; reference:url, urlhaus.abuse.ch/url/318947/; classtype:trojan-activity;sid:81182047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (314465)"; flow:established,from_client; content:"GET"; http_method; content:"/fta.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"vincentdemiero.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_02_14; reference:url, urlhaus.abuse.ch/url/314465/; classtype:trojan-activity;sid:81177565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (314464)"; flow:established,from_client; content:"GET"; http_method; content:"/documeynt9897.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"vincentdemiero.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_02_14; reference:url, urlhaus.abuse.ch/url/314464/; classtype:trojan-activity;sid:81177564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (314463)"; flow:established,from_client; content:"GET"; http_method; content:"/fvs.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"vincentdemiero.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_02_14; reference:url, urlhaus.abuse.ch/url/314463/; classtype:trojan-activity;sid:81177563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (308942)"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/wp-lm9-32/"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.chenwangqiao.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_02_05; reference:url, urlhaus.abuse.ch/url/308942/; classtype:trojan-activity;sid:81172042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (306649)"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/3waa9-ke38h-15/"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"www.chenwangqiao.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_02_03; reference:url, urlhaus.abuse.ch/url/306649/; classtype:trojan-activity;sid:81169749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (304070)"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/file/"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.chenwangqiao.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_31; reference:url, urlhaus.abuse.ch/url/304070/; classtype:trojan-activity;sid:81167170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (303582)"; flow:established,from_client; content:"GET"; http_method; content:"/com1/files/severstal_map.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"111101111.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_31; reference:url, urlhaus.abuse.ch/url/303582/; classtype:trojan-activity;sid:81166682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (302960)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/payment/"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"zapchast-gazkotel.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_30; reference:url, urlhaus.abuse.ch/url/302960/; classtype:trojan-activity;sid:81166060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (299048)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/private_resource/interior_mgzeu_1nsltpydj/aqxdrigqe_e4k6usnwxrg/"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"www.xyffqh.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_27; reference:url, urlhaus.abuse.ch/url/299048/; classtype:trojan-activity;sid:81162148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (294238)"; flow:established,from_client; content:"GET"; http_method; content:"/components/personal_609510040_zqauxxvgt1/close_warehouse/2539958864610_y3rb9y/"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"supercleanspb.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_21; reference:url, urlhaus.abuse.ch/url/294238/; classtype:trojan-activity;sid:81157338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (288508)"; flow:established,from_client; content:"GET"; http_method; content:"/omlakdj17fkcjfsd/common_module/security_lkveb9o0tx_wd3lhz42yf1slt/tlcs2lwhd3vo_38wyy7/"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"owlcity.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_01_14; reference:url, urlhaus.abuse.ch/url/288508/; classtype:trojan-activity;sid:81151608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (272267)"; flow:established,from_client; content:"GET"; http_method; content:"/wp/closed_08597_xwbav/51578533_ixwt6qqxha0o_space/h7uvgaa_hfeywxam/"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"amuletweb.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_12_19; reference:url, urlhaus.abuse.ch/url/272267/; classtype:trojan-activity;sid:81135367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (272221)"; flow:established,from_client; content:"GET"; http_method; content:"/about/lm/5oj0ss1de/"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dezcom.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_12_19; reference:url, urlhaus.abuse.ch/url/272221/; classtype:trojan-activity;sid:81135321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (267838)"; flow:established,from_client; content:"GET"; http_method; content:"/photoblog/lli9c05hrj/2bwx-901909-89178267-5c5xr-qfvwc/"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"olingerphoto.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_12_12; reference:url, urlhaus.abuse.ch/url/267838/; classtype:trojan-activity;sid:81130938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (254738)"; flow:established,from_client; content:"GET"; http_method; content:"/cvd/dist/fileupload/1571723382710/9.915787746614242.jpg"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"cdn.xiaoduoai.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254738/; classtype:trojan-activity;sid:81117838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (254737)"; flow:established,from_client; content:"GET"; http_method; content:"/cvd/dist/fileupload/1571723350789/0.25579108623802416.jpg"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"cdn.xiaoduoai.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254737/; classtype:trojan-activity;sid:81117837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (250781)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/cfvi8aejp75ekq0swtl31sx3jti/"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"www.rbcfort.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_01; reference:url, urlhaus.abuse.ch/url/250781/; classtype:trojan-activity;sid:81113881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (247651)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/rd62/"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.rbcfort.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_10_22; reference:url, urlhaus.abuse.ch/url/247651/; classtype:trojan-activity;sid:81110751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (242568)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.4.124.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_10_10; reference:url, urlhaus.abuse.ch/url/242568/; classtype:trojan-activity;sid:81105668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (240568)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.244.113.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_10_07; reference:url, urlhaus.abuse.ch/url/240568/; classtype:trojan-activity;sid:81103668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (240550)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"71.42.105.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_10_07; reference:url, urlhaus.abuse.ch/url/240550/; classtype:trojan-activity;sid:81103650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (240403)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"92.114.191.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_10_07; reference:url, urlhaus.abuse.ch/url/240403/; classtype:trojan-activity;sid:81103503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (240123)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.185.119.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_10_07; reference:url, urlhaus.abuse.ch/url/240123/; classtype:trojan-activity;sid:81103223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (240096)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.170.48.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_10_07; reference:url, urlhaus.abuse.ch/url/240096/; classtype:trojan-activity;sid:81103196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (240036)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.151.143.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_10_07; reference:url, urlhaus.abuse.ch/url/240036/; classtype:trojan-activity;sid:81103136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (239981)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.55.243.196"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_10_07; reference:url, urlhaus.abuse.ch/url/239981/; classtype:trojan-activity;sid:81103081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (239019)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.66.139.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_10_06; reference:url, urlhaus.abuse.ch/url/239019/; classtype:trojan-activity;sid:81102119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (238008)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.12.99.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_10_05; reference:url, urlhaus.abuse.ch/url/238008/; classtype:trojan-activity;sid:81101108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (237890)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.12.78.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_10_05; reference:url, urlhaus.abuse.ch/url/237890/; classtype:trojan-activity;sid:81100990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (231932)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/poseidon/inc/customizer/functions/index.html"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"smeetspost.nl"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_09_16; reference:url, urlhaus.abuse.ch/url/231932/; classtype:trojan-activity;sid:81095032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (227362)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/thirdupload/5d418a4b9682b.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"src1.minibai.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_08_27; reference:url, urlhaus.abuse.ch/url/227362/; classtype:trojan-activity;sid:81090462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (226606)"; flow:established,from_client; content:"GET"; http_method; content:"/loader0/codebot.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"code-cheats.8u.cz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_08_24; reference:url, urlhaus.abuse.ch/url/226606/; classtype:trojan-activity;sid:81089706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (224805)"; flow:established,from_client; content:"GET"; http_method; content:"/pdfreader/fmt/v1.0.7.01/fmt_01.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"download.pdf00.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_08_15; reference:url, urlhaus.abuse.ch/url/224805/; classtype:trojan-activity;sid:81087905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (222979)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/thirdupload/5d3e8177e87cc.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"src1.minibai.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_08_07; reference:url, urlhaus.abuse.ch/url/222979/; classtype:trojan-activity;sid:81086079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (222972)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/thirdupload/5c8b08b37a426.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"src1.minibai.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_08_07; reference:url, urlhaus.abuse.ch/url/222972/; classtype:trojan-activity;sid:81086072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (222263)"; flow:established,from_client; content:"GET"; http_method; content:"/keygen.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.konsor.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_08_04; reference:url, urlhaus.abuse.ch/url/222263/; classtype:trojan-activity;sid:81085363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (222259)"; flow:established,from_client; content:"GET"; http_method; content:"/keygen.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"konsor.ru"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_08_04; reference:url, urlhaus.abuse.ch/url/222259/; classtype:trojan-activity;sid:81085359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (222056)"; flow:established,from_client; content:"GET"; http_method; content:"/kaobeitu/news/v1.0.7.31/news_01.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"download.kaobeitu.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_08_04; reference:url, urlhaus.abuse.ch/url/222056/; classtype:trojan-activity;sid:81085156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (222054)"; flow:established,from_client; content:"GET"; http_method; content:"/pdfreader/mini/v1.0.7.31/mini_01.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"download.pdf00.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_08_03; reference:url, urlhaus.abuse.ch/url/222054/; classtype:trojan-activity;sid:81085154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (222026)"; flow:established,from_client; content:"GET"; http_method; content:"/kaobeitu/mini/v1.0.7.16/mini_04.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"download.kaobeitu.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_08_03; reference:url, urlhaus.abuse.ch/url/222026/; classtype:trojan-activity;sid:81085126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (222010)"; flow:established,from_client; content:"GET"; http_method; content:"/pdfreader/fmt/v1.0.7.31/fmt_02.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"download.pdf00.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_08_03; reference:url, urlhaus.abuse.ch/url/222010/; classtype:trojan-activity;sid:81085110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (221599)"; flow:established,from_client; content:"GET"; http_method; content:"/pdfreader/news/v1.0.7.16/news_01.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"download.pdf00.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_08_01; reference:url, urlhaus.abuse.ch/url/221599/; classtype:trojan-activity;sid:81084699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (221598)"; flow:established,from_client; content:"GET"; http_method; content:"/kszip/mini/v1.0.7.31/mini_04.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"download.pdf00.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_08_01; reference:url, urlhaus.abuse.ch/url/221598/; classtype:trojan-activity;sid:81084698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (221595)"; flow:established,from_client; content:"GET"; http_method; content:"/kszip/news2/v1.0.7.31/news2_02.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"download.pdf00.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_08_01; reference:url, urlhaus.abuse.ch/url/221595/; classtype:trojan-activity;sid:81084695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (220541)"; flow:established,from_client; content:"GET"; http_method; content:"/25072019_0963.xls"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"fakers.co.jp"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_07_29; reference:url, urlhaus.abuse.ch/url/220541/; classtype:trojan-activity;sid:81083641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (220223)"; flow:established,from_client; content:"GET"; http_method; content:"/pdfreader/news/v1.0.7.01/news_01.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"download.pdf00.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_07_27; reference:url, urlhaus.abuse.ch/url/220223/; classtype:trojan-activity;sid:81083323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (220221)"; flow:established,from_client; content:"GET"; http_method; content:"/pdfreader/mini/v1.0.7.01/mini_01.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"download.pdf00.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_07_27; reference:url, urlhaus.abuse.ch/url/220221/; classtype:trojan-activity;sid:81083321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (219275)"; flow:established,from_client; content:"GET"; http_method; content:"/0996938c001/6e8a2a4f-40ac-464f-9a70-7c67f0a0da19.pdf"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"files.constantcontact.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2019_07_24; reference:url, urlhaus.abuse.ch/url/219275/; classtype:trojan-activity;sid:81082375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (217608)"; flow:established,from_client; content:"GET"; http_method; content:"/2018/06/201806065969_1243.doc"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"data.kaoyany.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_07_17; reference:url, urlhaus.abuse.ch/url/217608/; classtype:trojan-activity;sid:81080708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (217486)"; flow:established,from_client; content:"GET"; http_method; content:"/meteoradminz/hidden-tear/zip/master"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_07_17; reference:url, urlhaus.abuse.ch/url/217486/; classtype:trojan-activity;sid:81080586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (212208)"; flow:established,from_client; content:"GET"; http_method; content:"/rapidtables.txt"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"razorcrypter.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_06_27; reference:url, urlhaus.abuse.ch/url/212208/; classtype:trojan-activity;sid:81075308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (210525)"; flow:established,from_client; content:"GET"; http_method; content:"/20.06.2019_130.22.doc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"fakers.co.jp"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_06_20; reference:url, urlhaus.abuse.ch/url/210525/; classtype:trojan-activity;sid:81073625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (210023)"; flow:established,from_client; content:"GET"; http_method; content:"/opolis.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.opolis.io"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_06_18; reference:url, urlhaus.abuse.ch/url/210023/; classtype:trojan-activity;sid:81073123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (208009)"; flow:established,from_client; content:"GET"; http_method; content:"/domains/updateagent/application%20files/upagent.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"old.bullydog.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_06_12; reference:url, urlhaus.abuse.ch/url/208009/; classtype:trojan-activity;sid:81071109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (207761)"; flow:established,from_client; content:"GET"; http_method; content:"/monex%20swift%20_11.06.2019.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"tcgroup.com.au"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_06_11; reference:url, urlhaus.abuse.ch/url/207761/; classtype:trojan-activity;sid:81070861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (207732)"; flow:established,from_client; content:"GET"; http_method; content:"/11-jun-2019_f963a2afe3.xls"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"kosmetolodzy.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_06_11; reference:url, urlhaus.abuse.ch/url/207732/; classtype:trojan-activity;sid:81070832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (206183)"; flow:established,from_client; content:"GET"; http_method; content:"/~golgo13ex/c964732.xls"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.cc9.ne.jp"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_06_05; reference:url, urlhaus.abuse.ch/url/206183/; classtype:trojan-activity;sid:81069283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (203280)"; flow:established,from_client; content:"GET"; http_method; content:"/download/qt51crk.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.hseda.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_29; reference:url, urlhaus.abuse.ch/url/203280/; classtype:trojan-activity;sid:81066380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (203157)"; flow:established,from_client; content:"GET"; http_method; content:"/download/qt51crk.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"hseda.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_05_28; reference:url, urlhaus.abuse.ch/url/203157/; classtype:trojan-activity;sid:81066257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (202114)"; flow:established,from_client; content:"GET"; http_method; content:"/screenmate/cute/sm1302.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"www.starcountry.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_26; reference:url, urlhaus.abuse.ch/url/202114/; classtype:trojan-activity;sid:81065214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (201513)"; flow:established,from_client; content:"GET"; http_method; content:"/wj1bsetup.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"dl.dzqzd.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_24; reference:url, urlhaus.abuse.ch/url/201513/; classtype:trojan-activity;sid:81064613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (200800)"; flow:established,from_client; content:"GET"; http_method; content:"/releases/zorke_release/zorke_asciiverter_v1.00/zke-ascv.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"nerve.untergrund.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_23; reference:url, urlhaus.abuse.ch/url/200800/; classtype:trojan-activity;sid:81063900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (200798)"; flow:established,from_client; content:"GET"; http_method; content:"/releases/12.2013/nrv-ppwr.zip"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"nerve.untergrund.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_23; reference:url, urlhaus.abuse.ch/url/200798/; classtype:trojan-activity;sid:81063898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (200771)"; flow:established,from_client; content:"GET"; http_method; content:"/razor/rzr-winner_intro.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"chiptune.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_23; reference:url, urlhaus.abuse.ch/url/200771/; classtype:trojan-activity;sid:81063871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (200770)"; flow:established,from_client; content:"GET"; http_method; content:"/releases/zorke_release/zorke_nfo_file_viewer_v1.00/zke-nfoview.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"nerve.untergrund.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_23; reference:url, urlhaus.abuse.ch/url/200770/; classtype:trojan-activity;sid:81063870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (197376)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/doc/g1gc04s1woz64tp6ugkcifwtu7pk0_l0pue-9898692635/"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"itcomsrv.kz"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197376/; classtype:trojan-activity;sid:81060476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (195172)"; flow:established,from_client; content:"GET"; http_method; content:"/eypipe/pipefile/adpopup/adpopup_1382523956.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"goto.stnts.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_13; reference:url, urlhaus.abuse.ch/url/195172/; classtype:trojan-activity;sid:81058272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (193914)"; flow:established,from_client; content:"GET"; http_method; content:"/landingpages/inc/qamiekvqptnxnmavsrjfrqstywglot/"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"drivedigital.co.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_10; reference:url, urlhaus.abuse.ch/url/193914/; classtype:trojan-activity;sid:81057014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (191256)"; flow:established,from_client; content:"GET"; http_method; content:"/giftonway/service/nachprufung/2019-05/"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"drivedigital.co.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_06; reference:url, urlhaus.abuse.ch/url/191256/; classtype:trojan-activity;sid:81054356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (186282)"; flow:established,from_client; content:"GET"; http_method; content:"/pub/1003b/patch/patch_data/patch_0.3300/1003b.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"dl.1003b.56a.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_04_27; reference:url, urlhaus.abuse.ch/url/186282/; classtype:trojan-activity;sid:81049382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (185713)"; flow:established,from_client; content:"GET"; http_method; content:"/qrtb.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"xiaoma-10021647.file.myqcloud.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2019_04_26; reference:url, urlhaus.abuse.ch/url/185713/; classtype:trojan-activity;sid:81048813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (184801)"; flow:established,from_client; content:"GET"; http_method; content:"/tqpjo/scan/uftruaemi2h/"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"redlk.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_04_25; reference:url, urlhaus.abuse.ch/url/184801/; classtype:trojan-activity;sid:81047901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (182607)"; flow:established,from_client; content:"GET"; http_method; content:"/admin/doc/iohwpmtjjnoe/"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ptgut.co.id"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_04_23; reference:url, urlhaus.abuse.ch/url/182607/; classtype:trojan-activity;sid:81045707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (180421)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/indyg-8fpl8zgrhpxry5_vlysnvctx-lr/"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"ptgut.co.id"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_04_18; reference:url, urlhaus.abuse.ch/url/180421/; classtype:trojan-activity;sid:81043521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (177970)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/m9ucj4-x50app3-wmcuc/"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"ptgut.co.id"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_04_15; reference:url, urlhaus.abuse.ch/url/177970/; classtype:trojan-activity;sid:81041070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (176747)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pdsd-mxmlkagckc6fc12_jwmbpshsq-tk/"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"ptgut.co.id"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_04_12; reference:url, urlhaus.abuse.ch/url/176747/; classtype:trojan-activity;sid:81039847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (176091)"; flow:established,from_client; content:"GET"; http_method; content:"/templates/theme261/css/msg.jpg"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"sk-comtel.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_04_12; reference:url, urlhaus.abuse.ch/url/176091/; classtype:trojan-activity;sid:81039191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (175833)"; flow:established,from_client; content:"GET"; http_method; content:"/templates/theme261/html/com_contact/category/hp.gf"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"sk-comtel.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_04_11; reference:url, urlhaus.abuse.ch/url/175833/; classtype:trojan-activity;sid:81038933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (173971)"; flow:established,from_client; content:"GET"; http_method; content:"/file/support/trust/en/042019/"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"brightworks.cz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_04_09; reference:url, urlhaus.abuse.ch/url/173971/; classtype:trojan-activity;sid:81037071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (173425)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/ewbnm-h00hvr2ptu3kyyr_yavlsniuf-a0u/"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"solutelco.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_04_08; reference:url, urlhaus.abuse.ch/url/173425/; classtype:trojan-activity;sid:81036525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (170262)"; flow:established,from_client; content:"GET"; http_method; content:"/eng/wp-content/plugins/featurific-for-wordpress/3"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"jointings.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_04_02; reference:url, urlhaus.abuse.ch/url/170262/; classtype:trojan-activity;sid:81033362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (170261)"; flow:established,from_client; content:"GET"; http_method; content:"/eng/wp-content/plugins/featurific-for-wordpress/2"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"jointings.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_04_02; reference:url, urlhaus.abuse.ch/url/170261/; classtype:trojan-activity;sid:81033361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (170260)"; flow:established,from_client; content:"GET"; http_method; content:"/eng/wp-content/plugins/featurific-for-wordpress/1"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"jointings.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_04_02; reference:url, urlhaus.abuse.ch/url/170260/; classtype:trojan-activity;sid:81033360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (168797)"; flow:established,from_client; content:"GET"; http_method; content:"/images/1754808353/avbq-nqp_gipxnq-ip/"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"writerartist.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_29; reference:url, urlhaus.abuse.ch/url/168797/; classtype:trojan-activity;sid:81031897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (167372)"; flow:established,from_client; content:"GET"; http_method; content:"/test/verif.myacc.send.com/"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"ptgut.co.id"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_27; reference:url, urlhaus.abuse.ch/url/167372/; classtype:trojan-activity;sid:81030472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (165554)"; flow:established,from_client; content:"GET"; http_method; content:"/secure.myacc.resourses.com/"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"flyingmutts.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165554/; classtype:trojan-activity;sid:81028654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (165504)"; flow:established,from_client; content:"GET"; http_method; content:"/i203611254b019514581.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"programandojuntos.us.tempcloudsite.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165504/; classtype:trojan-activity;sid:81028604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (164277)"; flow:established,from_client; content:"GET"; http_method; content:"/corporation/new_invoice/1033530/hijmq-jo_uqgwdlyf-8e/"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"flyingmutts.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164277/; classtype:trojan-activity;sid:81027377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (162770)"; flow:established,from_client; content:"GET"; http_method; content:"/artluz/produtos/sendincsec/support/sec/en_en/03-2019/"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"alarmline.com.br"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_20; reference:url, urlhaus.abuse.ch/url/162770/; classtype:trojan-activity;sid:81025870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (161757)"; flow:established,from_client; content:"GET"; http_method; content:"/tomatoleizhutizy/tomatoleizhutizy.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"softdl2.360tpcdn.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_19; reference:url, urlhaus.abuse.ch/url/161757/; classtype:trojan-activity;sid:81024857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (158942)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2011-03/27/pub/4d8ee54db371e.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"p5.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_14; reference:url, urlhaus.abuse.ch/url/158942/; classtype:trojan-activity;sid:81022042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (157610)"; flow:established,from_client; content:"GET"; http_method; content:"/stats/f06bn-kgh24-ncoviajp/"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"flyingmutts.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_12; reference:url, urlhaus.abuse.ch/url/157610/; classtype:trojan-activity;sid:81020710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (156062)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/d96m-5kduyd-gmzsf.view/"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"www.teknotown.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_11; reference:url, urlhaus.abuse.ch/url/156062/; classtype:trojan-activity;sid:81019162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (154627)"; flow:established,from_client; content:"GET"; http_method; content:"/za.ebali"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"mitreart.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_07; reference:url, urlhaus.abuse.ch/url/154627/; classtype:trojan-activity;sid:81017727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (154059)"; flow:established,from_client; content:"GET"; http_method; content:"/mz5qeapm.hta"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"dl.asis.io"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_03_07; reference:url, urlhaus.abuse.ch/url/154059/; classtype:trojan-activity;sid:81017159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (151907)"; flow:established,from_client; content:"GET"; http_method; content:"/admin/kegy9-vkn3d7-vjunj.view/"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"adver.com.br"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_04; reference:url, urlhaus.abuse.ch/url/151907/; classtype:trojan-activity;sid:81015007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (146376)"; flow:established,from_client; content:"GET"; http_method; content:"/sendincsec/legal/secure/en/022019/"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"vcpesaas.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_02_25; reference:url, urlhaus.abuse.ch/url/146376/; classtype:trojan-activity;sid:81009476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (143301)"; flow:established,from_client; content:"GET"; http_method; content:"/pistacchietto/win-python-backdoor/raw/master/win.bat"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_02_23; reference:url, urlhaus.abuse.ch/url/143301/; classtype:trojan-activity;sid:81006401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (143068)"; flow:established,from_client; content:"GET"; http_method; content:"/copy_receipt/kppte-noyz_tjl-kww/"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"vcpesaas.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_02_22; reference:url, urlhaus.abuse.ch/url/143068/; classtype:trojan-activity;sid:81006168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (142841)"; flow:established,from_client; content:"GET"; http_method; content:"/company/account/open/file/jnpvoliu3gcmmwttlpocikgwpnx/"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"energy63.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_02_22; reference:url, urlhaus.abuse.ch/url/142841/; classtype:trojan-activity;sid:81005941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (141151)"; flow:established,from_client; content:"GET"; http_method; content:"/secure/business/open/read/6ejw2ylnjos64gujbzyd/"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"vcpesaas.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_02_20; reference:url, urlhaus.abuse.ch/url/141151/; classtype:trojan-activity;sid:81004251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (141063)"; flow:established,from_client; content:"GET"; http_method; content:"/kev4.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"kelvingee.hys.cz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_02_20; reference:url, urlhaus.abuse.ch/url/141063/; classtype:trojan-activity;sid:81004163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (140888)"; flow:established,from_client; content:"GET"; http_method; content:"/koko4.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.kokopellz.4fan.cz"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_02_20; reference:url, urlhaus.abuse.ch/url/140888/; classtype:trojan-activity;sid:81003988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (140887)"; flow:established,from_client; content:"GET"; http_method; content:"/koko4.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"kokopellz.4fan.cz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_02_20; reference:url, urlhaus.abuse.ch/url/140887/; classtype:trojan-activity;sid:81003987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (140886)"; flow:established,from_client; content:"GET"; http_method; content:"/koko4.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.kokopellz.4fan.cz"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_02_20; reference:url, urlhaus.abuse.ch/url/140886/; classtype:trojan-activity;sid:81003986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (140885)"; flow:established,from_client; content:"GET"; http_method; content:"/koko4.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"kokopellz.4fan.cz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_02_20; reference:url, urlhaus.abuse.ch/url/140885/; classtype:trojan-activity;sid:81003985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (140884)"; flow:established,from_client; content:"GET"; http_method; content:"/koko4.hta"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.kokopellz.4fan.cz"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_02_20; reference:url, urlhaus.abuse.ch/url/140884/; classtype:trojan-activity;sid:81003984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (140882)"; flow:established,from_client; content:"GET"; http_method; content:"/koko4.hta"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.kokopellz.4fan.cz"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_02_20; reference:url, urlhaus.abuse.ch/url/140882/; classtype:trojan-activity;sid:81003982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (140883)"; flow:established,from_client; content:"GET"; http_method; content:"/koko4.hta"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"kokopellz.4fan.cz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_02_20; reference:url, urlhaus.abuse.ch/url/140883/; classtype:trojan-activity;sid:81003983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (140881)"; flow:established,from_client; content:"GET"; http_method; content:"/koko4.hta"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"kokopellz.4fan.cz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_02_20; reference:url, urlhaus.abuse.ch/url/140881/; classtype:trojan-activity;sid:81003981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (140791)"; flow:established,from_client; content:"GET"; http_method; content:"/bv5eh1ierp/"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"augsburg-auto.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_02_20; reference:url, urlhaus.abuse.ch/url/140791/; classtype:trojan-activity;sid:81003891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (140721)"; flow:established,from_client; content:"GET"; http_method; content:"/llc/pymn-4tz_mul-r1/"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"energy63.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_02_20; reference:url, urlhaus.abuse.ch/url/140721/; classtype:trojan-activity;sid:81003821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (140156)"; flow:established,from_client; content:"GET"; http_method; content:"/1465810408079_502.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"static.topxgun.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_02_19; reference:url, urlhaus.abuse.ch/url/140156/; classtype:trojan-activity;sid:81003256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (124794)"; flow:established,from_client; content:"GET"; http_method; content:"/info/invoice/pbxt-q6sq_xs-1b/"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"vcpesaas.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_02_14; reference:url, urlhaus.abuse.ch/url/124794/; classtype:trojan-activity;sid:80987894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (122975)"; flow:established,from_client; content:"GET"; http_method; content:"/data/box.bin"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"dusttv.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_02_13; reference:url, urlhaus.abuse.ch/url/122975/; classtype:trojan-activity;sid:80986075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (122898)"; flow:established,from_client; content:"GET"; http_method; content:"/u1yk11gr/"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"vcpesaas.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_02_13; reference:url, urlhaus.abuse.ch/url/122898/; classtype:trojan-activity;sid:80985998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (122545)"; flow:established,from_client; content:"GET"; http_method; content:"/sec.accounts.send.com/"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"grikom.info"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_02_12; reference:url, urlhaus.abuse.ch/url/122545/; classtype:trojan-activity;sid:80985645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (121258)"; flow:established,from_client; content:"GET"; http_method; content:"/28758658/2018/04/28/c4284a2a6c1b60247944a03cbaf930c5.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"cdn.file6.goodid.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_02_11; reference:url, urlhaus.abuse.ch/url/121258/; classtype:trojan-activity;sid:80984358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (121029)"; flow:established,from_client; content:"GET"; http_method; content:"/active/pcclear_eng_mini.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"down.pcclear.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_02_10; reference:url, urlhaus.abuse.ch/url/121029/; classtype:trojan-activity;sid:80984129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (118737)"; flow:established,from_client; content:"GET"; http_method; content:"/us_us/info/invoice_notice/04742192589/tlpp-l3mt_mdyhk-fp3/"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"onlinetanecni.cz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_02_06; reference:url, urlhaus.abuse.ch/url/118737/; classtype:trojan-activity;sid:80981837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (116990)"; flow:established,from_client; content:"GET"; http_method; content:"/ltbx_h3dtc-obppcj/maj/messages/2019-02/"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"airlife.bget.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_02_04; reference:url, urlhaus.abuse.ch/url/116990/; classtype:trojan-activity;sid:80980090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (115233)"; flow:established,from_client; content:"GET"; http_method; content:"/files/sanghyun-guest.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"sanghyun.nfile.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_02_01; reference:url, urlhaus.abuse.ch/url/115233/; classtype:trojan-activity;sid:80978333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (115231)"; flow:established,from_client; content:"GET"; http_method; content:"/files/sanghyun.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sanghyun.nfile.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_02_01; reference:url, urlhaus.abuse.ch/url/115231/; classtype:trojan-activity;sid:80978331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (114988)"; flow:established,from_client; content:"GET"; http_method; content:"/6iywkl5i_mg/"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pobedastaff.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_01_31; reference:url, urlhaus.abuse.ch/url/114988/; classtype:trojan-activity;sid:80978088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (112779)"; flow:established,from_client; content:"GET"; http_method; content:"/files/update.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"sg123.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_01_29; reference:url, urlhaus.abuse.ch/url/112779/; classtype:trojan-activity;sid:80975879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (112648)"; flow:established,from_client; content:"GET"; http_method; content:"/files/install.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"sg123.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_01_29; reference:url, urlhaus.abuse.ch/url/112648/; classtype:trojan-activity;sid:80975748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (112647)"; flow:established,from_client; content:"GET"; http_method; content:"/files/install.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"igra123.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_01_29; reference:url, urlhaus.abuse.ch/url/112647/; classtype:trojan-activity;sid:80975747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (112642)"; flow:established,from_client; content:"GET"; http_method; content:"/files/update.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"igra123.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_01_29; reference:url, urlhaus.abuse.ch/url/112642/; classtype:trojan-activity;sid:80975742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (111691)"; flow:established,from_client; content:"GET"; http_method; content:"/files/haeum.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"haeum.nfile.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_01_28; reference:url, urlhaus.abuse.ch/url/111691/; classtype:trojan-activity;sid:80974791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (110142)"; flow:established,from_client; content:"GET"; http_method; content:"/%d3%b2%bc%fe%d0%c5%cf%a2%b2%e9%bf%b4%c6%f7.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"down.54nb.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_01_25; reference:url, urlhaus.abuse.ch/url/110142/; classtype:trojan-activity;sid:80973242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (110132)"; flow:established,from_client; content:"GET"; http_method; content:"/gcld/updates_tw/gcmgr_tw.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"static.ilclock.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_01_25; reference:url, urlhaus.abuse.ch/url/110132/; classtype:trojan-activity;sid:80973232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (109264)"; flow:established,from_client; content:"GET"; http_method; content:"/rechnungen/01_19/"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"p4man.com.br"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_01_24; reference:url, urlhaus.abuse.ch/url/109264/; classtype:trojan-activity;sid:80972364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (109220)"; flow:established,from_client; content:"GET"; http_method; content:"/de_de/tejqsyf3366492/ger/rechnungszahlung/"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"blogs.sokun.jp"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_01_24; reference:url, urlhaus.abuse.ch/url/109220/; classtype:trojan-activity;sid:80972320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (108283)"; flow:established,from_client; content:"GET"; http_method; content:"/bigfile/v1/urls/d/4qnwtdd-4xsuuy1xlrmzcibqjfu/ihdzyo55cus7ds4lmmkxpa"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"attach.mail.daum.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_01_23; reference:url, urlhaus.abuse.ch/url/108283/; classtype:trojan-activity;sid:80971383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (106006)"; flow:established,from_client; content:"GET"; http_method; content:"/qcoin/qcoin128.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/106006/; classtype:trojan-activity;sid:80969106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (106003)"; flow:established,from_client; content:"GET"; http_method; content:"/qcoin/qcoin133.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/106003/; classtype:trojan-activity;sid:80969103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (106002)"; flow:established,from_client; content:"GET"; http_method; content:"/jd/jd156.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/106002/; classtype:trojan-activity;sid:80969102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (106000)"; flow:established,from_client; content:"GET"; http_method; content:"/qcoin/qcoin130.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/106000/; classtype:trojan-activity;sid:80969100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105999)"; flow:established,from_client; content:"GET"; http_method; content:"/qcoin/qcoin142.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/105999/; classtype:trojan-activity;sid:80969099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105998)"; flow:established,from_client; content:"GET"; http_method; content:"/jd/jd124.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/105998/; classtype:trojan-activity;sid:80969098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105997)"; flow:established,from_client; content:"GET"; http_method; content:"/qcoin/qcoin141.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/105997/; classtype:trojan-activity;sid:80969097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105996)"; flow:established,from_client; content:"GET"; http_method; content:"/jd/jd127.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/105996/; classtype:trojan-activity;sid:80969096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105992)"; flow:established,from_client; content:"GET"; http_method; content:"/jd/jd145.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/105992/; classtype:trojan-activity;sid:80969092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105988)"; flow:established,from_client; content:"GET"; http_method; content:"/jd/jd144.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/105988/; classtype:trojan-activity;sid:80969088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105985)"; flow:established,from_client; content:"GET"; http_method; content:"/jd/jd136.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/105985/; classtype:trojan-activity;sid:80969085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105976)"; flow:established,from_client; content:"GET"; http_method; content:"/qcoin/qcoin139.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/105976/; classtype:trojan-activity;sid:80969076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105975)"; flow:established,from_client; content:"GET"; http_method; content:"/jd/jd137.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/105975/; classtype:trojan-activity;sid:80969075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105946)"; flow:established,from_client; content:"GET"; http_method; content:"/pdfreader/fmt/v1.0.1.17/fmt_01.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"download.pdf00.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/105946/; classtype:trojan-activity;sid:80969046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105407)"; flow:established,from_client; content:"GET"; http_method; content:"/hkhe3fktc/"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"atkcgnew.evgeni7e.beget.tech"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2019_01_18; reference:url, urlhaus.abuse.ch/url/105407/; classtype:trojan-activity;sid:80968507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (104181)"; flow:established,from_client; content:"GET"; http_method; content:"/cfjy-2q9i_yq-se/comet/signs/payment/notification/01/16/2019/en/open-past-due-orders/"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"advustech.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_01_16; reference:url, urlhaus.abuse.ch/url/104181/; classtype:trojan-activity;sid:80967281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (104016)"; flow:established,from_client; content:"GET"; http_method; content:"/drop/css/obr.hta"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.myvcart.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_01_16; reference:url, urlhaus.abuse.ch/url/104016/; classtype:trojan-activity;sid:80967116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (103702)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/pridmag/ttt/161485502.doc"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"sdvgpro.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_01_15; reference:url, urlhaus.abuse.ch/url/103702/; classtype:trojan-activity;sid:80966802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (103393)"; flow:established,from_client; content:"GET"; http_method; content:"/vp1bgrvz9v/"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.mixturro.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_01_15; reference:url, urlhaus.abuse.ch/url/103393/; classtype:trojan-activity;sid:80966493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (102706)"; flow:established,from_client; content:"GET"; http_method; content:"/autoguarder/autoguarder_2.3.7.350.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"softdl4.360.cn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_01_12; reference:url, urlhaus.abuse.ch/url/102706/; classtype:trojan-activity;sid:80965806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (102548)"; flow:established,from_client; content:"GET"; http_method; content:"/doumai/tips/v1.0.1.11/tips_01.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"download.doumaibiji.cn"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_01_11; reference:url, urlhaus.abuse.ch/url/102548/; classtype:trojan-activity;sid:80965648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (102545)"; flow:established,from_client; content:"GET"; http_method; content:"/doumai/fmt/v1.0.1.11/fmt_01.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"download.doumaibiji.cn"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_01_11; reference:url, urlhaus.abuse.ch/url/102545/; classtype:trojan-activity;sid:80965645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (98628)"; flow:established,from_client; content:"GET"; http_method; content:"/6nqq.js"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.hostingcloud.science"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2018_12_21; reference:url, urlhaus.abuse.ch/url/98628/; classtype:trojan-activity;sid:80961728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (98115)"; flow:established,from_client; content:"GET"; http_method; content:"/pvvwe-5ve_e-avu/invoicecodechanges/us/service-invoice"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"advustech.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_20; reference:url, urlhaus.abuse.ch/url/98115/; classtype:trojan-activity;sid:80961215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (96791)"; flow:established,from_client; content:"GET"; http_method; content:"/gvhr-mmj5u8zn2kc5aoq_nkxhprvvh-t9/"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"aulist.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2018_12_18; reference:url, urlhaus.abuse.ch/url/96791/; classtype:trojan-activity;sid:80959891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (96660)"; flow:established,from_client; content:"GET"; http_method; content:"/l5ecamtdy/"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"advustech.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_17; reference:url, urlhaus.abuse.ch/url/96660/; classtype:trojan-activity;sid:80959760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (96625)"; flow:established,from_client; content:"GET"; http_method; content:"/iuia-qgkdtq2rfbxd7z_ljiaengvq-4cy/"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"www.ardguisser.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2018_12_17; reference:url, urlhaus.abuse.ch/url/96625/; classtype:trojan-activity;sid:80959725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (95728)"; flow:established,from_client; content:"GET"; http_method; content:"/game/download/zip/waigua/shiqi/2003/06/20030620.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"veryboys.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2018_12_15; reference:url, urlhaus.abuse.ch/url/95728/; classtype:trojan-activity;sid:80958828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (95727)"; flow:established,from_client; content:"GET"; http_method; content:"/game/download/zip/waigua/mir2/2003/05/200305252.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"veryboys.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2018_12_15; reference:url, urlhaus.abuse.ch/url/95727/; classtype:trojan-activity;sid:80958827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (95726)"; flow:established,from_client; content:"GET"; http_method; content:"/game/download/zip/waigua/mu/2003/07/20030721.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"veryboys.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2018_12_15; reference:url, urlhaus.abuse.ch/url/95726/; classtype:trojan-activity;sid:80958826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (95634)"; flow:established,from_client; content:"GET"; http_method; content:"/soft/uploadfile/guochang/setup_tvplayer.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"www.okhan.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_15; reference:url, urlhaus.abuse.ch/url/95634/; classtype:trojan-activity;sid:80958734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (95633)"; flow:established,from_client; content:"GET"; http_method; content:"/soft/uploadfile/youxi/okhan.net-2wn.rar"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"www.okhan.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_15; reference:url, urlhaus.abuse.ch/url/95633/; classtype:trojan-activity;sid:80958733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (95550)"; flow:established,from_client; content:"GET"; http_method; content:"/game/download/zip/waigua/mir2/2003/05/20030520.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"veryboys.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2018_12_15; reference:url, urlhaus.abuse.ch/url/95550/; classtype:trojan-activity;sid:80958650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (95509)"; flow:established,from_client; content:"GET"; http_method; content:"/soft/uploadfile/anquan/pjbingdianhuanyuan.rar"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"www.okhan.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_15; reference:url, urlhaus.abuse.ch/url/95509/; classtype:trojan-activity;sid:80958609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (95209)"; flow:established,from_client; content:"GET"; http_method; content:"/us/information/122018/"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"flyingmutts.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2018_12_14; reference:url, urlhaus.abuse.ch/url/95209/; classtype:trojan-activity;sid:80958309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (95078)"; flow:established,from_client; content:"GET"; http_method; content:"/us/information/122018"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"flyingmutts.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2018_12_14; reference:url, urlhaus.abuse.ch/url/95078/; classtype:trojan-activity;sid:80958178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (94507)"; flow:established,from_client; content:"GET"; http_method; content:"/southwire/910459143107617649/llc/us/summit-companies-invoice-33396595/"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"ccilogistica.com.br"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2018_12_13; reference:url, urlhaus.abuse.ch/url/94507/; classtype:trojan-activity;sid:80957607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (94279)"; flow:established,from_client; content:"GET"; http_method; content:"/upload/20140812/14078161556897.rar"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"static.3001.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2018_12_13; reference:url, urlhaus.abuse.ch/url/94279/; classtype:trojan-activity;sid:80957379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (94199)"; flow:established,from_client; content:"GET"; http_method; content:"/soft/uploadfile/youxi/okhan.net-2wn.rar"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"okhan.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2018_12_13; reference:url, urlhaus.abuse.ch/url/94199/; classtype:trojan-activity;sid:80957299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (94194)"; flow:established,from_client; content:"GET"; http_method; content:"/soft/uploadfile/anquan/pjbingdianhuanyuan.rar"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"okhan.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2018_12_13; reference:url, urlhaus.abuse.ch/url/94194/; classtype:trojan-activity;sid:80957294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (93513)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/telekom/rechnungonline/112018/"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"artscreenstudio.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2018_12_12; reference:url, urlhaus.abuse.ch/url/93513/; classtype:trojan-activity;sid:80956613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (92614)"; flow:established,from_client; content:"GET"; http_method; content:"/irs-irsonline-treasury-gov/tax-account-transcript/"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"www.mi2think.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2018_12_11; reference:url, urlhaus.abuse.ch/url/92614/; classtype:trojan-activity;sid:80955714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (92354)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/3"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"itssprout.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_10; reference:url, urlhaus.abuse.ch/url/92354/; classtype:trojan-activity;sid:80955454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (92351)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/2"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"itssprout.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_10; reference:url, urlhaus.abuse.ch/url/92351/; classtype:trojan-activity;sid:80955451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (92344)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"itssprout.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_10; reference:url, urlhaus.abuse.ch/url/92344/; classtype:trojan-activity;sid:80955444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (91936)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2010-11/17/pub/4ce336b4661fd.rar"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"p6.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_09; reference:url, urlhaus.abuse.ch/url/91936/; classtype:trojan-activity;sid:80955036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (91935)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2010-11/04/pub/4cd2620ce3f10.rar"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"p6.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_09; reference:url, urlhaus.abuse.ch/url/91935/; classtype:trojan-activity;sid:80955035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (91933)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2011-08/11/pub/4e4334b150fcf.rar"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"p6.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_09; reference:url, urlhaus.abuse.ch/url/91933/; classtype:trojan-activity;sid:80955033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (91931)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2011-10/14/1121109/4e97e74d5dd8e.rar"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"p6.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_09; reference:url, urlhaus.abuse.ch/url/91931/; classtype:trojan-activity;sid:80955031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (91928)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2010-12/03/519808/4cf8bc6362f34.rar"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"p6.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_09; reference:url, urlhaus.abuse.ch/url/91928/; classtype:trojan-activity;sid:80955028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (91927)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2010-12/12/pub/4d043cebf1e0b.rar"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"p6.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_09; reference:url, urlhaus.abuse.ch/url/91927/; classtype:trojan-activity;sid:80955027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (91881)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2011-10/22/1164339/4ea2a4c43df54.rar"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"p6.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_08; reference:url, urlhaus.abuse.ch/url/91881/; classtype:trojan-activity;sid:80954981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (90508)"; flow:established,from_client; content:"GET"; http_method; content:"/doc/en/scan"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"ptgut.co.id"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2018_12_06; reference:url, urlhaus.abuse.ch/url/90508/; classtype:trojan-activity;sid:80953608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (89165)"; flow:established,from_client; content:"GET"; http_method; content:"/corporation/en_en/999-88-805311-816-999-88-805311-384/"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"ptgut.co.id"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2018_12_05; reference:url, urlhaus.abuse.ch/url/89165/; classtype:trojan-activity;sid:80952265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (89024)"; flow:established,from_client; content:"GET"; http_method; content:"/corporation/en_en/999-88-805311-816-999-88-805311-384"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"ptgut.co.id"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2018_12_04; reference:url, urlhaus.abuse.ch/url/89024/; classtype:trojan-activity;sid:80952124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (86730)"; flow:established,from_client; content:"GET"; http_method; content:"/076360tad/oamo/business/"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"flyingmutts.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2018_11_29; reference:url, urlhaus.abuse.ch/url/86730/; classtype:trojan-activity;sid:80949830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (86203)"; flow:established,from_client; content:"GET"; http_method; content:"/076360tad/oamo/business"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"flyingmutts.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2018_11_28; reference:url, urlhaus.abuse.ch/url/86203/; classtype:trojan-activity;sid:80949303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (86134)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/images/80onffqo/swift/us/"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"www.mi2think.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2018_11_28; reference:url, urlhaus.abuse.ch/url/86134/; classtype:trojan-activity;sid:80949234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85967)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2009-06/29/106045/rc1veeex.rar"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"p3.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_28; reference:url, urlhaus.abuse.ch/url/85967/; classtype:trojan-activity;sid:80949067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85901)"; flow:established,from_client; content:"GET"; http_method; content:"/tekiwanatain/installer.rar"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"users.atw.hu"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2018_11_28; reference:url, urlhaus.abuse.ch/url/85901/; classtype:trojan-activity;sid:80949001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85881)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2009-06/29/106045/5fg9yjwr.rar"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"p3.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85881/; classtype:trojan-activity;sid:80948981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85879)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2009-06/29/106045/a9to40e7.rar"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"p3.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85879/; classtype:trojan-activity;sid:80948979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85878)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2009-06/29/106045/e6i8pdc0.rar"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"p3.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85878/; classtype:trojan-activity;sid:80948978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85877)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2009-07/28/117228/4wtjdjio.rar"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"p3.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85877/; classtype:trojan-activity;sid:80948977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85876)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2009-06/29/106045/zwy1q6k0.rar"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"p3.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85876/; classtype:trojan-activity;sid:80948976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85874)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2009-06/06/98428/07c9mfhe.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"p3.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85874/; classtype:trojan-activity;sid:80948974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85614)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/images/80onffqo/swift/us"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"www.mi2think.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85614/; classtype:trojan-activity;sid:80948714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (84160)"; flow:established,from_client; content:"GET"; http_method; content:"/709rru/ach/business"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"www.uralmetalloprokat.ru"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2018_11_23; reference:url, urlhaus.abuse.ch/url/84160/; classtype:trojan-activity;sid:80947260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (84040)"; flow:established,from_client; content:"GET"; http_method; content:"/0415jbrob/sep/smallbusiness"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"www.udobrit.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2018_11_23; reference:url, urlhaus.abuse.ch/url/84040/; classtype:trojan-activity;sid:80947140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (84037)"; flow:established,from_client; content:"GET"; http_method; content:"/5zbqf/wire/personal"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"www.tobeart.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2018_11_23; reference:url, urlhaus.abuse.ch/url/84037/; classtype:trojan-activity;sid:80947137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (79623)"; flow:established,from_client; content:"GET"; http_method; content:"/urzfhrbbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"vagler.ru"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2018_11_13; reference:url, urlhaus.abuse.ch/url/79623/; classtype:trojan-activity;sid:80942723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (79342)"; flow:established,from_client; content:"GET"; http_method; content:"/bigfile/v1/urls/d/1gpusd8uwnakepjjehixnayfekq/kbdjubux_j-nvjot1z-mdw"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"attach.mail.daum.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2018_11_13; reference:url, urlhaus.abuse.ch/url/79342/; classtype:trojan-activity;sid:80942442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (78780)"; flow:established,from_client; content:"GET"; http_method; content:"/ehiz.hta"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"asakoko.cekuj.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2018_11_12; reference:url, urlhaus.abuse.ch/url/78780/; classtype:trojan-activity;sid:80941880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (78779)"; flow:established,from_client; content:"GET"; http_method; content:"/ehiz.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"asakoko.cekuj.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2018_11_12; reference:url, urlhaus.abuse.ch/url/78779/; classtype:trojan-activity;sid:80941879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (71185)"; flow:established,from_client; content:"GET"; http_method; content:"/nykol16/kepek.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"users.atw.hu"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2018_10_26; reference:url, urlhaus.abuse.ch/url/71185/; classtype:trojan-activity;sid:80934285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (67439)"; flow:established,from_client; content:"GET"; http_method; content:"/zoolatogato/xruhbmzvlaghfnqcerrv.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"users.atw.hu"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2018_10_12; reference:url, urlhaus.abuse.ch/url/67439/; classtype:trojan-activity;sid:80930539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (66694)"; flow:established,from_client; content:"GET"; http_method; content:"/autoup/client/aqclient.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"pay.aqiu6.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_10_11; reference:url, urlhaus.abuse.ch/url/66694/; classtype:trojan-activity;sid:80929794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (66274)"; flow:established,from_client; content:"GET"; http_method; content:"/toneraruhaz/wp-admin/network/installer.rar"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"users.atw.hu"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2018_10_09; reference:url, urlhaus.abuse.ch/url/66274/; classtype:trojan-activity;sid:80929374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (66164)"; flow:established,from_client; content:"GET"; http_method; content:"/fvlmodell/letoltes/files/scalecalc.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"users.atw.hu"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2018_10_09; reference:url, urlhaus.abuse.ch/url/66164/; classtype:trojan-activity;sid:80929264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (64681)"; flow:established,from_client; content:"GET"; http_method; content:"/85nojvodyz/biz/business"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"kamin-premium.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2018_10_04; reference:url, urlhaus.abuse.ch/url/64681/; classtype:trojan-activity;sid:80927781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (61080)"; flow:established,from_client; content:"GET"; http_method; content:"/us/payments/092018"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ptgut.co.id"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2018_09_26; reference:url, urlhaus.abuse.ch/url/61080/; classtype:trojan-activity;sid:80924180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (59247)"; flow:established,from_client; content:"GET"; http_method; content:"/vqd0d5/"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"robertrowe.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2018_09_23; reference:url, urlhaus.abuse.ch/url/59247/; classtype:trojan-activity;sid:80922347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (57935)"; flow:established,from_client; content:"GET"; http_method; content:"/factures-09-2018/"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hasalltalent.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2018_09_19; reference:url, urlhaus.abuse.ch/url/57935/; classtype:trojan-activity;sid:80921035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (57059)"; flow:established,from_client; content:"GET"; http_method; content:"/document/en/need-to-send-the-attachment"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"vgd.vg"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2018_09_17; reference:url, urlhaus.abuse.ch/url/57059/; classtype:trojan-activity;sid:80920159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (56449)"; flow:established,from_client; content:"GET"; http_method; content:"/7mn5zo8d/"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"vgd.vg"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2018_09_14; reference:url, urlhaus.abuse.ch/url/56449/; classtype:trojan-activity;sid:80919549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (45433)"; flow:established,from_client; content:"GET"; http_method; content:"/022bzx/swift/us/"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"merctransfers.gradycares.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2018_08_21; reference:url, urlhaus.abuse.ch/url/45433/; classtype:trojan-activity;sid:80908533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (45270)"; flow:established,from_client; content:"GET"; http_method; content:"/022bzx/swift/us"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"merctransfers.gradycares.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2018_08_21; reference:url, urlhaus.abuse.ch/url/45270/; classtype:trojan-activity;sid:80908370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (44461)"; flow:established,from_client; content:"GET"; http_method; content:"/5805773c/payment/personal"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"ct3-24.ru"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2018_08_20; reference:url, urlhaus.abuse.ch/url/44461/; classtype:trojan-activity;sid:80907561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (44113)"; flow:established,from_client; content:"GET"; http_method; content:"/663752sludgz/oamo/us/"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"ct3-24.ru"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2018_08_17; reference:url, urlhaus.abuse.ch/url/44113/; classtype:trojan-activity;sid:80907213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (41197)"; flow:established,from_client; content:"GET"; http_method; content:"/gym.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"stud.clanweb.eu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2018_08_10; reference:url, urlhaus.abuse.ch/url/41197/; classtype:trojan-activity;sid:80904297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (40811)"; flow:established,from_client; content:"GET"; http_method; content:"/newsletter/en_us/status/deposit"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"bankgarantia.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2018_08_10; reference:url, urlhaus.abuse.ch/url/40811/; classtype:trojan-activity;sid:80903911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (39538)"; flow:established,from_client; content:"GET"; http_method; content:"/bidniz.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"studio.maweb.eu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2018_08_07; reference:url, urlhaus.abuse.ch/url/39538/; classtype:trojan-activity;sid:80902638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (39537)"; flow:established,from_client; content:"GET"; http_method; content:"/ego.hta"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"studio.maweb.eu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2018_08_07; reference:url, urlhaus.abuse.ch/url/39537/; classtype:trojan-activity;sid:80902637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (38013)"; flow:established,from_client; content:"GET"; http_method; content:"/s/dl/gxfqfem5m813nva/firefox_67.3.39.js"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2018_08_02; reference:url, urlhaus.abuse.ch/url/38013/; classtype:trojan-activity;sid:80901113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (38011)"; flow:established,from_client; content:"GET"; http_method; content:"/s/dl/dqrsgzlf8jeefw0/firefox_67.3.45.js"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2018_08_02; reference:url, urlhaus.abuse.ch/url/38011/; classtype:trojan-activity;sid:80901111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (38009)"; flow:established,from_client; content:"GET"; http_method; content:"/s/dl/g4is5u674v6l2yy/firefox_67.3.16.js"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2018_08_02; reference:url, urlhaus.abuse.ch/url/38009/; classtype:trojan-activity;sid:80901109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (37232)"; flow:established,from_client; content:"GET"; http_method; content:"/tpkmgecq"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"xn--90abegbttpjb3bzb2j.xn--p1ai"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2018_07_31; reference:url, urlhaus.abuse.ch/url/37232/; classtype:trojan-activity;sid:80900332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (36522)"; flow:established,from_client; content:"GET"; http_method; content:"/files/en/statement/invoice/"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"xn--90abegbttpjb3bzb2j.xn--p1ai"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2018_07_28; reference:url, urlhaus.abuse.ch/url/36522/; classtype:trojan-activity;sid:80899622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (36504)"; flow:established,from_client; content:"GET"; http_method; content:"/jul2018/en_us/invoice-status/past-due-invoice/"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"ptgut.co.id"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2018_07_28; reference:url, urlhaus.abuse.ch/url/36504/; classtype:trojan-activity;sid:80899604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (36434)"; flow:established,from_client; content:"GET"; http_method; content:"/jul2018/en_us/invoice-status/past-due-invoice"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"ptgut.co.id"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2018_07_27; reference:url, urlhaus.abuse.ch/url/36434/; classtype:trojan-activity;sid:80899534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (36154)"; flow:established,from_client; content:"GET"; http_method; content:"/doc/en_us/invoice-for-sent/invoice/"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"xn--90abegbttpjb3bzb2j.xn--p1ai"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2018_07_26; reference:url, urlhaus.abuse.ch/url/36154/; classtype:trojan-activity;sid:80899254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (34267)"; flow:established,from_client; content:"GET"; http_method; content:"/doc/en/account/auditor-of-state-notification-of-eft-deposit/"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"xn--90abegbttpjb3bzb2j.xn--p1ai"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2018_07_18; reference:url, urlhaus.abuse.ch/url/34267/; classtype:trojan-activity;sid:80897367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (34227)"; flow:established,from_client; content:"GET"; http_method; content:"/notification-de-facture-07/"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"xn--90abegbttpjb3bzb2j.xn--p1ai"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2018_07_18; reference:url, urlhaus.abuse.ch/url/34227/; classtype:trojan-activity;sid:80897327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (34178)"; flow:established,from_client; content:"GET"; http_method; content:"/notification-de-facture-07-2018/"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"asl-company.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2018_07_18; reference:url, urlhaus.abuse.ch/url/34178/; classtype:trojan-activity;sid:80897278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (34102)"; flow:established,from_client; content:"GET"; http_method; content:"/doc/en/account/auditor-of-state-notification-of-eft-deposit"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"xn--90abegbttpjb3bzb2j.xn--p1ai"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2018_07_18; reference:url, urlhaus.abuse.ch/url/34102/; classtype:trojan-activity;sid:80897202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (33107)"; flow:established,from_client; content:"GET"; http_method; content:"/newsletter/us_us/file/invoice-604371/"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"kuzina-teatr.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2018_07_16; reference:url, urlhaus.abuse.ch/url/33107/; classtype:trojan-activity;sid:80896207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (32518)"; flow:established,from_client; content:"GET"; http_method; content:"/fekir.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"studio.clanweb.eu"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2018_07_14; reference:url, urlhaus.abuse.ch/url/32518/; classtype:trojan-activity;sid:80895618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (31519)"; flow:established,from_client; content:"GET"; http_method; content:"/chapo.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"papillo.jecool.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2018_07_12; reference:url, urlhaus.abuse.ch/url/31519/; classtype:trojan-activity;sid:80894619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (28277)"; flow:established,from_client; content:"GET"; http_method; content:"/mc_setup.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"crimefreesoftware.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2018_07_04; reference:url, urlhaus.abuse.ch/url/28277/; classtype:trojan-activity;sid:80891377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (24594)"; flow:established,from_client; content:"GET"; http_method; content:"/past-due-invoices"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"kakhun.ru"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2018_06_28; reference:url, urlhaus.abuse.ch/url/24594/; classtype:trojan-activity;sid:80887694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (24379)"; flow:established,from_client; content:"GET"; http_method; content:"/past-due-invoices/"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kakhun.ru"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2018_06_28; reference:url, urlhaus.abuse.ch/url/24379/; classtype:trojan-activity;sid:80887479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (19171)"; flow:established,from_client; content:"GET"; http_method; content:"/irs-accounts-transcipts-june-2018-002/3/"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"ptgut.co.id"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2018_06_14; reference:url, urlhaus.abuse.ch/url/19171/; classtype:trojan-activity;sid:80882271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (16630)"; flow:established,from_client; content:"GET"; http_method; content:"/doc/past-due-invoice/"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"robertrowe.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2018_06_07; reference:url, urlhaus.abuse.ch/url/16630/; classtype:trojan-activity;sid:80879730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (16579)"; flow:established,from_client; content:"GET"; http_method; content:"/doc/account73637535/"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"ptgut.co.id"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2018_06_07; reference:url, urlhaus.abuse.ch/url/16579/; classtype:trojan-activity;sid:80879679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (15711)"; flow:established,from_client; content:"GET"; http_method; content:"/status/auditor-of-state-notification-of-eft-deposit/"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"robertrowe.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2018_06_05; reference:url, urlhaus.abuse.ch/url/15711/; classtype:trojan-activity;sid:80878811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (15549)"; flow:established,from_client; content:"GET"; http_method; content:"/rechnungs/"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ptgut.co.id"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2018_06_05; reference:url, urlhaus.abuse.ch/url/15549/; classtype:trojan-activity;sid:80878649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (14715)"; flow:established,from_client; content:"GET"; http_method; content:"/admim/mine001.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"www.tirtasentosa.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2018_06_03; reference:url, urlhaus.abuse.ch/url/14715/; classtype:trojan-activity;sid:80877815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (14062)"; flow:established,from_client; content:"GET"; http_method; content:"/notification-de-facture-30/05/2018"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"ptgut.co.id"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2018_05_31; reference:url, urlhaus.abuse.ch/url/14062/; classtype:trojan-activity;sid:80877162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (13444)"; flow:established,from_client; content:"GET"; http_method; content:"/facturation/"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"ptgut.co.id"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2018_05_30; reference:url, urlhaus.abuse.ch/url/13444/; classtype:trojan-activity;sid:80876544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (8435)"; flow:established,from_client; content:"GET"; http_method; content:"/give/ukbros003.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"tirtasentosa.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2018_05_06; reference:url, urlhaus.abuse.ch/url/8435/; classtype:trojan-activity;sid:80871535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (8434)"; flow:established,from_client; content:"GET"; http_method; content:"/give/ukbros002.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"tirtasentosa.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2018_05_06; reference:url, urlhaus.abuse.ch/url/8434/; classtype:trojan-activity;sid:80871534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (8433)"; flow:established,from_client; content:"GET"; http_method; content:"/give/ukbros001.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"tirtasentosa.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2018_05_06; reference:url, urlhaus.abuse.ch/url/8433/; classtype:trojan-activity;sid:80871533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (8432)"; flow:established,from_client; content:"GET"; http_method; content:"/give/prin001.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"tirtasentosa.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2018_05_06; reference:url, urlhaus.abuse.ch/url/8432/; classtype:trojan-activity;sid:80871532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (8431)"; flow:established,from_client; content:"GET"; http_method; content:"/give/obi001.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"tirtasentosa.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2018_05_06; reference:url, urlhaus.abuse.ch/url/8431/; classtype:trojan-activity;sid:80871531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (8430)"; flow:established,from_client; content:"GET"; http_method; content:"/give/jon001.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"tirtasentosa.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2018_05_06; reference:url, urlhaus.abuse.ch/url/8430/; classtype:trojan-activity;sid:80871530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (8053)"; flow:established,from_client; content:"GET"; http_method; content:"/give/was001.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"tirtasentosa.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2018_05_02; reference:url, urlhaus.abuse.ch/url/8053/; classtype:trojan-activity;sid:80871153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (4857)"; flow:established,from_client; content:"GET"; http_method; content:"/document-needed/"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"hashi-net.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_04_13; reference:url, urlhaus.abuse.ch/url/4857/; classtype:trojan-activity;sid:80867957; rev:1;) # Number of entries: 37066